diff --git a/.gitignore b/.gitignore index 9436d97..136a47f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /.idea /.vscode +/vendor diff --git a/README.md b/README.md new file mode 100755 index 0000000..4d870e0 --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +## UTC Medical Tracker + +### Requirements +- Composer (Latest Version) +- PHP (Latest Version) +- MySQL (Latest Version) + +#### Composer Libraries +``` +composer install +``` + +### Linux Only +``` +sudo chmod 777 /opt/lampp/htdocs/website/* +``` diff --git a/admin/add/add_new_brand.php b/admin/add/add_new_brand.php deleted file mode 100644 index 37a0e52..0000000 --- a/admin/add/add_new_brand.php +++ /dev/null @@ -1,82 +0,0 @@ - - - - Hours Tracking - Add new Brand - - - -
-
- -
- -

Add new brand

-
-
Enter brand name
-
Example: Tesco
- -

- -
- -

- < Go Back - - -prepare($sql); - $stmt->bindParam(1, $_POST['brand'], PDO::PARAM_STR); - $stmt->execute(); - echo "

"; - echo '
'; - echo '
'; - echo '

Success

'; - echo '
'; - echo '
'; - echo '

Brand sucessfully added

'; - echo '
'; - echo '
'; - header("refresh:10; url=../admin_dashboard.php"); - - } catch (PDOException $e) { - echo "Error: " . $e->getMessage(); - } - } else { - echo "Please fill in the brand name."; - } - } - -?> \ No newline at end of file diff --git a/admin/add/add_new_med.php b/admin/add/add_new_med.php deleted file mode 100644 index 435deed..0000000 --- a/admin/add/add_new_med.php +++ /dev/null @@ -1,92 +0,0 @@ - - - - Hours Tracking - Add New Med - - - -
-
- -
-

Create new Medicine

- -
-
Enter med name
-
Example: Paracetamol
- -

- -
-

- < Go Back -
- - - - - - -prepare($sql); - $stmt->bindParam(1, $_POST['medication'], PDO::PARAM_STR); - $stmt->execute(); - echo "

"; - echo '
'; - echo '
'; - echo '

Success

'; - echo '
'; - echo '
'; - echo '

Medication successfully added!

'; - echo '
'; - echo '
'; - header("refresh:10; url=../admin_dashboard.php"); - - } catch (PDOException $e) { - - echo "Error: " . $e->getMessage(); - - } - } else { - - echo "Please fill in the medication name."; - - } - - } - -?> \ No newline at end of file diff --git a/admin/add_new_brand.php b/admin/add_new_brand.php new file mode 100644 index 0000000..839c789 --- /dev/null +++ b/admin/add_new_brand.php @@ -0,0 +1,81 @@ + + + + + + Hours Tracking - Add new Brand + + + +
+ +
+ +
+ +

Add new brand

+
+
Enter brand name
+
Example: Tesco
+ +

+ +
+ +

+ < Go Back + + +prepare($sql); + $stmt->bindParam(1, $_POST['brand'], PDO::PARAM_STR); + $stmt->execute(); + echo "

"; + echo '
'; + echo '
'; + echo '

Success

'; + echo '
'; + echo '
'; + echo '

Brand sucessfully added

'; + echo '
'; + echo '
'; + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $brand_name = $_POST['brand']; + $source = "Add New Brand"; + $action = "$staff_code created $brand_name"; + + logAction($conn, $staff_id, $action, $source); + + header("refresh:10; url=brand_management.php"); + + } catch (PDOException $e) { + echo "Error: " . $e->getMessage(); + } + } else { + echo "Please fill in the brand name."; + } + } + +?> \ No newline at end of file diff --git a/admin/add_new_med.php b/admin/add_new_med.php new file mode 100644 index 0000000..56fc720 --- /dev/null +++ b/admin/add_new_med.php @@ -0,0 +1,92 @@ + + + + + + Hours Tracking - Add New Med + + + +
+ +
+ +
+
+
+

Create new Medicine

+ +
+
Enter med name
+
Example: Paracetamol
+ +

+ +
+

+ < Go Back +
+ + + + + + +prepare($sql); + $stmt->bindParam(1, $_POST['medication'], PDO::PARAM_STR); + $stmt->execute(); + echo "

"; + echo '
'; + echo '
'; + echo '

Success

'; + echo '
'; + echo '
'; + echo '

Medication successfully added!

'; + echo '
'; + echo '
'; + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created $_POST[medication]"; + $source = "Add New Medication"; + + logAction($conn, $staff_id, $action, $source); + + header("refresh:10; url=medication_management.php"); + + } catch (PDOException $e) { + + echo "Error: " . $e->getMessage(); + + } + } else { + + echo "Please fill in the medication name."; + + } + + } + +?> \ No newline at end of file diff --git a/admin/admin_dashboard.php b/admin/admin_dashboard.php index 39e0d45..242df48 100644 --- a/admin/admin_dashboard.php +++ b/admin/admin_dashboard.php @@ -1,11 +1,9 @@ @@ -14,33 +12,15 @@ Hours Tracking - Admin Home - -
+
- -
- -

- - - -

- - - \ No newline at end of file +
+

Administrator Dashboard

+ diff --git a/admin/archived_staff.php b/admin/archived_staff.php new file mode 100644 index 0000000..1e78378 --- /dev/null +++ b/admin/archived_staff.php @@ -0,0 +1,72 @@ +prepare($query); +$stmt->execute(); +$staffData = $stmt->fetchAll(PDO::FETCH_ASSOC); +?> + + + + + Hours Tracking - Admin Home + + + +
+ +
+ +
+

Archived Staff

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Staff IDFirst NameLast NameEmailStaff Code
No staff members found.
+

+ < Go Back + + + + + \ No newline at end of file diff --git a/admin/brand_management.php b/admin/brand_management.php new file mode 100644 index 0000000..02ea6dc --- /dev/null +++ b/admin/brand_management.php @@ -0,0 +1,105 @@ + 'Brand ID', + 'brand_name' => 'Brand Name' +]; + +try { + // Fetch the total number of records + $total_sql = "SELECT COUNT(*) FROM brand"; + $total_records = $conn->query($total_sql)->fetchColumn(); + + // Calculate total pages + $total_pages = ceil($total_records / $records_per_page); + + // SQL query to fetch data for the current page + $sql = "SELECT * FROM brand LIMIT :limit OFFSET :offset"; + $stmt = $conn->prepare($sql); + $stmt->bindValue(':limit', $records_per_page, PDO::PARAM_INT); + $stmt->bindValue(':offset', $offset, PDO::PARAM_INT); + $stmt->execute(); + + // Fetch data + $brands = $stmt->fetchAll(PDO::FETCH_ASSOC); +} catch (PDOException $e) { + die("Error: " . $e->getMessage()); +} +?> + + + + + + + Brands Table + + + +
+ +
+ +
+

Brands Table

+ + + + " . htmlspecialchars($custom_headings[$columnName] ?? $columnName) . ""; + } + } + ?> + + + + + + + + + + + + + + + + +
No data found.
+ + + + + diff --git a/admin/bulk_upload.php b/admin/bulk_upload.php new file mode 100644 index 0000000..12f1386 --- /dev/null +++ b/admin/bulk_upload.php @@ -0,0 +1,44 @@ + + + + + + Hours Tracking - Add New Med + + + +
+ +
+ +
+ +
+
+

Bulk Upload

+ +

+
+
Upload a File
+
.CSV is the only allowed format
+

+ +
+ + + + \ No newline at end of file diff --git a/admin/staff/change_password.php b/admin/change_password.php similarity index 55% rename from admin/staff/change_password.php rename to admin/change_password.php index 9dfb18a..eed2a99 100644 --- a/admin/staff/change_password.php +++ b/admin/change_password.php @@ -2,13 +2,11 @@ session_start(); -// Check for valid session and cookie -if (!isset($_SESSION['ssnlogin']) || !isset($_COOKIE['cookies_and_cream'])) { - header("Location: ../../index.html"); - exit(); -} +include "../server/check_cookie_admin.php"; +include "../server/db_connect.php"; +include "../server/audit-log.php"; +include "../server/navbar/admin_dashboard.php"; -include "../../server/db_connect.php"; try { if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['staff_id'])) { @@ -35,23 +33,37 @@ if ($stmt->execute()) { echo '
'; - echo '
'; - echo '

Success

'; - echo '
'; - echo '
'; - echo '

Password sucessfully changed

'; - echo '
'; - echo '
'; + echo '
'; + echo '

Success

'; + echo '
'; + echo '
'; + echo '

Password sucessfully changed

'; + echo '
'; + echo '
'; + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code changed $staff_id's password."; + $source = "Change Password"; + + logAction($conn, $staff_id, $action, $source); + header("Location: staff_home.php"); } else { echo '
'; - echo '
'; - echo '

Error

'; - echo '
'; - echo '
'; - echo '

Failed to update the password.

'; - echo '
'; + echo '
'; + echo '

Error

'; + echo '
'; + echo '
'; + echo '

Failed to update the password.

'; + echo '
'; echo '
'; + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code failed to change $staff_id's password."; + $source = "Change Password"; + + logAction($conn, $staff_id, $action, $source); + } } } else { @@ -66,28 +78,9 @@ Hours Tracking - Admin Home - + -
- -

Change Password

diff --git a/admin/create_single.php b/admin/create_single.php new file mode 100644 index 0000000..280a783 --- /dev/null +++ b/admin/create_single.php @@ -0,0 +1,52 @@ + + + + + + Hours Tracking - Add New Med + + + +
+ +
+ +
+ +
+
+

Create One Student

+
+
Enter students first name
+
Example: Joe
+ +

+
Enter students last name
+
Example: Bloggs
+ +

+
Enter students year group
+
Example: 12
+ +

+ +
+ + + + + \ No newline at end of file diff --git a/admin/staff/create_user_data.php b/admin/create_user_data.php similarity index 66% rename from admin/staff/create_user_data.php rename to admin/create_user_data.php index 0aa1e07..c517f44 100644 --- a/admin/staff/create_user_data.php +++ b/admin/create_user_data.php @@ -1,16 +1,13 @@ prepare($sql); $stmt->bindParam(1,$first_name); $stmt->bindParam(2,$last_name); - $stmt->bindParam(3,$email); - $stmt->bindParam(4,$hpswd); - $stmt->bindParam(5,$group); + $stmt->bindParam(3,$staff_code); + $stmt->bindParam(4,$email); + $stmt->bindParam(5,$hpswd); + $stmt->bindParam(6,$group); $stmt->execute(); header("refresh:5; url=staff_home.php"); echo '
'; + $staff_id = $_SESSION['staff_id']; + $s_staff_code = $_SESSION['staff_code']; + $action = "$s_staff_code created staff $first_name, $last_name, $staff_code, $email, $group"; + $source = "Create Staff"; + + logAction($conn, $staff_id, $action, $source); + echo "Successfully registered"; } catch (PDOException $e) { echo "Error: " . $e->getMessage(); diff --git a/admin/staff/create_user_form.php b/admin/create_user_form.php similarity index 53% rename from admin/staff/create_user_form.php rename to admin/create_user_form.php index 8d63948..a894af2 100644 --- a/admin/staff/create_user_form.php +++ b/admin/create_user_form.php @@ -1,40 +1,30 @@ + Hours Tracking - Admin Home - + +
+
- -
+ +

Create a new user

@@ -47,6 +37,10 @@
Example: Bloggs


+
Enter staff code
+
Example: JBL
+ +

Enter email:
Example: joe.bloggs@utcleeds.co.uk
diff --git a/admin/delete_user.php b/admin/delete_user.php new file mode 100644 index 0000000..d291f76 --- /dev/null +++ b/admin/delete_user.php @@ -0,0 +1,57 @@ +prepare($query); + $stmt->bindParam(':staff_id', $staff_id, PDO::PARAM_INT); + + if ($stmt->execute()) { + // Check if any rows were affected + if ($stmt->rowCount() > 0) { + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code Archived $staff_id"; + $source = "Delete User"; + + logAction($conn, $staff_id, $action, $source); + echo "User archived successfully."; + } else { + echo "No user found with the provided Staff ID."; + } + } else { + echo "Failed to archive user."; + } + } catch (PDOException $e) { + echo "Database Error: " . $e->getMessage(); + } catch (Exception $e) { + echo "Error: " . $e->getMessage(); + } finally { + $conn = null; + } + + // Redirect only if the operation was successful + if (isset($stmt) && $stmt->rowCount() > 0) { + header("Location: staff_home.php"); + exit; + } +} +?> \ No newline at end of file diff --git a/edit_details/edit_student.php b/admin/edit_student.php similarity index 75% rename from edit_details/edit_student.php rename to admin/edit_student.php index fcd7f79..2599c89 100644 --- a/edit_details/edit_student.php +++ b/admin/edit_student.php @@ -1,6 +1,20 @@ + + + + Hours Tracking - Student Medication + + + +
+ bindParam(':student_id', $student_id, PDO::PARAM_INT); $update_stmt->execute(); + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code edited $first_name, $last_name, $year"; + $source = "Edit Student"; + + logAction($conn, $staff_id, $action, $source); $success_message = "Student record updated successfully."; } catch (PDOException $e) { $error_message = "Database error: " . htmlspecialchars($e->getMessage()); @@ -60,27 +86,13 @@ } } ?> +
- - -
- - -
-
diff --git a/admin/edit_user.php b/admin/edit_user.php new file mode 100644 index 0000000..f2d1f10 --- /dev/null +++ b/admin/edit_user.php @@ -0,0 +1,144 @@ +prepare($query); + $stmt->bindParam(':staff_id', $staff_id, PDO::PARAM_INT); + $stmt->execute(); + $user = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$user) { + die("User not found."); + } + } elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['staff_id'])) { + $staff_id = $_POST['staff_id']; + $first_name = $_POST['first_name']; + $last_name = $_POST['last_name']; + $email = $_POST['email']; + $staff_code = $_POST['staff_code']; + + // Validate inputs + if (empty($first_name) || empty($last_name) || empty($email) || empty($staff_code)) { + $staff_id = $_SESSION['staff_id']; + $s_staff_code = $_SESSION['staff_code']; + $action = "$s_staff_code failed to edit $staff_id's account"; + $source = "Edit Staff"; + + logAction($conn, $staff_id, $action, $source); + $error = "All fields are required."; + + } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $staff_id = $_SESSION['staff_id']; + $s_staff_code = $_SESSION['staff_code']; + $action = "$s_staff_code failed to edit $staff_id's account"; + $source = "Edit Staff"; + + logAction($conn, $staff_id, $action, $source); + $error = "Invalid email format."; + } else { + // Update user details + $query = "UPDATE staff SET first_name = :first_name, last_name = :last_name, email = :email, staff_code = :staff_code WHERE staff_id = :staff_id"; + $stmt = $conn->prepare($query); + $stmt->bindParam(':first_name', $first_name); + $stmt->bindParam(':last_name', $last_name); + $stmt->bindParam(':email', $email); + $stmt->bindParam(':staff_code', $staff_code); + $stmt->bindParam(':staff_id', $staff_id, PDO::PARAM_INT); + + if ($stmt->execute()) { + $staff_id = $_SESSION['staff_id']; + $s_staff_code = $_SESSION['staff_code']; + $action = "$s_staff_code edit $first_name, $last_name, $email, $staff_code for $staff_id"; + $source = "Edit Student"; + + logAction($conn, $staff_id, $action, $source); + + $success = "Details updated successfully."; + + } else { + $error = "Failed to update details."; + } + } + } else { + $error = "Invalid request."; + } +} catch (PDOException $e) { + $error = "Database error: " . $e->getMessage(); +} +?> + + + +Hours Tracking - Dashboard +
+ +

