prepare($sql);
$stmt->execute([$_POST['status'], $action_plan_id]);
header("Location: view_action_plan.php?id=" . $action_plan_id . "&success=1");
exit;
} catch (PDOException $e) {
$error_message = "Database error: Could not update status. " . $e->getMessage();
}
}
// Fetch action plan details and resident info
$stmt = $pdo->prepare("SELECT ap.*, r.first_name, r.last_name FROM action_plans ap JOIN residents r ON ap.resident_id = r.id WHERE ap.id = ?");
$stmt->execute([$action_plan_id]);
$action_plan = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$action_plan) {
header("Location: staff_dashboard.php");
exit;
}
// Security check: if resident is logged in, ensure they own this action plan
if ($_SESSION['user_role'] === 'resident') {
$stmt = $pdo->prepare("SELECT id FROM residents WHERE user_id = ?");
$stmt->execute([$_SESSION['user_id']]);
$current_resident = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$current_resident || $action_plan['resident_id'] !== $current_resident['id']) {
header("Location: resident_dashboard.php");
exit;
}
}
?>
View Action Plan - Continuum of Healing