--- /dev/null
+<?php
+class DB extends SQLite3 {
+ function __construct(){
+ $this->open(CONFIG_DB);
+ }
+ function checkUser($username, $password){
+ global $log;
+ $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
+ $stmt->bindValue(":user", $username);
+ $result=$stmt->execute();
+ $hash=$result->fetchArray();
+ if($hash){
+ return(password_verify($password, $hash["hash"]));
+ }
+ else{
+ return(false);
+ }
+ }
+ function getGroup($username){
+ global $log;
+ $stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user");
+ $stmt->bindValue(":user", $username);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getDepartment($username){
+ global $log;
+ $stmt=$this->prepare("SELECT department FROM users WHERE user=:user");
+ $stmt->bindValue(":user", $username);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function admit($post){
+ global $log;
+ if(!checkAccess("admission", "dbSet")) return false;
+ $query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
+ $query->bindValue(":pid", $post["pid"]);
+ $exist=$query->execute();
+ if($exist->fetchArray()[0]==0){
+ $stmt=$this->prepare("INSERT INTO patients (pid,name,age,sex,status,vp,ward,bed,data) VALUES (:pid,:name,:age,:sex,:status,:vp,:ward,:bed,:data);");
+ }
+ else{
+ $stmt=$this->prepare("UPDATE patients SET name=:name,age=:age,sex=:sex,ward=:ward,bed=:bed,vp=:vp,data=:data WHERE pid=:pid;");
+ }
+ $stmt->bindValue(":pid", $post["pid"]);
+ $stmt->bindValue(":name", $post["name"]);
+ $stmt->bindValue(":age", $post["age"]);
+ $stmt->bindValue(":sex", $post["sex"]);
+ $stmt->bindValue(":status", "admitted");
+ $stmt->bindValue(":ward", $post["ward"]);
+ $stmt->bindValue(":bed", $post["bed"]);
+ $stmt->bindValue(":vp", $post["vp"]);
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($post["pid"], "admit", json_encode($post));
+ }
+ function editCase($pid, $diagnosis, $summary){
+ global $log;
+ if(!checkAccess("history", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":diagnosis", $diagnosis);
+ $stmt->bindValue(":summary", $summary);
+ $stmt->execute();
+ $log->log($pid, "case_edit", json_encode([$diagnosis, $summary]));
+ }
+ function updateHistory($post, $pid){
+ global $log;
+ if(!checkAccess("history", "dbSet:")) return false;
+ $stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;");
+ $stmt->bindValue(":history", json_encode($post));
+ $stmt->bindValue(":pid", $pid);
+ $stmt->execute();
+ $log->log($pid, "history", json_encode($post));
+ }
+ function addPhysician($post, $pid){
+ global $log;
+ if(!checkAccess("physician", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "physician_note", json_encode($post));
+ }
+ function editPhysician($post, $pid, $id){
+ global $log;
+ if(!checkAccess("physician", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":id", $id);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "edit_physician_note", json_encode($post));
+ }
+ function addNursing($post, $pid){
+ global $log;
+ if(!checkAccess("nursing", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "nursing_note", json_encode($post));
+ }
+ function editNursing($post, $pid, $id){
+ global $log;
+ if(!checkAccess("nursing", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":id", $id);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "edit_nursing_note", json_encode($post));
+ }
+ function addReport($post, $pid, $form){
+ global $log;
+ if(!checkAccess("report", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":form", $post["form"]);
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "report_added", json_encode($post));
+ }
+ function editReport($post, $pid, $id, $form){
+ global $log;
+ if(!checkAccess("report", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":id", $id);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $log->log($pid, "report_edited", json_encode($post));
+ }
+ function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){
+ global $log;
+ if(!checkAccess("treatment", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":drug", $drug);
+ $stmt->bindValue(":dose", $dose);
+ $stmt->bindValue(":route", $route);
+ $stmt->bindValue(":frequency", $frequency);
+ $stmt->bindValue(":start", strtotime($date." ".$time));
+ $stmt->bindValue(":duration", $duration);
+ $stmt->bindValue(":addl", $addl);
+ $stmt->bindValue(":omit", false);