Edit User Details

+ + +
+
+

Error

+
+
+

+
+
+
+ +
+
+

Success

+
+
+

+
+
+
+ + + +
+ +
+
Enter first name
+
Example: Joe
+ +
+
+
+
Enter last name
+
Example: Bloggs
+ +
+
+
+
Enter email
+
Example: joe.bloggs@utcleeds.co.uk
+ +
+
+
+
Enter staff code
+
Example: JBL
+ +
+
+ +
+ + + < Go Back + + + diff --git a/admin/export_brands.php b/admin/export_brands.php new file mode 100644 index 0000000..df38b58 --- /dev/null +++ b/admin/export_brands.php @@ -0,0 +1,80 @@ +prepare($query); +$stmt->execute(); +$brandsData = $stmt->fetchAll(PDO::FETCH_ASSOC); + +if (!empty($brandsData)) { + // Generate timestamp for file naming + $timestamp = date('Y-m-d_H-i-s'); + + // Paths for the files to be included in the zip + $csvFile = "brands_data.csv"; + $excelFile = "brands_data.xlsx"; + $zipFile = "brands_data_$timestamp.zip"; + + // Generate CSV file + $csvHandle = fopen($csvFile, 'w'); + fputcsv($csvHandle, array_keys($brandsData[0])); // Add header row + foreach ($brandsData as $row) { + fputcsv($csvHandle, $row); + } + fclose($csvHandle); + + // Generate Excel file using PhpSpreadsheet + $spreadsheet = new Spreadsheet(); + $sheet = $spreadsheet->getActiveSheet(); + $sheet->fromArray(array_merge([array_keys($brandsData[0])], $brandsData), NULL, 'A1'); + + $writer = new Xlsx($spreadsheet); + $writer->save($excelFile); + + // Create a zip archive + $zip = new ZipArchive(); + + if ($zip->open($zipFile, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { + $zip->addFile($csvFile, basename($csvFile)); + $zip->addFile($excelFile, basename($excelFile)); + $zip->close(); + + // Set headers to prompt download + header('Content-Type: application/zip'); + header('Content-Disposition: attachment; filename="' . basename($zipFile) . '"'); + header('Content-Length: ' . filesize($zipFile)); + + // Output the file + readfile($zipFile); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created $zipFile $csvFile with $excelFile"; + $source = "Export Brands"; + + logAction($conn, $staff_id, $action, $source); + + + // Clean up temporary files + unlink($csvFile); + unlink($excelFile); + unlink($zipFile); + } else { + echo "Failed to create zip file."; + } +} else { + echo "No brands data available to export."; +} + +$conn = null; // Close the database connection +?> diff --git a/admin/export_meds.php b/admin/export_meds.php new file mode 100644 index 0000000..1f6696b --- /dev/null +++ b/admin/export_meds.php @@ -0,0 +1,80 @@ +prepare($query); +$stmt->execute(); +$brandsData = $stmt->fetchAll(PDO::FETCH_ASSOC); + +if (!empty($brandsData)) { + // Generate timestamp for file naming + $timestamp = date('Y-m-d_H-i-s'); + + // Paths for the files to be included in the zip + $csvFile = "med_data.csv"; + $excelFile = "med_data.xlsx"; + $zipFile = "med_data_$timestamp.zip"; + + // Generate CSV file + $csvHandle = fopen($csvFile, 'w'); + fputcsv($csvHandle, array_keys($brandsData[0])); // Add header row + foreach ($brandsData as $row) { + fputcsv($csvHandle, $row); + } + fclose($csvHandle); + + // Generate Excel file using PhpSpreadsheet + $spreadsheet = new Spreadsheet(); + $sheet = $spreadsheet->getActiveSheet(); + $sheet->fromArray(array_merge([array_keys($brandsData[0])], $brandsData), NULL, 'A1'); + + $writer = new Xlsx($spreadsheet); + $writer->save($excelFile); + + // Create a zip archive + $zip = new ZipArchive(); + + if ($zip->open($zipFile, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { + $zip->addFile($csvFile, basename($csvFile)); + $zip->addFile($excelFile, basename($excelFile)); + $zip->close(); + + // Set headers to prompt download + header('Content-Type: application/zip'); + header('Content-Disposition: attachment; filename="' . basename($zipFile) . '"'); + header('Content-Length: ' . filesize($zipFile)); + + // Output the file + readfile($zipFile); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code exported $zipFile with $csvFile, $excelFile"; + $source = "Export Brands"; + + logAction($conn, $staff_id, $action, $source); + + + // Clean up temporary files + unlink($csvFile); + unlink($excelFile); + unlink($zipFile); + } else { + echo "Failed to create zip file."; + } +} else { + echo "No brands data available to export."; +} + +$conn = null; // Close the database connection +?> diff --git a/admin/export_students.php b/admin/export_students.php new file mode 100644 index 0000000..11907dd --- /dev/null +++ b/admin/export_students.php @@ -0,0 +1,86 @@ +prepare($query); +$stmt->execute(); +$studentsData = $stmt->fetchAll(PDO::FETCH_ASSOC); + +if (!empty($studentsData)) { + $timestamp = date('Y-m-d_H-i-s'); + $csvFile = "student_data.csv"; + $excelFile = "student_data.xlsx"; + $zipFile = "student_data_$timestamp.zip"; + + // Generate CSV file + $csvHandle = fopen($csvFile, 'w'); + if ($csvHandle === false) { + die("Error: Unable to create CSV file."); + } + fputcsv($csvHandle, array_keys($studentsData[0])); + foreach ($studentsData as $row) { + fputcsv($csvHandle, $row); + } + fclose($csvHandle); + + // Generate Excel file + $spreadsheet = new Spreadsheet(); + $sheet = $spreadsheet->getActiveSheet(); + $sheet->fromArray(array_merge([array_keys($studentsData[0])], $studentsData), NULL, 'A1'); + + $writer = new Xlsx($spreadsheet); + $writer->save($excelFile); + + // Ensure files exist before zipping + if (!file_exists($csvFile) || !file_exists($excelFile)) { + die("Error: CSV or Excel file was not created."); + } + + // Create ZIP archive + $zip = new ZipArchive(); + if ($zip->open($zipFile, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) { + die("Error: Unable to create ZIP file."); + } + $zip->addFile($csvFile, basename($csvFile)); + $zip->addFile($excelFile, basename($excelFile)); + $zip->close(); + + // Ensure ZIP file exists before sending + if (!file_exists($zipFile)) { + die("Error: ZIP file was not created."); + } + + // Send ZIP file for download + header('Content-Type: application/zip'); + header('Content-Disposition: attachment; filename="' . basename($zipFile) . '"'); + header('Content-Length: ' . filesize($zipFile)); + flush(); + readfile($zipFile); + + // Audit log + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created $zipFile with $csvFile, $excelFile"; + $source = "Export Students"; + + logAction($conn, $staff_id, $action, $source); + + // Cleanup temporary files + unlink($csvFile); + unlink($excelFile); + unlink($zipFile); +} else { + echo "No student data available to export."; +} + +$conn = null; // Close database connection +?> diff --git a/admin/medication_management.php b/admin/medication_management.php new file mode 100644 index 0000000..ff40ba5 --- /dev/null +++ b/admin/medication_management.php @@ -0,0 +1,105 @@ + 'Med ID', + 'med_name' => 'Med Name' +]; + +try { + // Fetch the total number of records + $total_sql = "SELECT COUNT(*) FROM med"; + $total_records = $conn->query($total_sql)->fetchColumn(); + + // Calculate total pages + $total_pages = ceil($total_records / $records_per_page); + + // SQL query to fetch data for the current page + $sql = "SELECT * FROM med LIMIT :limit OFFSET :offset"; + $stmt = $conn->prepare($sql); + $stmt->bindValue(':limit', $records_per_page, PDO::PARAM_INT); + $stmt->bindValue(':offset', $offset, PDO::PARAM_INT); + $stmt->execute(); + + // Fetch data + $brands = $stmt->fetchAll(PDO::FETCH_ASSOC); +} catch (PDOException $e) { + die("Error: " . $e->getMessage()); +} +?> + + + + + + + Brands Table + + + +
+ +
+ +
+

Medication Table

+ + + + " . htmlspecialchars($custom_headings[$columnName] ?? $columnName) . ""; + } + } + ?> + + + + + + + + + + + + + + + + +
No data found.
+ + + + + diff --git a/insert_data/process_csv.php b/admin/process_csv.php similarity index 73% rename from insert_data/process_csv.php rename to admin/process_csv.php index 60a74a4..4c0ad2f 100644 --- a/insert_data/process_csv.php +++ b/admin/process_csv.php @@ -1,3 +1,11 @@ + + @@ -7,37 +15,23 @@ Hours Tracking - Process CSV + +
+
-
+
- Data successfully inserted into the database! Rows inserted: $insertCount

"; - header("refresh:5; insert_data_home.php"); + header("refresh:5; student_management.php"); // Log activity $ip_address = $_SERVER['REMOTE_ADDR']; $staff_id = $_SESSION["staff_id"]; - $action = "$insertCount students have been added"; + $staff_code = $_SESSION["staff_code"]; + $action = "$staff_code inserted $insertCount students"; + $source = "Bulk Upload"; - logAction($conn, $staff_id, $action); + logAction($conn, $staff_id, $action, $source); // Cleanup unlink($filePath); // Delete the temporary file @@ -104,16 +100,16 @@ if (($handle = fopen($savedFilePath, 'r')) !== false) { echo "

CSV Content

"; - echo ""; + echo "
"; $rowIndex = 0; while (($row = fgetcsv($handle, 1000, ',')) !== false) { echo ""; foreach ($row as $cell) { if ($rowIndex === 0) { - echo ""; + echo ""; } else { - echo ""; + echo ""; } } echo ""; diff --git a/admin/progress_students.php b/admin/progress_students.php new file mode 100644 index 0000000..08532fc --- /dev/null +++ b/admin/progress_students.php @@ -0,0 +1,151 @@ + + + + +
+
+ +

Progress Student Year Group

+ +
+
+
Enter year group
+
Example: 12
+ +

+ + +
+ + prepare($sql); + $stmt->bindParam(':year', $selected_year, PDO::PARAM_INT); + $stmt->execute(); + $students = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($students) { + echo "
"; + echo "

Progress Year Group $selected_year

"; + echo "
" . htmlspecialchars($cell) . "" . htmlspecialchars($cell) . "" . htmlspecialchars($cell) . "" . htmlspecialchars($cell) . "
"; + echo ""; + foreach (array_keys($students[0]) as $header) { + echo ""; + } + echo ""; + echo ""; + + foreach ($students as $student) { + echo ""; + foreach ($student as $key => $value) { + echo ""; + } + + if ($student['year'] == 11 || $student['year'] == 12) { + echo ""; + } elseif ($student['year'] == 13) { + echo ""; + } else { + echo ""; + } + echo ""; + } + echo "
" . htmlspecialchars($header) . "Action
" . htmlspecialchars($value) . " +
+ + +
+ 		+
+ Archive +
+ 		+
+ +
+
"; + echo '

'; + echo ""; + echo ""; + } else { + echo "

No students found in Year $selected_year.

"; + } + } catch (PDOException $e) { + die("

Database error: " . htmlspecialchars($e->getMessage()) . "

"); + } + } + + if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['finalize_progress'])) { + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + + if (!empty($_POST['progress_ids'])) { + $progress_ids = $_POST['progress_ids']; + $progress_count = count($progress_ids); + + $update_sql = "UPDATE students SET year = year + 1 WHERE student_id = :student_id"; + $update_stmt = $conn->prepare($update_sql); + + foreach ($progress_ids as $id) { + $update_stmt->bindParam(':student_id', $id, PDO::PARAM_INT); + $update_stmt->execute(); + } + + $progress_log = "$staff_code progressed $progress_count students: " . implode(", ", $progress_ids); + $source = "Progress Students"; + logAction($conn, $staff_id, $progress_log, $source); + echo "

Year group progression completed successfully.

"; + } + + if (!empty($_POST['archive_ids'])) { + $archive_ids = $_POST['archive_ids']; + $archive_count = count($archive_ids); + + $archive_sql = "UPDATE students SET archived = 1 WHERE student_id = :student_id"; + $archive_stmt = $conn->prepare($archive_sql); + + foreach ($archive_ids as $id) { + $archive_stmt->bindParam(':student_id', $id, PDO::PARAM_INT); + $archive_stmt->execute(); + } + + $archive_log = "$staff_code archived $archive_count students: " . implode(", ", $archive_ids); + $source = "Progress Students"; + logAction($conn, $staff_id, $archive_log, $source); + echo "

Students archived successfully.

"; + } + } + ?> +
+ diff --git a/admin/staff/delete_user.php b/admin/staff/delete_user.php deleted file mode 100644 index f33c1ce..0000000 --- a/admin/staff/delete_user.php +++ /dev/null @@ -1,35 +0,0 @@ -prepare($query); - $stmt->bindParam(':staff_id', $staff_id, PDO::PARAM_INT); - - if ($stmt->execute()) { - echo "User deleted successfully."; - } else { - echo "Failed to delete user."; - } - } catch (PDOException $e) { - echo "Error: " . $e->getMessage(); - } finally { - $conn = null; - } - - header("Location: staff_home.php"); - exit; -} -?> diff --git a/admin/staff/staff_home.php b/admin/staff/staff_home.php deleted file mode 100644 index 35dd1ad..0000000 --- a/admin/staff/staff_home.php +++ /dev/null @@ -1,98 +0,0 @@ -prepare($query); -$stmt->execute(); -$staffData = $stmt->fetchAll(PDO::FETCH_ASSOC); -?> - - - - - Hours Tracking - Admin Home - - - -
- -
- -

Staff Management

- - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Staff IDFirst NameLast NameEmailActions
-
- - -
-
- - -
-
No staff members found.
-

- < Go Back - - - - - \ No newline at end of file diff --git a/admin/staff_home.php b/admin/staff_home.php new file mode 100644 index 0000000..2d8b735 --- /dev/null +++ b/admin/staff_home.php @@ -0,0 +1,91 @@ +prepare($query); +$stmt->execute(); +$staffData = $stmt->fetchAll(PDO::FETCH_ASSOC); +?> + + + + + Hours Tracking - Admin Home + + + +
+ +
+ +
+

Staff Management

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Staff IDFirst NameLast NameEmailStaff CodeGroupActions
+
+ + +
+
+ + +
+ +
+ + +
+
No staff members found.
+

+ < Go Back + + + + + \ No newline at end of file diff --git a/admin/student_management.php b/admin/student_management.php new file mode 100644 index 0000000..c79016a --- /dev/null +++ b/admin/student_management.php @@ -0,0 +1,125 @@ + + + + Hours Tracking - Student Medication + + + +
+ + prepare($count_query); + $stmt->execute($params); + $total_records = $stmt->fetch()['total']; + $total_pages = ceil($total_records / $records_per_page); + + // Fetch data with pagination + $query .= " LIMIT :offset, :limit"; + $stmt = $conn->prepare($query); + foreach ($params as $key => $value) { + $stmt->bindValue($key, $value); + } + $stmt->bindValue(':offset', $offset, PDO::PARAM_INT); + $stmt->bindValue(':limit', $records_per_page, PDO::PARAM_INT); + $stmt->execute(); + $students = $stmt->fetchAll(); + + ?> + + + + + + Students Table + + + + +
+ +
+ +
+ +

Students Table

+
+ + +
+ + + + + + + + + + + + + 0): ?> + + + + + + + + + + + + + + + +
Student IDFirst NameLast NameYearAction
+
+
+ + +
+
+
No records found.
+ + + + diff --git a/admin/upload_single.php b/admin/upload_single.php new file mode 100644 index 0000000..50f5ed8 --- /dev/null +++ b/admin/upload_single.php @@ -0,0 +1,48 @@ + + + + Hours Tracking - Student Medication + + + +
+ +prepare($sql); +$stmt->bindParam(1,$first_name); +$stmt->bindParam(2,$last_name); +$stmt->bindParam(3,$year); + +$staff_id = $_SESSION['staff_id']; +$staff_code = $_SESSION['staff_code']; +$action = "$staff_code created $first_name, $last_name, $year"; +$source = "Single Student"; + +logAction($conn, $staff_id, $action, $source); + +$stmt->execute(); +header("refresh:5; student_management.php"); +echo '
'; +echo '
'; + echo '
'; + echo '

Success

'; + echo '
'; + echo '
'; + echo '

Sucessfully added

'; + echo '
'; +echo '
'; + +?> \ No newline at end of file diff --git a/admin/view_audit.php b/admin/view_audit.php new file mode 100644 index 0000000..e4edcc0 --- /dev/null +++ b/admin/view_audit.php @@ -0,0 +1,132 @@ + + + + Audit Log + + + +
+ + +

+ + + +

+ + prepare($total_sql); + $search_param = '%' . $search_term . '%'; + $total_stmt->bindParam(':search', $search_param, PDO::PARAM_STR); + $total_stmt->execute(); + $total_records = $total_stmt->fetch(PDO::FETCH_ASSOC)['total_records']; + + $total_pages = ceil($total_records / $results_per_page); + + // Fetch audit log data + $sql = "SELECT * FROM audit_logs WHERE staff_id LIKE :search + OR act LIKE :search OR source LIKE :search + ORDER BY date_time DESC LIMIT :limit OFFSET :offset"; + $stmt = $conn->prepare($sql); + $stmt->bindParam(':search', $search_param, PDO::PARAM_STR); + $stmt->bindValue(':limit', $results_per_page, PDO::PARAM_INT); + $stmt->bindValue(':offset', $start_from, PDO::PARAM_INT); + $stmt->execute(); + + $custom_headings = [ + 'staff_id' => 'Staff ID', + 'act' => 'Action', + 'source' => 'Source', + 'date_time' => 'Epoch Time', + ]; + + $results = $stmt->fetchAll(PDO::FETCH_ASSOC); + echo "
"; + if ($results) { + echo ""; + echo ""; + foreach ($custom_headings as $heading) { + echo ""; + } + echo ""; + + foreach ($results as $row) { + echo ""; + foreach ($custom_headings as $column => $heading) { + $value = $row[$column] ?? ''; + + if ($column === 'date_time' && is_numeric($value)) { + $value = date('d-m-Y H:i:s', $value); + } + echo ""; + } + echo ""; + } + + echo "
" . htmlspecialchars($heading, ENT_QUOTES) . "
" . htmlspecialchars($value, ENT_QUOTES) . "
"; + } else { + echo "No records found."; + } + echo "
"; + + // Pagination + echo ""; + } catch (PDOException $e) { + die("Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); + } + ?> +
+ + diff --git a/administer/administer.php b/administer/administer.php deleted file mode 100644 index cf1817d..0000000 --- a/administer/administer.php +++ /dev/null @@ -1,137 +0,0 @@ - - - - - - - - Hours Tracking - Administer - - - - - - - - - - - -prepare($sql); - - $stmt -> bindParam(1,$sid); - - $stmt->execute(); - - $result = $stmt->fetch(); - - $tid = $result['takes_id']; - - // Combine the date and time into a single string - $date_time_str = $date . ' ' . $time; - - // Convert the combined date and time string to a Unix timestamp (epoch time) - $date_time_epoch = strtotime($date_time_str); - - // Prepare SQL statement to insert information into the 'administer' table - $sql = "INSERT INTO administer (staff_code, date_time, dose_given, takes_id) VALUES (?, ?, ?,?)"; - $stmt = $conn->prepare($sql); - - // Bind parameters to prevent SQL injection - $stmt->bindParam(1, $staff_code); - $stmt->bindParam(2, $date_time_epoch); // Use the Unix timestamp here - $stmt->bindParam(3, $taken_dose); - $stmt->bindParam(4, $tid); - - // Execute the statement - if($stmt->execute()) { - echo "Data successfully inserted!"; - echo ""; - } else { - echo "Error inserting data."; - echo ""; - } - - // Dose subtracted from takes table - - // Prepare sql statement - $sql = "SELECT current_dose FROM takes WHERE takes_id = ?"; - $stmt = $conn->prepare($sql); - - // Bind parameters to prevent SQL injection - $stmt->bindParam(1,$tid); - - $stmt->execute(); - - $result = $stmt->fetch(); - - $new_dose = $result['current_dose'] - $taken_dose; - - // Update sql table - $sql = "UPDATE takes SET current_dose = ? WHERE takes_id = ?"; - $stmt = $conn->prepare($sql); - - // Bind parameters to prevent SQL injection - $stmt->bindParam(1,$new_dose); - $stmt->bindParam(2,$tid); - - // Execute the statement - if($stmt->execute()){ - echo "Data successfully updated!"; - }else{ - echo "Error updating data."; - }; - - - } catch (PDOException $e) { - // Handle any errors - echo "Error: " . $e->getMessage(); - } - -?> \ No newline at end of file diff --git a/administer/administer_form.php b/administer/administer_form.php deleted file mode 100644 index bd6b080..0000000 --- a/administer/administer_form.php +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - - Hours Tracking - Administer Form - - - - - -
- -

