public function handle_form($id, $form_id, $get, $post, $cookie) { if ($form_id === '0' || $form_id === '' || is_null($form_id)) { return $this->handle_client($id, $get, $post, $cookie); } $admin = $this->admin; ## TODO: check permission $query = "SELECT * FROM client WHERE id=?"; $sth = $this->config->database->prepare($query); $sth->setFetchMode(PDO::FETCH_ASSOC); $sth->execute(array($id)); $client = $sth->fetch(); $form = new Form($this->config->database, $form_id, $id); if ($post['action'] === 'note') { $post['user_id'] = $_SESSION['user_id']; $ret = $form->add_note($post); if ($ret) { return $this->gateway->error_message($ret); } return $this->gateway->redirect("client/{$id}/{$form_id}"); } elseif ($post['action'] === 'submit') { $post['user_id'] = $_SESSION['user_id']; $ret = $form->add_submission($post); if ($ret) { return $this->gateway->error_message($ret); } return $this->gateway->redirect("client/{$id}/{$form_id}"); } $title = $client['name'] . " :: " . $form->title; $out = ''; $out .= "<div class='row'>\n"; $out .= "<div class='col-sm-9'>\n"; $out .= sprintf("<h1>%s</h1>\n", htmlspecialchars($client['name'])); $out .= "</div>\n"; $out .= "<div class='col-sm-3'>\n"; $out .= sprintf("<p>%s</p>\n", nl2br(htmlspecialchars($client['doctors']))); $out .= "</div>\n"; $out .= "</div>\n"; $out .= "<div class='row'>\n"; $out .= "<div class='col-sm-3'>" . $this->make_menu($id, $form_id) . "</div>\n"; $out .= "<div class='col-sm-9'>\n"; $out .= sprintf("<h2>%s</h2>\n", htmlspecialchars($form->title)); $out .= $form->render_intro(); $out .= "<div class=\"panel panel-primary\">\n"; $out .= "<div class=\"panel-heading\"><h3 class=\"panel-title\">Records</h3></div>\n"; $out .= "<div class=\"panel-body\">\n"; $out .= $form->render_submissions(); $out .= "</div>\n"; $out .= "</div>\n"; $out .= "<div class=\"panel panel-info\">\n"; $out .= "<div class=\"panel-heading\"><h3 class=\"panel-title\">Messages</h3></div>\n"; $out .= "<div class=\"panel-body\">\n"; $out .= $form->render_notes(); $out .= "</div>\n"; $out .= "</div>\n"; $out .= "</div>\n"; $out .= "</div>\n"; return $this->gateway->respond($title, $out); }