<?php
// Start session
session_start();
// Check if user has admin privileges
if (!isset($_SESSION['role']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'director')) {
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit;
}
// Include database configuration
require_once '../../admin/database/db_config.php';
// Check if form data is submitted
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Invalid request method']);
exit;
}
// Validate required fields
if (!isset($_POST['user_id']) || empty($_POST['user_id']) ||
!isset($_POST['document_type']) || empty($_POST['document_type']) ||
!isset($_FILES['document_file']) || $_FILES['document_file']['error'] !== 0) {
echo json_encode(['status' => 'error', 'message' => 'Missing required fields']);
exit;
}
$user_id = intval($_POST['user_id']);
$document_type = $_POST['document_type'];
$document_description = $_POST['document_description'] ?? '';
$admin_notes = $_POST['admin_notes'] ?? '';
$status = $_POST['status'] ?? 'pending'; // Default status is pending
// Validate user exists
$user_query = "SELECT id, first_name, last_name FROM users WHERE id = ?";
$stmt = $conn->prepare($user_query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$user_result = $stmt->get_result();
if ($user_result->num_rows === 0) {
echo json_encode(['status' => 'error', 'message' => 'User not found']);
exit;
}
$user = $user_result->fetch_assoc();
// Validate document type
$valid_types = ['id_proof', 'educational_certificate', 'photograph', 'address_proof', 'other'];
if (!in_array($document_type, $valid_types)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid document type']);
exit;
}
// Validate file type
$allowed_file_types = [
'image/jpeg', 'image/png', 'image/gif', 'application/pdf',
'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document'
];
$file_type = $_FILES['document_file']['type'];
$file_size = $_FILES['document_file']['size'];
$file_tmp = $_FILES['document_file']['tmp_name'];
$file_name = $_FILES['document_file']['name'];
if (!in_array($file_type, $allowed_file_types)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid file type. Allowed types: JPG, PNG, GIF, PDF, DOC, DOCX']);
exit;
}
// Validate file size (max 5MB)
if ($file_size > 5242880) {
echo json_encode(['status' => 'error', 'message' => 'File size must be less than 5MB']);
exit;
}
// Create directory if it doesn't exist
$upload_dir = '../../uploads/documents/' . $user_id;
if (!file_exists($upload_dir)) {
if (!mkdir($upload_dir, 0755, true)) {
echo json_encode(['status' => 'error', 'message' => 'Failed to create directory']);
exit;
}
}
// Generate unique file name
$file_extension = pathinfo($file_name, PATHINFO_EXTENSION);
$unique_filename = uniqid('doc_') . '.' . $file_extension;
$upload_path = $upload_dir . '/' . $unique_filename;
$db_file_path = 'uploads/documents/' . $user_id . '/' . $unique_filename;
// Upload file
if (!move_uploaded_file($file_tmp, $upload_path)) {
echo json_encode(['status' => 'error', 'message' => 'Failed to upload file']);
exit;
}
// Begin transaction
$conn->begin_transaction();
try {
// Insert document record into database
$insert_query = "INSERT INTO student_documents (user_id, document_type, file_path, original_filename,
document_description, status, admin_notes, upload_date, uploaded_by, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, NOW(), ?, NOW())";
$stmt = $conn->prepare($insert_query);
$admin_id = $_SESSION['user_id'];
$stmt->bind_param("isssssis", $user_id, $document_type, $db_file_path, $file_name,
$document_description, $status, $admin_notes, $admin_id);
if (!$stmt->execute()) {
throw new Exception("Failed to insert document record: " . $conn->error);
}
$document_id = $conn->insert_id;
// If status is verified immediately, check all documents
if ($status === 'verified') {
// Check if all required documents for this user are verified
$check_query = "SELECT COUNT(*) as total, SUM(CASE WHEN status = 'verified' THEN 1 ELSE 0 END) as verified
FROM student_documents
WHERE user_id = ? AND document_type IN ('id_proof', 'educational_certificate', 'photograph')";
$stmt = $conn->prepare($check_query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
$check_result = $stmt->get_result()->fetch_assoc();
// If all required documents are verified (3 documents: ID, education, photo)
if ($check_result['total'] >= 3 && $check_result['verified'] >= 3) {
// Update all pending applications for this user
$app_update_query = "UPDATE enrollment_applications
SET status = 'payment_pending'
WHERE user_id = ? AND status = 'pending'";
$stmt = $conn->prepare($app_update_query);
$stmt->bind_param("i", $user_id);
$stmt->execute();
}
}
// Log the activity
$activity_query = "INSERT INTO activities (user_id, user_type, activity_type, activity_description, created_at)
VALUES (?, 'admin', 'document_upload', ?, NOW())";
$stmt = $conn->prepare($activity_query);
$activity_description = "Uploaded " . $document_type . " document for user " . $user['first_name'] . ' ' . $user['last_name'];
$stmt->bind_param("is", $admin_id, $activity_description);
if (!$stmt->execute() && $conn->errno != 1146) { // Ignore error if activities table doesn't exist
// Just log to error log, don't throw exception for activity logging failure
error_log("Failed to log activity: " . $conn->error);
}
// Commit transaction
$conn->commit();
echo json_encode([
'status' => 'success',
'message' => 'Document uploaded successfully',
'document_id' => $document_id,
'document_path' => $db_file_path
]);
} catch (Exception $e) {
// Rollback transaction and remove uploaded file
$conn->rollback();
if (file_exists($upload_path)) {
unlink($upload_path);
}
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
}
?>