Create a log

-
-
Enter staff code
-
Example: AWA
- -

-
Enter students first name
-
Example: Joe
- -

-
Enter students year group
-
Example: 12
- -

- -
-
- - \ No newline at end of file diff --git a/administer/choose_med.php b/administer/choose_med.php deleted file mode 100644 index 25316dd..0000000 --- a/administer/choose_med.php +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - Hours Tracking - Choose Medication - - - - - - - - - - -prepare($sql); - - // Bind parameter for student ID from POST data - $stmt->bindParam(1, $_POST['sid']); - - // Execute the query - $stmt->execute(); - - // Fetch all results - $result = $stmt->fetchAll(); - - // Display the form and table for medication selection - echo "
"; - - echo ""; - - // Display each medication with a checkbox and dose input for selection - foreach ($result as $row) { - - echo ""; - - // Hidden field to pass student_id - echo ""; - - // Hidden field to pass med_id - echo ""; - - // Hidden field to pass staff_code - echo ""; - - // Checkbox to select what meds have been taken - echo ""; - echo ""; - - echo ""; - - echo ""; - - } - - // Submit button for the form - echo "
Medication name: " . $row['med_name'] . ""; - - // Input field for dose of each medication - echo ""; - echo ""; -; - // Date input field of each medication - echo ""; - echo ""; - - // Time input field of each medication - echo ""; - echo ""; - - echo "
"; - - echo ""; - - echo "
"; - -?> \ No newline at end of file diff --git a/administer/choose_stu.php b/administer/choose_stu.php deleted file mode 100644 index a2408c9..0000000 --- a/administer/choose_stu.php +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - Hours Tracking - Choose Student - - - - - -
- - -

Select a Student

-
- - - -prepare($sql); - - $stmt->bindParam(1, $_POST['student_fname']); - $stmt->bindParam(2, $_POST['student_yeargroup']); - - $stmt->execute(); - - $result = $stmt->fetchAll(); - - // Display the table and form for student selection - echo "
"; - echo ""; - - // Display each student with a checkbox for selection - foreach ($result as $row) { - echo ""; - echo ""; - echo ""; - echo ""; - echo "
"; - echo ""; - echo ""; - } - - // Submit button for the form - echo "
First name: " . htmlspecialchars($row['first_name']) . "Last name: " . htmlspecialchars($row['last_name']) . "
"; - echo "
"; - echo ""; - echo "
"; - -?> \ No newline at end of file diff --git a/insert_data/import_students_template.csv b/assets/cdn/import_students_template.csv similarity index 100% rename from insert_data/import_students_template.csv rename to assets/cdn/import_students_template.csv diff --git a/assets/style/style.css b/assets/style/style.css index c62d2b9..5ab670f 100644 --- a/assets/style/style.css +++ b/assets/style/style.css @@ -35,6 +35,20 @@ outline: 3px solid #ffdd00; /* Add yellow outline when focused */ } +.text_input2{ + font-family: Roboto; + width: 600px; + font-size: 20px; + padding: 10px; + border: solid #0b0c0c; + cursor: pointer; +} + +.text_input2:focus{ + border-color: #0b0c0c; + outline: 3px solid #ffdd00; /* Add yellow outline when focused */ +} + .submit{ font-weight: bold; cursor: pointer; @@ -102,6 +116,7 @@ .navbar_li a.active { color: #003078; background: #f3f2f1; + font-weight: bolder; } .full_page_styling{ @@ -321,7 +336,7 @@ select option { .temp_date_field{ padding: 10px; font-family: Roboto; - font-size: 16px; + font-size: 20px; border: solid #0b0b0c; } @@ -536,11 +551,121 @@ select option { .centered-form { display: flex; - justify-content: center; - align-items: center; - padding-top: 10px; + /* justify-content: center; + align-items: center; */ } .centered-form form { text-align: center; /* Align content inside the form */ +} + +.table_button{ + color: #1d70b8; + position: relative; + font-family: roboto; + font-size: 20px; + font-weight: bold; + background-color: transparent; + border: none; + text-decoration: none; + cursor: pointer; + border-bottom: none; + padding-bottom: 3px; +} + +.table_button:hover { + text-decoration: none; + color: #003078; + text-decoration: underline; + text-decoration-color: #003078; /* Optional: Sets the color of the underline */ + text-decoration-thickness: 4px; /* Adjust the thickness */ + text-underline-offset: 4px; +} + +.home_page_button{ + margin-top: 10px; + color: #0b0b0c; + font-family: roboto; + font-size: 18px; + font-weight: 500; + background-color: #f3f2f1; + border: none; + text-decoration: none; + cursor: pointer; + border-bottom: 1px solid #505a5f; + padding: 10px; +} + +.home_page_button:hover { + background-color: #b1b4b6; +} + +.big_table_td_custom_one { + width: 100px; + padding: 12px; /* Padding for table header cells */ + text-align: left; + border-bottom: 1px solid #0b0b0c; /* Light gray border */ + font-size: 20px; +} + +.big_table_td_custom_two { + width: 200px; + padding: 12px; /* Padding for table header cells */ + text-align: left; + border-bottom: 1px solid #0b0b0c; /* Light gray border */ + font-size: 20px; +} + +.action-buttons{ + width: 500px; +} + +.popup { + display: none; + position: fixed; + z-index: 1000; + left: 0; + top: 0; + width: 100%; + height: 100%; + overflow: auto; + background-color: rgba(0,0,0,0.4); +} +.popup-content { + background-color: #fefefe; + margin: 15% auto; + padding: 20px; + border: 1px solid #888; + width: 600px; +} +.popup-close { + color: #aaa; + float: right; + font-size: 28px; + font-weight: bold; + cursor: pointer; +} + +.list_li{ + list-style-type: none; + padding: 5px; +} + +.list_li_a{ + font-size: 20px; + color: #1d70b8; + text-decoration: underline; + text-decoration-color: #1d70b8; /* Optional: Sets the color of the underline */ + text-decoration-thickness: 2px; /* Adjust the thickness */ + text-underline-offset: 5px; +} + +.list_li_a:hover{ + font-weight: bolder; + font-size: 20px; + color: #003078; + text-decoration: underline; + text-decoration-color: #003078; /* Optional: Sets the color of the underline */ + text-decoration-thickness: 4px; /* Adjust the thickness */ + text-underline-offset: 5px; } \ No newline at end of file diff --git a/audit-table/audit-table.php b/audit-table/audit-table.php index 373ca11..dff5452 100644 --- a/audit-table/audit-table.php +++ b/audit-table/audit-table.php @@ -5,7 +5,7 @@ // Check for valid session and cookie if (!isset($_SESSION['ssnlogin']) || !isset($_COOKIE['cookies_and_cream'])) { - header("Location: ../index.html"); + header("Location: ../index.php?error=no_access"); exit(); } diff --git a/bigtable/bigtable.php b/bigtable/bigtable.php index 7891722..050cb87 100644 --- a/bigtable/bigtable.php +++ b/bigtable/bigtable.php @@ -6,24 +6,24 @@
- + + +
+ +

@@ -32,55 +32,43 @@
+

prepare($check_sql); - $check_stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); - $check_stmt->execute(); - $result = $check_stmt->fetch(PDO::FETCH_ASSOC); - - if ($result && $result['current_dose'] > 0) { - $update_sql = "UPDATE takes SET current_dose = current_dose - 1 WHERE takes_id = :takes_id"; - $update_stmt = $conn->prepare($update_sql); - $update_stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); - $update_stmt->execute(); - echo "

Dose decremented successfully.

"; - } else { - echo "

Cannot decrement. Dose is already at zero.

"; - } - } catch (PDOException $e) { - die("

Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"); - } + if (!empty($search_term)) { + $source = "Student Medication"; + $staff_id = $_SESSION['staff_id']; // Fetch from POST, not SESSION + $staff_code = $_SESSION['staff_code']; // Staff code is correctly from SESSION + $action = "$staff_code searched $search_term"; + + logAction($conn, $staff_id, $action, $source); } + try { + // Total records query $total_sql = "SELECT COUNT(*) AS total_records FROM takes INNER JOIN med ON takes.med_id = med.med_id INNER JOIN brand ON takes.brand_id = brand.brand_id INNER JOIN students ON takes.student_id = students.student_id WHERE CONCAT(students.first_name, ' ', students.last_name) LIKE :search - OR med.med_name LIKE :search OR brand.brand_name LIKE :search"; + OR med.med_name LIKE :search OR brand.brand_name LIKE :search OR students.year LIKE :search"; $total_stmt = $conn->prepare($total_sql); $search_param = '%' . $search_term . '%'; $total_stmt->bindParam(':search', $search_param, PDO::PARAM_STR); @@ -89,15 +77,16 @@ class="search_bar" $total_pages = ceil($total_records / $results_per_page); - $sql = "SELECT takes.takes_id, takes.exp_date, takes.current_dose, takes.min_dose, - takes.strength, med.med_name, brand.brand_name, - students.student_id, students.first_name, students.last_name, students.year + // Main query with sorting by last_name + $sql = "SELECT takes.takes_id, students.student_id, students.first_name, students.last_name, students.year, + med.med_name, brand.brand_name, takes.exp_date, takes.current_dose, takes.min_dose FROM takes INNER JOIN med ON takes.med_id = med.med_id INNER JOIN brand ON takes.brand_id = brand.brand_id INNER JOIN students ON takes.student_id = students.student_id WHERE CONCAT(students.first_name, ' ', students.last_name) LIKE :search - OR med.med_name LIKE :search OR brand.brand_name LIKE :search + OR med.med_name LIKE :search OR brand.brand_name LIKE :search OR students.year LIKE :search + ORDER BY students.last_name ASC LIMIT :limit OFFSET :offset"; $stmt = $conn->prepare($sql); @@ -108,54 +97,67 @@ class="search_bar" $custom_headings = [ 'takes_id' => 'ID', + 'first_name' => 'First Name', + 'last_name' => 'Last Name', + 'year' => 'Year', + 'med_name' => 'Medication Name', + 'brand_name' => 'Brand Name', 'exp_date' => 'Expiry Date', 'current_dose' => 'Current Dose', 'min_dose' => 'Minimum Dose', - 'strength' => 'Strength', - 'med_name' => 'Medication Name', - 'brand_name' => 'Brand Name', - 'first_name' => 'First Name', - 'last_name' => 'Last Name', - 'year' => 'Year' ]; $results = $stmt->fetchAll(PDO::FETCH_ASSOC); - echo "
"; + echo "
"; if ($results) { echo ""; echo ""; foreach ($custom_headings as $heading) { - echo ""; + echo ""; } - echo ""; - echo ""; + echo ""; + echo ""; echo ""; foreach ($results as $row) { echo ""; foreach ($custom_headings as $column => $heading) { $value = $row[$column] ?? ''; - if ($column === 'exp_date' && is_numeric($value)) { + if ($column === 'takes_id') { + $value = "" . htmlspecialchars($value, ENT_QUOTES) . ""; + } elseif ($column === 'exp_date' && is_numeric($value)) { $value = date('d/m/y', $value); } - echo ""; + echo ""; } echo ""; + echo ""; - echo ""; + + "; echo ""; } @@ -165,6 +167,7 @@ class="search_bar" } echo ""; + // Pagination echo " - + \ No newline at end of file diff --git a/bigtable/create_notes.php b/bigtable/create_notes.php new file mode 100644 index 0000000..6cf23c5 --- /dev/null +++ b/bigtable/create_notes.php @@ -0,0 +1,116 @@ +Staff code not found. Please log in again.

"); +} + +$staff_code = $_SESSION['staff_code']; // Get the staff_code from session + +// Redirect back if the required data is missing +if (!$student_id || !$takes_id) { + die("

Invalid request. Missing student or medication data.

"); +} + +// Handle form submission +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['content'])) { + $content = trim($_POST['content']); + $note_date = $_POST['note_date']; // Get the date from the form input + $note_time = $_POST['note_time']; // Get the time from the form input + + // Combine date and time into a single string + $full_note_datetime = $note_date . ' ' . $note_time; + + // Validate that the user has entered a valid date and time + if (empty($content)) { + echo "

Note content cannot be empty.

"; + } elseif (empty($note_date) || empty($note_time)) { + echo "

Please select both date and time for the note.

"; + } else { + try { + // Insert the note with the user-selected date and time, and the staff_code + $sql = "INSERT INTO notes (takes_id, content, created_at, staff_code) + VALUES (:takes_id, :content, :created_at, :staff_code)"; + $stmt = $conn->prepare($sql); + $stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); + $stmt->bindParam(':content', $content, PDO::PARAM_STR); + $stmt->bindParam(':created_at', $full_note_datetime, PDO::PARAM_STR); + $stmt->bindParam(':staff_code', $staff_code, PDO::PARAM_STR); + $stmt->execute(); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code Logged $content "; + $source = "Create Notes"; + + logAction($conn, $staff_id, $action, $source); + + header ("location: bigtable.php"); + echo "

Note added successfully!

"; + } catch (PDOException $e) { + die("

Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"); + } + } +} +?> + + + + + Create Notes + + + +
+

Create Note

+

Adding a note for Student ID: and Takes ID:

+ +
+
Enter the note date:
+
Example: 22/01/2025
+ + + + +

+ +
Enter the time:
+
Example: 22/01/2025
+ + + + + +

+ +
Enter the note:
+
Example: Attempted to call mum
+ + +

+ + + + +
+
+ + diff --git a/bigtable/doses.php b/bigtable/doses.php index c8c680f..2b13a92 100644 --- a/bigtable/doses.php +++ b/bigtable/doses.php @@ -1,35 +1,45 @@ prepare($check_sql); $stmt->bindParam(':take_id', $take_id, PDO::PARAM_INT); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); - if ($result && $result['doses'] > 0) { + if ($result && $result['current_dose'] >= $decrement_amount) { // Decrement the dose count - $update_sql = "UPDATE takes SET doses = doses - 1 WHERE take_id = :take_id"; + $update_sql = "UPDATE takes SET current_dose = current_dose - :decrement_amount WHERE takes_id = :take_id"; $update_stmt = $conn->prepare($update_sql); $update_stmt->bindParam(':take_id', $take_id, PDO::PARAM_INT); + $update_stmt->bindParam(':decrement_amount', $decrement_amount, PDO::PARAM_INT); $update_stmt->execute(); - header("Location: bigtable.php"); // Redirect back to the main page + + $staff_id = $_SESSION['staff_id']; // Fetch from POST, not SESSION + $staff_code = $_SESSION['staff_code']; // Staff code is correctly from SESSION + $action = "$staff_code decreased $decrement_amount for $take_id"; + $source = "Dose Management"; + + logAction($conn, $staff_id, $action, $source); + + + // Redirect back to the main page with a success message + header("Location: bigtable.php?success=1"); exit; } else { - echo "Cannot decrement: doses are already zero."; + // Redirect back with an error message + header("Location: bigtable.php?error=1"); + exit; } } catch (PDOException $e) { die("Database error: " . $e->getMessage()); @@ -37,4 +47,4 @@ } else { die("Invalid request."); } -?> +?> \ No newline at end of file diff --git a/bigtable/export_specific.php b/bigtable/export_specific.php new file mode 100644 index 0000000..f30b75f --- /dev/null +++ b/bigtable/export_specific.php @@ -0,0 +1,168 @@ + + + + + + Export Student Data to Excel + + + +
+ + +
+ + + +
+ + + + + +
+ prepare($sql); + $stmt->bindParam(':search', $search_param, PDO::PARAM_STR); + $stmt->bindParam(':limit', $results_per_page, PDO::PARAM_INT); + $stmt->bindParam(':offset', $start_from, PDO::PARAM_INT); + $stmt->execute(); + + $custom_headings = [ + 'takes_id' => 'ID', + 'first_name' => 'First Name', + 'last_name' => 'Last Name', + 'year' => 'Year', + 'med_name' => 'Medication Name', + 'brand_name' => 'Brand Name', + 'exp_date' => 'Expiry Date', + 'current_dose' => 'Current Dose', + 'min_dose' => 'Minimum Dose', + ]; + + $results = $stmt->fetchAll(PDO::FETCH_ASSOC); + + // Display Table + echo "
" . htmlspecialchars($heading, ENT_QUOTES) . "" . htmlspecialchars($heading, ENT_QUOTES) . "ActionsNotesActionsNotes
" . htmlspecialchars($value, ENT_QUOTES) . "" . $value . " -
+
+ +
+
+
+ + - -
-
- -
-
"; + echo ""; + echo ""; // Checkbox for select all + foreach ($custom_headings as $heading) { + echo ""; + } + echo ""; + + foreach ($results as $row) { + echo ""; + echo ""; + foreach ($custom_headings as $column => $heading) { + $value = $row[$column] ?? ''; + if ($column === 'exp_date' && is_numeric($value)) { + $value = date('d/m/y', $value); + } + echo ""; + } + echo ""; + } + + echo "
" . htmlspecialchars($heading, ENT_QUOTES) . "
+ + " . htmlspecialchars($value, ENT_QUOTES) . "
"; + } catch (PDOException $e) { + die("Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); + } + ?> +

+ + + + + +
+ + + + diff --git a/bigtable/generate_excel.php b/bigtable/generate_excel.php new file mode 100644 index 0000000..f6d07f8 --- /dev/null +++ b/bigtable/generate_excel.php @@ -0,0 +1,80 @@ +prepare($sql); + $stmt->execute($selected_students); + $data = $stmt->fetchAll(PDO::FETCH_ASSOC); + + // Generate the filename with the current date and time + $filename = 'student_data_' . date('Y-m-d_H-i-s') . '.xlsx'; + + $spreadsheet = new Spreadsheet(); + $sheet = $spreadsheet->getActiveSheet(); + $sheet->setTitle('Student Data'); + + // Add headers (row 1) + $headers = array_keys($data[0] ?? []); + $columnLetter = 'A'; // Columns start with 'A' + foreach ($headers as $header) { + $sheet->setCellValue($columnLetter . '1', $header); // Row 1 for headers + $columnLetter++; + } + + // Add data (starting from row 2) + $rowIndex = 2; // Data rows start at 2 + foreach ($data as $row) { + $columnLetter = 'A'; + foreach ($row as $key => $value) { + if ($key === 'exp_date' && is_numeric($value)) { + // Convert epoch to formatted date (e.g., dd/mm/yyyy) + $formattedDate = date('d/m/Y', $value); + $sheet->setCellValue($columnLetter . $rowIndex, $formattedDate); + } else { + $sheet->setCellValue($columnLetter . $rowIndex, $value); + } + $columnLetter++; + } + $rowIndex++; + } + + // Export file + header('Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'); + header('Content-Disposition: attachment; filename="' . $filename . '"'); + $writer = new Xlsx($spreadsheet); + $writer->save('php://output'); + + $staff_id = $_SESSION['staff_id']; // Fetch from POST, not SESSION + $staff_code = $_SESSION['staff_code']; // Staff code is correctly from SESSION + $action = "$staff_code generated $filename"; + $source = "Generate Excel"; + + logAction($conn, $staff_id, $action, $source); + + exit; +} else { + die("Invalid request."); +} diff --git a/bigtable/notes.php b/bigtable/notes.php deleted file mode 100644 index cd59d71..0000000 --- a/bigtable/notes.php +++ /dev/null @@ -1,81 +0,0 @@ - - -Hours Tracking - View Notes -
- - -prepare($sql); - $stmt->bindParam(':student_id', $student_id, PDO::PARAM_INT); - $stmt->execute(); - - // Fetch results - $results = $stmt->fetchAll(PDO::FETCH_ASSOC); - - // Display the table - echo "

Log Records for Student ID: " . htmlspecialchars($student_id) . "

"; - if ($results) { - echo ""; - echo " - - - - "; - - foreach ($results as $row) { - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - } - - echo "
Log IDDate LoggedNotes
" . htmlspecialchars($row['log_id']) . "" . htmlspecialchars(date('d/m/Y H:i', $row['date_time'])) . "" . htmlspecialchars($row['notes']) . "
"; - } else { - echo "

No records found for this student.