+ $stmt->execute();
+ $log->log($post["pid"], "drug_added", json_encode([$drug,$dose,$route,$frequency,$date,$time,$duration,$addl]));
+ }
+ function omitDrug($id){
+ global $log;
+ if(!checkAccess("treatment", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
+ $stmt->bindValue(":end", time());
+ $stmt->bindValue(":omit", true);
+ $stmt->bindValue(":id", $id);
+ $stmt->execute();
+ $log->log(null, "drug_omitted", $id);
+ }
+ function addRequisition($pid, $test, $date, $time, $room, $form){
+ global $log;
+ if(!checkAccess("requisition", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO requisition (pid, test, time, room, form, status) VALUES (:pid, :test, :time, :room, :form, :status);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":test", $test);
+ $stmt->bindValue(":time", strtotime($date." ".$time));
+ $stmt->bindValue(":room", $room);
+ $stmt->bindValue(":form", $form);
+ $stmt->bindValue(":status", "active");
+ $stmt->execute();
+ $log->log($pid, "requisition_added", json_encode([$test,$room,$form]));
+ }
+ function omitRequisition($id){
+ global $log;
+ if(!checkAccess("requisition", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
+ $stmt->bindValue(":status", "done");
+ $stmt->bindValue(":id", $id);
+ $stmt->execute();
+ $log->log(null, "requisition_removed", $id);
+ }
+ function addAdvice($pid, $drug, $dose, $route, $frequency, $duration, $addl){
+ global $log;
+ if(!checkAccess("discharge", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO discharge (pid, drug, dose, route, frequency, duration, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :duration, :addl);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":drug", $drug);
+ $stmt->bindValue(":dose", $dose);
+ $stmt->bindValue(":route", $route);
+ $stmt->bindValue(":frequency", $frequency);
+ $stmt->bindValue(":duration", $duration);
+ $stmt->bindValue(":addl", $addl);
+ $stmt->execute();
+ }
+ function deleteAdvice($id){
+ global $log;
+ if(!checkAccess("discharge", "dbSet")) return false;
+ $stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;");
+ $stmt->bindValue(":id", $id);
+ $stmt->execute();
+ }
+ function setDischarged($pid){
+ global $log;
+ if(!checkAccess("discharge", "dbSet")) return false;
+ $stmt=$this->prepare("UPDATE patients SET status=:discharged WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":discharged", "discharged");
+ $stmt->execute();
+ $log->log($pid, "discharged", null);
+ }
+ function setDead($pid, $post){
+ global $log;
+ if(!checkAccess("death", "dbSet")) return false;
+ $stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
+ $stmt->bindValue(":data", json_encode($post));
+ $stmt->execute();
+ $stmt=$this->prepare("UPDATE patients SET status='expired' WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->execute();
+ $log->log($pid, "death_declare", json_encode($post));
+ }
+ function getDrugs($pid){
+ global $log;
+ if(!checkAccess("treatment", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getRequisitions($pid){
+ global $log;
+ if(!checkAccess("requisition", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status;");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":status", "active");
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getAdvice($pid){
+ global $log;
+ if(!checkAccess("discharge", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getName($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getAge($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getSex($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getWard($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getBed($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getStatus($pid){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getDiagnosis($pid){
+ global $log;
+ if(!checkAccess("diagnosis", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getPatientList(){
+ global $log;
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients;");
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getRequisitionList(){
+ global $log;
+ if(!checkAccess("requisition", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,pid,test,room,time,form FROM requisition WHERE status=:active;");
+ $stmt->bindValue(":active", "active");
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getForm($id){
