= -8; $i--) { $year = $current_year + $i; $academic_years[] = $year . '/' . ($year + 1); } // Process form submission if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Validate CSRF token if (!validate_csrf_token($_POST['csrf_token'])) { $message = "Security token invalid. Please try again."; $message_type = "danger"; } else { // Sanitize inputs $fullname = sanitize_input($_POST['fullname']); $gender = sanitize_input($_POST['gender']); $age = sanitize_input($_POST['age']); $reg_no = sanitize_input($_POST['reg_no']); $section = sanitize_input($_POST['section']); $admitting_class = sanitize_input($_POST['admitting_class']); $year_admitted = sanitize_input($_POST['year_admitted']); $states = sanitize_input($_POST['states']); $town = sanitize_input($_POST['town']); $nationality = sanitize_input($_POST['nationality']); $parent_guardian = sanitize_input($_POST['parent_guardian']); $parent_phone = sanitize_input($_POST['parent_phone']); $parent_address = sanitize_input($_POST['parent_address']); $id = isset($_POST['id']) ? sanitize_input($_POST['id']) : ''; // File upload configuration $upload_dir = 'uploads/students/'; $allowed_types = ['jpg', 'jpeg', 'png', 'gif']; $max_size = 2 * 1024 * 1024; // 2MB // Create upload directory if it doesn't exist if (!file_exists($upload_dir)) { mkdir($upload_dir, 0777, true); } // Handle image upload $image_path = ''; if (isset($_POST['captured_image']) && !empty($_POST['captured_image'])) { // Handle webcam captured image $image_data = $_POST['captured_image']; $image_data = str_replace('data:image/png;base64,', '', $image_data); $image_data = str_replace(' ', '+', $image_data); $image_binary = base64_decode($image_data); $filename = uniqid() . '_' . time() . '.png'; $file_path = $upload_dir . $filename; if (file_put_contents($file_path, $image_binary)) { $image_path = $file_path; } } elseif (isset($_FILES['image_upload']) && $_FILES['image_upload']['error'] === UPLOAD_ERR_OK) { // Handle file upload $file_name = $_FILES['image_upload']['name']; $file_tmp = $_FILES['image_upload']['tmp_name']; $file_size = $_FILES['image_upload']['size']; $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); if (in_array($file_ext, $allowed_types) && $file_size <= $max_size) { $filename = uniqid() . '_' . time() . '.' . $file_ext; $file_path = $upload_dir . $filename; if (move_uploaded_file($file_tmp, $file_path)) { $image_path = $file_path; } } } // Validate required fields $errors = []; if (empty($fullname)) $errors[] = "Full name is required."; if (empty($reg_no)) $errors[] = "Registration number is required."; if (empty($section)) $errors[] = "Section is required."; if (empty($admitting_class)) $errors[] = "Admitting class is required."; if (empty($parent_guardian)) $errors[] = "Parent/Guardian name is required."; if (empty($parent_phone)) $errors[] = "Parent phone number is required."; if (empty($errors)) { try { if ($_POST['action'] == 'add') { // Generate registration number if not provided if (empty($reg_no)) { $stmt = $DBcon->prepare("SELECT COUNT(*) as count FROM students"); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $reg_no = 'STU' . str_pad($result['count'] + 1, 4, '0', STR_PAD_LEFT); } // Insert new student $stmt = $DBcon->prepare("INSERT INTO students (fullname, gender, age, reg_no, section, admitting_class, year_admitted, states, town, nationality, image, parent_guardian, parent_phone, parent_address) VALUES (:fullname, :gender, :age, :reg_no, :section, :admitting_class, :year_admitted, :states, :town, :nationality, :image, :parent_guardian, :parent_phone, :parent_address)"); $stmt->bindParam(':fullname', $fullname); $stmt->bindParam(':gender', $gender); $stmt->bindParam(':age', $age); $stmt->bindParam(':reg_no', $reg_no); $stmt->bindParam(':section', $section); $stmt->bindParam(':admitting_class', $admitting_class); $stmt->bindParam(':year_admitted', $year_admitted); $stmt->bindParam(':states', $states); $stmt->bindParam(':town', $town); $stmt->bindParam(':nationality', $nationality); $stmt->bindParam(':image', $image_path); $stmt->bindParam(':parent_guardian', $parent_guardian); $stmt->bindParam(':parent_phone', $parent_phone); $stmt->bindParam(':parent_address', $parent_address); if ($stmt->execute()) { // Insert into promoted table after successful student registration try { $promoted_stmt = $DBcon->prepare("INSERT INTO promoted (regno, accademic_year, class_id) VALUES (:regno, :accademic_year, :class_id)"); $promoted_stmt->bindParam(':regno', $reg_no); $promoted_stmt->bindParam(':accademic_year', $year_admitted); $promoted_stmt->bindParam(':class_id', $admitting_class); if ($promoted_stmt->execute()) { $message = "Student added successfully and promoted record created!"; } else { $message = "Student added successfully but failed to create promoted record."; } } catch (PDOException $promoted_e) { $message = "Student added successfully but error creating promoted record: " . $promoted_e->getMessage(); } $message_type = "success"; // Reset form $fullname = $gender = $age = $reg_no = $section = $admitting_class = $year_admitted = ''; $states = $town = $nationality = $parent_guardian = $parent_phone = $parent_address = ''; } else { $message = "Error adding student. Please try again."; $message_type = "danger"; } } elseif ($_POST['action'] == 'edit') { // Update existing student $stmt = $DBcon->prepare("UPDATE students SET fullname = :fullname, gender = :gender, age = :age, reg_no = :reg_no, section = :section, admitting_class = :admitting_class, year_admitted = :year_admitted, states = :states, town = :town, nationality = :nationality, parent_guardian = :parent_guardian, parent_phone = :parent_phone, parent_address = :parent_address" . (!empty($image_path) ? ", image = :image" : "") . " WHERE id = :id"); $stmt->bindParam(':fullname', $fullname); $stmt->bindParam(':gender', $gender); $stmt->bindParam(':age', $age); $stmt->bindParam(':reg_no', $reg_no); $stmt->bindParam(':section', $section); $stmt->bindParam(':admitting_class', $admitting_class); $stmt->bindParam(':year_admitted', $year_admitted); $stmt->bindParam(':states', $states); $stmt->bindParam(':town', $town); $stmt->bindParam(':nationality', $nationality); $stmt->bindParam(':parent_guardian', $parent_guardian); $stmt->bindParam(':parent_phone', $parent_phone); $stmt->bindParam(':parent_address', $parent_address); $stmt->bindParam(':id', $id); if (!empty($image_path)) { $stmt->bindParam(':image', $image_path); } if ($stmt->execute()) { // Update promoted table if regno, academic_year or class_id changed try { $promoted_stmt = $DBcon->prepare("UPDATE promoted SET accademic_year = :accademic_year, class_id = :class_id WHERE regno = :regno"); $promoted_stmt->bindParam(':regno', $reg_no); $promoted_stmt->bindParam(':accademic_year', $year_admitted); $promoted_stmt->bindParam(':class_id', $admitting_class); $promoted_stmt->execute(); } catch (PDOException $promoted_e) { // If update fails, try to insert new record try { $promoted_stmt = $DBcon->prepare("INSERT INTO promoted (regno, accademic_year, class_id) VALUES (:regno, :accademic_year, :class_id)"); $promoted_stmt->bindParam(':regno', $reg_no); $promoted_stmt->bindParam(':accademic_year', $year_admitted); $promoted_stmt->bindParam(':class_id', $admitting_class); $promoted_stmt->execute(); } catch (PDOException $insert_e) { // Log error but don't show to user error_log("Failed to update promoted table: " . $insert_e->getMessage()); } } $message = "Student updated successfully!"; $message_type = "success"; $action = 'add'; // Reset to add mode // Reset form $fullname = $gender = $age = $reg_no = $section = $admitting_class = $year_admitted = ''; $states = $town = $nationality = $parent_guardian = $parent_phone = $parent_address = ''; $id = ''; } else { $message = "Error updating student. Please try again."; $message_type = "danger"; } } } catch (PDOException $e) { if ($e->getCode() == 23000) { $message = "Registration number already exists. Please use a different registration number."; } else { $message = "Database error: " . $e->getMessage(); } $message_type = "danger"; } } else { $message = implode("
