rows(); array_shift($rows); // Skip header } } return $rows; } function upload_file($file_array, $index, $target_dir = "assets/uploads/") { if (!isset($file_array["name"][$index]) || $file_array["error"][$index] !== UPLOAD_ERR_OK) { return null; } if (!is_dir(__DIR__ . "/../" . $target_dir)) { mkdir(__DIR__ . "/../" . $target_dir, 0775, true); } $filename = time() . "_" . basename($file_array["name"][$index]); $target_file = $target_dir . $filename; if (move_uploaded_file($file_array["tmp_name"][$index], __DIR__ . "/../" . $target_file)) { return $target_file; } return null; } $lang = $_SESSION['lang'] ?? 'en'; $redirect = false; if (isset($_POST['action'])) { if ($_POST['action'] === 'add_patient') { $name = $_POST['name'] ?? ''; $phone = $_POST['phone'] ?? ''; $dob = $_POST['dob'] ?: null; $gender = $_POST['gender'] ?? ''; $blood_group = $_POST['blood_group'] ?? ''; $insurance_company_id = $_POST['insurance_company_id'] ?: null; $policy_number = $_POST['policy_number'] ?? ''; $address = $_POST['address'] ?? ''; if ($name) { $stmt = $db->prepare("INSERT INTO patients (name, phone, dob, gender, blood_group, insurance_company_id, policy_number, address) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$name, $phone, $dob, $gender, $blood_group, $insurance_company_id, $policy_number, $address]); $_SESSION['flash_message'] = __('add_patient') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_patient') { $id = $_POST['id'] ?? ''; $name = $_POST['name'] ?? ''; $phone = $_POST['phone'] ?? ''; $dob = $_POST['dob'] ?: null; $gender = $_POST['gender'] ?? ''; $blood_group = $_POST['blood_group'] ?? ''; $insurance_company_id = $_POST['insurance_company_id'] ?: null; $policy_number = $_POST['policy_number'] ?? ''; $address = $_POST['address'] ?? ''; if ($id && $name) { $stmt = $db->prepare("UPDATE patients SET name = ?, phone = ?, dob = ?, gender = ?, blood_group = ?, insurance_company_id = ?, policy_number = ?, address = ? WHERE id = ?"); $stmt->execute([$name, $phone, $dob, $gender, $blood_group, $insurance_company_id, $policy_number, $address, $id]); $_SESSION['flash_message'] = __('edit_patient') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_patient') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM patients WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_doctor') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $tel = $_POST['tel'] ?? ''; $email = $_POST['email'] ?? ''; $spec_en = $_POST['specialization_en'] ?? ''; $spec_ar = $_POST['specialization_ar'] ?? ''; $dept_id = $_POST['department_id'] ?: null; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO doctors (name_en, name_ar, tel, email, specialization_en, specialization_ar, department_id) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $tel, $email, $spec_en, $spec_ar, $dept_id]); $_SESSION['flash_message'] = __('add_doctor') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_doctor') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $tel = $_POST['tel'] ?? ''; $email = $_POST['email'] ?? ''; $spec_en = $_POST['specialization_en'] ?? ''; $spec_ar = $_POST['specialization_ar'] ?? ''; $dept_id = $_POST['department_id'] ?: null; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE doctors SET name_en = ?, name_ar = ?, tel = ?, email = ?, specialization_en = ?, specialization_ar = ?, department_id = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $tel, $email, $spec_en, $spec_ar, $dept_id, $id]); $_SESSION['flash_message'] = __('edit_doctor') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_doctor') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM doctors WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_nurse') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $tel = $_POST['tel'] ?? ''; $email = $_POST['email'] ?? ''; $dept_id = $_POST['department_id'] ?: null; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO nurses (name_en, name_ar, tel, email, department_id) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $tel, $email, $dept_id]); $_SESSION['flash_message'] = __('add_nurse') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_nurse') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $tel = $_POST['tel'] ?? ''; $email = $_POST['email'] ?? ''; $dept_id = $_POST['department_id'] ?: null; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE nurses SET name_en = ?, name_ar = ?, tel = ?, email = ?, department_id = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $tel, $email, $dept_id, $id]); $_SESSION['flash_message'] = __('edit_nurse') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_nurse') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM nurses WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_department') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO departments (name_en, name_ar) VALUES (?, ?)"); $stmt->execute([$name_en, $name_ar]); $_SESSION['flash_message'] = __('add_department') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_department') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE departments SET name_en = ?, name_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $id]); $_SESSION['flash_message'] = __('edit_department') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_department') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM departments WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'book_appointment') { $patient_id = $_POST['patient_id'] ?? ''; $doctor_id = $_POST['doctor_id'] ?? ''; $date = $_POST['date'] ?? ''; $reason = $_POST['reason'] ?? ''; if ($patient_id && $doctor_id && $date) { $stmt = $db->prepare("INSERT INTO appointments (patient_id, doctor_id, start_time, end_time, reason) VALUES (?, ?, ?, DATE_ADD(?, INTERVAL 30 MINUTE), ?)"); $stmt->execute([$patient_id, $doctor_id, $date, $date, $reason]); $_SESSION['flash_message'] = __('book_appointment') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'record_visit') { $patient_id = $_POST['patient_id'] ?? ''; $doctor_id = $_POST['doctor_id'] ?? ''; $appointment_id = $_POST['appointment_id'] ?: null; $weight = $_POST['weight'] ?? ''; $bp = $_POST['blood_pressure'] ?? ''; $hr = $_POST['heart_rate'] ?? ''; $temp = $_POST['temperature'] ?? ''; $symptoms = $_POST['symptoms'] ?? ''; $diagnosis = $_POST['diagnosis'] ?? ''; $treatment = $_POST['treatment_plan'] ?? ''; if ($patient_id && $doctor_id) { $db->beginTransaction(); $stmt = $db->prepare("INSERT INTO visits (patient_id, doctor_id, appointment_id, weight, blood_pressure, heart_rate, temperature, symptoms, diagnosis, treatment_plan) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$patient_id, $doctor_id, $appointment_id, $weight, $bp, $hr, $temp, $symptoms, $diagnosis, $treatment]); $visit_id = $db->lastInsertId(); if (isset($_POST['prescriptions']) && is_array($_POST['prescriptions'])) { $drug_names = $_POST['prescriptions']['drug_name'] ?? []; $dosages = $_POST['prescriptions']['dosage'] ?? []; $instructions = $_POST['prescriptions']['instructions'] ?? []; $pStmt = $db->prepare("INSERT INTO visit_prescriptions (visit_id, drug_name, dosage, instructions) VALUES (?, ?, ?, ?)"); foreach ($drug_names as $i => $drug) { if (!empty($drug)) { $pStmt->execute([$visit_id, $drug, $dosages[$i] ?? '', $instructions[$i] ?? '']); } } } if ($appointment_id) { $stmt = $db->prepare("UPDATE appointments SET status = 'Completed' WHERE id = ?"); $stmt->execute([$appointment_id]); } $db->commit(); $_SESSION['flash_message'] = __('add_visit') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_visit') { $id = $_POST['id'] ?? ''; $patient_id = $_POST['patient_id'] ?? ''; $doctor_id = $_POST['doctor_id'] ?? ''; $weight = $_POST['weight'] ?? ''; $bp = $_POST['blood_pressure'] ?? ''; $hr = $_POST['heart_rate'] ?? ''; $temp = $_POST['temperature'] ?? ''; $symptoms = $_POST['symptoms'] ?? ''; $diagnosis = $_POST['diagnosis'] ?? ''; $treatment = $_POST['treatment_plan'] ?? ''; if ($id && $patient_id && $doctor_id) { $stmt = $db->prepare("UPDATE visits SET patient_id = ?, doctor_id = ?, weight = ?, blood_pressure = ?, heart_rate = ?, temperature = ?, symptoms = ?, diagnosis = ?, treatment_plan = ? WHERE id = ?"); $stmt->execute([$patient_id, $doctor_id, $weight, $bp, $hr, $temp, $symptoms, $diagnosis, $treatment, $id]); $stmt = $db->prepare("DELETE FROM visit_prescriptions WHERE visit_id = ?"); $stmt->execute([$id]); if (isset($_POST['prescriptions']) && is_array($_POST['prescriptions'])) { $drug_names = $_POST['prescriptions']['drug_name'] ?? []; $dosages = $_POST['prescriptions']['dosage'] ?? []; $instructions = $_POST['prescriptions']['instructions'] ?? []; $pStmt = $db->prepare("INSERT INTO visit_prescriptions (visit_id, drug_name, dosage, instructions) VALUES (?, ?, ?, ?)"); foreach ($drug_names as $i => $drug) { if (!empty($drug)) { $pStmt->execute([$id, $drug, $dosages[$i] ?? '', $instructions[$i] ?? '']); } } } $_SESSION['flash_message'] = __('edit_visit') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_visit') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM visits WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'create_bill') { $patient_id = $_POST['patient_id'] ?? ''; $visit_id = $_POST['visit_id'] ?: null; $items = $_POST['items'] ?? []; $amounts = $_POST['amounts'] ?? []; if ($patient_id && !empty($items)) { $db->beginTransaction(); $total = array_sum($amounts); // Check if patient has insurance $stmt = $db->prepare("SELECT insurance_company_id FROM patients WHERE id = ?"); $stmt->execute([$patient_id]); $patient = $stmt->fetch(); $insurance_covered = 0; if ($patient && $patient['insurance_company_id']) { $insurance_covered = $total * 0.8; // 80% coverage } $patient_payable = $total - $insurance_covered; $stmt = $db->prepare("INSERT INTO bills (patient_id, visit_id, total_amount, insurance_covered, patient_payable) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$patient_id, $visit_id, $total, $insurance_covered, $patient_payable]); $bill_id = $db->lastInsertId(); $stmt = $db->prepare("INSERT INTO bill_items (bill_id, description, amount) VALUES (?, ?, ?)"); foreach ($items as $index => $desc) { if ($desc && isset($amounts[$index])) { $stmt->execute([$bill_id, $desc, $amounts[$index]]); } } $db->commit(); $_SESSION['flash_message'] = __('create_bill') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'create_report') { $visit_id = $_POST['visit_id'] ?? ''; $type = $_POST['report_type'] ?? ''; $findings = $_POST['findings'] ?? ''; $recom = $_POST['recommendations'] ?? ''; if ($visit_id && $type) { $stmt = $db->prepare("INSERT INTO provisional_reports (visit_id, report_type, findings, recommendations) VALUES (?, ?, ?, ?)"); $stmt->execute([$visit_id, $type, $findings, $recom]); $_SESSION['flash_message'] = __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_employee') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $dob = $_POST['dob'] ?: null; $mobile = $_POST['mobile'] ?? ''; $email = $_POST['email'] ?? ''; $dept_id = $_POST['department_id'] ?: null; $passion_en = $_POST['passion_en'] ?? ''; $passion_ar = $_POST['passion_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO employees (name_en, name_ar, dob, mobile, email, department_id, passion_en, passion_ar) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $dob, $mobile, $email, $dept_id, $passion_en, $passion_ar]); $_SESSION['flash_message'] = __('add_employee') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_employee') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $dob = $_POST['dob'] ?: null; $mobile = $_POST['mobile'] ?? ''; $email = $_POST['email'] ?? ''; $dept_id = $_POST['department_id'] ?: null; $passion_en = $_POST['passion_en'] ?? ''; $passion_ar = $_POST['passion_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE employees SET name_en = ?, name_ar = ?, dob = ?, mobile = ?, email = ?, department_id = ?, passion_en = ?, passion_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $dob, $mobile, $email, $dept_id, $passion_en, $passion_ar, $id]); $_SESSION['flash_message'] = __('edit_employee') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_employee') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM employees WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_poison') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $desc_en = $_POST['description_en'] ?? ''; $desc_ar = $_POST['description_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO poisons (name_en, name_ar, description_en, description_ar) VALUES (?