38 lines
1.2 KiB
PHP
38 lines
1.2 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'staff') {
|
|
header('HTTP/1.1 403 Forbidden');
|
|
exit("Access denied.");
|
|
}
|
|
|
|
$resident_id = isset($_POST['resident_id']) ? (int)$_POST['resident_id'] : 0;
|
|
$partner_id = isset($_POST['partner_id']) ? (int)$_POST['partner_id'] : 0;
|
|
$staff_id = isset($_POST['staff_id']) ? (int)$_POST['staff_id'] : 0;
|
|
$notes = isset($_POST['notes']) ? trim($_POST['notes']) : '';
|
|
|
|
if ($resident_id === 0 || $partner_id === 0 || $staff_id === 0 || empty($notes)) {
|
|
header("Location: create_referral.php?resident_id={$resident_id}&error=invalid_data");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$sql = "INSERT INTO referrals (resident_id, partner_id, staff_id, notes) VALUES (?, ?, ?, ?)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$resident_id, $partner_id, $staff_id, $notes]);
|
|
|
|
header("Location: resident_view.php?id={$resident_id}&success=referral_sent");
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
// Log error in a real app
|
|
header("Location: create_referral.php?resident_id={$resident_id}&error=db_error");
|
|
exit;
|
|
}
|