<?php
// student_create.php
require_once '../includes/dbcon.php';

if (!is_logged_in()) {
    redirect('login.php');
}

function sanitize_input($data) {
    if ($data === null) return '';
    return htmlspecialchars(trim($data), ENT_QUOTES, 'UTF-8');
}

// Get dropdown data
function getClasses() {
    global $DBcon;
    try {
        $sql = "SELECT classid FROM class ORDER BY classid";
        $stmt = $DBcon->prepare($sql);
        $stmt->execute();
        return $stmt->fetchAll(PDO::FETCH_ASSOC);
    } catch (PDOException $e) {
        return [];
    }
}

function getAcademicYears() {
    global $DBcon;
    try {
        $sql = "SELECT academic_year FROM calender ORDER BY academic_year DESC";
        $stmt = $DBcon->prepare($sql);
        $stmt->execute();
        return $stmt->fetchAll(PDO::FETCH_ASSOC);
    } catch (PDOException $e) {
        return [];
    }
}

$classes = getClasses();
$academic_years = getAcademicYears();
$message = '';
$message_type = '';

// Handle form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!validate_csrf_token($_POST['csrf_token'])) {
        $message = 'Security token validation failed.';
        $message_type = 'error';
    } else {
        $fullname = sanitize_input($_POST['fullname']);
        $regno = sanitize_input($_POST['regno']);
        $class_id = sanitize_input($_POST['class_id']);
        $admin_year = sanitize_input($_POST['admin_year']);
        
        if (empty($fullname) || empty($regno) || empty($class_id)) {
            $message = 'Please fill in all required fields.';
            $message_type = 'error';
        } else {
            try {
                // Handle image upload
                $image_path = '';
                if (isset($_FILES['image_upload']) && $_FILES['image_upload']['error'] === UPLOAD_ERR_OK) {
                    $upload_dir = '../uploads/students/';
                    if (!file_exists($upload_dir)) mkdir($upload_dir, 0755, true);
                    
                    $allowed_types = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif'];
                    $max_size = 2 * 1024 * 1024;
                    
                    if (in_array($_FILES['image_upload']['type'], $allowed_types) && 
                        $_FILES['image_upload']['size'] <= $max_size) {
                        
                        $extension = pathinfo($_FILES['image_upload']['name'], PATHINFO_EXTENSION);
                        $filename = 'student_' . uniqid() . '.' . $extension;
                        $filepath = $upload_dir . $filename;
                        
                        if (move_uploaded_file($_FILES['image_upload']['tmp_name'], $filepath)) {
                            $image_path = 'uploads/students/' . $filename;
                        }
                    }
                }
                
                // Insert student
                $sql = "INSERT INTO students_info (fullname, regno, class_id, admin_year, image) 
                        VALUES (:fullname, :regno, :class_id, :admin_year, :image)";
                
                $stmt = $DBcon->prepare($sql);
                $result = $stmt->execute([
                    ':fullname' => $fullname,
                    ':regno' => $regno,
                    ':class_id' => $class_id,
                    ':admin_year' => $admin_year,
                    ':image' => $image_path
                ]);
                
                if ($result) {
                    header('Location: students_crud.php?message=Student created successfully&type=success');
                    exit();
                } else {
                    $message = 'Failed to create student.';
                    $message_type = 'error';
                }
                
            } catch (PDOException $e) {
                $message = 'Error creating student: ' . $e->getMessage();
                $message_type = 'error';
            }
        }
    }
}

$csrf_token = generate_csrf_token();
?>
<!-- Similar HTML structure as edit page but for creation -->
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <title>Add Student - School Admin</title>
  <link rel="stylesheet" href="vendors/iconfonts/font-awesome/css/all.min.css">
  <link rel="stylesheet" href="vendors/css/vendor.bundle.base.css">
  <link rel="stylesheet" href="vendors/css/vendor.bundle.addons.css">
  <link rel="stylesheet" href="css/style.css">
</head>
<body>
  <div class="container-scroller">
    <?php include("header.php"); ?>
    <div class="container-fluid page-body-wrapper">
      <?php include("sidebar.php"); ?>
      <div class="main-panel">
        <div class="content-wrapper">
          <div class="page-header">
            <h3 class="page-title">Add New Student</h3>
            <nav aria-label="breadcrumb">
              <ol class="breadcrumb">
                <li class="breadcrumb-item"><a href="students_crud.php">Students</a></li>
                <li class="breadcrumb-item active" aria-current="page">Add Student</li>
              </ol>
            </nav>
          </div>
          
          <?php if ($message): ?>
          <div class="alert alert-<?php echo $message_type === 'success' ? 'success' : 'error'; ?>">
            <?php echo $message; ?>
          </div>
          <?php endif; ?>
          
          <div class="row">
            <div class="col-12 grid-margin">
              <div class="card">
                <div class="card-body">
                  <h4 class="card-title"><i class="fas fa-plus"></i> Add New Student</h4>
                  
                  <form method="POST" enctype="multipart/form-data">
                    <input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
                    
                    <div class="row">
                      <div class="col-md-6">
                        <div class="form-group">
                          <label for="fullname">Full Name *</label>
                          <input type="text" class="form-control" id="fullname" name="fullname" required>
                        </div>
                      </div>
                      <div class="col-md-6">
                        <div class="form-group">
                          <label for="regno">Registration Number *</label>
                          <input type="text" class="form-control" id="regno" name="regno" required>
                        </div>
                      </div>
                    </div>
                    
                    <div class="row">
                      <div class="col-md-6">
                        <div class="form-group">
                          <label for="class_id">Class *</label>
                          <select class="form-control" id="class_id" name="class_id" required>
                            <option value="">Select Class</option>
                            <?php foreach ($classes as $class): ?>
                            <option value="<?php echo htmlspecialchars($class['classid']); ?>">
                                <?php echo htmlspecialchars($class['classid']); ?>
                            </option>
                            <?php endforeach; ?>
                          </select>
                        </div>
                      </div>
                      <div class="col-md-6">
                        <div class="form-group">
                          <label for="admin_year">Admission Year</label>
                          <select class="form-control" id="admin_year" name="admin_year">
                            <option value="">Select Academic Year</option>
                            <?php foreach ($academic_years as $year): ?>
                            <option value="<?php echo htmlspecialchars($year['academic_year']); ?>">
                                <?php echo htmlspecialchars($year['academic_year']); ?>
                            </option>
                            <?php endforeach; ?>
                          </select>
                        </div>
                      </div>
                    </div>
                    
                    <div class="form-group">
                      <label>Student Image</label>
                      <input type="file" class="form-control-file" id="image_upload" name="image_upload" accept="image/*">
                      <small class="form-text text-muted">Optional. Max 2MB, JPG/PNG/GIF</small>
                    </div>
                    
                    <div class="form-group">
                      <button type="submit" class="btn btn-primary mr-2">
                        <i class="fas fa-save"></i> Create Student
                      </button>
                      <a href="students_crud.php" class="btn btn-light">Cancel</a>
                    </div>
                  </form>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>
</body>
</html>