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $desc_en, $desc_ar]); $_SESSION['flash_message'] = __('add_poison') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_poison') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $desc_en = $_POST['description_en'] ?? ''; $desc_ar = $_POST['description_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE poisons SET name_en = ?, name_ar = ?, description_en = ?, description_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $desc_en, $desc_ar, $id]); $_SESSION['flash_message'] = __('edit_poison') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_poison') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM poisons WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_test_group') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO test_groups (name_en, name_ar) VALUES (?, ?)"); $stmt->execute([$name_en, $name_ar]); $_SESSION['flash_message'] = __('add_test_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_test_group') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE test_groups SET name_en = ?, name_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $id]); $_SESSION['flash_message'] = __('edit_test_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_test_group') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM test_groups WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_test') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $group_id = $_POST['group_id'] ?: null; $price = $_POST['price'] ?? 0; $range = $_POST['normal_range'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO laboratory_tests (name_en, name_ar, group_id, price, normal_range) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $group_id, $price, $range]); $_SESSION['flash_message'] = __('add_test') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_test') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $group_id = $_POST['group_id'] ?: null; $price = $_POST['price'] ?? 0; $range = $_POST['normal_range'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE laboratory_tests SET name_en = ?, name_ar = ?, group_id = ?, price = ?, normal_range = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $group_id, $price, $range, $id]); $_SESSION['flash_message'] = __('edit_test') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_test') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM laboratory_tests WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete_test') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_inquiry') { $patient_name = $_POST['patient_name'] ?? ''; $test_ids = $_POST['test_ids'] ?? []; $results = $_POST['results'] ?? []; $source = $_POST['source'] ?? 'Internal'; $date = $_POST['inquiry_date'] ?: date('Y-m-d H:i'); $status = $_POST['status'] ?? 'Pending'; $notes = $_POST['notes'] ?? ''; if ($patient_name) { $db->beginTransaction(); $stmt = $db->prepare("INSERT INTO laboratory_inquiries (patient_id, visit_id, patient_name, source, inquiry_date, status, notes) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$_POST['patient_id'] ?: null, $_POST['visit_id'] ?: null, $patient_name, $source, $date, $status, $notes]); $inquiry_id = $db->lastInsertId(); if (!empty($test_ids)) { $testStmt = $db->prepare("INSERT INTO inquiry_tests (inquiry_id, test_id, result, attachment) VALUES (?, ?, ?, ?)"); foreach ($test_ids as $index => $tid) { if ($tid) { $attachment = upload_file($_FILES['attachments'] ?? null, $index, "assets/uploads/labs/"); $testStmt->execute([$inquiry_id, $tid, $results[$index] ?? '', $attachment]); } } } $db->commit(); $_SESSION['flash_message'] = __('add_inquiry') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_inquiry') { $id = $_POST['id'] ?? ''; $patient_name = $_POST['patient_name'] ?? ''; $test_ids = $_POST['test_ids'] ?? []; $results = $_POST['results'] ?? []; $existing_attachments = $_POST['existing_attachments'] ?? []; $source = $_POST['source'] ?? 'Internal'; $date = $_POST['inquiry_date'] ?: date('Y-m-d H:i'); $status = $_POST['status'] ?? 