From: Agnibho Mondal <mondal@agnibho.com>
Date: Mon, 17 May 2021 21:56:16 +0000 (+0530)
Subject: Front end reorganized
X-Git-Url: https://code.agnibho.com/repo?a=commitdiff_plain;h=064fc28f3686d99cf84c3f6d635b7aaeb7d1a957;p=simpleipd.git

Front end reorganized
---

diff --git a/' b/'
new file mode 100644
index 0000000..10da9c6
--- /dev/null
+++ b/'
@@ -0,0 +1,419 @@
+<?php
+class DB extends SQLite3 {
+  function __construct(){
+    $this->open(CONFIG_DB);
+  }
+  function checkUser($username, $password){
+    global $log;
+    $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
+    $stmt->bindValue(":user", $username);
+    $result=$stmt->execute();
+    $hash=$result->fetchArray();
+    if($hash){
+      return(password_verify($password, $hash["hash"]));
+    }
+    else{
+      return(false);
+    }
+  }
+  function getGroup($username){
+    global $log;
+    $stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user");
+    $stmt->bindValue(":user", $username);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getDepartment($username){
+    global $log;
+    $stmt=$this->prepare("SELECT department FROM users WHERE user=:user");
+    $stmt->bindValue(":user", $username);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function admit($post){
+    global $log;
+    if(!checkAccess("admission", "dbSet")) return false;
+    $query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
+    $query->bindValue(":pid", $post["pid"]);
+    $exist=$query->execute();
+    if($exist->fetchArray()[0]==0){
+      $stmt=$this->prepare("INSERT INTO patients (pid,name,age,sex,status,vp,ward,bed,data) VALUES (:pid,:name,:age,:sex,:status,:vp,:ward,:bed,:data);");
+    }
+    else{
+      $stmt=$this->prepare("UPDATE patients SET name=:name,age=:age,sex=:sex,ward=:ward,bed=:bed,vp=:vp,data=:data WHERE pid=:pid;");
+    }
+    $stmt->bindValue(":pid", $post["pid"]);
+    $stmt->bindValue(":name", $post["name"]);
+    $stmt->bindValue(":age", $post["age"]);
+    $stmt->bindValue(":sex", $post["sex"]);
+    $stmt->bindValue(":status", "admitted");
+    $stmt->bindValue(":ward", $post["ward"]);
+    $stmt->bindValue(":bed", $post["bed"]);
+    $stmt->bindValue(":vp", $post["vp"]);
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($post["pid"], "admit", json_encode($post));
+  }
+  function editCase($pid, $diagnosis, $summary){
+    global $log;
+    if(!checkAccess("history", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":diagnosis", $diagnosis);
+    $stmt->bindValue(":summary", $summary);
+    $stmt->execute();
+    $log->log($pid, "case_edit", json_encode([$diagnosis, $summary]));
+  }
+  function updateHistory($post, $pid){
+    global $log;
+    if(!checkAccess("history", "dbSet:")) return false;
+    $stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;");
+    $stmt->bindValue(":history", json_encode($post));
+    $stmt->bindValue(":pid", $pid);
+    $stmt->execute();
+    $log->log($pid, "history", json_encode($post));
+  }
+  function addPhysician($post, $pid){
+    global $log;
+    if(!checkAccess("physician", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "physician_note", json_encode($post));
+  }
+  function editPhysician($post, $pid, $id){
+    global $log;
+    if(!checkAccess("physician", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":id", $id);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "edit_physician_note", json_encode($post));
+  }
+  function addNursing($post, $pid){
+    global $log;
+    if(!checkAccess("nursing", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "nursing_note", json_encode($post));
+  }
+  function editNursing($post, $pid, $id){
+    global $log;
+    if(!checkAccess("nursing", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":id", $id);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "edit_nursing_note", json_encode($post));
+  }
+  function addReport($post, $pid, $form){
+    global $log;
+    if(!checkAccess("report", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":form", $post["form"]);
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "report_added", json_encode($post));
+  }
+  function editReport($post, $pid, $id, $form){
+    global $log;
+    if(!checkAccess("report", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":id", $id);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $log->log($pid, "report_edited", json_encode($post));
+  }
+  function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){
+    global $log;
+    if(!checkAccess("treatment", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":drug", $drug);
+    $stmt->bindValue(":dose", $dose);
