assign("editMeal", $_GET['meal']); } $sql = sprintf (" SELECT * FROM userMeals WHERE user = '%s' ", $_SESSION['user']['id'] ); $db->Select($sql); if ( $db->_rowCount > 0 ) { $smarty->assign("savedMeals", $db->_rows); } # grab the various parts. these sections are not printed to the screen # but rather dumped into smarty variables that will simply be printed # in the template, so the order doesn't matter here at the moment include("header.php"); include("sidebar_left.php"); include("sidebar_right.php"); include("footer.php"); $smarty->display("edit_meal.tpl"); exit; } # don't let the user continue here if we don't have the id of # the saved meal, or if this id isn't a number, or if an action # wasn't specified if ( ! isset($_POST['meal']) ) { $_SESSION['systemMsg'] = "You must specify a meal ID."; header("Location: {$config->_previousUri}"); exit; } if ( ! is_numeric($_POST['meal']) ) { $_SESSION['systemMsg'] = "The meal ID must be numeric."; header("Location: {$config->_previousUri}"); exit; } if ( ! isset($_POST['action']) || (($_POST['action'] != "Delete") && ($_POST['action'] != "Rename") && ($_POST['action'] != "Edit") && ($_POST['action'] != "Modify")) ) { $_SESSION['systemMsg'] = "You must specify an appropriate action."; header("Location: {$config->_previousUri}"); exit; } switch ( $_POST['action'] ) { case "Delete": # set a status variable so that we can keep some minimal track # on whether the query succeeded or not. default will be true $status = "true"; # working backward, first delete the meal items $sql = sprintf (" DELETE userMealItems.*, userMeals.* FROM userMealItems INNER JOIN userMeals ON userMealItems.meal = userMeals.id INNER JOIN users ON userMeals.user = users.id WHERE users.id = '%s' AND userMealItems.meal = '%s' ", $_SESSION['user']['id'], $_POST['meal'] ); $db->Modify($sql); if ( $db->_error ) { $status = "false"; } # now delete any instances of this meal in any of the users # diaries $sql = sprintf (" DELETE userDiaryItems.* FROM userDiaryItems INNER JOIN userDiaries ON userDiaryItems.diary = userDiaries.id INNER JOIN users ON userDiaries.user = users.id WHERE users.id = '%s' AND userDiaryItems.data like '%%meal=%s%%' AND userDiaryItems.type = 'Meal' ", $_SESSION['user']['id'], $_POST['meal'] ); $db->Modify($sql); if ( $db->_error ) { $status = "false"; } # let the user know the status if ( $status == "true" ) { $_SESSION['systemMsg'] = "The meal was successfully removed."; } else { $_SESSION['systemMsg'] = "There was an error. The meal was not removed."; } break; case "Rename": if ( isset($_POST['currentMealName']) && ("" != trim($_POST['currentMealName'])) ) { $sql = sprintf (" UPDATE userMeals SET description = '%s' WHERE id = '%s' ", $db->EscapeString($_POST['currentMealName']), $_POST['meal'] ); $db->Modify($sql); if ( ! $db->_error ) { $_SESSION['systemMsg'] = "The meal was renamed successfully."; } else { $_SESSION['systemMsg'] = "There was an error. The meal was not renamed."; } } else { $_SESSION['systemMsg'] = "The meal was not renamed because the name was empty."; } break; case "Edit": # "Edit" is the action for displaying a form for editing # let's implement the PRG (Post->Redirect-Get) method here so that # users can use the back button freely without browser warnings $queryString = "meal={$_POST['meal']}&action=showMeals"; header("Location: {$config->_rootUri}/$config->_thisScript?$queryString"); exit; break; case "Modify": # "Modify" is the action for actually modifying the meal, while # "Edit" above is for loading the meal into a form for editing # start with a failing true status $status = "true"; $sql = sprintf (" UPDATE userMeals SET description = '%s', favorite = '%s' WHERE id = '%s' ", $db->EscapeString($_POST['mealDesc']), $favorite = isset($_POST['favorite']) ? "1" : "0", $_POST['meal'] ); $db->Modify($sql); if ( $db->_error ) { $status = "false"; } # now breakout the mealItemKeys that we collected earlier in order # to identify which POSTed fields to use to update which items if ( $mealItemIds = explode(",",$_POST['mealItemIds']) ) { foreach ( $mealItemIds as $mealItemId ) { $sql = sprintf (" UPDATE userMealItems SET description = '%s', quantity = '%s', weight = '%s' WHERE id = '%s' ", $db->EscapeString($_POST["mealItemDesc-{$mealItemId}"]), $_POST["mealItemQuantity-{$mealItemId}"], $_POST["mealItemWeight-{$mealItemId}"], $mealItemId ); $db->Modify($sql); if ( $db->_error ) { $status = "false"; } } } else { $status = "false"; } # if there were any errors, let the user know if ( $status == "false" ) { $_SESSION['systemMsg'] = "There were errors during the update."; } else { $_SESSION['systemMsg'] = "The meal was updated successfully."; } break; default: $_SESSION['systemMsg'] = "Nothing was changed."; } # if we didn't already send the user somewhere, then # send the user back where they came from now header("Location: {$config->_previousUri}"); ?>