"; - } - } catch (PDOException $e) { - echo "

Database error: " . htmlspecialchars($e->getMessage()) . "

"; - } -} else { - echo "

No student ID provided.

"; -} -?> diff --git a/bigtable/view_notes.php b/bigtable/view_notes.php new file mode 100644 index 0000000..a26955a --- /dev/null +++ b/bigtable/view_notes.php @@ -0,0 +1,72 @@ + + + + Create Notes + + + + +Invalid request. Missing student or medication data.

"); +} + +try { + // Query to fetch notes along with staff_code for the specified student and takes_id + $sql = "SELECT notes.note_id, notes.content, notes.created_at, + students.first_name, students.last_name, + med.med_name, notes.staff_code + FROM notes + INNER JOIN takes ON notes.takes_id = takes.takes_id + INNER JOIN students ON takes.student_id = students.student_id + INNER JOIN med ON takes.med_id = med.med_id + WHERE takes.takes_id = :takes_id AND students.student_id = :student_id"; + + $stmt = $conn->prepare($sql); + $stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); + $stmt->bindParam(':student_id', $student_id, PDO::PARAM_INT); + $stmt->execute(); + + $notes = $stmt->fetchAll(PDO::FETCH_ASSOC); + if (!$notes) { + + echo "

No notes found for this student and medication.

"; + echo " > Go Back"; + } else { + echo "

View Notes

"; + echo "

Notes for " . htmlspecialchars($notes[0]['first_name'], ENT_QUOTES) . " " . htmlspecialchars($notes[0]['last_name'], ENT_QUOTES) . "

"; + echo "

Medication: " . htmlspecialchars($notes[0]['med_name'], ENT_QUOTES) . "

"; + + echo ""; + echo " + + + + "; + + foreach ($notes as $note) { + echo ""; + echo ""; // Display the staff_code from notes table + echo ""; + echo ""; + echo ""; + } + + echo "
Staff CodeDate and TimeContent
" . htmlspecialchars($note['staff_code'], ENT_QUOTES) . "" . htmlspecialchars(date('d/m/Y H:i', strtotime($note['created_at'])), ENT_QUOTES) . "" . htmlspecialchars($note['content'], ENT_QUOTES) . "
"; + echo "

"; + echo " > Go Back"; + } +} catch (PDOException $e) { + die("

Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"); +} +?> diff --git a/composer.json b/composer.json new file mode 100755 index 0000000..9ba9d6b --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "phpoffice/phpspreadsheet": "^3.9" + } +} diff --git a/composer.lock b/composer.lock new file mode 100755 index 0000000..a54fb31 --- /dev/null +++ b/composer.lock @@ -0,0 +1,598 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "6ca0e11e13366565618a058133359df4", + "packages": [ + { + "name": "composer/pcre", + "version": "3.3.2", + "source": { + "type": "git", + "url": "https://github.com/composer/pcre.git", + "reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/composer/pcre/zipball/b2bed4734f0cc156ee1fe9c0da2550420d99a21e", + "reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e", + "shasum": "" + }, + "require": { + "php": "^7.4 || ^8.0" + }, + "conflict": { + "phpstan/phpstan": "<1.11.10" + }, + "require-dev": { + "phpstan/phpstan": "^1.12 || ^2", + "phpstan/phpstan-strict-rules": "^1 || ^2", + "phpunit/phpunit": "^8 || ^9" + }, + "type": "library", + "extra": { + "phpstan": { + "includes": [ + "extension.neon" + ] + }, + "branch-alias": { + "dev-main": "3.x-dev" + } + }, + "autoload": { + "psr-4": { + "Composer\\Pcre\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "http://seld.be" + } + ], + "description": "PCRE wrapping library that offers type-safe preg_* replacements.", + "keywords": [ + "PCRE", + "preg", + "regex", + "regular expression" + ], + "support": { + "issues": "https://github.com/composer/pcre/issues", + "source": "https://github.com/composer/pcre/tree/3.3.2" + }, + "funding": [ + { + "url": "https://packagist.com", + "type": "custom" + }, + { + "url": "https://github.com/composer", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/composer/composer", + "type": "tidelift" + } + ], + "time": "2024-11-12T16:29:46+00:00" + }, + { + "name": "maennchen/zipstream-php", + "version": "3.1.1", + "source": { + "type": "git", + "url": "https://github.com/maennchen/ZipStream-PHP.git", + "reference": "6187e9cc4493da94b9b63eb2315821552015fca9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/maennchen/ZipStream-PHP/zipball/6187e9cc4493da94b9b63eb2315821552015fca9", + "reference": "6187e9cc4493da94b9b63eb2315821552015fca9", + "shasum": "" + }, + "require": { + "ext-mbstring": "*", + "ext-zlib": "*", + "php-64bit": "^8.1" + }, + "require-dev": { + "ext-zip": "*", + "friendsofphp/php-cs-fixer": "^3.16", + "guzzlehttp/guzzle": "^7.5", + "mikey179/vfsstream": "^1.6", + "php-coveralls/php-coveralls": "^2.5", + "phpunit/phpunit": "^10.0", + "vimeo/psalm": "^5.0" + }, + "suggest": { + "guzzlehttp/psr7": "^2.4", + "psr/http-message": "^2.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "ZipStream\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paul Duncan", + "email": "pabs@pablotron.org" + }, + { + "name": "Jonatan Männchen", + "email": "jonatan@maennchen.ch" + }, + { + "name": "Jesse Donat", + "email": "donatj@gmail.com" + }, + { + "name": "András Kolesár", + "email": "kolesar@kolesar.hu" + } + ], + "description": "ZipStream is a library for dynamically streaming dynamic zip files from PHP without writing to the disk at all on the server.", + "keywords": [ + "stream", + "zip" + ], + "support": { + "issues": "https://github.com/maennchen/ZipStream-PHP/issues", + "source": "https://github.com/maennchen/ZipStream-PHP/tree/3.1.1" + }, + "funding": [ + { + "url": "https://github.com/maennchen", + "type": "github" + } + ], + "time": "2024-10-10T12:33:01+00:00" + }, + { + "name": "markbaker/complex", + "version": "3.0.2", + "source": { + "type": "git", + "url": "https://github.com/MarkBaker/PHPComplex.git", + "reference": "95c56caa1cf5c766ad6d65b6344b807c1e8405b9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/95c56caa1cf5c766ad6d65b6344b807c1e8405b9", + "reference": "95c56caa1cf5c766ad6d65b6344b807c1e8405b9", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "dev-master", + "phpcompatibility/php-compatibility": "^9.3", + "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0", + "squizlabs/php_codesniffer": "^3.7" + }, + "type": "library", + "autoload": { + "psr-4": { + "Complex\\": "classes/src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Mark Baker", + "email": "mark@lange.demon.co.uk" + } + ], + "description": "PHP Class for working with complex numbers", + "homepage": "https://github.com/MarkBaker/PHPComplex", + "keywords": [ + "complex", + "mathematics" + ], + "support": { + "issues": "https://github.com/MarkBaker/PHPComplex/issues", + "source": "https://github.com/MarkBaker/PHPComplex/tree/3.0.2" + }, + "time": "2022-12-06T16:21:08+00:00" + }, + { + "name": "markbaker/matrix", + "version": "3.0.1", + "source": { + "type": "git", + "url": "https://github.com/MarkBaker/PHPMatrix.git", + "reference": "728434227fe21be27ff6d86621a1b13107a2562c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/MarkBaker/PHPMatrix/zipball/728434227fe21be27ff6d86621a1b13107a2562c", + "reference": "728434227fe21be27ff6d86621a1b13107a2562c", + "shasum": "" + }, + "require": { + "php": "^7.1 || ^8.0" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "dev-master", + "phpcompatibility/php-compatibility": "^9.3", + "phpdocumentor/phpdocumentor": "2.*", + "phploc/phploc": "^4.0", + "phpmd/phpmd": "2.*", + "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0", + "sebastian/phpcpd": "^4.0", + "squizlabs/php_codesniffer": "^3.7" + }, + "type": "library", + "autoload": { + "psr-4": { + "Matrix\\": "classes/src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Mark Baker", + "email": "mark@demon-angel.eu" + } + ], + "description": "PHP Class for working with matrices", + "homepage": "https://github.com/MarkBaker/PHPMatrix", + "keywords": [ + "mathematics", + "matrix", + "vector" + ], + "support": { + "issues": "https://github.com/MarkBaker/PHPMatrix/issues", + "source": "https://github.com/MarkBaker/PHPMatrix/tree/3.0.1" + }, + "time": "2022-12-02T22:17:43+00:00" + }, + { + "name": "phpoffice/phpspreadsheet", + "version": "3.9.0", + "source": { + "type": "git", + "url": "https://github.com/PHPOffice/PhpSpreadsheet.git", + "reference": "414f8a2aa1d8b974b39f577c0677d5ebc96fab36" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/414f8a2aa1d8b974b39f577c0677d5ebc96fab36", + "reference": "414f8a2aa1d8b974b39f577c0677d5ebc96fab36", + "shasum": "" + }, + "require": { + "composer/pcre": "^3.3", + "ext-ctype": "*", + "ext-dom": "*", + "ext-fileinfo": "*", + "ext-gd": "*", + "ext-iconv": "*", + "ext-libxml": "*", + "ext-mbstring": "*", + "ext-simplexml": "*", + "ext-xml": "*", + "ext-xmlreader": "*", + "ext-xmlwriter": "*", + "ext-zip": "*", + "ext-zlib": "*", + "maennchen/zipstream-php": "^2.1 || ^3.0", + "markbaker/complex": "^3.0", + "markbaker/matrix": "^3.0", + "php": "^8.1", + "psr/http-client": "^1.0", + "psr/http-factory": "^1.0", + "psr/simple-cache": "^1.0 || ^2.0 || ^3.0" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "dev-main", + "dompdf/dompdf": "^2.0 || ^3.0", + "friendsofphp/php-cs-fixer": "^3.2", + "mitoteam/jpgraph": "^10.3", + "mpdf/mpdf": "^8.1.1", + "phpcompatibility/php-compatibility": "^9.3", + "phpstan/phpstan": "^1.1", + "phpstan/phpstan-phpunit": "^1.0", + "phpunit/phpunit": "^10.5", + "squizlabs/php_codesniffer": "^3.7", + "tecnickcom/tcpdf": "^6.5" + }, + "suggest": { + "dompdf/dompdf": "Option for rendering PDF with PDF Writer", + "ext-intl": "PHP Internationalization Functions", + "mitoteam/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers", + "mpdf/mpdf": "Option for rendering PDF with PDF Writer", + "tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer" + }, + "type": "library", + "autoload": { + "psr-4": { + "PhpOffice\\PhpSpreadsheet\\": "src/PhpSpreadsheet" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Maarten Balliauw", + "homepage": "https://blog.maartenballiauw.be" + }, + { + "name": "Mark Baker", + "homepage": "https://markbakeruk.net" + }, + { + "name": "Franck Lefevre", + "homepage": "https://rootslabs.net" + }, + { + "name": "Erik Tilt" + }, + { + "name": "Adrien Crivelli" + } + ], + "description": "PHPSpreadsheet - Read, Create and Write Spreadsheet documents in PHP - Spreadsheet engine", + "homepage": "https://github.com/PHPOffice/PhpSpreadsheet", + "keywords": [ + "OpenXML", + "excel", + "gnumeric", + "ods", + "php", + "spreadsheet", + "xls", + "xlsx" + ], + "support": { + "issues": "https://github.com/PHPOffice/PhpSpreadsheet/issues", + "source": "https://github.com/PHPOffice/PhpSpreadsheet/tree/3.9.0" + }, + "time": "2025-01-26T05:10:24+00:00" + }, + { + "name": "psr/http-client", + "version": "1.0.3", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-client.git", + "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90", + "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90", + "shasum": "" + }, + "require": { + "php": "^7.0 || ^8.0", + "psr/http-message": "^1.0 || ^2.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Client\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common interface for HTTP clients", + "homepage": "https://github.com/php-fig/http-client", + "keywords": [ + "http", + "http-client", + "psr", + "psr-18" + ], + "support": { + "source": "https://github.com/php-fig/http-client" + }, + "time": "2023-09-23T14:17:50+00:00" + }, + { + "name": "psr/http-factory", + "version": "1.1.0", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-factory.git", + "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a", + "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a", + "shasum": "" + }, + "require": { + "php": ">=7.1", + "psr/http-message": "^1.0 || ^2.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Message\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories", + "keywords": [ + "factory", + "http", + "message", + "psr", + "psr-17", + "psr-7", + "request", + "response" + ], + "support": { + "source": "https://github.com/php-fig/http-factory" + }, + "time": "2024-04-15T12:06:14+00:00" + }, + { + "name": "psr/http-message", + "version": "2.0", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-message.git", + "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71", + "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Message\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common interface for HTTP messages", + "homepage": "https://github.com/php-fig/http-message", + "keywords": [ + "http", + "http-message", + "psr", + "psr-7", + "request", + "response" + ], + "support": { + "source": "https://github.com/php-fig/http-message/tree/2.0" + }, + "time": "2023-04-04T09:54:51+00:00" + }, + { + "name": "psr/simple-cache", + "version": "3.0.0", + "source": { + "type": "git", + "url": "https://github.com/php-fig/simple-cache.git", + "reference": "764e0b3939f5ca87cb904f570ef9be2d78a07865" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/simple-cache/zipball/764e0b3939f5ca87cb904f570ef9be2d78a07865", + "reference": "764e0b3939f5ca87cb904f570ef9be2d78a07865", + "shasum": "" + }, + "require": { + "php": ">=8.0.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\SimpleCache\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common interfaces for simple caching", + "keywords": [ + "cache", + "caching", + "psr", + "psr-16", + "simple-cache" + ], + "support": { + "source": "https://github.com/php-fig/simple-cache/tree/3.0.0" + }, + "time": "2021-10-29T13:26:27+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": {}, + "prefer-stable": false, + "prefer-lowest": false, + "platform": {}, + "platform-dev": {}, + "plugin-api-version": "2.6.0" +} diff --git a/create_super_user.php b/create_super_user.php new file mode 100644 index 0000000..f02501b --- /dev/null +++ b/create_super_user.php @@ -0,0 +1,64 @@ +prepare($sql); + $stmt->bindParam(1,$_POST['first_name']); + $stmt->bindParam(2,$_POST['last_name']); + $stmt->bindParam(3,$_POST['email']); + $hash_password = password_hash($password = $_POST['password'], PASSWORD_DEFAULT); + $stmt->bindParam(4,$hash_password); + $group = "ROOT"; + $stmt->bindParam(5,$group); + $stmt->bindParam(6,$_POST['staff_code']); + + $stmt->execute(); + header("refresh:0; url=index.php"); +} +?> + + + + + + + + + Document + + +

Create a Super User

+
+
Enter first name *
+
Example: Joe
+ +

+
Enter last name *
+
Example: Bloggs
+ +

+
Enter email *
+
Example: joe.bloggs@utcleeds.co.uk
+ +

+
Enter password *
+ +

+
Enter staff code *
+
Examole: JBL
+ +

+ +
+ + \ No newline at end of file diff --git a/dashboard/archive.php b/dashboard/archive.php index e5cc398..6ec394f 100644 --- a/dashboard/archive.php +++ b/dashboard/archive.php @@ -2,13 +2,9 @@ session_start(); -// Check for valid session and cookie -if (!isset($_SESSION['ssnlogin']) || !isset($_COOKIE['cookies_and_cream'])) { - header("Location: ../index.html"); - exit(); -} - include "../server/db_connect.php"; +include "../server/audit-log.php"; +include "../server/check_cookie_user.php"; if (isset($_POST['takes_id'])) { $takes_id = $_POST['takes_id']; @@ -17,6 +13,13 @@ $stat = $conn->prepare($sql); $stat->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code Archived $takes_id"; + $source = "Archived"; + + logAction($conn, $staff_id, $action, $source); + if ($stat->execute()) { // Redirect back to the notification page header("Location: {$_SERVER['HTTP_REFERER']}"); diff --git a/dashboard/create_notes.php b/dashboard/create_notes.php new file mode 100644 index 0000000..7251bd7 --- /dev/null +++ b/dashboard/create_notes.php @@ -0,0 +1,119 @@ +Staff code not found. Please log in again.

"); +} + +$staff_code = $_SESSION['staff_code']; // Get the staff_code from session + +// Redirect back if the required data is missing +if (!$student_id || !$takes_id) { + die("

Invalid request. Missing student or medication data.

"); +} + +// Handle form submission +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['content'])) { + $content = trim($_POST['content']); + $note_date = $_POST['note_date']; // Get the date from the form input + $note_time = $_POST['note_time']; // Get the time from the form input + + // Combine date and time into a single string + $full_note_datetime = $note_date . ' ' . $note_time; + + // Validate that the user has entered a valid date and time + if (empty($content)) { + echo "

Note content cannot be empty.

"; + } elseif (empty($note_date) || empty($note_time)) { + echo "

Please select both date and time for the note.