+    $stmt->bindValue(":route", $route);
+    $stmt->bindValue(":frequency", $frequency);
+    $stmt->bindValue(":start", strtotime($date." ".$time));
+    $stmt->bindValue(":duration", $duration);
+    $stmt->bindValue(":addl", $addl);
+    $stmt->bindValue(":omit", false);
+    $stmt->execute();
+    $log->log($post["pid"], "drug_added", json_encode([$drug,$dose,$route,$frequency,$date,$time,$duration,$addl]));
+  }
+  function omitDrug($id){
+    global $log;
+    if(!checkAccess("treatment", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
+    $stmt->bindValue(":end", time());
+    $stmt->bindValue(":omit", true);
+    $stmt->bindValue(":id", $id);
+    $stmt->execute();
+    $log->log(null, "drug_omitted", $id);
+  }
+  function addRequisition($pid, $test, $date, $time, $room, $form){
+    global $log;
+    if(!checkAccess("requisition", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO requisition (pid, test, time, room, form, status) VALUES (:pid, :test, :time, :room, :form, :status);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":test", $test);
+    $stmt->bindValue(":time", strtotime($date." ".$time));
+    $stmt->bindValue(":room", $room);
+    $stmt->bindValue(":form", $form);
+    $stmt->bindValue(":status", "active");
+    $stmt->execute();
+    $log->log($pid, "requisition_added", json_encode([$test,$room,$form]));
+  }
+  function omitRequisition($id){
+    global $log;
+    if(!checkAccess("requisition", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
+    $stmt->bindValue(":status", "done");
+    $stmt->bindValue(":id", $id);
+    $stmt->execute();
+    $log->log(null, "requisition_removed", $id);
+  }
+  function addAdvice($pid, $drug, $dose, $route, $frequency, $duration, $addl){
+    global $log;
+    if(!checkAccess("discharge", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO discharge (pid, drug, dose, route, frequency, duration, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :duration, :addl);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":drug", $drug);
+    $stmt->bindValue(":dose", $dose);
+    $stmt->bindValue(":route", $route);
+    $stmt->bindValue(":frequency", $frequency);
+    $stmt->bindValue(":duration", $duration);
+    $stmt->bindValue(":addl", $addl);
+    $stmt->execute();
+  }
+  function deleteAdvice($id){
+    global $log;
+    if(!checkAccess("discharge", "dbSet")) return false;
+    $stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;");
+    $stmt->bindValue(":id", $id);
+    $stmt->execute();
+  }
+  function setDischarged($pid){
+    global $log;
+    if(!checkAccess("discharge", "dbSet")) return false;
+    $stmt=$this->prepare("UPDATE patients SET status=:discharged WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":discharged", "discharged");
+    $stmt->execute();
+    $log->log($pid, "discharged", null);
+  }
+  function setDead($pid, $post){
+    global $log;
+    if(!checkAccess("death", "dbSet")) return false;
+    $stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+    $stmt->bindValue(":data", json_encode($post));
+    $stmt->execute();
+    $stmt=$this->prepare("UPDATE patients SET status='expired' WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->execute();
+    $log->log($pid, "death_declare", json_encode($post));
+  }
+  function getDrugs($pid){
+    global $log;
+    if(!checkAccess("treatment", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getRequisitions($pid){
+    global $log;
+    if(!checkAccess("requisition", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status;");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":status", "active");
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getAdvice($pid){
+    global $log;
+    if(!checkAccess("discharge", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getName($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getAge($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getSex($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getWard($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getBed($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getStatus($pid){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getDiagnosis($pid){
+    global $log;
+    if(!checkAccess("diagnosis", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getPatientList(){
+    global $log;
+    if(!checkAccess("info", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients;");
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getRequisitionList(){
+    global $log;
+    if(!checkAccess("requisition", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT rowid,pid,test,room,time,form FROM requisition WHERE status=:active;");
