41 lines
1.3 KiB
PHP
41 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: staff_dashboard.php');
|
|
exit;
|
|
}
|
|
|
|
// Check if user is logged in and has the 'staff' role
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'staff') {
|
|
// You can redirect to a generic error page or the login page
|
|
header('HTTP/1.1 403 Forbidden');
|
|
exit("Access denied.");
|
|
}
|
|
|
|
$resident_id = isset($_POST['resident_id']) ? (int)$_POST['resident_id'] : 0;
|
|
$note = isset($_POST['note']) ? trim($_POST['note']) : '';
|
|
|
|
if ($resident_id === 0 || empty($note)) {
|
|
// Basic validation failed
|
|
// Redirect back with an error message (optional)
|
|
header("Location: resident_view.php?id={$resident_id}&error=empty_note");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("INSERT INTO case_notes (resident_id, note) VALUES (?, ?)");
|
|
$stmt->execute([$resident_id, $note]);
|
|
|
|
// Redirect back to the resident's view page after successful insertion
|
|
header("Location: resident_view.php?id={$resident_id}&success=note_added");
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
// In a real app, log this error.
|
|
// For simplicity, redirect with a generic error.
|
|
header("Location: resident_view.php?id={$resident_id}&error=db_error");
|
|
exit;
|
|
}
|