", $errors); $message_type = "danger"; } } } // Handle delete request if (isset($_GET['delete'])) { $delete_id = sanitize_input($_GET['delete']); try { // Get student data before deletion $stmt = $DBcon->prepare("SELECT reg_no, image FROM students WHERE id = :id"); $stmt->bindParam(':id', $delete_id); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $reg_no = $row['reg_no']; // Delete image file if exists if (!empty($row['image']) && file_exists($row['image'])) { unlink($row['image']); // Delete image file } // Delete from students table $stmt = $DBcon->prepare("DELETE FROM students WHERE id = :id"); $stmt->bindParam(':id', $delete_id); if ($stmt->execute()) { // Also delete from promoted table try { $promoted_stmt = $DBcon->prepare("DELETE FROM promoted WHERE regno = :regno"); $promoted_stmt->bindParam(':regno', $reg_no); $promoted_stmt->execute(); } catch (PDOException $promoted_e) { // Log error but don't show to user error_log("Failed to delete from promoted table: " . $promoted_e->getMessage()); } $message = "Student deleted successfully!"; $message_type = "success"; } else { $message = "Error deleting student. Please try again."; $message_type = "danger"; } } else { $message = "Student not found."; $message_type = "danger"; } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } // Handle edit request if (isset($_GET['edit'])) { $edit_id = sanitize_input($_GET['edit']); try { $stmt = $DBcon->prepare("SELECT * FROM students WHERE id = :id"); $stmt->bindParam(':id', $edit_id); $stmt->execute(); if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $id = $row['id']; $fullname = $row['fullname']; $gender = $row['gender']; $age = $row['age']; $reg_no = $row['reg_no']; $section = $row['section']; $admitting_class = $row['admitting_class']; $year_admitted = $row['year_admitted']; $states = $row['states']; $town = $row['town']; $nationality = $row['nationality']; $image = $row['image']; $parent_guardian = $row['parent_guardian']; $parent_phone = $row['parent_phone']; $parent_address = $row['parent_address']; $action = 'edit'; } else { $message = "Student not found."; $message_type = "danger"; } } catch (PDOException $e) { $message = "Database error: " . $e->getMessage(); $message_type = "danger"; } } // Handle search if (isset($_GET['search'])) { $search_term = sanitize_input($_GET['search']); } // Fetch sections from database $sections = []; try { $stmt = $DBcon->prepare("SELECT section_name FROM section ORDER BY section_name"); $stmt->execute(); $sections = $stmt->fetchAll(PDO::FETCH_COLUMN); } catch (PDOException $e) { $message = "Error fetching sections: " . $e->getMessage(); $message_type = "danger"; } // Fetch classes from database $classes = []; try { $stmt = $DBcon->prepare("SELECT classid FROM class ORDER BY classid"); $stmt->execute(); $classes = $stmt->fetchAll(PDO::FETCH_COLUMN); } catch (PDOException $e) { $message = "Error fetching classes: " . $e->getMessage(); $message_type = "danger"; } // Fetch students for display with pagination $students = []; $total_students = 0; $total_pages = 0; try { $offset = ($page - 1) * $records_per_page; if (!empty($search_term)) { $stmt = $DBcon->prepare("SELECT SQL_CALC_FOUND_ROWS * FROM students WHERE fullname LIKE :search OR reg_no LIKE :search ORDER BY created_at DESC LIMIT :limit OFFSET :offset"); $search_param = "%$search_term%"; $stmt->bindParam(':search', $search_param); } else { $stmt = $DBcon->prepare("SELECT SQL_CALC_FOUND_ROWS * FROM students ORDER BY created_at DESC LIMIT :limit OFFSET :offset"); } $stmt->bindParam(':limit', $records_per_page, PDO::PARAM_INT); $stmt->bindParam(':offset', $offset, PDO::PARAM_INT); $stmt->execute(); $students = $stmt->fetchAll(PDO::FETCH_ASSOC); // Get total count $stmt = $DBcon->prepare("SELECT FOUND_ROWS() as total"); $stmt->execute(); $total_students = $stmt->fetch(PDO::FETCH_ASSOC)['total']; $total_pages = ceil($total_students / $records_per_page); } catch (PDOException $e) { $message = "Error fetching students: " . $e->getMessage(); $message_type = "danger"; } ?>