"; + } else { + try { + // Insert the note with the user-selected date and time, and the staff_code + $sql = "INSERT INTO notes (takes_id, content, created_at, staff_code) + VALUES (:takes_id, :content, :created_at, :staff_code)"; + $stmt = $conn->prepare($sql); + $stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); + $stmt->bindParam(':content', $content, PDO::PARAM_STR); + $stmt->bindParam(':created_at', $full_note_datetime, PDO::PARAM_STR); + $stmt->bindParam(':staff_code', $staff_code, PDO::PARAM_STR); + $stmt->execute(); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code Logged $content"; + $source = "Create Notes"; + + logAction($conn, $staff_id, $action, $source); + + header("location:dashboard.php"); + echo "

Note added successfully!

"; + } catch (PDOException $e) { + die("

Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"); + } + } +} + + +?> + + + + + Create Notes + + + +
+

Create A Note

+

You are adding a note for Student ID: with Takes ID:

+ +
+
Enter the note date:
+
Example: 22/01/2025
+ + + + +

+ +
Enter the time:
+
Example: 22/01/2025
+ + + + + +

+ +
Enter the note:
+
Example: Attempted to call mum
+ + +

+ + + +
+ +
+
+ + diff --git a/dashboard/dashboard.php b/dashboard/dashboard.php index 69f99ac..0078946 100644 --- a/dashboard/dashboard.php +++ b/dashboard/dashboard.php @@ -2,18 +2,13 @@ // Start a new session session_start(); -// Check for valid session and cookie -if (!isset($_SESSION['ssnlogin']) || !isset($_COOKIE['cookies_and_cream'])) { - header("Location: ../index.html"); - exit(); -} - // Include the database connection file include "../server/db_connect.php"; +include "../server/navbar/dashboard.php"; +include "../server/check_cookie_user.php"; +// Time and categorization arrays $time = time(); - -// Arrays for which medication is expired $expired = []; $less_than_2_weeks = []; $less_than_4_weeks = []; @@ -30,7 +25,12 @@ students.year, med.med_name, brand.brand_name, - takes.notes + takes.notes, + (SELECT CONCAT(notes.staff_code, ' logged ', notes.content) + FROM notes + WHERE notes.takes_id = takes.takes_id + ORDER BY notes.created_at DESC + LIMIT 1) AS recent_note FROM takes JOIN students ON takes.student_id = students.student_id JOIN med ON takes.med_id = med.med_id @@ -41,21 +41,25 @@ $stat->execute(); $result = $stat->fetchAll(PDO::FETCH_ASSOC); -// Put each medication into the appropriate array +// Categorize medications foreach ($result as $row) { $expiry_date = $row["exp_date"]; $takes_id = $row["takes_id"]; + $student_id = $row["student_id"]; // Store student_id from database $student_name = $row["first_name"] . " " . $row["last_name"]; $student_year = $row["year"]; $med_name = $row["med_name"]; $brand_name = $row["brand_name"]; $notes = $row["notes"]; + $recent_note = $row["recent_note"] ?? "No recent notes available"; $formatted_date = date("d-m-y", $expiry_date); $medication_info = [ - 'info' => "$student_name
Year: $student_year
Medication: $med_name
Brand: $brand_name
Expiry: $formatted_date", + 'info' => "$student_name
Year: $student_year
Medication: $med_name , $brand_name
Expiry: $formatted_date", 'takes_id' => $takes_id, - 'notes' => $notes + 'notes' => $notes, + 'recent_note' => $recent_note, + 'student_id' => $student_id // Include student_id in the medication info array ]; if ($expiry_date < $time) { @@ -67,7 +71,7 @@ } } -// Get meds below minimum dose +// Fetch details for medications below minimum dose $sql = " SELECT takes.takes_id, @@ -79,7 +83,12 @@ brand.brand_name, takes.current_dose, takes.min_dose, - takes.notes + takes.notes, + (SELECT CONCAT(notes.staff_code, ' logged ', notes.content) + FROM notes + WHERE notes.takes_id = takes.takes_id + ORDER BY notes.created_at DESC + LIMIT 1) AS recent_note FROM takes JOIN students ON takes.student_id = students.student_id JOIN med ON takes.med_id = med.med_id @@ -92,17 +101,21 @@ foreach ($dose_result as $row) { $takes_id = $row["takes_id"]; + $student_id = $row["student_id"]; // Store student_id from database $student_name = $row["first_name"] . " " . $row["last_name"]; $student_year = $row["year"]; - $student_id = $row["student_id"]; $med_name = $row["med_name"]; $brand_name = $row["brand_name"]; $current_dose = $row["current_dose"]; $notes = $row["notes"]; + $recent_note = $row["recent_note"] ?? "No recent notes available"; + $medication_info = [ - 'info' => "$student_name
Year: $student_year
Medication: $med_name
Brand: $brand_name
Dose: $current_dose", + 'info' => "$student_name
Year: $student_year
Medication: $med_name , $brand_name
Dose: $current_dose", 'takes_id' => $takes_id, - 'notes' => $notes + 'notes' => $notes, + 'recent_note' => $recent_note, + 'student_id' => $student_id // Include student_id in the medication info array ]; $below_minimum_doses[] = $medication_info; @@ -111,27 +124,6 @@ Hours Tracking - Dashboard -
- -

@@ -144,22 +136,28 @@ -
-
+
+ Recent Note: +
+ + - + +
+
+ + + +
+
+
+ +
-
- - + +
- - - - - - @@ -174,22 +172,28 @@ -
-
+
+ Recent Note: +
+ + + + +
+
+ - + +
+
+
+ +
-
- - + +
- - - - - - @@ -204,22 +208,28 @@ -
-
+
+ Recent Note: +
+ + + + +
+
+ + + +
+
+
- +
-
- - + +
- - - - - - @@ -234,27 +244,32 @@ -
-
+
+ Recent Note: +
+ + - + +
+
+ + + +
+
+
+ +
-
- - + +
- - - - - - -
diff --git a/dashboard/info.php b/dashboard/info.php deleted file mode 100644 index ddc5616..0000000 --- a/dashboard/info.php +++ /dev/null @@ -1,92 +0,0 @@ -prepare($sql); - $stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); - $stmt->execute(); - $notes = $stmt->fetch(PDO::FETCH_ASSOC)['notes'] ?? ''; -} else { - die("Invalid request."); -} - -// Handle form submission to update notes -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['updated_notes'])) { - $updated_notes = $_POST['updated_notes']; - - $update_sql = "UPDATE takes SET notes = :notes WHERE takes_id = :takes_id"; - $update_stmt = $conn->prepare($update_sql); - $update_stmt->bindParam(':notes', $updated_notes, PDO::PARAM_STR); - $update_stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); - - if ($update_stmt->execute()) { - $message = "Notes updated successfully!"; - $notes = $updated_notes; // Update notes for display - } else { - $message = "Error updating notes. Please try again."; - } -} -?> - - - - - Hours Tracking - Edit Info - - - -
- -

Edit Notes

- - - -

- - - -
- -
Provide and notes about the student
-
This is not required
- -

- -
- -
- < Back -
- - diff --git a/dashboard/view_notes.php b/dashboard/view_notes.php new file mode 100644 index 0000000..87e7d96 --- /dev/null +++ b/dashboard/view_notes.php @@ -0,0 +1,73 @@ + + + + Create Notes + + + + +Invalid request. Missing student or medication data.

"); +} + +try { + // Query to fetch notes along with staff_code for the specified student and takes_id + $sql = "SELECT notes.note_id, notes.content, notes.created_at, + students.first_name, students.last_name, + med.med_name, notes.staff_code + FROM notes + INNER JOIN takes ON notes.takes_id = takes.takes_id + INNER JOIN students ON takes.student_id = students.student_id + INNER JOIN med ON takes.med_id = med.med_id + WHERE takes.takes_id = :takes_id AND students.student_id = :student_id"; + + $stmt = $conn->prepare($sql); + $stmt->bindParam(':takes_id', $takes_id, PDO::PARAM_INT); + $stmt->bindParam(':student_id', $student_id, PDO::PARAM_INT); + $stmt->execute(); + + $notes = $stmt->fetchAll(PDO::FETCH_ASSOC); + if (!$notes) { + + echo "

No notes found for this student and medication.

"; + echo " > Go Back"; + } else { + echo "

View Notes

"; + echo "

Notes for " . htmlspecialchars($notes[0]['first_name'], ENT_QUOTES) . " " . htmlspecialchars($notes[0]['last_name'], ENT_QUOTES) . "

"; + echo "

Medication: " . htmlspecialchars($notes[0]['med_name'], ENT_QUOTES) . "

"; + + echo ""; + echo " + + + + "; + + foreach ($notes as $note) { + echo ""; + echo ""; // Display the staff_code from notes table + echo ""; + echo ""; + echo ""; + } + + echo "
Staff CodeDate and TimeContent
" . htmlspecialchars($note['staff_code'], ENT_QUOTES) . "" . htmlspecialchars(date('d/m/Y H:i', strtotime($note['created_at'])), ENT_QUOTES) . "" . htmlspecialchars($note['content'], ENT_QUOTES) . "
"; + echo "

"; + echo " > Go Back"; + } +} catch (PDOException $e) { + die("

Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"); +} +?> diff --git a/database/database.sql b/database/database.sql index e41186b..4f00eb0 100644 --- a/database/database.sql +++ b/database/database.sql @@ -1,11 +1,11 @@ -- phpMyAdmin SQL Dump --- version 5.2.1 +-- version 5.2.0 -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 --- Generation Time: Jan 20, 2025 at 01:04 AM --- Server version: 8.0.40-cll-lve --- PHP Version: 8.3.14 +-- Generation Time: Jan 30, 2025 at 12:47 AM +-- Server version: 8.0.30 +-- PHP Version: 8.1.10 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; START TRANSACTION; @@ -18,9 +18,9 @@ SET time_zone = "+00:00"; /*!40101 SET NAMES utf8mb4 */; -- --- Database: `barowika_utcl-mts` +-- Database: `utcl-mts` -- -CREATE DATABASE IF NOT EXISTS `utcl-mts` DEFAULT CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci; +CREATE DATABASE IF NOT EXISTS `utcl-mts` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci; USE `utcl-mts`; -- -------------------------------------------------------- @@ -47,9 +47,131 @@ CREATE TABLE `audit_logs` ( `audit_id` int UNSIGNED NOT NULL, `staff_id` int NOT NULL, `act` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `source` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `date_time` int NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; +-- +-- Dumping data for table `audit_logs` +-- + +INSERT INTO `audit_logs` (`audit_id`, `staff_id`, `act`, `date_time`) VALUES +(114, 5, 'User successfully logged in, IP: ::1', 1737835629), +(115, 5, 'User successfully logged in, IP: ::1', 1737840646), +(116, 5, 'User successfully logged in, IP: ::1', 1737842079), +(117, 5, 'User successfully logged in, IP: ::1', 1737842228), +(118, 5, 'User successfully logged in, IP: ::1', 1737842905), +(119, 5, 'User successfully logged in, IP: ::1', 1737843990), +(120, 5, 'User successfully logged in, IP: ::1', 1737844669), +(121, 5, 'User successfully logged in, IP: ::1', 1737844998), +(122, 5, 'User successfully logged in, IP: ::1', 1737845432), +(123, 5, 'User successfully logged in, IP: ::1', 1737845912), +(124, 5, 'User successfully logged in, IP: ::1', 1737846394), +(125, 5, 'User successfully logged in, IP: ::1', 1737847069), +(126, 5, 'User successfully logged in, IP: ::1', 1737847524), +(127, 5, 'User successfully logged in, IP: ::1', 1737849240), +(128, 5, 'User successfully logged in, IP: ::1', 1737849610), +(129, 5, 'User successfully logged in, IP: ::1', 1737849987), +(130, 5, 'User successfully logged in, IP: ::1', 1737851000), +(131, 5, 'User successfully logged in, IP: ::1', 1737851610), +(132, 5, 'User successfully logged in, IP: ::1', 1737852072), +(133, 5, 'User successfully logged in, IP: ::1', 1737852410), +(134, 5, 'User successfully logged in, IP: ::1', 1737894096), +(135, 5, 'User successfully logged in, IP: ::1', 1737899697), +(136, 5, 'User successfully logged in, IP: ::1', 1737900468), +(137, 5, 'User successfully logged in, IP: ::1', 1737901333), +(138, 5, 'User successfully logged in, IP: ::1', 1737902083), +(139, 5, 'User successfully logged in, IP: ::1', 1737902397), +(140, 5, 'User successfully logged in, IP: ::1', 1737902718), +(141, 5, 'User successfully logged in, IP: ::1', 1737903024), +(142, 5, 'User successfully logged in, IP: ::1', 1737903037), +(143, 5, 'User successfully logged in, IP: ::1', 1737903374), +(144, 5, 'User successfully logged in, IP: ::1', 1737903676), +(145, 5, 'User successfully logged in, IP: ::1', 1737911633), +(146, 5, 'User successfully logged in, IP: ::1', 1737911993), +(147, 5, 'User successfully logged in, IP: ::1', 1737912326), +(148, 5, 'User successfully logged in, IP: ::1', 1737912665), +(149, 5, 'User successfully logged in, IP: ::1', 1737913009), +(150, 5, 'User successfully logged in, IP: ::1', 1737913447), +(151, 5, 'User successfully logged in, IP: ::1', 1737915287), +(152, 5, 'User successfully logged in, IP: ::1', 1737915778), +(153, 5, 'User successfully logged in, IP: ::1', 1737916160), +(154, 5, 'User successfully logged in, IP: ::1', 1737916463), +(155, 5, 'User successfully logged in, IP: ::1', 1737932770), +(156, 5, 'User successfully logged in, IP: ::1', 1738089436), +(157, 5, 'User successfully logged in, IP: ::1', 1738089938), +(158, 5, 'Failed login attempt with valid email, IP: ::1', 1738089942), +(159, 5, 'Failed login attempt with valid email, IP: ::1', 1738089960), +(160, 0, 'Failed login attempt with invalid email, IP: ::1', 1738089964), +(161, 5, 'Failed login attempt with valid email, IP: ::1', 1738090020), +(162, 5, 'User successfully logged in, IP: ::1', 1738090027), +(163, 8, 'User successfully logged in, IP: ::1', 1738090191), +(164, 8, 'Attempted login to archived account, IP: ::1', 1738090326), +(165, 5, 'User successfully logged in, IP: ::1', 1738090468), +(166, 5, 'Failed login attempt with valid email, IP: ::1', 1738090477), +(167, 5, 'User successfully logged in, IP: ::1', 1738090623), +(168, 5, 'User successfully logged in, IP: ::1', 1738090671), +(169, 5, 'User successfully logged in, IP: ::1', 1738090684), +(170, 5, 'User successfully logged in, IP: ::1', 1738090689), +(171, 5, 'User successfully logged in, IP: ::1', 1738091047), +(172, 5, 'User successfully logged in, IP: ::1', 1738091794), +(173, 5, 'User successfully logged in, IP: ::1', 1738092207), +(174, 5, 'User successfully logged in, IP: ::1', 1738092510), +(175, 5, 'User successfully logged in, IP: ::1', 1738097910), +(176, 5, 'User successfully logged in, IP: ::1', 1738098220), +(177, 5, 'Failed login attempt with valid email, IP: ::1', 1738098406), +(178, 8, 'Attempted login to archived account, IP: ::1', 1738098431), +(179, 5, 'User successfully logged in, IP: ::1', 1738098499), +(180, 5, 'User successfully logged in, IP: ::1', 1738103980), +(181, 5, 'User successfully logged in, IP: ::1', 1738106592), +(182, 5, 'User successfully logged in, IP: ::1', 1738180296), +(183, 5, 'User successfully logged in, IP: ::1', 1738180741), +(184, 9, 'User successfully logged in, IP: ::1', 1738181019), +(185, 5, 'User successfully logged in, IP: ::1', 1738181024), +(186, 5, 'User successfully logged in, IP: ::1', 1738181285), +(187, 5, 'User successfully logged in, IP: ::1', 1738181393), +(188, 5, 'Failed login attempt with valid email, IP: ::1', 1738181397), +(189, 5, 'User successfully logged in, IP: ::1', 1738181400), +(190, 5, 'User successfully logged in, IP: ::1', 1738181757), +(191, 9, 'User successfully logged in, IP: ::1', 1738181787), +(192, 9, 'User successfully logged in, IP: ::1', 1738181970), +(193, 5, 'User successfully logged in, IP: ::1', 1738181999), +(194, 5, 'User successfully logged in, IP: ::1', 1738182310), +(195, 5, 'User successfully logged in, IP: ::1', 1738183071), +(196, 5, 'User successfully logged in, IP: ::1', 1738183724), +(197, 5, 'User successfully logged in, IP: ::1', 1738184719), +(198, 5, 'User successfully logged in, IP: ::1', 1738185385), +(199, 5, 'User successfully logged in, IP: ::1', 1738187460), +(200, 5, 'User successfully logged in, IP: ::1', 1738187464), +(201, 5, 'User successfully logged in, IP: ::1', 1738188127), +(202, 5, 'User successfully logged in, IP: ::1', 1738190079), +(203, 5, 'User successfully logged in, IP: ::1', 1738191866), +(204, 5, 'User successfully logged in, IP: ::1', 1738192194), +(205, 5, 'Failed login attempt with valid email, IP: ::1', 1738192240), +(206, 5, 'User successfully logged in, IP: ::1', 1738192288), +(207, 5, 'User successfully logged in, IP: 127.0.0.1', 1738192315), +(208, 5, 'User successfully logged in, IP: ::1', 1738193732), +(209, 5, 'User successfully logged in, IP: ::1', 1738195884), +(210, 9, 'Failed login attempt with valid email, IP: ::1', 1738195895), +(211, 9, 'Failed login attempt with valid email, IP: ::1', 1738195903), +(212, 9, 'Failed login attempt with valid email, IP: ::1', 1738195914), +(213, 5, 'User successfully logged in, IP: ::1', 1738195916), +(214, 10, 'User successfully logged in, IP: ::1', 1738195962), +(215, 10, 'User successfully logged in, IP: ::1', 1738196266), +(216, 10, 'User successfully logged in, IP: ::1', 1738196268), +(217, 10, 'User successfully logged in, IP: ::1', 1738196321), +(218, 10, 'User successfully logged in, IP: ::1', 1738197460), +(219, 10, 'User successfully logged in, IP: ::1', 1738197464), +(220, 10, 'User successfully logged in, IP: ::1', 1738197483), +(221, 10, 'User successfully logged in, IP: ::1', 1738197487), +(222, 10, 'User successfully logged in, IP: ::1', 1738197490), +(223, 5, 'User successfully logged in, IP: ::1', 1738197542), +(224, 5, 'User successfully logged in, IP: ::1', 1738197549), +(225, 5, 'User successfully logged in, IP: ::1', 1738197588), +(226, 5, 'User successfully logged in, IP: ::1', 1738197608), +(227, 5, 'User successfully logged in, IP: ::1', 1738197947), +(228, 10, 'User successfully logged in, IP: ::1', 1738198033); + -- -------------------------------------------------------- -- @@ -101,7 +223,8 @@ INSERT INTO `brand` (`brand_id`, `brand_name`) VALUES (33, 'VIBRAMYCIN'), (34, 'DELTASONE'), (35, 'PLAVIX'), -(36, 'PANADOL'); +(36, 'PANADOL'), +(58, 'TESC'); -- -- Triggers `brand` @@ -121,20 +244,6 @@ DELIMITER ; -- -------------------------------------------------------- --- --- Table structure for table `log` --- - -CREATE TABLE `log` ( - `log_id` int NOT NULL, - `student_id` int NOT NULL, - `staff_id` int NOT NULL, - `notes` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, - `date_time` int NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- -------------------------------------------------------- - -- -- Table structure for table `med` -- @@ -179,9 +288,7 @@ INSERT INTO `med` (`med_id`, `med_name`) VALUES (28, 'GABAPENTIN'), (29, 'DOXYCYCLINE'), (30, 'CLOPIDOGREL'), -(31, 'ASDASDASDASD'), -(32, 'ASDASDASDASD'), -(33, 'ASDASDASDASD'); +(34, 'TEST'); -- -- Triggers `med` @@ -201,6 +308,24 @@ DELIMITER ; -- -------------------------------------------------------- +-- +-- Table structure for table `notes` +-- + +CREATE TABLE `notes` ( + `note_id` int NOT NULL, + `takes_id` int NOT NULL, + `staff_code` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `content` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `created_at` datetime DEFAULT CURRENT_TIMESTAMP +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Dumping data for table `notes` +-- + +-- -------------------------------------------------------- + -- -- Table structure for table `staff` -- @@ -210,17 +335,21 @@ CREATE TABLE `staff` ( `first_name` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `last_name` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `email` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `staff_code` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `password` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, - `group` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL + `group` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `archived` tinyint(1) NOT NULL DEFAULT '0' ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; -- -- Dumping data for table `staff` -- -INSERT INTO `staff` (`staff_id`, `first_name`, `last_name`, `email`, `password`, `group`) VALUES -(1, 'Failed', 'Events', 'failed.events@utcleeds.co.uk', 'failed.events', 'system'), -(5, 'user', 'user', 'user.user@utcleeds.co.uk', '$2y$10$vF4bf/M/qEBKJXKLCwI/AeJPjw7ELS8MyQ9zu3cHRTno55kWX7PeK', 'admin'); +INSERT INTO `staff` (`staff_id`, `first_name`, `last_name`, `email`, `staff_code`, `password`, `group`, `archived`) VALUES +(1, 'Failed', 'Events', 'failed.events@utcleeds.co.uk', '', 'failed.events', 'system', 0), +(5, 'admin', 'user', 'admin.user@utcleeds.co.uk', 'AUS', '$2y$10$m8jI0VvPXXgfQpp6R05ssuoQOfeEtMGoWdh3LibJ0aMG8jJD9Ryz6', 'admin', 0), +(8, 'Joe', 'Bloggs', 'joe.bloggs@utcleeds.co.uk', 'JBL ', '$2y$10$7Pw7G2Tnj.eNkjbZHfcmreLvVumcPwTMEW1kD7uw6HZIRDQ.OsUWC', 'user', 1), +(10, 'basic ', 'user', 'basic.user@utcleeds.co.uk', 'bus', '$2y$10$UKe4cHuSkLWRhBn19oRJauHHUPY4ZdDWW4FLQgZmucS5.7e76iJre', 'user', 0); -- -------------------------------------------------------- @@ -232,47 +361,48 @@ CREATE TABLE `students` ( `student_id` int UNSIGNED NOT NULL, `first_name` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `last_name` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, - `year` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL + `year` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, + `archived` int DEFAULT '0' ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; -- -- Dumping data for table `students` -- -INSERT INTO `students` (`student_id`, `first_name`, `last_name`, `year`) VALUES -(1, 'JAKE', 'PERALTA', '13'), -(2, 'AMY', 'SANTIAGO', '11'), -(3, 'CHARLES', 'BOYLE', '10'), -(4, 'ROSA', 'DIAZ', '12'), -(5, 'GINA', 'LINETTI', '13'), -(6, 'RAYMOND', 'HOLT', '13'), -(7, 'LUCY', 'CHEN', '12'), -(8, 'TIM', 'BRADFORD', '11'), -(9, 'JOHN', 'NOLAN', '13'), -(10, 'JACKSON', 'WEST', '12'), -(11, 'BAILEY', 'NUNE', '10'), -(12, 'WESLEY', 'EVENS', '10'), -(13, 'ANGELA', 'LOPEZ', '11'), -(14, 'ROSALIND', 'DYER', '12'), -(15, 'NYLA', 'HARPER', '13'), -(16, 'AARON', 'THORSEN', '11'), -(17, 'TAILIA', 'BISHOP', '11'), -(18, 'ZOE', 'ANDERSON', '12'), -(19, 'TAMARA', 'COLLINS', '10'), -(20, 'CELINA', 'JUAREZ', '10'), -(21, 'ELIJA', 'STONE', '12'), -(22, 'MONICA', 'STEVENS', '13'), -(23, 'OSCAR', 'HUTCHINSON', '12'), -(24, 'WADE', 'GREY', '12'), -(25, 'EMMET', 'LANG', '13'), -(26, 'JAMES', 'MURRAY', '13'), -(27, 'MEREDITH', 'GREY', '11'), -(28, 'DEREK', 'SHEPARD', '12'), -(29, 'ALEX', 'KEREV', '10'), -(30, 'MARK', 'SLOAN', '11'), -(31, 'OWEN', 'HUNT', '13'), -(32, 'CRISTINA', 'YANG', '11'), -(33, 'MIRANDA', 'BAILEY', '12'); +INSERT INTO `students` (`student_id`, `first_name`, `last_name`, `year`, `archived`) VALUES +(1, 'JAKE', 'PERALTA', '13', 1), +(2, 'TEST', 'CHANGES', '11', 0), +(3, 'CHARLES', 'BOYLE', '10', 0), +(4, 'ROSA', 'DIAZ', '14', 0), +(5, 'GINA', 'LINETTI', '13', 0), +(6, 'RAYMOND', 'HOLT', '13', 0), +(7, 'LUCY', 'CHEN', '14', 0), +(8, 'TIM', 'BRADFORD', '11', 0), +(9, 'JOHN', 'NOLAN', '13', 0), +(10, 'JACKSON', 'WEST', '14', 0), +(11, 'BAILEY', 'NUNE', '10', 0), +(12, 'WESLEY', 'EVENS', '10', 0), +(13, 'ANGELA', 'LOPEZ', '11', 0), +(14, 'ROSALIND', 'DYER', '14', 0), +(15, 'NYLA', 'HARPER', '13', 0), +(16, 'AARON', 'THORSEN', '11', 0), +(17, 'TAILIA', 'BISHOP', '11', 0), +(18, 'ZOE', 'ANDERSON', '14', 0), +(19, 'TAMARA', 'COLLINS', '10', 0), +(20, 'CELINA', 'JUAREZ', '10', 0), +(21, 'ELIJA', 'STONE', '14', 0), +(22, 'MONICA', 'STEVENS', '13', 0), +(23, 'OSCAR', 'HUTCHINSON', '14', 0), +(24, 'WADE', 'GREY', '14', 0), +(25, 'EMMET', 'LANG', '13', 0), +(26, 'JAMES', 'MURRAY', '13', 0), +(27, 'MEREDITH', 'GREY', '11', 0), +(28, 'DEREK', 'SHEPARD', '14', 0), +(29, 'ALEX', 'KEREV', '10', 0), +(30, 'MARK', 'SLOAN', '11', 0), +(31, 'OWEN', 'HUNT', '13', 0), +(32, 'CRISTINA', 'YANG', '11', 0), +(33, 'MIRANDA', 'BAILEY', '14', 0); -- -- Triggers `students` @@ -317,10 +447,10 @@ CREATE TABLE `takes` ( -- INSERT INTO `takes` (`takes_id`, `student_id`, `med_id`, `brand_id`, `exp_date`, `current_dose`, `min_dose`, `max_dose`, `strength`, `notes`, `archived`) VALUES -(103, 1, 1, 1, 1735862400, 2, 4, 8, '100mg', '', 1), -(104, 2, 2, 2, 1707004800, 4, 1, 30, '50mg', '', 1), -(105, 2, 3, 2, 1733702400, 32, 6, 32, '200mg', '', 0), -(106, 3, 3, 4, 1760659200, 6, 6, 49, '200 mg', '', 0), +(103, 1, 1, 1, 1735862400, 0, 4, 8, '100mg', '', 1), +(104, 2, 2, 2, 1707004800, 1, 1, 30, '50mg', '', 1), +(105, 2, 3, 2, 1733702400, 20, 6, 32, '200mg', '', 0), +(106, 3, 3, 4, 1760659200, 3, 6, 49, '200 mg', '', 0), (107, 3, 4, 5, 1747008000, 30, 6, 31, '500 mg', '', 0), (108, 3, 5, 5, 1745366400, 26, 2, 50, '850 mg', '', 0), (109, 3, 6, 6, 1738713600, 9, 5, 46, '5 mg', '', 0), @@ -333,7 +463,7 @@ INSERT INTO `takes` (`takes_id`, `student_id`, `med_id`, `brand_id`, `exp_date`, (116, 6, 13, 13, 1693526400, 21, 3, 60, '200mg', '', 1), (117, 7, 14, 14, 1751328000, 1, 2, 1, '0.3mg', '', 0), (118, 7, 14, 14, 1751328000, 1, 8, 1, '0.3mg', '', 0), -(119, 8, 15, 15, 1734134400, 5, 9, 7, '30g', 'Stored in a fridge', 0), +(119, 8, 15, 15, 1734134400, 5, 9, 7, '30g', '', 0), (120, 8, 20, 16, 1769904000, 40, 10, 60, '125mg', '', 0), (121, 9, 1, 17, 1759276800, 4, 6, 8, '500mg', '', 0), (122, 9, 18, 18, 1732838400, 6, 2, 7, '30mg', '', 1), @@ -347,7 +477,7 @@ INSERT INTO `takes` (`takes_id`, `student_id`, `med_id`, `brand_id`, `exp_date`, (130, 15, 10, 22, 1652054400, 27, 1, 24, '500 mg', '', 1), (131, 16, 11, 23, 1690329600, 26, 4, 42, '40 mg', '', 1), (132, 17, 14, 14, 1760140800, 1, 6, 1, '0.3mg', '', 0), -(133, 17, 14, 14, 1775001600, 1, 8, 1, '0.3mg', '', 0), +(133, 17, 14, 14, 1775001600, 0, 8, 1, '0.3mg', '', 0), (134, 18, 2, 2, 1716249600, 4, 3, 30, '50mg', '', 1), (135, 19, 3, 2, 1693353600, 32, 4, 32, '200mg', '', 1), (136, 20, 1, 1, 1799884800, 2, 3, 8, '100mg', '', 0), @@ -359,13 +489,17 @@ INSERT INTO `takes` (`takes_id`, `student_id`, `med_id`, `brand_id`, `exp_date`, (142, 26, 24, 28, 1696550400, 10, 6, 30, '40 mg', '', 1), (143, 27, 25, 29, 1821312000, 60, 9, 100, '81 mg', '', 0), (144, 27, 26, 30, 1775952000, 15, 3, 20, '1 mg', '', 0), -(145, 28, 27, 31, 1669507200, 35, 3, 50, '5 mg', 'uasihdajsdkjasdasdjasojasd', 0), +(145, 28, 27, 31, 1669507200, 35, 3, 50, '5 mg', '', 0), (146, 28, 28, 32, 1707091200, 12, 2, 30, '300 mg', '', 0), -(147, 29, 29, 33, 1732406400, 20, 7, 30, '100 mg', 'asdfg', 0), +(147, 29, 29, 33, 1732406400, 20, 7, 30, '100 mg', '', 0), (148, 29, 12, 20, 1696723200, 40, 10, 50, '10 mg', '', 0), (149, 30, 7, 34, 1800835200, 10, 4, 20, '5 mg', '', 0), (150, 31, 30, 35, 1710374400, 60, 10, 90, '75 mg', '', 0), -(151, 31, 1, 36, 1755734400, 20, 2, 30, '500 mg', '', 0); +(151, 31, 1, 36, 1755734400, 20, 2, 30, '500 mg', '', 0), +(152, 20, 5, 4, 1747267200, 69, 69, 420, '69', NULL, 0), +(153, 20, 5, 4, 1747267200, 69, 69, 420, '69', NULL, 0), +(154, 1, 1, 2, 1737504000, 12, 12, 12, '50', NULL, 0), +(155, 1, 2, 2, 1747958400, 12, 12, 12, '12', NULL, 0); -- -------------------------------------------------------- @@ -394,14 +528,6 @@ CREATE TABLE `whole_school` ( `notes` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `archived` tinyint(1) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; - --- --- Dumping data for table `whole_school` --- - -INSERT INTO `whole_school` (`whole_school_id`, `name`, `exp_date`, `amount_left`, `notes`, `archived`) VALUES -(1, 'Defib Pads', 1735776000, 12, '12123123', 0); - -- -- Indexes for dumped tables -- @@ -424,18 +550,18 @@ ALTER TABLE `audit_logs` ALTER TABLE `brand` ADD PRIMARY KEY (`brand_id`); --- --- Indexes for table `log` --- -ALTER TABLE `log` - ADD PRIMARY KEY (`log_id`); - -- -- Indexes for table `med` -- ALTER TABLE `med` ADD PRIMARY KEY (`med_id`); +-- +-- Indexes for table `notes` +-- +ALTER TABLE `notes` + ADD PRIMARY KEY (`note_id`); + -- -- Indexes for table `staff` -- @@ -480,43 +606,43 @@ ALTER TABLE `administer` -- AUTO_INCREMENT for table `audit_logs` -- ALTER TABLE `audit_logs` - MODIFY `audit_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=83; + MODIFY `audit_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=229; -- -- AUTO_INCREMENT for table `brand` -- ALTER TABLE `brand` - MODIFY `brand_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=58; + MODIFY `brand_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=59; -- --- AUTO_INCREMENT for table `log` +-- AUTO_INCREMENT for table `med` -- -ALTER TABLE `log` - MODIFY `log_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4; +ALTER TABLE `med` + MODIFY `med_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=35; -- --- AUTO_INCREMENT for table `med` +-- AUTO_INCREMENT for table `notes` -- -ALTER TABLE `med` - MODIFY `med_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=34; +ALTER TABLE `notes` + MODIFY `note_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8; -- -- AUTO_INCREMENT for table `staff` -- ALTER TABLE `staff` - MODIFY `staff_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8; + MODIFY `staff_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=11; -- -- AUTO_INCREMENT for table `students` -- ALTER TABLE `students` - MODIFY `student_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=877; + MODIFY `student_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=917; -- -- AUTO_INCREMENT for table `takes` -- ALTER TABLE `takes` - MODIFY `takes_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=154; + MODIFY `takes_id` int UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=156; -- -- AUTO_INCREMENT for table `whole_log` @@ -528,7 +654,7 @@ ALTER TABLE `whole_log` -- AUTO_INCREMENT for table `whole_school` -- ALTER TABLE `whole_school` - MODIFY `whole_school_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; + MODIFY `whole_school_id` int NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6; COMMIT; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; diff --git a/database/empty-database.sql b/database/empty-database.sql new file mode 100644 index 0000000..cc724fe --- /dev/null +++ b/database/empty-database.sql @@ -0,0 +1,347 @@ +-- phpMyAdmin SQL Dump +-- version 5.2.0 +-- https://www.phpmyadmin.net/ +-- +-- Host: localhost:3306 +-- Generation Time: Jan 22, 2025 at 07:08 PM +-- Server version: 8.0.30 +-- PHP Version: 8.1.10 + +SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; +START TRANSACTION; +SET time_zone = "+00:00"; + + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8mb4 */; + +-- +-- Database: `utcl-mts` +-- +CREATE DATABASE IF NOT EXISTS `utcl-mts` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; +USE `utcl-mts`; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `administer` +-- + +CREATE TABLE `administer` ( + `adminster_id` int NOT NULL, + `takes_id` int NOT NULL, + `staff_code` text COLLATE utf8mb4_general_ci NOT NULL, + `date_time` int NOT NULL, + `dose_given` int NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `audit_logs` +-- + +CREATE TABLE `audit_logs` ( + `audit_id` int UNSIGNED NOT NULL, + `staff_id` int NOT NULL, + `act` text COLLATE utf8mb4_general_ci NOT NULL, + `date_time` int NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `brand` +-- + +CREATE TABLE `brand` ( + `brand_id` int UNSIGNED NOT NULL, + `brand_name` text COLLATE utf8mb4_general_ci NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Triggers `brand` +-- +DELIMITER $$ +CREATE TRIGGER `before_insert_brand` BEFORE INSERT ON `brand` FOR EACH ROW BEGIN + SET NEW.brand_name = UPPER(NEW.brand_name); +END +$$ +DELIMITER ; +DELIMITER $$ +CREATE TRIGGER `before_update_brand` BEFORE UPDATE ON `brand` FOR EACH ROW BEGIN + SET NEW.brand_name = UPPER(NEW.brand_name); +END +$$ +DELIMITER ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `med` +-- + +CREATE TABLE `med` ( + `med_id` int UNSIGNED NOT NULL, + `med_name` text COLLATE utf8mb4_general_ci NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Triggers `med` +-- +DELIMITER $$ +CREATE TRIGGER `before_insert_med` BEFORE INSERT ON `med` FOR EACH ROW BEGIN + SET NEW.med_name = UPPER(NEW.med_name); +END +$$ +DELIMITER ; +DELIMITER $$ +CREATE TRIGGER `before_update_med` BEFORE UPDATE ON `med` FOR EACH ROW BEGIN + SET NEW.med_name = UPPER(NEW.med_name); +END +$$ +DELIMITER ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `notes` +-- + +CREATE TABLE `notes` ( + `note_id` int NOT NULL, + `takes_id` int NOT NULL, + `staff_code` text COLLATE utf8mb4_general_ci NOT NULL, + `content` text COLLATE utf8mb4_general_ci NOT NULL, + `created_at` datetime DEFAULT CURRENT_TIMESTAMP +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `staff` +-- + +CREATE TABLE `staff` ( + `staff_id` int UNSIGNED NOT NULL, + `first_name` text COLLATE utf8mb4_general_ci NOT NULL, + `last_name` text COLLATE utf8mb4_general_ci NOT NULL, + `email` text COLLATE utf8mb4_general_ci NOT NULL, + `staff_code` text COLLATE utf8mb4_general_ci NOT NULL, + `password` text COLLATE utf8mb4_general_ci NOT NULL, + `group` text COLLATE utf8mb4_general_ci NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `students` +-- + +CREATE TABLE `students` ( + `student_id` int UNSIGNED NOT NULL, + `first_name` text COLLATE utf8mb4_general_ci NOT NULL, + `last_name` text COLLATE utf8mb4_general_ci NOT NULL, + `year` text COLLATE utf8mb4_general_ci NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Triggers `students` +-- +DELIMITER $$ +CREATE TRIGGER `before_insert_students` BEFORE INSERT ON `students` FOR EACH ROW BEGIN + SET NEW.first_name = UPPER(NEW.first_name); + SET NEW.last_name = UPPER(NEW.last_name); +END +$$ +DELIMITER ; +DELIMITER $$ +CREATE TRIGGER `before_update_students` BEFORE UPDATE ON `students` FOR EACH ROW BEGIN + SET NEW.first_name = UPPER(NEW.first_name); + SET NEW.last_name = UPPER(NEW.last_name); +END +$$ +DELIMITER ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `takes` +-- + +CREATE TABLE `takes` ( + `takes_id` int UNSIGNED NOT NULL, + `student_id` int NOT NULL, + `med_id` int NOT NULL, + `brand_id` int NOT NULL, + `exp_date` int NOT NULL, + `current_dose` int NOT NULL, + `min_dose` int NOT NULL, + `max_dose` int NOT NULL, + `strength` text COLLATE utf8mb4_general_ci NOT NULL, + `notes` text CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci, + `archived` tinyint(1) NOT NULL DEFAULT '0' +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `whole_log` +-- + +CREATE TABLE `whole_log` ( + `whole_log_id` int NOT NULL, + `whole_school_id` int NOT NULL, + `notes` text COLLATE utf8mb4_general_ci NOT NULL, + `date_time` int NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `whole_school` +-- + +CREATE TABLE `whole_school` ( + `whole_school_id` int NOT NULL, + `name` text COLLATE utf8mb4_general_ci NOT NULL, + `exp_date` int NOT NULL, + `amount_left` int NOT NULL, + `notes` text COLLATE utf8mb4_general_ci NOT NULL, + `archived` tinyint(1) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Indexes for dumped tables +-- + +-- +-- Indexes for table `administer` +-- +ALTER TABLE `administer` + ADD PRIMARY KEY (`adminster_id`); + +-- +-- Indexes for table `audit_logs` +-- +ALTER TABLE `audit_logs` + ADD PRIMARY KEY (`audit_id`); + +-- +-- Indexes for table `brand` +-- +ALTER TABLE `brand` + ADD PRIMARY KEY (`brand_id`); + +-- +-- Indexes for table `med` +-- +ALTER TABLE `med` + ADD PRIMARY KEY (`med_id`); + +-- +-- Indexes for table `notes` +-- +ALTER TABLE `notes` + ADD PRIMARY KEY (`note_id`); + +-- +-- Indexes for table `staff` +-- +ALTER TABLE `staff` + ADD PRIMARY KEY (`staff_id`); + +-- +-- Indexes for table `students` +-- +ALTER TABLE `students` + ADD PRIMARY KEY (`student_id`); + +-- +-- Indexes for table `takes` +-- +ALTER TABLE `takes` + ADD PRIMARY KEY (`takes_id`); + +-- +-- Indexes for table `whole_log` +-- +ALTER TABLE `whole_log` + ADD PRIMARY KEY (`whole_log_id`); + +-- +-- Indexes for table `whole_school` +-- +ALTER TABLE `whole_school` + ADD PRIMARY KEY (`whole_school_id`); + +-- +-- AUTO_INCREMENT for dumped tables +-- + +-- +-- AUTO_INCREMENT for table `administer` +-- +ALTER TABLE `administer` + MODIFY `adminster_id` int NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `audit_logs` +-- +ALTER TABLE `audit_logs` + MODIFY `audit_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `brand` +-- +ALTER TABLE `brand` + MODIFY `brand_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `med` +-- +ALTER TABLE `med` + MODIFY `med_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `notes` +-- +ALTER TABLE `notes` + MODIFY `note_id` int NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `staff` +-- +ALTER TABLE `staff` + MODIFY `staff_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `students` +-- +ALTER TABLE `students` + MODIFY `student_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `takes` +-- +ALTER TABLE `takes` + MODIFY `takes_id` int UNSIGNED NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `whole_log` +-- +ALTER TABLE `whole_log` + MODIFY `whole_log_id` int NOT NULL AUTO_INCREMENT; + +-- +-- AUTO_INCREMENT for table `whole_school` +-- +ALTER TABLE `whole_school` + MODIFY `whole_school_id` int NOT NULL AUTO_INCREMENT; +COMMIT; + +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; diff --git a/edit_details/student_table.php b/edit_details/student_table.php deleted file mode 100644 index 96dedab..0000000 --- a/edit_details/student_table.php +++ /dev/null @@ -1,197 +0,0 @@ - - -
- - - - -