'Pending'; $notes = $_POST['notes'] ?? ''; if ($id && $patient_name) { $db->beginTransaction(); $stmt = $db->prepare("UPDATE laboratory_inquiries SET patient_id = ?, visit_id = ?, patient_name = ?, source = ?, inquiry_date = ?, status = ?, notes = ? WHERE id = ?"); $stmt->execute([$_POST['patient_id'] ?: null, $_POST['visit_id'] ?: null, $patient_name, $source, $date, $status, $notes, $id]); // Remove old tests and insert new ones $stmt = $db->prepare("DELETE FROM inquiry_tests WHERE inquiry_id = ?"); $stmt->execute([$id]); if (!empty($test_ids)) { $testStmt = $db->prepare("INSERT INTO inquiry_tests (inquiry_id, test_id, result, attachment) VALUES (?, ?, ?, ?)"); foreach ($test_ids as $index => $tid) { if ($tid) { $attachment = upload_file($_FILES['attachments'] ?? null, $index, "assets/uploads/labs/") ?: ($existing_attachments[$index] ?? null); $testStmt->execute([$id, $tid, $results[$index] ?? '', $attachment]); } } } $db->commit(); $_SESSION['flash_message'] = __('edit_inquiry') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_inquiry') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM laboratory_inquiries WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_xray_group') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO xray_groups (name_en, name_ar) VALUES (?, ?)"); $stmt->execute([$name_en, $name_ar]); $_SESSION['flash_message'] = __('add_xray_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_xray_group') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE xray_groups SET name_en = ?, name_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $id]); $_SESSION['flash_message'] = __('edit_xray_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_xray_group') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM xray_groups WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_xray_test') { $group_id = $_POST['group_id'] ?: null; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $price = $_POST['price'] ?? 0; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO xray_tests (group_id, name_en, name_ar, price) VALUES (?, ?, ?, ?)"); $stmt->execute([$group_id, $name_en, $name_ar, $price]); $_SESSION['flash_message'] = __('add_xray_test') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_xray_test') { $id = $_POST['id'] ?? ''; $group_id = $_POST['group_id'] ?: null; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $price = $_POST['price'] ?? 0; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE xray_tests SET group_id = ?, name_en = ?, name_ar = ?, price = ? WHERE id = ?"); $stmt->execute([$group_id, $name_en, $name_ar, $price, $id]); $_SESSION['flash_message'] = __('edit_xray_test') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_xray_test') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM xray_tests WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_xray_inquiry') { $patient_name = $_POST['patient_name'] ?? ''; $xray_ids = $_POST['xray_ids'] ?? []; $results = $_POST['results'] ?? []; $source = $_POST['source'] ?? 'Internal'; $date = $_POST['inquiry_date'] ?: date('Y-m-d H:i'); $status = $_POST['status'] ?? 'Pending'; $notes = $_POST['notes'] ?? ''; if ($patient_name) { $db->beginTransaction(); $stmt = $db->prepare("INSERT INTO xray_inquiries (patient_id, visit_id, patient_name, source, inquiry_date, status, notes) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$_POST['patient_id'] ?: null, $_POST['visit_id'] ?: null, $patient_name, $source, $date, $status, $notes]); $inquiry_id = $db->lastInsertId(); if (!empty($xray_ids)) { $testStmt = $db->prepare("INSERT INTO xray_inquiry_items (inquiry_id, xray_id, result, attachment) VALUES (?, ?, ?, ?)"); foreach ($xray_ids as $index => $tid) { if ($tid) { $attachment = upload_file($_FILES['attachments'] ?? null, $index, "assets/uploads/xrays/"); $testStmt->execute([$inquiry_id, $tid, $results[$index] ?? '', $attachment]); } } } $db->commit(); $_SESSION['flash_message'] = __('add_xray_inquiry') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_xray_inquiry') { $id = $_POST['id'] ?? ''; $patient_name = $_POST['patient_name'] ?? ''; $xray_ids = $_POST['xray_ids'] ?? []; $existing_attachments = $_POST['existing_attachments'] ?? []; $results = $_POST['results'] ?? []; $source = $_POST['source'] ?? 'Internal'; $date = $_POST['inquiry_date'] ?: date('Y-m-d H:i'); $status = $_POST['status'] ?? 