From d895b852a6e160496ffc760d46d3719a3d62ff86 Mon Sep 17 00:00:00 2001 From: Nathan Kinkade Date: Sun, 3 Feb 2008 23:23:24 +0000 Subject: Initial checkin of nutridb.org and basic subversion directory structure --- edit_meal.php | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 204 insertions(+) create mode 100644 edit_meal.php (limited to 'edit_meal.php') diff --git a/edit_meal.php b/edit_meal.php new file mode 100644 index 0000000..af61122 --- /dev/null +++ b/edit_meal.php @@ -0,0 +1,204 @@ +assign("editMeal", $_GET['meal']); + } + + $sql = sprintf (" + SELECT * FROM userMeals + WHERE user = '%s' + ", + $_SESSION['user']['id'] + ); + $db->Select($sql); + if ( $db->_rowCount > 0 ) { + $smarty->assign("savedMeals", $db->_rows); + } + # grab the various parts. these sections are not printed to the screen + # but rather dumped into smarty variables that will simply be printed + # in the template, so the order doesn't matter here at the moment + include("header.php"); + include("sidebar_left.php"); + include("sidebar_right.php"); + include("footer.php"); + $smarty->display("edit_meal.tpl"); + exit; + +} + +# don't let the user continue here if we don't have the id of +# the saved meal, or if this id isn't a number, or if an action +# wasn't specified +if ( ! isset($_POST['meal']) ) { + $_SESSION['systemMsg'] = "You must specify a meal ID."; + header("Location: {$config->_previousUri}"); + exit; +} +if ( ! is_numeric($_POST['meal']) ) { + $_SESSION['systemMsg'] = "The meal ID must be numeric."; + header("Location: {$config->_previousUri}"); + exit; +} +if ( + ! isset($_POST['action']) || + (($_POST['action'] != "Delete") && ($_POST['action'] != "Rename") && ($_POST['action'] != "Edit") && ($_POST['action'] != "Modify")) +) { + $_SESSION['systemMsg'] = "You must specify an appropriate action."; + header("Location: {$config->_previousUri}"); + exit; +} + +switch ( $_POST['action'] ) { + case "Delete": + # set a status variable so that we can keep some minimal track + # on whether the query succeeded or not. default will be true + $status = "true"; + + # working backward, first delete the meal items + $sql = sprintf (" + DELETE userMealItems.*, userMeals.* + FROM userMealItems INNER JOIN userMeals + ON userMealItems.meal = userMeals.id + INNER JOIN users + ON userMeals.user = users.id + WHERE users.id = '%s' AND userMealItems.meal = '%s' + ", + $_SESSION['user']['id'], + $_POST['meal'] + ); + $db->Modify($sql); + if ( $db->_error ) { + $status = "false"; + } + + # now delete any instances of this meal in any of the users + # diaries + $sql = sprintf (" + DELETE userDiaryItems.* + FROM userDiaryItems INNER JOIN userDiaries + ON userDiaryItems.diary = userDiaries.id + INNER JOIN users + ON userDiaries.user = users.id + WHERE users.id = '%s' AND userDiaryItems.data like '%%meal=%s%%' + AND userDiaryItems.type = 'Meal' + ", + $_SESSION['user']['id'], + $_POST['meal'] + ); + $db->Modify($sql); + if ( $db->_error ) { + $status = "false"; + } + + # let the user know the status + if ( $status == "true" ) { + $_SESSION['systemMsg'] = "The meal was successfully removed."; + } else { + $_SESSION['systemMsg'] = "There was an error. The meal was not removed."; + } + break; + case "Rename": + if ( isset($_POST['currentMealName']) && ("" != trim($_POST['currentMealName'])) ) { + $sql = sprintf (" + UPDATE userMeals SET + description = '%s' + WHERE id = '%s' + ", + $db->EscapeString($_POST['currentMealName']), + $_POST['meal'] + ); + $db->Modify($sql); + if ( ! $db->_error ) { + $_SESSION['systemMsg'] = "The meal was renamed successfully."; + } else { + $_SESSION['systemMsg'] = "There was an error. The meal was not renamed."; + } + } else { + $_SESSION['systemMsg'] = "The meal was not renamed because the name was empty."; + } + break; + case "Edit": + # "Edit" is the action for displaying a form for editing + # let's implement the PRG (Post->Redirect-Get) method here so that + # users can use the back button freely without browser warnings + $queryString = "meal={$_POST['meal']}&action=showMeals"; + header("Location: {$config->_rootUri}/$config->_thisScript?$queryString"); + exit; + break; + case "Modify": + # "Modify" is the action for actually modifying the meal, while + # "Edit" above is for loading the meal into a form for editing + + # start with a failing true status + $status = "true"; + + $sql = sprintf (" + UPDATE userMeals SET + description = '%s', + favorite = '%s' + WHERE id = '%s' + ", + $db->EscapeString($_POST['mealDesc']), + $favorite = isset($_POST['favorite']) ? "1" : "0", + $_POST['meal'] + ); + $db->Modify($sql); + if ( $db->_error ) { + $status = "false"; + } + + # now breakout the mealItemKeys that we collected earlier in order + # to identify which POSTed fields to use to update which items + if ( $mealItemIds = explode(",",$_POST['mealItemIds']) ) { + foreach ( $mealItemIds as $mealItemId ) { + $sql = sprintf (" + UPDATE userMealItems SET + description = '%s', + quantity = '%s', + weight = '%s' + WHERE id = '%s' + ", + $db->EscapeString($_POST["mealItemDesc-{$mealItemId}"]), + $_POST["mealItemQuantity-{$mealItemId}"], + $_POST["mealItemWeight-{$mealItemId}"], + $mealItemId + ); + $db->Modify($sql); + if ( $db->_error ) { + $status = "false"; + } + } + } else { + $status = "false"; + } + + # if there were any errors, let the user know + if ( $status == "false" ) { + $_SESSION['systemMsg'] = "There were errors during the update."; + } else { + $_SESSION['systemMsg'] = "The meal was updated successfully."; + } + break; + default: + $_SESSION['systemMsg'] = "Nothing was changed."; +} + +# if we didn't already send the user somewhere, then +# send the user back where they came from now +header("Location: {$config->_previousUri}"); + +?> -- cgit v1.2.3