Student Management

- - - -
-
-
Enter year group
-
Example: 12
- -

- -
-
- - prepare($sql); - $stmt->bindParam(':year', $selected_year, PDO::PARAM_STR); - $stmt->execute(); - $students = $stmt->fetchAll(PDO::FETCH_ASSOC); - - if ($students) { - echo "
"; - echo "

Progress Year Group $selected_year

"; - echo ""; - echo ""; - foreach (array_keys($students[0]) as $header) { - echo ""; - } - echo ""; - echo ""; - - foreach ($students as $student) { - echo ""; - foreach ($student as $key => $value) { - echo ""; - } - echo ""; - echo ""; - } - echo "
" . htmlspecialchars($header) . "Progress
" . htmlspecialchars($value) . " -
- -
-
"; - echo '

'; - echo ""; - echo "
"; - } else { - - echo "

No students found in Year $selected_year.

"; - } - } catch (PDOException $e) { - die("

Database error: " . htmlspecialchars($e->getMessage()) . "

"); - } - } - - // Handle the final progress submission - if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['finalize_progress']) && isset($_POST['progress_ids'])) { - $progress_ids = $_POST['progress_ids']; - - try { - // Update the year group for selected students - $update_sql = "UPDATE students SET year = year + 1 WHERE student_id = :student_id"; - $update_stmt = $conn->prepare($update_sql); - - foreach ($progress_ids as $id) { - $update_stmt->bindParam(':student_id', $id, PDO::PARAM_INT); - $update_stmt->execute(); - } - - echo "

Year group progression completed successfully.

"; - } catch (PDOException $e) { - die("

Database error: " . htmlspecialchars($e->getMessage()) . "

"); - } - } - - // Default student table display logic - $results_per_page = 10; - $page = isset($_GET['page']) ? intval($_GET['page']) : 1; - $start_from = ($page - 1) * $results_per_page; - $search_term = isset($_GET['search']) ? trim($_GET['search']) : ''; - - try { - $total_sql = "SELECT COUNT(*) AS total_records FROM students WHERE CONCAT(first_name, ' ', last_name) LIKE :search OR year LIKE :search"; - $total_stmt = $conn->prepare($total_sql); - $search_param = '%' . $search_term . '%'; - $total_stmt->bindParam(':search', $search_param, PDO::PARAM_STR); - $total_stmt->execute(); - $total_records = $total_stmt->fetch(PDO::FETCH_ASSOC)['total_records']; - $total_pages = ceil($total_records / $results_per_page); - - $sql = "SELECT * FROM students WHERE CONCAT(first_name, ' ', last_name) LIKE :search OR year LIKE :search LIMIT :limit OFFSET :offset"; - $stmt = $conn->prepare($sql); - $stmt->bindParam(':search', $search_param, PDO::PARAM_STR); - $stmt->bindParam(':limit', $results_per_page, PDO::PARAM_INT); - $stmt->bindParam(':offset', $start_from, PDO::PARAM_INT); - $stmt->execute(); - $results = $stmt->fetchAll(PDO::FETCH_ASSOC); - - if ($results) { - echo ""; - echo ""; - foreach (array_keys($results[0]) as $header) { - echo ""; - } - echo ""; - echo ""; - - foreach ($results as $row) { - echo ""; - foreach ($row as $value) { - echo ""; - } - echo ""; - echo ""; - } - echo "
" . htmlspecialchars($header) . "Actions
" . htmlspecialchars($value) . " -
-
- - -
-
-
"; - } else { - echo "No records found."; - } - echo "
"; - - echo ""; - } catch (PDOException $e) { - die("

Database error: " . htmlspecialchars($e->getMessage()) . "

"); - } - - ?> -
- diff --git a/index.html b/index.html deleted file mode 100644 index d28f64c..0000000 --- a/index.html +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - Hours Tracking - Login - - -
-

UTC Leeds Medical Tracker

-
-
Enter email *
-
user.user@utcleeds.co.uk
- -

-
Enter password *
- -

- -
-
- - \ No newline at end of file diff --git a/index.php b/index.php new file mode 100755 index 0000000..bd92409 --- /dev/null +++ b/index.php @@ -0,0 +1,67 @@ + + + + + + + Hours Tracking - Login + + +
+

UTC Leeds Medical Tracker

+
+
Enter email *
+
user.user@utcleeds.co.uk
+ +

+
Enter password *
+ +

+ +
+ +

+ + '; + echo '
'; + echo '

Error

'; + echo '
'; + echo '
'; + echo "
$error_message
"; + echo '
'; + echo '
'; +} +?> + +
+ + \ No newline at end of file diff --git a/insert_data/export_brands.php b/insert_data/export_brands.php deleted file mode 100644 index 1a74532..0000000 --- a/insert_data/export_brands.php +++ /dev/null @@ -1,86 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} catch (PDOException $e) { - die("Database connection failed: " . $e->getMessage()); -} - -// Function to export as CSV -function exportCSV($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time brands_export.csv"; - $output = fopen("php://output", "w"); - - // Send headers for file download - header("Content-Type: text/csv"); - header("Content-Disposition: attachment; filename=$filename"); - - // Write the column headers - fputcsv($output, ["brand_name"]); - - // Fetch and write the rows - $stmt = $conn->query("SELECT brand_name FROM brand"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - fputcsv($output, $row); - } - fclose($output); - exit; -} - -// Function to export as Excel-compatible HTML -function exportExcel($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time brands_export.xls"; - - // Send headers for file download - header("Content-Type: application/vnd.ms-excel"); - header("Content-Disposition: attachment; filename=$filename"); - - // Start the table - echo ""; - echo ""; - - // Fetch and write the rows - $stmt = $conn->query("SELECT * FROM brand"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - echo ""; - foreach ($row as $cell) { - echo ""; - } - echo ""; - } - - echo "
Brand IDBrand Name
" . htmlspecialchars($cell) . "
"; - exit; -} - -// Handle form submission -if ($_SERVER["REQUEST_METHOD"] === "POST") { - if (isset($_POST["export_brands"])) { - $exportType = $_POST["export_brands"]; - if ($exportType === "csv") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All brands were exported via CSV"; - - logAction($conn, $staff_id, $action); - exportCSV($conn); - } elseif ($exportType === "excel") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All brands were exported via Excel"; - - logAction($conn, $staff_id, $action); - exportExcel($conn); - } else { - echo "Invalid export type."; - } - } -} -?> diff --git a/insert_data/export_meds.php b/insert_data/export_meds.php deleted file mode 100644 index b4612a8..0000000 --- a/insert_data/export_meds.php +++ /dev/null @@ -1,86 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} catch (PDOException $e) { - die("Database connection failed: " . $e->getMessage()); -} - -// Function to export as CSV -function exportCSV($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time med_name_export.csv"; - $output = fopen("php://output", "w"); - - // Send headers for file download - header("Content-Type: text/csv"); - header("Content-Disposition: attachment; filename=$filename"); - - // Write the column headers - fputcsv($output, ["med_name"]); - - // Fetch and write the rows - $stmt = $conn->query("SELECT med_name FROM med"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - fputcsv($output, $row); - } - fclose($output); - exit; -} - -// Function to export as Excel-compatible HTML -function exportExcel($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time med_name_export.xls"; - - // Send headers for file download - header("Content-Type: application/vnd.ms-excel"); - header("Content-Disposition: attachment; filename=$filename"); - - // Start the table - echo ""; - echo ""; - - // Fetch and write the rows - $stmt = $conn->query("SELECT * FROM med"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - echo ""; - foreach ($row as $cell) { - echo ""; - } - echo ""; - } - - echo "
Med IDMed Name
" . htmlspecialchars($cell) . "
"; - exit; -} - -// Handle form submission -if ($_SERVER["REQUEST_METHOD"] === "POST") { - if (isset($_POST["export_meds"])) { - $exportType = $_POST["export_meds"]; - if ($exportType === "csv") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All meds were exported via CSV"; - - logAction($conn, $staff_id, $action); - exportCSV($conn); - } elseif ($exportType === "excel") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All meds were exported via Excel"; - - logAction($conn, $staff_id, $action); - exportExcel($conn); - } else { - echo "Invalid export type."; - } - } -} -?> diff --git a/insert_data/export_students.php b/insert_data/export_students.php deleted file mode 100644 index d97f266..0000000 --- a/insert_data/export_students.php +++ /dev/null @@ -1,86 +0,0 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); -} catch (PDOException $e) { - die("Database connection failed: " . $e->getMessage()); -} - -// Function to export as CSV -function exportCSV($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time students_export.csv"; - $output = fopen("php://output", "w"); - - // Send headers for file download - header("Content-Type: text/csv"); - header("Content-Disposition: attachment; filename=$filename"); - - // Write the column headers - fputcsv($output, ["first_name", "last_name", "year"]); - - // Fetch and write the rows - $stmt = $conn->query("SELECT first_name, last_name, year FROM students"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - fputcsv($output, $row); - } - fclose($output); - exit; -} - -// Function to export as Excel-compatible HTML -function exportExcel($conn) { - $times = date("U"); // gives the int of number of seconds - $formatted_time = date("Y-m-d H-i-s", $times); // - $filename = "$formatted_time students_export.xls"; - - // Send headers for file download - header("Content-Type: application/vnd.ms-excel"); - header("Content-Disposition: attachment; filename=$filename"); - - // Start the table - echo ""; - echo ""; - - // Fetch and write the rows - $stmt = $conn->query("SELECT * FROM students"); - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - echo ""; - foreach ($row as $cell) { - echo ""; - } - echo ""; - } - - echo "
Student IDFirst NameLast NameYear
" . htmlspecialchars($cell) . "
"; - exit; -} - -// Handle form submission -if ($_SERVER["REQUEST_METHOD"] === "POST") { - if (isset($_POST["export_meds"])) { - $exportType = $_POST["export_meds"]; - if ($exportType === "csv") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All students were exported via CSV"; - - logAction($conn, $staff_id, $action); - exportCSV($conn); - } elseif ($exportType === "excel") { - $ip_address = $_SERVER['REMOTE_ADDR']; - $staff_id = $_SESSION["staff_id"]; - $action = "All students were exported via Excel"; - - logAction($conn, $staff_id, $action); - exportExcel($conn); - } else { - echo "Invalid export type."; - } - } -} -?> diff --git a/insert_data/insert_data_home.php b/insert_data/insert_data_home.php deleted file mode 100644 index b836687..0000000 --- a/insert_data/insert_data_home.php +++ /dev/null @@ -1,113 +0,0 @@ -'; -?> - - - - - - - Hours Tracking - Insert Data - - -
- - -

Bulk Upload

- -

-
-
Upload a File
-
.CSV is the only allowed format
-

- -
- -
- -

Create One Student

-
-
Enter students first name
-
Example: Joe
- -

-
Enter students last name
-
Example: Bloggs
- -

-
Enter students year group
-
Example: 12
- -

- -
-
- -

Export Students

-
- -

- -

- -
- -
- -

Export Brands

-
- -

- -

- -
- -
- -

Export Medications

-
- -

- -

- -
-


-
- - diff --git a/insert_data/upload_single.php b/insert_data/upload_single.php deleted file mode 100644 index 9307dde..0000000 --- a/insert_data/upload_single.php +++ /dev/null @@ -1,54 +0,0 @@ - - - - Hours Tracking - Student Medication - - - -
- - -prepare($sql); -$stmt->bindParam(1,$first_name); -$stmt->bindParam(2,$last_name); -$stmt->bindParam(3,$year); - -$staff_id = $_SESSION['staff_id']; -$ip_address = $_SERVER['REMOTE_ADDR']; -$action = "Student: " . $first_name . " " . $last_name. " was created"; -// ID of the user performing the action -logAction($conn, $staff_id, $action); - -$stmt->execute(); -header("refresh:5; insert_data_home.php"); -echo '
'; -echo "Successfully registered"; -?> \ No newline at end of file diff --git a/log-new-med/log_new_med.php b/log-new-med/log_new_med.php index e202611..f9a0f40 100644 --- a/log-new-med/log_new_med.php +++ b/log-new-med/log_new_med.php @@ -5,6 +5,8 @@ // Include the database connection file include "../server/db_connect.php"; + include "../server/navbar/add_new_med.php"; + include "../server/check_cookie_user.php"; // Function to check if the request is coming from the dashboard function isFromDashboard() { @@ -17,25 +19,6 @@ function isFromDashboard() { Hours Tracking - Dashboard
-

