-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathupload1.php
More file actions
114 lines (93 loc) · 3.65 KB
/
upload1.php
File metadata and controls
114 lines (93 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
header('Content-Type: application/json');
// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "frontend&backend";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die(json_encode(['success' => false, 'error' => "Connection failed: " . $conn->connect_error]));
}
// Fetch individual file details
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['fileName'])) {
$fileName = $conn->real_escape_string($_GET['fileName']);
$sql = "SELECT teacher_id, university_name FROM syllabus_approvals WHERE file_name = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $fileName);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
echo json_encode([
'teacherId' => $row['teacher_id'],
'universityName' => $row['university_name']
]);
} else {
echo json_encode([
'teacherId' => '',
'universityName' => ''
]);
}
exit;
}
// Get pending PDFs
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = "SELECT file_name FROM syllabus_approvals WHERE status = 'pending'";
$result = $conn->query($sql);
$pdfFiles = [];
while ($row = $result->fetch_assoc()) {
$pdfFiles[] = $row['file_name'];
}
echo json_encode($pdfFiles);
exit;
}
// Handle approval/rejection
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$data = json_decode(file_get_contents('php://input'), true);
$fileName = $conn->real_escape_string($data['fileName']);
$action = $data['action'];
// First get the current values from database
$currentValues = [];
$getSql = "SELECT teacher_id, university_name FROM syllabus_approvals WHERE file_name = ?";
$stmt = $conn->prepare($getSql);
$stmt->bind_param("s", $fileName);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$currentValues = $result->fetch_assoc();
}
// Prepare update data
$status = $action === 'approve' ? 'approved' : 'rejected';
$subjectName = isset($data['subjectName']) ? $conn->real_escape_string($data['subjectName']) : null;
$stream = isset($data['stream']) ? $conn->real_escape_string($data['stream']) : null;
$teacherId = $currentValues['teacher_id'] ?? null; // Always preserve existing teacher_id
$universityName = $currentValues['university_name'] ?? null; // Always preserve existing university_name
$feedback = isset($data['feedback']) ? $conn->real_escape_string($data['feedback']) : null;
// Build the update query
$updateFields = [
"status = '$status'",
"processed_at = CURRENT_TIMESTAMP"
];
// Only update subject_name and stream if approving
if ($action === 'approve') {
if ($subjectName) $updateFields[] = "subject_name = '$subjectName'";
if ($stream) $updateFields[] = "stream = '$stream'";
}
// Always preserve teacher_id and university_name
if ($teacherId) $updateFields[] = "teacher_id = '$teacherId'";
if ($universityName) $updateFields[] = "university_name = '$universityName'";
// Set feedback for rejection
if ($action === 'reject' && $feedback) {
$updateFields[] = "admin_feedback = '$feedback'";
}
$sql = "UPDATE syllabus_approvals SET " . implode(', ', $updateFields) . " WHERE file_name = '$fileName'";
if ($conn->query($sql)) {
echo json_encode(['success' => true]);
} else {
echo json_encode(['success' => false, 'error' => $conn->error]);
}
exit;
}
$conn->close();
?>