+    $stmt->bindValue(":active", "active");
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getForm($id){
+    global $log;
+    if(!checkAccess("report", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;");
+    $stmt->bindValue(":id", $id);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getAdmission($pid){
+    global $log;
+    if(!checkAccess("admission", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getAdmissionData($pid){
+    global $log;
+    if(!checkAccess("admission", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getDeparture($pid){
+    global $log;
+    if(!checkAccess("admission", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getSummary($pid){
+    global $log;
+    if(!checkAccess("summary", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getHistory($pid){
+    global $log;
+    if(!checkAccess("history", "dbGet")) return false;
+    $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;");
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getData($pid, $id, $cat){
+    global $log;
+    if($cat=="physician"){
+      if(!checkAccess("physician", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+    } elseif($cat=="nursing"){
+      if(!checkAccess("nursing", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+    } elseif($cat=="reports"){
+      if(!checkAccess("report", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+    } else{
+      return(false);
+    }
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":id", $id);
+    $result=$stmt->execute();
+    return($result);
+  }
+  function getAllData($pid, $cat){
+    global $log;
+    if($cat=="physician"){
+      if(!checkAccess("physician", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid ORDER BY time DSC;");
+    } elseif($cat=="nursing"){
+      if(!checkAccess("nursing", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid ORDER BY time DSC;");
+    } elseif($cat=="reports"){
+      if(!checkAccess("report", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid ORDER BY time DSC;");
+    } elseif($cat=="info"){
+      if(!checkAccess("info", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid ORDER BY time DSC;");
+    } elseif($cat=="history"){
+      if(!checkAccess("history", "dbGet")) return false;
+      $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid ORDER BY time DSC;");
+    } else{
+      return(false);
+    }
+    $stmt->bindValue(":pid", $pid);
+    $result=$stmt->execute();
+    return($result);
+  }
+}
+$db = new DB();
+?>
diff --git a/.gitignore b/.gitignore
index 0691fec..c6a2fd8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 database/data.db
+database/log.db
 www/data/*
diff --git a/access.json b/access.json
index 380c1a1..8cab726 100644
--- a/access.json
+++ b/access.json
@@ -97,8 +97,8 @@
     },
     "report": {
         "admin": "all",
-        "visiting": "view",
-        "resident": "view",
+        "visiting": "all",
+        "resident": "all",
         "nursing": "view",
         "lab": "all",
         "clerk": "view"
diff --git a/config.php b/config.php
index 18b6605..7bb277a 100644
--- a/config.php
+++ b/config.php
@@ -3,4 +3,6 @@ define("CONFIG_ROOT", __DIR__."/");
 define("CONFIG_WWW", CONFIG_ROOT."www/");
 define("CONFIG_LIB", CONFIG_ROOT."lib/");
 define("CONFIG_DB", CONFIG_ROOT."database/data.db");
+define("CONFIG_LOG", CONFIG_ROOT."database/log.db");
+define("CONFIG_TITLE", "SimpleIPD");
 ?>
diff --git a/data.schema.sql b/data.schema.sql
new file mode 100644
index 0000000..51883e5
--- /dev/null
+++ b/data.schema.sql
@@ -0,0 +1,76 @@
+
+CREATE TABLE death(
+pid int,
+time int,
+data text
+);
+CREATE TABLE discharge(
+pid int,
+drug text,
+dose text,
+route text,
+frequency text,
+duration text,
+addl text
+);
+CREATE TABLE nursing(
+pid int,
+time int,
+data text
+);
+CREATE TABLE patients(
+pid int unique,
+name text,
+age int,
+sex text,
+status text,
+vp text,
+diagnosis text,
+summary text,
+admission int,
+departure int,
+ward text,
+bed int,
+data text,
+history text
+);
+CREATE TABLE physician(
+pid int,
+time int,
+data text
+);
+CREATE TABLE reports(
+pid int,
+time int,
+form text,
+data text
+);
+CREATE TABLE requisition(
+pid int,
+test text,
+time int,
+room text,
+sample text,
+form text,
+status text
+);
+CREATE TABLE treatment(
+pid int,
+drug text,
+dose text,
+route text,
+frequency text,
+start int,
+end int,
+duration text,
+omit boolean,
+addl text
+);
+CREATE TABLE users(
+user text unique,
+usergroup text,
+department text,
+hash text,
+change boolean,
+last int
+);
diff --git a/lib/db.php b/lib/db.php
