diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2008-02-03 23:23:24 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2008-02-03 23:23:24 +0000 |
| commit | d895b852a6e160496ffc760d46d3719a3d62ff86 (patch) | |
| tree | 52230bb04148197e8312e09b5c5273417e7a3be9 /edit_food.php | |
Initial checkin of nutridb.org and basic subversion directory structure
Diffstat (limited to 'edit_food.php')
| -rw-r--r-- | edit_food.php | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/edit_food.php b/edit_food.php new file mode 100644 index 0000000..f62d55a --- /dev/null +++ b/edit_food.php @@ -0,0 +1,144 @@ +<?php + +# include the main site config where various global variables +# and libraries are included +include("config.php"); + +# the user must be logged in to access this script. if they are +# not then this function will send them back to the index page +loginRequired(); + +# action will be showFoods when the user wants to edit a particular +# food or view a list and select which one to edit +if ( isset($_GET['action']) && ($_GET['action'] == "showFoods") ) { + + # if the user wanted to see a specific food, then pass it to the + # template so that it can be loaded automatically + if ( isset($_GET['food']) ) { + $smarty->assign("editFood", $_GET['food']); + } + + $sql = sprintf (" + SELECT * FROM userFoods + WHERE user = '%s' + ", + $_SESSION['user']['id'] + ); + $db->Select($sql); + if ( $db->_rowCount > 0 ) { + $smarty->assign("savedFoods", $db->_rows); + } + # grab the various parts. these sections are not printed to the screen + # but rather dumped into smarty variables that will simply be printed + # in the template, so the order doesn't matter here at the moment + include("header.php"); + include("sidebar_left.php"); + include("sidebar_right.php"); + include("footer.php"); + $smarty->display("edit_food.tpl"); + exit; + +} + +# don't let the user continue here if we don't have the id of +# the saved food, or if this id isn't a number, or if an action +# wasn't specified +if ( ! isset($_POST['food']) ) { + $_SESSION['systemMsg'] = "<span class='msgError'>You must specify a food.</span>"; + header("Location: {$config->_previousUri}"); + exit; +} +if ( ! is_numeric($_POST['food']) ) { + $_SESSION['systemMsg'] = "<span class='msgError'>The food must be numeric.</span>"; + header("Location: {$config->_previousUri}"); + exit; +} +if ( + ! isset($_POST['action']) || + (($_POST['action'] != "Delete") && ($_POST['action'] != "Rename") && ($_POST['action'] != "Modify") && ($_POST['action'] != "Edit")) +) { + $_SESSION['systemMsg'] = "<span class='msgError'>You must specify an appropriate action.</span>"; + header("Location: {$config->_previousUri}"); + exit; +} + +# the following should be relatively self-explanatory +switch ( $_POST['action'] ) { + case "Delete": + $sql = sprintf (" + DELETE FROM userFoods + WHERE id = '%s' + ", + $_POST['food'] + ); + $db->Modify($sql); + if ( $db->_affectedRows == 1 ) { + $_SESSION['systemMsg'] = "<span class='msgOkay'>The food was deleted successfully.</span>"; + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>There was an error. The food was not deleted.</span>"; + } + break; + case "Rename": + if ( isset($_POST['newFoodName']) && ("" != trim($_POST['newFoodName'])) ) { + $sql = sprintf (" + UPDATE userFoods + SET description = '%s' + WHERE id = '%s' + ", + $db->EscapeString($_POST['newFoodName']), + $_POST['food'] + ); + $db->Modify($sql); + if ( ! $db->_error ) { + $_SESSION['systemMsg'] = "<span class='msgOkay'>The food was renamed successfully.</span>"; + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>There was an error. The food was not renamed.</span>"; + } + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>The food was not renamed because the new name was empty.</span>"; + } + break; + case "Edit": + header("Location: {$config->_rootUri}/edit_food.php?food={$_POST['food']}&action=showFoods"); + exit; + break; + case "Modify": + if ( isset($_POST['foodDesc']) && ("" != trim($_POST['foodDesc'])) ) { + if ( isset($_POST['quantity']) && is_numeric(trim($_POST['quantity'])) ) { + $sql = sprintf (" + UPDATE userFoods SET + description = '%s', + quantity = '%s', + weight = '%s', + favorite = '%s' + WHERE id = '%s' AND user = '%s' + ", + $db->EscapeString($_POST['foodDesc']), + $_POST['quantity'], + $_POST['weight'], + $favorite = isset($_POST['favorite']) ? "1" : "0", + $_POST['food'], + $_SESSION['user']['id'] + ); + $db->Modify($sql); + if ( ! $db->_error ) { + $_SESSION['systemMsg'] = "<span class='msgOkay'>The food was modified successfully.</span>"; + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>There was an error. The food was not renamed.</span>"; + } + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>The amount must be a number.</span>"; + } + } else { + $_SESSION['systemMsg'] = "<span class='msgError'>The food was not saved because the new name was empty.</span>"; + } + break; + default: + $_SESSION['systemMsg'] = "<span class='msgOkay'>Nothing was changed.</span>"; +} + +# now send the user back where they came from with a system message +header("Location: {$config->_previousUri}"); +exit; + +?> |