'Pending'; $notes = $_POST['notes'] ?? ''; if ($id && $patient_name) { $db->beginTransaction(); $stmt = $db->prepare("UPDATE xray_inquiries SET patient_id = ?, visit_id = ?, patient_name = ?, source = ?, inquiry_date = ?, status = ?, notes = ? WHERE id = ?"); $stmt->execute([$_POST['patient_id'] ?: null, $_POST['visit_id'] ?: null, $patient_name, $source, $date, $status, $notes, $id]); $stmt = $db->prepare("DELETE FROM xray_inquiry_items WHERE inquiry_id = ?"); $stmt->execute([$id]); if (!empty($xray_ids)) { $testStmt = $db->prepare("INSERT INTO xray_inquiry_items (inquiry_id, xray_id, result, attachment) VALUES (?, ?, ?, ?)"); foreach ($xray_ids as $index => $tid) { if ($tid) { $attachment = upload_file($_FILES['attachments'] ?? null, $index, "assets/uploads/xrays/") ?: ($existing_attachments[$index] ?? null); $testStmt->execute([$id, $tid, $results[$index] ?? '', $attachment]); } } } $db->commit(); $_SESSION['flash_message'] = __('edit_xray_inquiry') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_xray_inquiry') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM xray_inquiries WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_drug_group') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO drugs_groups (name_en, name_ar) VALUES (?, ?)"); $stmt->execute([$name_en, $name_ar]); $_SESSION['flash_message'] = __('add_drug_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_drug_group') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE drugs_groups SET name_en = ?, name_ar = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $id]); $_SESSION['flash_message'] = __('edit_drug_group') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_drug_group') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM drugs_groups WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_drug') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $group_id = $_POST['group_id'] ?: null; $desc_en = $_POST['description_en'] ?? ''; $desc_ar = $_POST['description_ar'] ?? ''; $dosage = $_POST['default_dosage'] ?? ''; $instructions = $_POST['default_instructions'] ?? ''; $price = $_POST['price'] ?? 0; $expiry_date = $_POST['expiry_date'] ?: null; $supplier_id = $_POST['supplier_id'] ?: null; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO drugs (name_en, name_ar, group_id, description_en, description_ar, default_dosage, default_instructions, price, expiry_date, supplier_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $group_id, $desc_en, $desc_ar, $dosage, $instructions, $price, $expiry_date, $supplier_id]); $_SESSION['flash_message'] = __('add_drug') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_drug') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $group_id = $_POST['group_id'] ?: null; $desc_en = $_POST['description_en'] ?? ''; $desc_ar = $_POST['description_ar'] ?? ''; $dosage = $_POST['default_dosage'] ?? ''; $instructions = $_POST['default_instructions'] ?? ''; $price = $_POST['price'] ?? 0; $expiry_date = $_POST['expiry_date'] ?: null; $supplier_id = $_POST['supplier_id'] ?: null; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE drugs SET name_en = ?, name_ar = ?, group_id = ?, description_en = ?, description_ar = ?, default_dosage = ?, default_instructions = ?, price = ?, expiry_date = ?, supplier_id = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $group_id, $desc_en, $desc_ar, $dosage, $instructions, $price, $expiry_date, $supplier_id, $id]); $_SESSION['flash_message'] = __('edit_drug') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_drug') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM drugs WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'add_supplier') { $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $contact = $_POST['contact_person'] ?? ''; $phone = $_POST['phone'] ?? ''; $email = $_POST['email'] ?? ''; $address = $_POST['address'] ?? ''; if ($name_en && $name_ar) { $stmt = $db->prepare("INSERT INTO suppliers (name_en, name_ar, contact_person, phone, email, address) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->execute([$name_en, $name_ar, $contact, $phone, $email, $address]); $_SESSION['flash_message'] = __('add_supplier') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'edit_supplier') { $id = $_POST['id'] ?? ''; $name_en = $_POST['name_en'] ?? ''; $name_ar = $_POST['name_ar'] ?? ''; $contact = $_POST['contact_person'] ?? ''; $phone = $_POST['phone'] ?? ''; $email = $_POST['email'] ?? ''; $address = $_POST['address'] ?? ''; if ($id && $name_en && $name_ar) { $stmt = $db->prepare("UPDATE suppliers SET name_en = ?, name_ar = ?, contact_person = ?, phone = ?, email = ?, address = ? WHERE id = ?"); $stmt->execute([$name_en, $name_ar, $contact, $phone, $email, $address, $id]); $_SESSION['flash_message'] = __('edit_supplier') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'delete_supplier') { $id = $_POST['id'] ?? ''; if ($id) { $stmt = $db->prepare("DELETE FROM suppliers WHERE id = ?"); $stmt->execute([$id]); $_SESSION['flash_message'] = __('delete') . ' ' . __('successfully'); $redirect = true; } } elseif ($_POST['action'] === 'import_drugs_groups') { if (isset($_FILES['csv_file'])) { $rows = parse_import_file($_FILES['csv_file']); if ($rows) { $stmt = $db->prepare("INSERT INTO drugs_groups (name_en, name_ar) VALUES (?, ?)"); $checkStmt = $db->prepare("SELECT id FROM drugs_groups WHERE name_en = ?"); foreach ($rows as $row) { $name_en = $row[0] ?? ''; $name_ar = $row[1] ?? ''; if ($name_en) { $checkStmt->execute([$name_en]); if (!$checkStmt->fetch()) { $stmt->execute([$name_en, $name_ar]); } } } $_SESSION['flash_message'] = __('import_successfully'); $redirect = true; } } } elseif ($_POST['action'] === 'import_drugs') { if (isset($_FILES['csv_file'])) { $rows = parse_import_file($_FILES['csv_file']); if ($rows) { $stmt = $db->prepare("INSERT INTO drugs (name_en, name_ar, group_id, price, expiry_date, supplier_id) VALUES (?, ?, ?, ?, ?, ?)"); $groupMap = []; $supplierMap = []; foreach ($rows as $row) { $name_en = $row[0] ?? ''; $name_ar = $row[1] ?? ''; $group_name = $row[2] ?? ''; $price = $row[3] ?? 0; $expiry = $row[4] ?? null; $supplier_name = $row[5] ?? ''; if ($name_en) { $group_id = null; if ($group_name) { if (isset($groupMap[$group_name])) { $group_id = $groupMap[$group_name]; } else { $gStmt = $db->prepare("SELECT id FROM drugs_groups WHERE name_en = ? OR name_ar = ?"); $gStmt->execute([$group_name, $group_name]); $gRes = $gStmt->fetch(); if ($gRes) { $group_id = $gRes['id']; } else { $cgStmt = $db->prepare("INSERT INTO drugs_groups (name_en, name_ar) VALUES (?, ?)"); $cgStmt->execute([$group_name, $group_name]); $group_id = $db->lastInsertId(); } $groupMap[$group_name] = $group_id; } } $supplier_id = null; if ($supplier_name) { if (isset($supplierMap[$supplier_name])) { $supplier_id = $supplierMap[$supplier_name]; } else { $sStmt = $db->prepare("SELECT id FROM suppliers WHERE name_en = ? OR name_ar = ?"); $sStmt->execute([$supplier_name, $supplier_name]); $sRes = $sStmt->fetch(); if ($sRes) { $supplier_id = $sRes['id']; } else { $csStmt = $db->prepare("INSERT INTO suppliers (name_en, name_ar) VALUES (?, ?)"); $csStmt->execute([$supplier_name, $supplier_name]); $supplier_id = $db->lastInsertId(); } $supplierMap[$supplier_name] = $supplier_id; } } if ($expiry && !strtotime($expiry)) $expiry = null; $stmt->execute([$name_en, $name_ar, $group_id, $price, $expiry, $supplier_id]); } } $_SESSION['flash_message'] = __('import_successfully'); $redirect = true; } } } elseif ($_POST['action'] === 'import_tests') { if (isset($_FILES['csv_file'])) { $rows = parse_import_file($_FILES['csv_file']); if ($rows) { $stmt = $db->prepare("INSERT INTO laboratory_tests (name_en, name_ar, group_id, price, normal_range) VALUES (?, ?, ?, ?, ?)"); $groupMap = []; foreach ($rows as $row) { $name_en = $row[0] ?? ''; $name_ar = $row[1] ?? ''; $group_name = $row[2] ?? ''; $price = $row[3] ?? 0; $range = $row[4] ?? ''; if ($name_en) { $group_id = null; if ($group_name) { if (isset($groupMap[$group_name])) { $group_id = $groupMap[$group_name]; } else { $gStmt = $db->prepare("SELECT id FROM test_groups WHERE name_en = ? OR name_ar = ?"); $gStmt->execute([$group_name, $group_name]); $gRes = $gStmt->fetch(); if ($gRes) { $group_id = $gRes['id']; } else { $cgStmt = $db->prepare("INSERT INTO test_groups (name_en, name_ar) VALUES (?, ?)"); $cgStmt->execute([$group_name, $group_name]); $group_id = $db->lastInsertId(); } $groupMap[$group_name] = $group_id; } } $stmt->execute([$name_en, $name_ar, $group_id, $price, $range]); } } $_SESSION['flash_message'] = __('import_successfully'); $redirect = true; } } } } if ($redirect) { header("Location: " . $_SERVER['REQUEST_URI']); exit; } }