+ global $log;
+ if(!checkAccess("report", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;");
+ $stmt->bindValue(":id", $id);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getAdmission($pid){
+ global $log;
+ if(!checkAccess("admission", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getAdmissionData($pid){
+ global $log;
+ if(!checkAccess("admission", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getDeparture($pid){
+ global $log;
+ if(!checkAccess("admission", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getSummary($pid){
+ global $log;
+ if(!checkAccess("summary", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getHistory($pid){
+ global $log;
+ if(!checkAccess("history", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;");
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getData($pid, $id, $cat){
+ global $log;
+ if($cat=="physician"){
+ if(!checkAccess("physician", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+ } elseif($cat=="nursing"){
+ if(!checkAccess("nursing", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+ } elseif($cat=="reports"){
+ if(!checkAccess("report", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id ORDER BY time DSC;");
+ } else{
+ return(false);
+ }
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":id", $id);
+ $result=$stmt->execute();
+ return($result);
+ }
+ function getAllData($pid, $cat){
+ global $log;
+ if($cat=="physician"){
+ if(!checkAccess("physician", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid ORDER BY time DSC;");
+ } elseif($cat=="nursing"){
+ if(!checkAccess("nursing", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid ORDER BY time DSC;");
+ } elseif($cat=="reports"){
+ if(!checkAccess("report", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid ORDER BY time DSC;");
+ } elseif($cat=="info"){
+ if(!checkAccess("info", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid ORDER BY time DSC;");
+ } elseif($cat=="history"){
+ if(!checkAccess("history", "dbGet")) return false;
+ $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid ORDER BY time DSC;");
+ } else{
+ return(false);
+ }
+ $stmt->bindValue(":pid", $pid);
+ $result=$stmt->execute();
+ return($result);
+ }
+}
+$db = new DB();
+?>
database/data.db
+database/log.db
www/data/*
},
"report": {
"admin": "all",
- "visiting": "view",
- "resident": "view",
+ "visiting": "all",
+ "resident": "all",
"nursing": "view",
"lab": "all",
"clerk": "view"
define("CONFIG_WWW", CONFIG_ROOT."www/");
define("CONFIG_LIB", CONFIG_ROOT."lib/");
define("CONFIG_DB", CONFIG_ROOT."database/data.db");
+define("CONFIG_LOG", CONFIG_ROOT."database/log.db");
+define("CONFIG_TITLE", "SimpleIPD");
?>
--- /dev/null
+
+CREATE TABLE death(
+pid int,
+time int,
+data text
+);
+CREATE TABLE discharge(
+pid int,
+drug text,
+dose text,
+route text,
+frequency text,
+duration text,
+addl text
+);
+CREATE TABLE nursing(
+pid int,
+time int,
+data text
+);
+CREATE TABLE patients(
+pid int unique,
+name text,
+age int,
+sex text,
+status text,
+vp text,
+diagnosis text,
+summary text,
+admission int,
+departure int,
+ward text,
+bed int,
+data text,
+history text
+);
+CREATE TABLE physician(
+pid int,
+time int,
+data text
+);
+CREATE TABLE reports(
+pid int,
+time int,
+form text,
+data text
+);
+CREATE TABLE requisition(
+pid int,
+test text,
+time int,
+room text,
+sample text,
+form text,
+status text
+);
+CREATE TABLE treatment(
+pid int,
+drug text,
+dose text,
+route text,
+frequency text,
+start int,
+end int,
+duration text,
+omit boolean,
+addl text
+);
+CREATE TABLE users(
+user text unique,
+usergroup text,
+department text,
+hash text,
+change boolean,
+last int
+);
$this->open(CONFIG_DB);
}
function checkUser($username, $password){
+ global $log;
$stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
$stmt->bindValue(":user", $username);
$result=$stmt->execute();
}
}
function getGroup($username){
+ global $log;
$stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user");
$stmt->bindValue(":user", $username);
$result=$stmt->execute();
return($result);
}
function getDepartment($username){
+ global $log;
$stmt=$this->prepare("SELECT department FROM users WHERE user=:user");
$stmt->bindValue(":user", $username);
$result=$stmt->execute();
return($result);
}
function admit($post){