index 6675945..13329e7 100644
--- a/lib/db.php
+++ b/lib/db.php
@@ -4,6 +4,7 @@ class DB extends SQLite3 {
     $this->open(CONFIG_DB);
   }
   function checkUser($username, $password){
+    global $log;
     $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
     $stmt->bindValue(":user", $username);
     $result=$stmt->execute();
@@ -16,18 +17,21 @@ class DB extends SQLite3 {
     }
   }
   function getGroup($username){
+    global $log;
     $stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user");
     $stmt->bindValue(":user", $username);
     $result=$stmt->execute();
     return($result);
   }
   function getDepartment($username){
+    global $log;
     $stmt=$this->prepare("SELECT department FROM users WHERE user=:user");
     $stmt->bindValue(":user", $username);
     $result=$stmt->execute();
     return($result);
   }
   function admit($post){
+    global $log;
     if(!checkAccess("admission", "dbSet")) return false;
     $query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
     $query->bindValue(":pid", $post["pid"]);
@@ -48,31 +52,39 @@ class DB extends SQLite3 {
     $stmt->bindValue(":vp", $post["vp"]);
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($post["pid"], "admit", json_encode($post));
   }
   function editCase($pid, $diagnosis, $summary){
+    global $log;
     if(!checkAccess("history", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
     $stmt->bindValue(":diagnosis", $diagnosis);
     $stmt->bindValue(":summary", $summary);
     $stmt->execute();
+    $log->log($pid, "case_edit", json_encode([$diagnosis, $summary]));
   }
   function updateHistory($post, $pid){
+    global $log;
     if(!checkAccess("history", "dbSet:")) return false;
     $stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;");
     $stmt->bindValue(":history", json_encode($post));
     $stmt->bindValue(":pid", $pid);
     $stmt->execute();
+    $log->log($pid, "history", json_encode($post));
   }
   function addPhysician($post, $pid){
+    global $log;
     if(!checkAccess("physician", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);");
     $stmt->bindValue(":pid", $pid);
     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "physician_note", json_encode($post));
   }
   function editPhysician($post, $pid, $id){
+    global $log;
     if(!checkAccess("physician", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
     $stmt->bindValue(":pid", $pid);
@@ -80,16 +92,20 @@ class DB extends SQLite3 {
     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "edit_physician_note", json_encode($post));
   }
   function addNursing($post, $pid){
+    global $log;
     if(!checkAccess("nursing", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);");
     $stmt->bindValue(":pid", $pid);
     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "nursing_note", json_encode($post));
   }
   function editNursing($post, $pid, $id){
+    global $log;
     if(!checkAccess("nursing", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
     $stmt->bindValue(":pid", $pid);
@@ -97,8 +113,10 @@ class DB extends SQLite3 {
     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "edit_nursing_note", json_encode($post));
   }
   function addReport($post, $pid, $form){
+    global $log;
     if(!checkAccess("report", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);");
     $stmt->bindValue(":pid", $pid);
@@ -106,8 +124,10 @@ class DB extends SQLite3 {
     $stmt->bindValue(":form", $post["form"]);
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "report_added", json_encode($post));
   }
   function editReport($post, $pid, $id, $form){
+    global $log;
     if(!checkAccess("report", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
     $stmt->bindValue(":pid", $pid);
@@ -115,8 +135,10 @@ class DB extends SQLite3 {
     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
     $stmt->bindValue(":data", json_encode($post));
     $stmt->execute();
+    $log->log($pid, "report_edited", json_encode($post));
   }
   function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){
+    global $log;
     if(!checkAccess("treatment", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);");
     $stmt->bindValue(":pid", $pid);
@@ -129,16 +151,20 @@ class DB extends SQLite3 {
     $stmt->bindValue(":addl", $addl);
     $stmt->bindValue(":omit", false);
     $stmt->execute();
+    $log->log($post["pid"], "drug_added", json_encode([$drug,$dose,$route,$frequency,$date,$time,$duration,$addl]));
   }
   function omitDrug($id){
+    global $log;
     if(!checkAccess("treatment", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
     $stmt->bindValue(":end", time());
