<?php
session_start();
include_once('../../config/db_config.php');
// Check if admin is logged in
if (!isset($_SESSION['user_id']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'director')) {
echo json_encode([
'success' => false,
'message' => 'Unauthorized access'
]);
exit();
}
// Validate request
if ($_SERVER['REQUEST_METHOD'] !== 'POST' ||
!isset($_POST['document_id']) || empty($_POST['document_id']) ||
!isset($_POST['status']) || empty($_POST['status'])) {
echo json_encode([
'success' => false,
'message' => 'Invalid request parameters'
]);
exit();
}
$documentId = (int)$_POST['document_id'];
$status = $_POST['status'];
$adminNotes = isset($_POST['admin_notes']) ? $_POST['admin_notes'] : null;
// Validate status
$allowedStatuses = ['pending', 'verified', 'rejected'];
if (!in_array($status, $allowedStatuses)) {
echo json_encode([
'success' => false,
'message' => 'Invalid status value'
]);
exit();
}
try {
// Begin transaction
$conn->begin_transaction();
// Update document status
$query = "
UPDATE student_documents
SET status = ?,
admin_notes = ?
WHERE id = ?
";
$stmt = $conn->prepare($query);
$stmt->bind_param("ssi", $status, $adminNotes, $documentId);
$stmt->execute();
if ($stmt->affected_rows === 0) {
throw new Exception('Failed to update document status');
}
// Get document details for notification
$query = "
SELECT
d.user_id,
d.document_type,
u.email,
u.first_name,
u.last_name
FROM
student_documents d
JOIN
users u ON d.user_id = u.id
WHERE
d.id = ?
";
$stmt = $conn->prepare($query);
$stmt->bind_param("i", $documentId);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
throw new Exception('Document not found after update');
}
$document = $result->fetch_assoc();
// Log the activity
$adminUserId = $_SESSION['user_id'];
$activityDescription = "Document verification status updated to '$status' for document #$documentId";
$logQuery = "
INSERT INTO activities (
user_id,
user_type,
activity_type,
activity_description,
ip_address,
created_at
) VALUES (
?,
'admin',
'document_verification',
?,
?,
NOW()
)
";
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? null;
$stmt = $conn->prepare($logQuery);
$stmt->bind_param("iss", $adminUserId, $activityDescription, $ipAddress);
$stmt->execute();
// Commit the transaction
$conn->commit();
// Prepare notification data
$studentName = $document['first_name'] . ' ' . $document['last_name'];
$documentTypes = [
'id_proof' => 'ID Proof',
'address_proof' => 'Address Proof',
'educational_certificate' => 'Educational Certificate',
'photograph' => 'Passport Size Photo'
];
$documentType = isset($documentTypes[$document['document_type']])
? $documentTypes[$document['document_type']]
: ucfirst(str_replace('_', ' ', $document['document_type']));
$statusText = ucfirst($status);
echo json_encode([
'success' => true,
'message' => "Document status updated to $statusText successfully",
'student_name' => $studentName,
'document_type' => $documentType,
'status' => $status
]);
} catch (Exception $e) {
// Rollback the transaction
if (isset($conn) && $conn->ping()) {
$conn->rollback();
}
echo json_encode([
'success' => false,
'message' => 'Error: ' . $e->getMessage()
]);
}
?>
