You must specify a diary."; header("Location: {$config->_previousUri}"); exit; } # don't go forward unless an action was specified if ( ! isset($_POST['action']) ) { $_SESSION['systemMsg'] = "You must specify an action."; header("Location: {$config->_previousUri}"); exit; } switch ( $_POST['action'] ) { case "addNote" : if ( ! empty($_POST['diaryTimestamp']) ) { $timestamp = strtotime($_POST['diaryTimestamp']); } else { $timestamp = time(); } $sql = sprintf (" INSERT INTO userDiaryItems(diary, data, timestamp, type) VALUES ('%s','%s','%s','%s') ", trim($_POST['diary']), $db->EscapeString($_POST['note']), $timestamp, "Note" ); $db->Modify($sql); if ( $db->_affectedRows == 1 ) { $_SESSION['systemMsg'] = "The note was successfully added."; } else { $_SESSION['systemMsg'] = "There was an error. The note was not added."; } break; case "Delete": $sql = sprintf (" DELETE userDiaryItems.*, userDiaries.* FROM userDiaryItems INNER JOIN userDiaries ON userDiaryItems.diary = userDiaries.id WHERE userDiaries.user = '%s' AND userDiaryItems.diary = '%s' ", $_SESSION['user']['id'], $_POST['diary'] ); $db->Modify($sql); if ( ! $db->_error ) { $_SESSION['systemMsg'] = "The diary was successfully deleted."; } else { $_SESSION['systemMsg'] = "There was an error. The diary was not deleted."; } break; case "Rename": if ( isset($_POST['newDiaryName']) && ("" != trim($_POST['newDiaryName'])) ) { $sql = sprintf (" UPDATE userDiaries SET description = '%s' WHERE id = '%s' ", $db->EscapeString($_POST['newDiaryName']), $_POST['diary'] ); $db->Modify($sql); if ( ! $db->_error ) { $_SESSION['systemMsg'] = "The diary was successfully renamed."; } else { $_SESSION['systemMsg'] = "There was an error. The diary was not renamed."; } } else { $_SESSION['systemMsg'] = "The diary was not renamed because the new name was empty."; } break; default: $_SESSION['systemMsg'] = "There action you specified was not recognized."; break; } # now send the user back where they came from header("Location: {$config->_previousUri}"); exit; ?>