     $stmt->bindValue(":omit", true);
     $stmt->bindValue(":id", $id);
     $stmt->execute();
+    $log->log(null, "drug_omitted", $id);
   }
   function addRequisition($pid, $test, $date, $time, $room, $form){
+    global $log;
     if(!checkAccess("requisition", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO requisition (pid, test, time, room, form, status) VALUES (:pid, :test, :time, :room, :form, :status);");
     $stmt->bindValue(":pid", $pid);
@@ -148,19 +174,23 @@ class DB extends SQLite3 {
     $stmt->bindValue(":form", $form);
     $stmt->bindValue(":status", "active");
     $stmt->execute();
+    $log->log($pid, "requisition_added", json_encode([$test,$room,$form]));
   }
   function omitRequisition($id){
+    global $log;
     if(!checkAccess("requisition", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
     $stmt->bindValue(":status", "done");
     $stmt->bindValue(":id", $id);
     $stmt->execute();
+    $log->log(null, "requisition_removed", $id);
   }
-  function addAdvice($pid, $name, $dose, $route, $frequency, $duration, $addl){
+  function addAdvice($pid, $drug, $dose, $route, $frequency, $duration, $addl){
+    global $log;
     if(!checkAccess("discharge", "dbSet")) return false;
-    $stmt=$this->prepare("INSERT INTO discharge (pid, name, dose, route, frequency, duration, addl) VALUES (:pid, :name, :dose, :route, :frequency, :duration, :addl);");
+    $stmt=$this->prepare("INSERT INTO discharge (pid, drug, dose, route, frequency, duration, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :duration, :addl);");
     $stmt->bindValue(":pid", $pid);
-    $stmt->bindValue(":name", $name);
+    $stmt->bindValue(":drug", $drug);
     $stmt->bindValue(":dose", $dose);
     $stmt->bindValue(":route", $route);
     $stmt->bindValue(":frequency", $frequency);
@@ -169,19 +199,23 @@ class DB extends SQLite3 {
     $stmt->execute();
   }
   function deleteAdvice($id){
+    global $log;
     if(!checkAccess("discharge", "dbSet")) return false;
     $stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;");
     $stmt->bindValue(":id", $id);
     $stmt->execute();
   }
   function setDischarged($pid){
+    global $log;
     if(!checkAccess("discharge", "dbSet")) return false;
     $stmt=$this->prepare("UPDATE patients SET status=:discharged WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
     $stmt->bindValue(":discharged", "discharged");
     $stmt->execute();
+    $log->log($pid, "discharged", null);
   }
   function setDead($pid, $post){
+    global $log;
     if(!checkAccess("death", "dbSet")) return false;
     $stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);");
     $stmt->bindValue(":pid", $pid);
@@ -191,8 +225,10 @@ class DB extends SQLite3 {
     $stmt=$this->prepare("UPDATE patients SET status='expired' WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
     $stmt->execute();
+    $log->log($pid, "death_declare", json_encode($post));
   }
   function getDrugs($pid){
+    global $log;
     if(!checkAccess("treatment", "dbGet")) return false;
     $stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -200,14 +236,16 @@ class DB extends SQLite3 {
     return($result);
   }
   function getRequisitions($pid){
+    global $log;
     if(!checkAccess("requisition", "dbGet")) return false;
-    $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status;");
+    $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status ORDER BY room;");
     $stmt->bindValue(":pid", $pid);
     $stmt->bindValue(":status", "active");
     $result=$stmt->execute();
     return($result);
   }
   function getAdvice($pid){
+    global $log;
     if(!checkAccess("discharge", "dbGet")) return false;
     $stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -215,6 +253,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getName($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -222,6 +261,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getAge($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -229,6 +269,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getSex($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -236,6 +277,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getWard($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -243,6 +285,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getBed($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -250,6 +293,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getStatus($pid){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -257,6 +301,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getDiagnosis($pid){
+    global $log;