+ global $log;
if(!checkAccess("admission", "dbSet")) return false;
$query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
$query->bindValue(":pid", $post["pid"]);
$stmt->bindValue(":vp", $post["vp"]);
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($post["pid"], "admit", json_encode($post));
}
function editCase($pid, $diagnosis, $summary){
+ global $log;
if(!checkAccess("history", "dbSet")) return false;
$stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":diagnosis", $diagnosis);
$stmt->bindValue(":summary", $summary);
$stmt->execute();
+ $log->log($pid, "case_edit", json_encode([$diagnosis, $summary]));
}
function updateHistory($post, $pid){
+ global $log;
if(!checkAccess("history", "dbSet:")) return false;
$stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;");
$stmt->bindValue(":history", json_encode($post));
$stmt->bindValue(":pid", $pid);
$stmt->execute();
+ $log->log($pid, "history", json_encode($post));
}
function addPhysician($post, $pid){
+ global $log;
if(!checkAccess("physician", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "physician_note", json_encode($post));
}
function editPhysician($post, $pid, $id){
+ global $log;
if(!checkAccess("physician", "dbSet")) return false;
$stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "edit_physician_note", json_encode($post));
}
function addNursing($post, $pid){
+ global $log;
if(!checkAccess("nursing", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "nursing_note", json_encode($post));
}
function editNursing($post, $pid, $id){
+ global $log;
if(!checkAccess("nursing", "dbSet")) return false;
$stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "edit_nursing_note", json_encode($post));
}
function addReport($post, $pid, $form){
+ global $log;
if(!checkAccess("report", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":form", $post["form"]);
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "report_added", json_encode($post));
}
function editReport($post, $pid, $id, $form){
+ global $log;
if(!checkAccess("report", "dbSet")) return false;
$stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
$stmt->bindValue(":data", json_encode($post));
$stmt->execute();
+ $log->log($pid, "report_edited", json_encode($post));
}
function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){
+ global $log;
if(!checkAccess("treatment", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":addl", $addl);
$stmt->bindValue(":omit", false);
$stmt->execute();
+ $log->log($post["pid"], "drug_added", json_encode([$drug,$dose,$route,$frequency,$date,$time,$duration,$addl]));
}
function omitDrug($id){
+ global $log;
if(!checkAccess("treatment", "dbSet")) return false;
$stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
$stmt->bindValue(":end", time());
$stmt->bindValue(":omit", true);
$stmt->bindValue(":id", $id);
$stmt->execute();
+ $log->log(null, "drug_omitted", $id);
}
function addRequisition($pid, $test, $date, $time, $room, $form){
+ global $log;
if(!checkAccess("requisition", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO requisition (pid, test, time, room, form, status) VALUES (:pid, :test, :time, :room, :form, :status);");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":form", $form);
$stmt->bindValue(":status", "active");
$stmt->execute();
+ $log->log($pid, "requisition_added", json_encode([$test,$room,$form]));
}
function omitRequisition($id){
+ global $log;
if(!checkAccess("requisition", "dbSet")) return false;
$stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
$stmt->bindValue(":status", "done");
$stmt->bindValue(":id", $id);
$stmt->execute();
+ $log->log(null, "requisition_removed", $id);
}
- function addAdvice($pid, $name, $dose, $route, $frequency, $duration, $addl){
+ function addAdvice($pid, $drug, $dose, $route, $frequency, $duration, $addl){
+ global $log;
if(!checkAccess("discharge", "dbSet")) return false;
- $stmt=$this->prepare("INSERT INTO discharge (pid, name, dose, route, frequency, duration, addl) VALUES (:pid, :name, :dose, :route, :frequency, :duration, :addl);");
+ $stmt=$this->prepare("INSERT INTO discharge (pid, drug, dose, route, frequency, duration, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :duration, :addl);");
$stmt->bindValue(":pid", $pid);
- $stmt->bindValue(":name", $name);
