45 lines
1.3 KiB
PHP
45 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: staff_dashboard.php');
|
|
exit;
|
|
}
|
|
|
|
// Check if user is logged in and has the 'staff' role
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'staff') {
|
|
header('HTTP/1.1 403 Forbidden');
|
|
exit("Access denied.");
|
|
}
|
|
|
|
$resident_id = isset($_POST['resident_id']) ? (int)$_POST['resident_id'] : 0;
|
|
$status = isset($_POST['status']) ? trim($_POST['status']) : '';
|
|
|
|
// Basic validation
|
|
if ($resident_id === 0 || empty($status)) {
|
|
header("Location: staff_dashboard.php?error=invalid_data");
|
|
exit;
|
|
}
|
|
|
|
// You might want to validate the status against a list of allowed statuses
|
|
$allowed_statuses = ['Active', 'Inactive', 'Stabilized'];
|
|
if (!in_array($status, $allowed_statuses)) {
|
|
header("Location: resident_view.php?id={$resident_id}&error=invalid_status");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("UPDATE residents SET status = ? WHERE id = ?");
|
|
$stmt->execute([$status, $resident_id]);
|
|
|
|
// Redirect back to the resident's view page
|
|
header("Location: resident_view.php?id={$resident_id}&success=status_updated");
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
// Log the error in a real app
|
|
header("Location: resident_view.php?id={$resident_id}&error=db_error");
|
|
exit;
|
|
}
|