     if(!checkAccess("diagnosis", "dbGet")) return false;
     $stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -264,12 +309,14 @@ class DB extends SQLite3 {
     return($result);
   }
   function getPatientList(){
+    global $log;
     if(!checkAccess("info", "dbGet")) return false;
     $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients;");
     $result=$stmt->execute();
     return($result);
   }
   function getRequisitionList(){
+    global $log;
     if(!checkAccess("requisition", "dbGet")) return false;
     $stmt=$this->prepare("SELECT rowid,pid,test,room,time,form FROM requisition WHERE status=:active;");
     $stmt->bindValue(":active", "active");
@@ -277,6 +324,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getForm($id){
+    global $log;
     if(!checkAccess("report", "dbGet")) return false;
     $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;");
     $stmt->bindValue(":id", $id);
@@ -284,6 +332,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getAdmission($pid){
+    global $log;
     if(!checkAccess("admission", "dbGet")) return false;
     $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -291,6 +340,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getAdmissionData($pid){
+    global $log;
     if(!checkAccess("admission", "dbGet")) return false;
     $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -298,6 +348,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getDeparture($pid){
+    global $log;
     if(!checkAccess("admission", "dbGet")) return false;
     $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -305,6 +356,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getSummary($pid){
+    global $log;
     if(!checkAccess("summary", "dbGet")) return false;
     $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -312,6 +364,7 @@ class DB extends SQLite3 {
     return($result);
   }
   function getHistory($pid){
+    global $log;
     if(!checkAccess("history", "dbGet")) return false;
     $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;");
     $stmt->bindValue(":pid", $pid);
@@ -319,15 +372,16 @@ class DB extends SQLite3 {
     return($result);
   }
   function getData($pid, $id, $cat){
+    global $log;
     if($cat=="physician"){
       if(!checkAccess("physician", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id;");
+      $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
     } elseif($cat=="nursing"){
       if(!checkAccess("nursing", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id;");
+      $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
     } elseif($cat=="reports"){
       if(!checkAccess("report", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id;");
+      $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
     } else{
       return(false);
     }
@@ -337,21 +391,22 @@ class DB extends SQLite3 {
     return($result);
   }
   function getAllData($pid, $cat){
+    global $log;
     if($cat=="physician"){
       if(!checkAccess("physician", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid;");
+      $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid ORDER BY time DESC;");
     } elseif($cat=="nursing"){
       if(!checkAccess("nursing", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid;");
+      $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid ORDER BY time DESC;");
     } elseif($cat=="reports"){
       if(!checkAccess("report", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid;");
+      $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid ORDER BY time DESC;");
     } elseif($cat=="info"){
       if(!checkAccess("info", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid;");
+      $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid ORDER BY time DESC;");
     } elseif($cat=="history"){
       if(!checkAccess("history", "dbGet")) return false;
-      $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid;");
+      $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid ORDER BY time DESC;");
     } else{
       return(false);
     }
diff --git a/lib/functions.php b/lib/functions.php
index 434ca81..1aa6c46 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -51,7 +51,7 @@ function schema2form($file, $pid=null, $id=null, $cat=null, $data=null){
       $form=$form."</select>";
     }
     elseif(isSet($prop->format) && $prop->format=="textarea"){
-      $form=$form."<textarea class='form-control' name='".$field."' id='".$field."'>".$value."</textarea>";
+      $form=$form."<textarea class='form-control' name='".$field."' id='".$field."'>".$data->$field."</textarea>";
     }
     elseif($field=="pid"){