+ $stmt->bindValue(":drug", $drug);
$stmt->bindValue(":dose", $dose);
$stmt->bindValue(":route", $route);
$stmt->bindValue(":frequency", $frequency);
$stmt->execute();
}
function deleteAdvice($id){
+ global $log;
if(!checkAccess("discharge", "dbSet")) return false;
$stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;");
$stmt->bindValue(":id", $id);
$stmt->execute();
}
function setDischarged($pid){
+ global $log;
if(!checkAccess("discharge", "dbSet")) return false;
$stmt=$this->prepare("UPDATE patients SET status=:discharged WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":discharged", "discharged");
$stmt->execute();
+ $log->log($pid, "discharged", null);
}
function setDead($pid, $post){
+ global $log;
if(!checkAccess("death", "dbSet")) return false;
$stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);");
$stmt->bindValue(":pid", $pid);
$stmt=$this->prepare("UPDATE patients SET status='expired' WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
$stmt->execute();
+ $log->log($pid, "death_declare", json_encode($post));
}
function getDrugs($pid){
+ global $log;
if(!checkAccess("treatment", "dbGet")) return false;
$stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getRequisitions($pid){
+ global $log;
if(!checkAccess("requisition", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status;");
+ $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status ORDER BY room;");
$stmt->bindValue(":pid", $pid);
$stmt->bindValue(":status", "active");
$result=$stmt->execute();
return($result);
}
function getAdvice($pid){
+ global $log;
if(!checkAccess("discharge", "dbGet")) return false;
$stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getName($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getAge($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getSex($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getWard($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getBed($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getStatus($pid){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getDiagnosis($pid){
+ global $log;
if(!checkAccess("diagnosis", "dbGet")) return false;
$stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getPatientList(){
+ global $log;
if(!checkAccess("info", "dbGet")) return false;
$stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients;");
$result=$stmt->execute();
return($result);
}
function getRequisitionList(){
+ global $log;
if(!checkAccess("requisition", "dbGet")) return false;
$stmt=$this->prepare("SELECT rowid,pid,test,room,time,form FROM requisition WHERE status=:active;");
$stmt->bindValue(":active", "active");
return($result);
}
function getForm($id){
+ global $log;
if(!checkAccess("report", "dbGet")) return false;
$stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;");
$stmt->bindValue(":id", $id);
return($result);
}
function getAdmission($pid){
+ global $log;
if(!checkAccess("admission", "dbGet")) return false;
$stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getAdmissionData($pid){
+ global $log;
if(!checkAccess("admission", "dbGet")) return false;
$stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getDeparture($pid){
+ global $log;
if(!checkAccess("admission", "dbGet")) return false;
$stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getSummary($pid){
+ global $log;
if(!checkAccess("summary", "dbGet")) return false;
$stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getHistory($pid){
+ global $log;
if(!checkAccess("history", "dbGet")) return false;
$stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;");
$stmt->bindValue(":pid", $pid);
return($result);
}
function getData($pid, $id, $cat){
+ global $log;
if($cat=="physician"){
if(!checkAccess("physician", "dbGet")) return false;
- $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id;");
+ $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
} elseif($cat=="nursing"){
if(!checkAccess("nursing", "dbGet")) return false;
- $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id;");
+ $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
} elseif($cat=="reports"){
if(!checkAccess("report", "dbGet")) return false;
- $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id;");
+ $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
} else{
return(false);
}
return($result);
}
