prepare($sql); $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { error_log("Get classes error: " . $e->getMessage()); return []; } } function getAcademicYears() { global $DBcon; try { $sql = "SELECT academic_year FROM calender ORDER BY academic_year DESC"; $stmt = $DBcon->prepare($sql); $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { error_log("Get academic years error: " . $e->getMessage()); return []; } } $classes = getClasses(); $academic_years = getAcademicYears(); // Initialize variables $action = isset($_GET['action']) ? sanitize_input($_GET['action']) : 'list'; $id = isset($_GET['id']) ? intval($_GET['id']) : 0; $message = ''; $message_type = ''; $student = null; // Handle form submissions if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Validate CSRF token if (!validate_csrf_token($_POST['csrf_token'])) { $message = 'Security token validation failed.'; $message_type = 'error'; } else { // DEBUG: Log the POST data error_log("POST Data: " . print_r($_POST, true)); error_log("FILES Data: " . print_r($_FILES, true)); // Process different actions switch ($_POST['action']) { case 'create': $result = createStudent($_POST, $_FILES); if ($result) { $message = 'Student created successfully.'; $message_type = 'success'; $action = 'list'; } else { $message = 'Failed to create student. Please try again.'; $message_type = 'error'; } break; case 'update': $result = updateStudent($_POST, $_FILES); if ($result) { $message = 'Student updated successfully.'; $message_type = 'success'; $action = 'list'; } else { $message = 'Failed to update student. Please try again.'; $message_type = 'error'; } break; case 'delete': $result = deleteStudent($_POST['id']); if ($result) { $message = 'Student deleted successfully.'; $message_type = 'success'; } else { $message = 'Failed to delete student. Please try again.'; $message_type = 'error'; } break; } } } // If editing, get student data if ($action === 'edit') { $student = getStudent($id); if (!$student) { $message = 'Student not found.'; $message_type = 'error'; $action = 'list'; } } // CRUD Functions function createStudent($data, $files) { global $DBcon; try { $image_path = handleImageUpload($files, $data); $sql = "INSERT INTO students_info (fullname, regno, class_id, admin_year, image) VALUES (:fullname, :regno, :class_id, :admin_year, :image)"; $stmt = $DBcon->prepare($sql); $result = $stmt->execute([ ':fullname' => sanitize_input($data['fullname']), ':regno' => sanitize_input($data['regno']), ':class_id' => sanitize_input($data['class_id']), ':admin_year' => sanitize_input($data['admin_year']), ':image' => $image_path ]); error_log("Create student result: " . ($result ? 'SUCCESS' : 'FAILED')); return $result; } catch (PDOException $e) { error_log("Create student error: " . $e->getMessage()); return false; } } function updateStudent($data, $files) { global $DBcon; try { // Get current student data first $current_student = getStudent($data['id']); if (!$current_student) { error_log("Update failed: Student not found with ID: " . $data['id']); return false; } error_log("Current student data: " . print_r($current_student, true)); // Handle image upload $image_path = handleImageUpload($files, $data); error_log("Image path after upload handling: " . $image_path); // If no new image was uploaded, keep the current image if ($image_path === '') { $image_path = $current_student['image']; error_log("Using current image: " . $image_path); } else if ($image_path !== false) { // New image was uploaded successfully, delete old image if it exists if (!empty($current_student['image']) && file_exists('../' . $current_student['image'])) { unlink('../' . $current_student['image']); error_log("Deleted old image: " . $current_student['image']); } } else { // Image upload failed error_log("Image upload failed, keeping current image"); $image_path = $current_student['image']; } $sql = "UPDATE students_info SET fullname = :fullname, regno = :regno, class_id = :class_id, admin_year = :admin_year, image = :image WHERE sn = :id"; $stmt = $DBcon->prepare($sql); $params = [ ':fullname' => sanitize_input($data['fullname']), ':regno' => sanitize_input($data['regno']), ':class_id' => sanitize_input($data['class_id']), ':admin_year' => sanitize_input($data['admin_year']), ':image' => $image_path, ':id' => intval($data['id']) ]; error_log("Update params: " . print_r($params, true)); $result = $stmt->execute($params); error_log("Update student result: " . ($result ? 