       $form=$form."<input class='form-control' ".$lockpid." ".$req." type='".$type."' step='any' name='".$field."' id='".$field."' ".$value.">";
@@ -90,7 +90,7 @@ function viewData($data, $edit=null){
     unset($data->cat);
     $view="<table class='table'>";
     foreach($data as $field=>$value){
-      if($field!="form"){
+      if(!empty($value) && $field!="form"){
         if(!empty($schema->properties->$field)){
           $view=$view."<tr><td>".$schema->properties->$field->description."</td><td>".$value."</td></tr>";
         }
diff --git a/lib/log.php b/lib/log.php
new file mode 100644
index 0000000..dc339f1
--- /dev/null
+++ b/lib/log.php
@@ -0,0 +1,17 @@
+<?php
+class LG extends SQLite3 {
+  function __construct(){
+    $this->open(CONFIG_LOG);
+  }
+  function log($pid, $action, $data){
+    $stmt=$this->prepare("INSERT INTO log (pid, user, action, time, data) VALUES (:pid, :user, :action, :time, :data)");
+    $stmt->bindValue(":pid", $pid);
+    $stmt->bindValue(":user", $_SESSION["user"]);
+    $stmt->bindValue(":action", $action);
+    $stmt->bindValue(":time", time());
+    $stmt->bindValue(":data", $data);
+    $stmt->execute();
+  }
+}
+$log = new LG();
+?>
diff --git a/log.schema.sql b/log.schema.sql
new file mode 100644
index 0000000..1a6a775
--- /dev/null
+++ b/log.schema.sql
@@ -0,0 +1,7 @@
+CREATE TABLE log(
+pid int,
+user text,
+action text,
+time int,
+data text
+);
diff --git a/require.php b/require.php
index 619e891..a179af7 100644
--- a/require.php
+++ b/require.php
@@ -1,15 +1,18 @@
 <?php
 require(__DIR__."/config.php");
 require("lib/access.php");
+require("lib/log.php");
 require("lib/db.php");
 require("lib/functions.php");
 session_start();
 $page=basename($_SERVER["PHP_SELF"]);
-if($page!="login.php" && $page!="index.php"){
+if($page!="login.php"){
   if(empty($_SESSION["user"])){
     header("Location: login.php");
     exit();
   }
+}
+if($page!="login.php" && $page!="index.php"){
   $access=checkAccess(basename($_SERVER["PHP_SELF"], ".php"));
   if($access!="all" && $access!="view"){
     header("Location: error.php");
diff --git a/schema.sql b/schema.sql
deleted file mode 100644
index 51883e5..0000000
--- a/schema.sql
+++ /dev/null
@@ -1,76 +0,0 @@
-
-CREATE TABLE death(
-pid int,
-time int,
-data text
-);
-CREATE TABLE discharge(
-pid int,
-drug text,
-dose text,
-route text,
-frequency text,
-duration text,
-addl text
-);
-CREATE TABLE nursing(
-pid int,
-time int,
-data text
-);
-CREATE TABLE patients(
-pid int unique,
-name text,
-age int,
-sex text,
-status text,
-vp text,
-diagnosis text,
-summary text,
-admission int,
-departure int,
-ward text,
-bed int,
-data text,
-history text
-);
-CREATE TABLE physician(
-pid int,
-time int,
-data text
-);
-CREATE TABLE reports(
-pid int,
-time int,
-form text,
-data text
-);
-CREATE TABLE requisition(
-pid int,
-test text,
-time int,
-room text,
-sample text,
-form text,
-status text
-);
-CREATE TABLE treatment(
-pid int,
-drug text,
-dose text,
-route text,
-frequency text,
-start int,
-end int,
-duration text,
-omit boolean,
-addl text
-);
-CREATE TABLE users(
-user text unique,
-usergroup text,
-department text,
-hash text,
-change boolean,
-last int
-);
diff --git a/www/index.php b/www/index.php
index ac12fb8..e84aa2a 100644
--- a/www/index.php
+++ b/www/index.php
@@ -27,7 +27,7 @@ while($arr=$reqs->fetchArray()){
   </head>
   <body>
     <div class="container">
-      <h1>SimpleIPD</h1>
+      <h1><?php echo CONFIG_TITLE;?></h1>
       <div class="card">
         <div class="card-body">
           <h4 class="card-title">Patient List</h4>
diff --git a/www/res/script.js b/www/res/script.js
index cc3a314..7f88848 100644
--- a/www/res/script.js
+++ b/www/res/script.js
@@ -18,7 +18,7 @@ $(document).ready(function(){
   });
   $("[name='time']").each(function(){
     if($(this).val()==""){
-      $(this).val(moment().format("HH:MM"));
+      $(this).val(moment().format("hh:mm"));
     }
   });
   if($("[name='drug']").length){
diff --git a/www/view.php b/www/view.php
index 184fea0..fd074a2 100644
--- a/www/view.php
+++ b/www/view.php
@@ -34,12 +34,40 @@ if(isSet($_GET["pid"])){
       <h1>Patient Data</h1>
       <div class="card">
         <div class="card-body">
-            <a class="mb-3 btn btn-secondary" href="admission.php?pid=<?php echo $pid;?>">Edit Information</a>
-            <a class="mb-3 btn btn-secondary" href="history.php?pid=<?php echo $pid;?>">Edit History</a>
-            <a class="mb-3 btn btn-secondary" href="physician.php?pid=<?php echo $pid;?>">Add Physician Note</a>
-            <a class="mb-3 btn btn-secondary" href="nursing.php?pid=<?php echo $pid;?>">Add Nursing Note</a>