function getAllData($pid, $cat){
+ global $log;
if($cat=="physician"){
if(!checkAccess("physician", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid;");
+ $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid ORDER BY time DESC;");
} elseif($cat=="nursing"){
if(!checkAccess("nursing", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid;");
+ $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid ORDER BY time DESC;");
} elseif($cat=="reports"){
if(!checkAccess("report", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid;");
+ $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid ORDER BY time DESC;");
} elseif($cat=="info"){
if(!checkAccess("info", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid;");
+ $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid ORDER BY time DESC;");
} elseif($cat=="history"){
if(!checkAccess("history", "dbGet")) return false;
- $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid;");
+ $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid ORDER BY time DESC;");
} else{
return(false);
}
$form=$form."</select>";
}
elseif(isSet($prop->format) && $prop->format=="textarea"){
- $form=$form."<textarea class='form-control' name='".$field."' id='".$field."'>".$value."</textarea>";
+ $form=$form."<textarea class='form-control' name='".$field."' id='".$field."'>".$data->$field."</textarea>";
}
elseif($field=="pid"){
$form=$form."<input class='form-control' ".$lockpid." ".$req." type='".$type."' step='any' name='".$field."' id='".$field."' ".$value.">";
unset($data->cat);
$view="<table class='table'>";
foreach($data as $field=>$value){
- if($field!="form"){
+ if(!empty($value) && $field!="form"){
if(!empty($schema->properties->$field)){
$view=$view."<tr><td>".$schema->properties->$field->description."</td><td>".$value."</td></tr>";
}
--- /dev/null
+<?php
+class LG extends SQLite3 {
+ function __construct(){
+ $this->open(CONFIG_LOG);
+ }
+ function log($pid, $action, $data){
+ $stmt=$this->prepare("INSERT INTO log (pid, user, action, time, data) VALUES (:pid, :user, :action, :time, :data)");
+ $stmt->bindValue(":pid", $pid);
+ $stmt->bindValue(":user", $_SESSION["user"]);
+ $stmt->bindValue(":action", $action);
+ $stmt->bindValue(":time", time());
+ $stmt->bindValue(":data", $data);
+ $stmt->execute();
+ }
+}
+$log = new LG();
+?>
--- /dev/null
+CREATE TABLE log(
+pid int,
+user text,
+action text,
+time int,
+data text
+);
<?php
require(__DIR__."/config.php");
require("lib/access.php");
+require("lib/log.php");
require("lib/db.php");
require("lib/functions.php");
session_start();
$page=basename($_SERVER["PHP_SELF"]);
-if($page!="login.php" && $page!="index.php"){
+if($page!="login.php"){
if(empty($_SESSION["user"])){
header("Location: login.php");
exit();
}
+}
+if($page!="login.php" && $page!="index.php"){
$access=checkAccess(basename($_SERVER["PHP_SELF"], ".php"));
if($access!="all" && $access!="view"){
header("Location: error.php");
+++ /dev/null
-
-CREATE TABLE death(
-pid int,
-time int,
-data text
-);
-CREATE TABLE discharge(
-pid int,
-drug text,
-dose text,
-route text,
-frequency text,
-duration text,
-addl text
-);
-CREATE TABLE nursing(
-pid int,
-time int,
-data text
-);
-CREATE TABLE patients(
-pid int unique,
-name text,
-age int,
-sex text,
-status text,
-vp text,
-diagnosis text,
-summary text,
-admission int,
-departure int,
-ward text,
-bed int,
-data text,
-history text
-);
-CREATE TABLE physician(
-pid int,
-time int,
-data text
-);
-CREATE TABLE reports(
-pid int,
-time int,
-form text,
-data text
-);
-CREATE TABLE requisition(
-pid int,
-test text,
-time int,
-room text,
-sample text,
-form text,
-status text
-);
-CREATE TABLE treatment(
-pid int,
-drug text,
-dose text,
-route text,
-frequency text,
-start int,
-end int,
-duration text,
-omit boolean,
-addl text
-);
-CREATE TABLE users(
-user text unique,
-usergroup text,
-department text,
-hash text,
-change boolean,
-last int
-);
</head>
<body>
<div class="container">
- <h1>SimpleIPD</h1>
+ <h1><?php echo CONFIG_TITLE;?></h1>
<div class="card">
<div class="card-body">
<h4 class="card-title">Patient List</h4>
});
$("[name='time']").each(function(){
if($(this).val()==""){
- $(this).val(moment().format("HH:MM"));
+ $(this).val(moment().format("hh:mm"));
}
});
if($("[name='drug']").length){
<h1>Patient Data</h1>