'SUCCESS' : 'FAILED')); error_log("Rows affected: " . $stmt->rowCount()); return $result; } catch (PDOException $e) { error_log("Update student error: " . $e->getMessage()); return false; } } function handleImageUpload($files, $data) { error_log("Starting image upload handling"); // Check for webcam image first if (!empty($data['webcam_image']) && $data['webcam_image'] !== 'data:,') { error_log("Webcam image detected"); $result = saveWebcamImage($data['webcam_image']); error_log("Webcam image save result: " . $result); return $result; } // Check for file upload if (isset($files['image_upload']) && $files['image_upload']['error'] === UPLOAD_ERR_OK) { error_log("File upload detected: " . $files['image_upload']['name']); $result = saveUploadedImage($files['image_upload']); error_log("File upload save result: " . $result); return $result; } error_log("No image provided, returning empty string"); // No image provided - return empty string return ''; } function saveWebcamImage($base64_image) { $upload_dir = '../uploads/students/'; // Create upload directory if it doesn't exist if (!file_exists($upload_dir)) { mkdir($upload_dir, 0755, true); } // Extract base64 data if (preg_match('/^data:image\/(\w+);base64,/', $base64_image, $type)) { $image_data = substr($base64_image, strpos($base64_image, ',') + 1); $type = strtolower($type[1]); // jpg, png, gif if (!in_array($type, ['jpg', 'jpeg', 'png', 'gif'])) { error_log("Invalid image type: " . $type); return false; } $image_data = base64_decode($image_data); if ($image_data === false) { error_log("Failed to decode base64 image data"); return false; } } else { error_log("Invalid base64 image format"); return false; } $filename = 'student_' . uniqid() . '.' . $type; $filepath = $upload_dir . $filename; if (file_put_contents($filepath, $image_data)) { $result_path = 'uploads/students/' . $filename; error_log("Webcam image saved successfully: " . $result_path); return $result_path; } error_log("Failed to save webcam image to: " . $filepath); return false; } function saveUploadedImage($file) { $upload_dir = '../uploads/students/'; $allowed_types = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif']; $max_size = 2 * 1024 * 1024; // 2MB // Create upload directory if it doesn't exist if (!file_exists($upload_dir)) { mkdir($upload_dir, 0755, true); } // Validate file if (!in_array($file['type'], $allowed_types)) { error_log("Invalid file type: " . $file['type']); return false; } if ($file['size'] > $max_size) { error_log("File too large: " . $file['size']); return false; } // Generate unique filename $extension = pathinfo($file['name'], PATHINFO_EXTENSION); $filename = 'student_' . uniqid() . '.' . $extension; $filepath = $upload_dir . $filename; if (move_uploaded_file($file['tmp_name'], $filepath)) { $result_path = 'uploads/students/' . $filename; error_log("File uploaded successfully: " . $result_path); return $result_path; } error_log("Failed to move uploaded file to: " . $filepath); return false; } function deleteStudent($id) { global $DBcon; try { // Get student image path to delete the file $student = getStudent($id); if ($student && !empty($student['image']) && file_exists('../' . $student['image'])) { unlink('../' . $student['image']); } $sql = "DELETE FROM students_info WHERE sn = :id"; $stmt = $DBcon->prepare($sql); return $stmt->execute([':id' => intval($id)]); } catch (PDOException $e) { error_log("Delete student error: " . $e->getMessage()); return false; } } function getStudent($id) { global $DBcon; try { $sql = "SELECT * FROM students_info WHERE sn = :id"; $stmt = $DBcon->prepare($sql); $stmt->execute([':id' => intval($id)]); $result = $stmt->fetch(PDO::FETCH_ASSOC); error_log("Get student with ID $id: " . ($result ? 'FOUND' : 'NOT FOUND')); return $result; } catch (PDOException $e) { error_log("Get student error: " . $e->getMessage()); return false; } } function getAllStudents() { global $DBcon; try { $sql = "SELECT * FROM students_info ORDER BY sn DESC"; $stmt = $DBcon->prepare($sql); $stmt->execute(); return $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (PDOException $e) { error_log("Get all students error: " . $e->getMessage()); return []; } } // Generate CSRF token $csrf_token = generate_csrf_token(); ?> Student Management - School Admin

Student Management

0): foreach ($students as $student): ?>
# Image Full Name Registration No Class Admission Year Actions
Student Image
No students found. Add the first student.
Upload File Take Photo Current Image
Max file size: 2MB. Allowed types: JPG, JPEG, PNG, GIF
Current Image

Current student image

Cancel
Copyright © 2018. All rights reserved. Hand-crafted & made with