forked from openemr/openemr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deletedrug.php
75 lines (67 loc) · 2.17 KB
/
deletedrug.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
/**
* @package OpenEMR
* @link http:https://www.open-emr.org
* @author Sherwin Gaddis <[email protected]>
* @copyright Copyright (c )2020. Sherwin Gaddis <[email protected]>
* @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
*
*
*/
require_once "../interface/globals.php";
use OpenEMR\Common\Acl\AclMain;
use OpenEMR\Common\Csrf\CsrfUtils;
use OpenEMR\Common\Logging\EventAuditLogger;
//ensure user has proper access
if (!AclMain::aclCheckCore('patient', 'rx', '', 'write')) {
echo xlt('ACL Administration Not Authorized');
exit;
}
$id = (isset($_POST['drugid'])) ? (int)$_POST['drugid'] : '';
if ((!empty($id)) && ($id > 0)) {
if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
CsrfUtils::csrfNotVerified();
}
/**
* find the drug name in the prescription table
*/
try {
$drug_name = "SELECT patient_id, drug FROM prescriptions WHERE id = ?";
$dn = sqlQuery($drug_name, [$id]);
} catch (Exception $e) {
echo 'Caught exception ', text($e->getMessage()), "\n";
if ($e->getMessage()) {
exit;
}
}
/**
* remove drug from the medication list if exist
*/
try {
$pid = $dn['patient_id'];
$drugname = $dn['drug'];
if (!empty($drugname)) {
$medicationlist = "DELETE FROM lists WHERE pid = ? AND type = 'medication' AND title = ?";
sqlStatement($medicationlist, [$pid, $drugname]);
EventAuditLogger::instance()->newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $drugname . " prescription/medication removed", $pid);
}
} catch (Exception $e) {
echo 'Caught exception ', text($e->getMessage()), "\n";
if ($e->getMessage()) {
exit;
}
}
/**
* remove drug from the prescription
*/
try {
$sql = "delete from prescriptions where id = ?";
sqlQuery($sql, [$id]);
} catch (Exception $e) {
echo 'Caught exception ', text($e->getMessage()), "\n";
if ($e->getMessage()) {
exit;
}
}
}
echo xlt("Finished Deleting");