<div class="card">
<div class="card-body">
- <a class="mb-3 btn btn-secondary" href="admission.php?pid=<?php echo $pid;?>">Edit Information</a>
- <a class="mb-3 btn btn-secondary" href="history.php?pid=<?php echo $pid;?>">Edit History</a>
- <a class="mb-3 btn btn-secondary" href="physician.php?pid=<?php echo $pid;?>">Add Physician Note</a>
- <a class="mb-3 btn btn-secondary" href="nursing.php?pid=<?php echo $pid;?>">Add Nursing Note</a>
- <a class="mb-3 btn btn-secondary" href="laboratory.php?pid=<?php echo $pid;?>">Add Laboratory Report</a>
- <a class="mb-3 btn btn-secondary" href="requisition.php?pid=<?php echo $pid;?>">Add Requisition</a>
+ <div class="row">
+ <div class="mb-2 col-md-3" id="treatment" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="btn btn-success btn-lg btn-block" href="treatment.php?pid=<?php echo $pid;?>">Treatment</a>
+ </div>
+ <div class="mb-2 col-md-3" id="physician" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-primary btn-lg btn-block" href="physician.php?pid=<?php echo $pid;?>">Add Physician Note</a>
+ </div>
+ <div class="mb-2 col-md-3" id="nursing" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-warning btn-lg btn-block" href="nursing.php?pid=<?php echo $pid;?>">Add Nursing Note</a>
+ </div>
+ <div class="mb-2 col-md-3" id="requisition" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-danger btn-lg btn-block" href="requisition.php?pid=<?php echo $pid;?>">Add Requisition</a>
+ </div>
+ </div>
+ <div class="row">
+ <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-secondary" href="admission.php?pid=<?php echo $pid;?>">Edit Information</a>
+ </div>
+ <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-secondary" href="history.php?pid=<?php echo $pid;?>">Edit History</a>
+ </div>
+ <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="mb-2 btn btn-secondary" href="laboratory.php?pid=<?php echo $pid;?>">Add Report</a>
+ </div>
+ <div class="mb-2 col-md-2" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="btn btn-secondary" href="attachments.php?pid=<?php echo $pid;?>">Attachments</a>
+ </div>
+ <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-2" id="discharge" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="btn btn-secondary" href="discharge.php?pid=<?php echo $pid;?>">Discharge</a>
+ </div>
+ <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-2" id="death" <?php if($info=="") echo "style='display:none'";?>>
+ <a class="btn btn-secondary" href="death.php?pid=<?php echo $pid;?>">Death</a>
+ </div>
+ </div>
</div>
</div>
<div <?php if(empty($pid)) echo "style='display:none'";?>>
<div class="tab-content" id="viewtabs">
<div class="tab-pane fade show active" id="info" role="tabpanel" aria-labelledby="info-tab">
<div class='card'><div class='card-body'>Status: <?php echo $status;?></div></div>
- <?php echo $info;?>
+ <div class="row">
+ <div class="col-md-6">
+ <?php echo $info;?>
+ </div>
+ <div class="col-md-6">
+ <table class="table">
+ <tr><th>Diagnosis</th><td><?php echo $db->getDiagnosis($pid)->fetchArray()["diagnosis"];?></td></tr>
+ <tr><th>Summary</th><td><?php echo $db->getSummary($pid)->fetchArray()["summary"];?></td></tr>
+ </table>
+ </div>
+ </div>
</div>
<div class="tab-pane fade" id="history" role="tabpanel" aria-labelledby="history-tab">
<?php echo $history;?>
</div>
</div>
<hr>
- <div class="row">
- <div class="mb-2 col-md-3" id="treatment" <?php if($info=="") echo "style='display:none'";?>>
- <a class="btn btn-success btn-lg" href="treatment.php?pid=<?php echo $pid;?>">Treatment</a>
- </div>
- <div class="mb-2 col-md-3" id="attachment" <?php if($info=="") echo "style='display:none'";?>>
- <a class="btn btn-primary btn-lg" href="attachments.php?pid=<?php echo $pid;?>">Attachments</a>
- </div>
- <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-3" id="discharge" <?php if($info=="") echo "style='display:none'";?>>
- <a class="btn btn-warning btn-lg" href="discharge.php?pid=<?php echo $pid;?>">Discharge</a>
- </div>
- <div <?php if($status!="admitted") echo "style='display:none'";?> class="mb-2 col-md-3" id="death" <?php if($info=="") echo "style='display:none'";?>>
- <a class="btn btn-danger btn-lg" href="death.php?pid=<?php echo $pid;?>">Death</a>
- </div>
- </div>
</div>
</div>
<div <?php if(!empty($pid)) echo "style='display:none'";?>>