-            <a class="mb-3 btn btn-secondary" href="laboratory.php?pid=<?php echo $pid;?>">Add Laboratory Report</a>
-            <a class="mb-3 btn btn-secondary" href="requisition.php?pid=<?php echo $pid;?>">Add Requisition</a>
+          <div class="row">
+            <div class="mb-2 col-md-3" id="treatment" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="btn btn-success btn-lg btn-block" href="treatment.php?pid=<?php echo $pid;?>">Treatment</a>
+            </div>
+            <div class="mb-2 col-md-3" id="physician" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-primary btn-lg btn-block" href="physician.php?pid=<?php echo $pid;?>">Add Physician Note</a>
+            </div>
+            <div class="mb-2 col-md-3" id="nursing" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-warning btn-lg btn-block" href="nursing.php?pid=<?php echo $pid;?>">Add Nursing Note</a>
+            </div>
+            <div class="mb-2 col-md-3" id="requisition" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-danger btn-lg btn-block" href="requisition.php?pid=<?php echo $pid;?>">Add Requisition</a>
+            </div>
+          </div>
+          <div class="row">
+            <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-secondary" href="admission.php?pid=<?php echo $pid;?>">Edit Information</a>
+            </div>
+            <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-secondary" href="history.php?pid=<?php echo $pid;?>">Edit History</a>
+            </div>
+            <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="mb-2 btn btn-secondary" href="laboratory.php?pid=<?php echo $pid;?>">Add Report</a>
+            </div>
+            <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="btn btn-secondary" href="attachments.php?pid=<?php echo $pid;?>">Attachments</a>
+            </div>
+            <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-2" id="discharge" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="btn btn-secondary" href="discharge.php?pid=<?php echo $pid;?>">Discharge</a>
+            </div>
+            <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-2" id="death" <?php if($info=="") echo "style='display:none'";?>>
+              <a class="btn btn-secondary" href="death.php?pid=<?php echo $pid;?>">Death</a>
+            </div>
+          </div>
         </div>
       </div>
       <div <?php if(empty($pid)) echo "style='display:none'";?>>
@@ -63,7 +91,17 @@ if(isSet($_GET["pid"])){
         <div class="tab-content" id="viewtabs">
           <div class="tab-pane fade show active" id="info" role="tabpanel" aria-labelledby="info-tab">
             <div class='card'><div class='card-body'>Status: <?php echo $status;?></div></div>
-            <?php echo $info;?>
+            <div class="row">
+              <div class="col-md-6">
+                <?php echo $info;?>
+              </div>
+              <div class="col-md-6">
+                <table class="table">
+                  <tr><th>Diagnosis</th><td><?php echo $db->getDiagnosis($pid)->fetchArray()["diagnosis"];?></td></tr>
+                  <tr><th>Summary</th><td><?php echo $db->getSummary($pid)->fetchArray()["summary"];?></td></tr>
+                </table>
+              </div>
+            </div>
           </div>
           <div class="tab-pane fade" id="history" role="tabpanel" aria-labelledby="history-tab">
             <?php echo $history;?>
@@ -79,20 +117,6 @@ if(isSet($_GET["pid"])){
           </div>
         </div>
         <hr>
-        <div class="row">
-          <div class="mb-2 col-md-3" id="treatment" <?php if($info=="") echo "style='display:none'";?>>
-            <a class="btn btn-success btn-lg" href="treatment.php?pid=<?php echo $pid;?>">Treatment</a>
-          </div>
-          <div class="mb-2 col-md-3" id="attachment" <?php if($info=="") echo "style='display:none'";?>>
-            <a class="btn btn-primary btn-lg" href="attachments.php?pid=<?php echo $pid;?>">Attachments</a>
-          </div>
-          <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-3" id="discharge" <?php if($info=="") echo "style='display:none'";?>>
-            <a class="btn btn-warning btn-lg" href="discharge.php?pid=<?php echo $pid;?>">Discharge</a>
-          </div>
-          <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-3" id="death" <?php if($info=="") echo "style='display:none'";?>>
-            <a class="btn btn-danger btn-lg" href="death.php?pid=<?php echo $pid;?>">Death</a>
-          </div>
-        </div>
       </div>
     </div>
     <div <?php if(!empty($pid)) echo "style='display:none'";?>>