Add a new med

diff --git a/log-new-med/log_new_med_audit.php b/log-new-med/log_new_med_audit.php index 7030149..7ef8700 100644 --- a/log-new-med/log_new_med_audit.php +++ b/log-new-med/log_new_med_audit.php @@ -5,6 +5,8 @@ // Include the database connection file include "../server/db_connect.php"; + include "../server/audit-log.php"; + include "../server/check_cookie_user.php"; try { @@ -56,6 +58,15 @@ $stmt->bindParam(8, $strength, PDO::PARAM_STR); // Execute the query if ($stmt->execute()) { + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created medical record $sid, $max_dose, $min_dose, $epoch, $current_dose, $med ,$brand, $strength "; + $source = "Create New Medical Record"; + + logAction($conn, $staff_id, $action, $source); + + header("Location: ../dashboard/dashboard.php"); echo "Record successfully added!"; diff --git a/log/add_notes.php b/log/add_notes.php deleted file mode 100644 index 549e83a..0000000 --- a/log/add_notes.php +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - Hours Tracking - Add Notes - - - - - - - - - -Add Notes"; - echo "
"; - echo ""; - - ### TODO: Discuss using https://design-system.service.gov.uk/patterns/dates/ this date format instead and try and change the logic to still work with epoch -- James - ### Still going to style it to match the style for the rest of the site but might be changed - ### Working Example, https://github.com/SilentSmeary/hours-tracking/blob/main/student/insert_log.php - echo "
Enter date
-
Example: 12/05/2025
"; - echo ""; - echo "

"; - // Time input field of each medication - echo "
Enter time
-
Example: 12/05/2025
"; - echo ""; - echo "

"; - // Notes input for log - echo "
Enter notes
-
Example: 2x Given
"; -// echo ""; - echo ""; - echo "

"; - // Submit button for the form - echo ""; - - echo ""; - - echo "
"; - -?> \ No newline at end of file diff --git a/log/choose_student.php b/log/choose_student.php deleted file mode 100644 index 374ed68..0000000 --- a/log/choose_student.php +++ /dev/null @@ -1,92 +0,0 @@ - - - - - - - - Hours Tracking - Choose Student - - -
- - - prepare($sql); - - $stmt->bindParam(1, $_POST['student_fname']); - $stmt->bindParam(2, $_POST['student_yeargroup']); - - $stmt->execute(); - - $result = $stmt->fetchAll(); - - // Display the table and form for student selection - echo "
"; - - echo "
"; - - echo ""; - echo "

Select Student

"; - // Display each student with a checkbox for selection - foreach ($result as $row) { - - echo ""; - echo ""; - echo ""; - echo "
"; - echo ""; - } - - // Submit button for the form - echo "
First name: " . htmlspecialchars($row['first_name']) . "Last name: " . htmlspecialchars($row['last_name']) . "
"; - echo "
"; - echo ""; - - echo "
"; - - echo "
"; - - ?> - -
- - - - \ No newline at end of file diff --git a/log/log.php b/log/log.php deleted file mode 100644 index 3af42fb..0000000 --- a/log/log.php +++ /dev/null @@ -1,87 +0,0 @@ - - - - - Hours Tracking - Log - - - -
- - -prepare($sql); - - // Bind parameters to prevent SQL injection - $stmt ->bindParam(1, $stu_id); - $stmt ->bindParam(2, $staff_id); - $stmt ->bindParam(3, $notes); - $stmt ->bindParam(4, $date_time_epoch); - - // Execute the statement - if($stmt->execute()) { - echo "
Data successfully inserted!"; - echo ""; - } else { - echo "Error inserting data."; - echo ""; - } - - } catch (PDOException $e) { - // Handle any errors - echo "Error: " . $e->getMessage(); - } - -?> \ No newline at end of file diff --git a/log/log_form.php b/log/log_form.php deleted file mode 100644 index 7e73f25..0000000 --- a/log/log_form.php +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - Hours Tracking - Log Form - - -
- -

Choose a Student

-
-
Enter students first name
-
Example: Joe
- -

-
Enter students year group
-
Example: 12
- -

- -
-
- - \ No newline at end of file diff --git a/login/login.php b/login/login.php index feeeac5..dccafd8 100644 --- a/login/login.php +++ b/login/login.php @@ -5,93 +5,101 @@ die("Error: db_connect.php file not found in expected directory."); } include "../server/db_connect.php"; +include "../server/audit-log.php"; // Verify database connection if (!$conn) { die("Error: Database connection failed."); } -// Helper function to log actions -function logAction($conn, $staff_id, $action) { - try { - $ip_address = $_SERVER['REMOTE_ADDR']; // Capture the IP address - $action_with_ip = "$action, IP: $ip_address"; // Append IP address to the action - $log_sql = "INSERT INTO audit_logs (staff_id, act, date_time) VALUES (:staff_id, :act, :date_time)"; - $log_stmt = $conn->prepare($log_sql); - $log_stmt->execute([ - 'staff_id' => $staff_id, - 'act' => $action_with_ip, - 'date_time' => time() - ]); - } catch (PDOException $e) { - error_log("Failed to log action: " . $e->getMessage()); - } -} - try { // Start session session_start(); // Check for required POST data and sanitize inputs - if (!isset($_POST["email"]) || !isset($_POST["password"])) { + if (empty($_POST["email"]) || empty($_POST["password"])) { throw new Exception("Email or password is missing."); } - $email = $_POST["email"]; + + // Sanitize and validate email input + $email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL); + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + throw new Exception("Invalid email format."); + } + + // Raw password (will be verified against hashed password in DB) $password = $_POST["password"]; - // First check if the email exists and get the staff details - $sql = "SELECT staff_id, `group`, password, email FROM staff WHERE email = :email"; + // Fetch user record + $sql = "SELECT staff_id, `group`, password, email, staff_code, archived FROM staff WHERE email = :email"; $stmt = $conn->prepare($sql); $stmt->execute(['email' => $email]); $user = $stmt->fetch(PDO::FETCH_ASSOC); - // If user exists and is a system account, log the attempt and deny access - if ($user && $user['group'] === 'system') { - logAction($conn, $user['staff_id'], 'System account login attempt detected'); - header("Location: login.php?error=system_account"); - exit(); - } + if ($user) { + $staff_id = $user['staff_id']; + $staff_code = $user['staff_code']; + $source = "Login"; + + // Deny system account logins + if ($user['group'] === 'system') { + logAction($conn, $staff_id, "System account login attempt detected", $source); + header("Location: ../index.php?error=system_account"); + exit(); + } - // Normal login process continues for non-system accounts - if ($user && password_verify($password, $user['password'])) { - $_SESSION['staff_id'] = $user['staff_id']; - $_SESSION["ssnlogin"] = true; - $_SESSION["email"] = $user["email"]; + // Deny archived accounts + if ((int)$user['archived'] === 1) { + logAction($conn, $staff_id, "Attempted to login to archived staff account", $source); + header("Location: ../index.php?error=account_archived"); + exit(); + } - // Add cookie setting here - setcookie( - 'cookies_and_cream', - 'active', - [ - 'expires' => time() + (2 * 60), // 2 minutes - 'path' => '/', - 'secure' => true, - 'httponly' => true, - 'samesite' => 'Strict' - ] - ); + // Password verification + if (password_verify($password, $user['password'])) { + // Set session variables + $_SESSION['staff_id'] = $staff_id; + $_SESSION['ssnlogin'] = true; + $_SESSION['email'] = $user['email']; + $_SESSION['staff_code'] = $staff_code; + $_SESSION['group'] = $user['group']; - // Log successful login attempt - logAction($conn, $user['staff_id'], 'User successfully logged in'); + // Set secure login cookie + if (!setcookie( + 'cookies_and_cream', + 'active', + [ + 'expires' => time() + (5 * 60), // 5 minutes + 'path' => '/', + 'secure' => true, + 'httponly' => true, + 'samesite' => 'Strict' + ] + )) { + logAction($conn, $staff_id, "Failed to set login cookie", $source); + header("Location: ../index.php?error=cookie_error"); + exit(); + } - header("Location: ../dashboard/dashboard.php"); - exit(); - } else { - // Log failed login attempt if user exists - if ($user) { - logAction($conn, $user['staff_id'], 'Failed login attempt with valid email'); + // Successful login + logAction($conn, $staff_id, "User successfully logged in", $source); + header("Location: ../dashboard/dashboard.php"); + exit(); } else { - logAction($conn, 0, 'Failed login attempt with invalid email'); + // Wrong password + logAction($conn, $staff_id, "Failed login attempt with valid email", $source); } - - header("Location: login.php?error=invalid_credentials"); - exit(); + } else { + // Email not found + logAction($conn, 0, "Failed login attempt with invalid email", "Login"); } + + // Redirect for invalid credentials + header("Location: ../index.php?error=invalid_credentials"); exit(); } catch (Exception $e) { - // Log error for debugging (to a file or error handling system) error_log("Login Error: " . $e->getMessage()); - // Redirect to login page in case of an error - header("Location: ../index.html"); + header("Location: ../index.php?error=unknown_error"); exit(); -} \ No newline at end of file +} + diff --git a/logout.php b/logout.php old mode 100644 new mode 100755 index 2d1e842..b19cb04 --- a/logout.php +++ b/logout.php @@ -13,5 +13,5 @@ } // Redirect to the login page -header("Location: index.html"); +header("Location: index.php"); exit(); \ No newline at end of file diff --git a/audit-log/audit-log.php b/server/audit-log.php similarity index 75% rename from audit-log/audit-log.php rename to server/audit-log.php index 1b345cc..7f18999 100644 --- a/audit-log/audit-log.php +++ b/server/audit-log.php @@ -5,9 +5,10 @@ * @param PDO $conn The database connection. * @param int $staff_id The ID of the user performing the action. * @param string $action The description of the action being performed. + * @param string $source The source of the action. * @return void */ -function logAction($conn, $staff_id, $action) { +function logAction($conn, $staff_id, $action, $source) { try { // Capture and anonymize the IP address $ip_address = $_SERVER['REMOTE_ADDR']; @@ -16,11 +17,12 @@ function logAction($conn, $staff_id, $action) { $date_time = time(); - $sql = "INSERT INTO audit_logs (staff_id, act, date_time) VALUES (?, ?, ?)"; + $sql = "INSERT INTO audit_logs (`staff_id`, `act`, `source`, `date_time`) VALUES (?, ?, ?, ?)"; $stmt = $conn->prepare($sql); $stmt->bindParam(1, $staff_id); $stmt->bindParam(2, $action_with_ip); - $stmt->bindParam(3, $date_time); + $stmt->bindParam(3, $source); + $stmt->bindParam(4, $date_time); $stmt->execute(); // Execute the statement } catch (PDOException $e) { error_log("Failed to log action: " . $e->getMessage()); diff --git a/server/check_cookie_admin.php b/server/check_cookie_admin.php new file mode 100644 index 0000000..e49254b --- /dev/null +++ b/server/check_cookie_admin.php @@ -0,0 +1,7 @@ + \ No newline at end of file diff --git a/server/check_cookie_user.php b/server/check_cookie_user.php new file mode 100644 index 0000000..42fb8ca --- /dev/null +++ b/server/check_cookie_user.php @@ -0,0 +1,8 @@ + \ No newline at end of file diff --git a/server/functions.php b/server/functions.php new file mode 100644 index 0000000..85c2032 --- /dev/null +++ b/server/functions.php @@ -0,0 +1,14 @@ +prepare($sql); + $stmt->execute(); + $result = $stmt->fetch(PDO::FETCH_ASSOC); // Fetch a result + if($result){ + return true; + } else { + return false; + } +} \ No newline at end of file diff --git a/server/navbar/add_new_med.php b/server/navbar/add_new_med.php new file mode 100644 index 0000000..6ffc0b7 --- /dev/null +++ b/server/navbar/add_new_med.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo ''; +} +?> diff --git a/server/navbar/admin_dashboard.php b/server/navbar/admin_dashboard.php new file mode 100644 index 0000000..5b2f6f3 --- /dev/null +++ b/server/navbar/admin_dashboard.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo ''; +} +?> diff --git a/server/navbar/bigtable.php b/server/navbar/bigtable.php new file mode 100644 index 0000000..1e7b020 --- /dev/null +++ b/server/navbar/bigtable.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo ''; +} +?> diff --git a/server/navbar/dashboard.php b/server/navbar/dashboard.php new file mode 100644 index 0000000..4abbf90 --- /dev/null +++ b/server/navbar/dashboard.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo '
+ +
'; +} +?> diff --git a/server/navbar/student_profile.php b/server/navbar/student_profile.php new file mode 100644 index 0000000..2fa732b --- /dev/null +++ b/server/navbar/student_profile.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo '
+ +
'; +} +?> diff --git a/server/navbar/trip_management.php b/server/navbar/trip_management.php new file mode 100644 index 0000000..73fdc82 --- /dev/null +++ b/server/navbar/trip_management.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo '
+ +
'; +} +?> diff --git a/server/navbar/whole_school.php b/server/navbar/whole_school.php new file mode 100644 index 0000000..f92c33b --- /dev/null +++ b/server/navbar/whole_school.php @@ -0,0 +1,40 @@ + + +
'; +} else { + echo '
+ +
'; +} +?> diff --git a/student_profile/student_profile.php b/student_profile/student_profile.php index f2d4a41..4d7c0be 100644 --- a/student_profile/student_profile.php +++ b/student_profile/student_profile.php @@ -1,25 +1,18 @@ + + Hours Tracking - Dashboard
-
- -

View Student Details

@@ -41,17 +34,6 @@ class="text_input" View Student"; echo ""; } else { + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code searched $student_name they dont exist."; + $source = "Student Profile"; + + logAction($conn, $staff_id, $action, $source); + echo "

No records found for the given student name.

"; } echo "
"; @@ -91,8 +80,6 @@ class="text_input" } catch (PDOException $e) { die("

Database error: " . htmlspecialchars($e->getMessage()) . "

"); } - } else { - echo "

Please enter a student name to search.

"; } // Display selected student's data and medication records @@ -113,23 +100,31 @@ class="text_input" $student_data = $stmt->fetchAll(PDO::FETCH_ASSOC); + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $concat_string = htmlspecialchars($student_data[0]['first_name'] . ' ' . $student_data[0]['last_name'] . ' Year '. $student_data[0]['year']); + $action = "$staff_code searched and viewed $concat_string, ID $student_id"; + $source = "Student Profile"; + + logAction($conn, $staff_id, $action, $source); + if (!empty($student_data)) { $full_name = htmlspecialchars($student_data[0]['first_name'] . ' ' . $student_data[0]['last_name']); $year = htmlspecialchars($student_data[0]['year']); echo "

Details for $full_name (Year: $year)

"; - echo ""; + echo "
"; echo " - - - - + + + + "; foreach ($student_data as $row) { echo ""; - echo ""; - echo ""; - echo ""; - echo ""; + echo ""; + echo ""; + echo ""; echo ""; @@ -137,6 +132,9 @@ class="text_input" echo "
MedicationBrandCurrent DoseExpiry DateMedicationBrandCurrent DoseExpiry Date
" . htmlspecialchars($row['med_name'] ?? 'N/A') . "" . htmlspecialchars($row['brand_name'] ?? 'N/A') . "" . htmlspecialchars($row['current_dose'] ?? 'N/A') . "" . + echo "" . htmlspecialchars($row['med_name'] ?? 'N/A') . "" . htmlspecialchars($row['brand_name'] ?? 'N/A') . "" . htmlspecialchars($row['current_dose'] ?? 'N/A') . "" . (isset($row['exp_date']) ? date('Y-m-d', htmlspecialchars($row['exp_date'])) : 'N/A') . "
"; } else { echo "

No details available for the selected student.

"; + + + } } catch (PDOException $e) { diff --git a/trip/create_trip.php b/trip/create_trip.php new file mode 100644 index 0000000..c4833b4 --- /dev/null +++ b/trip/create_trip.php @@ -0,0 +1,64 @@ + + + + + + + Create Trip + + + +
+
+ +
+ +
+

Create a New Trip

+ +

Selected Student IDs:

+ + +
+ +
Enter trip name:
+
Example: IWEX - Spain
+ +

+
Enter start date:
+
Example: 02/05/2025
+ +

+
Enter end date:
+
Example: 05/05/2025
+ + + + + +

+ +
+
+ + diff --git a/trip/export_excel.php b/trip/export_excel.php new file mode 100644 index 0000000..328e01a --- /dev/null +++ b/trip/export_excel.php @@ -0,0 +1,116 @@ +prepare($sql); + $stmt->bindParam(':trip_id', $trip_id, PDO::PARAM_INT); + $stmt->execute(); + $trip = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$trip) { + die("Trip not found."); + } + + // Decode the JSON array from the takes field + $takesIDs = json_decode($trip['takes'], true); + if (!is_array($takesIDs) || empty($takesIDs)) { + die("No students associated with this trip."); + } + + // Build placeholders and fetch the expiration records ordered by student's last name. + $placeholders = implode(',', array_fill(0, count($takesIDs), '?')); + + $sqlTakes = "SELECT takes.takes_id, students.first_name, students.last_name, + med.med_name, brand.brand_name, takes.exp_date + FROM takes + INNER JOIN med ON takes.med_id = med.med_id + INNER JOIN brand ON takes.brand_id = brand.brand_id + INNER JOIN students ON takes.student_id = students.student_id + WHERE takes.takes_id IN ($placeholders) + ORDER BY students.last_name ASC"; + + $stmtTakes = $conn->prepare($sqlTakes); + foreach ($takesIDs as $index => $id) { + $stmtTakes->bindValue($index + 1, $id, PDO::PARAM_INT); + } + $stmtTakes->execute(); + $takesResults = $stmtTakes->fetchAll(PDO::FETCH_ASSOC); + + // Store the count of items created + $itemCount = count($takesResults); + +} catch (PDOException $e) { + die("Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); +} + +// Create a new Spreadsheet +$spreadsheet = new Spreadsheet(); +$sheet = $spreadsheet->getActiveSheet(); + +// Set document properties (optional) +$spreadsheet->getProperties() + ->setCreator("Your Application Name") + ->setTitle("Trip Expirations for " . $trip['trip_name']); + +// Define header row +$headers = ['Takes ID', 'Last Name', 'First Name', 'Medication', 'Brand', 'Expiry Date']; +$col = 'A'; +foreach ($headers as $header) { + $sheet->setCellValue($col . '1', $header); + $col++; +} + +// Write data rows +$rowNum = 2; +foreach ($takesResults as $record) { + // Format student name as "Last Name, First Name" + $studentName = $record['last_name'] . ", " . $record['first_name']; + + // Format the expiry date if numeric + $expDate = is_numeric($record['exp_date']) ? date('d/m/Y', $record['exp_date']) : $record['exp_date']; + + $sheet->setCellValue('A' . $rowNum, $record['takes_id']); + $sheet->setCellValue('B' . $rowNum, $record['last_name']); + $sheet->setCellValue('C' . $rowNum, $record['first_name']); + $sheet->setCellValue('D' . $rowNum, $record['med_name']); + $sheet->setCellValue('E' . $rowNum, $record['brand_name']); + $sheet->setCellValue('F' . $rowNum, $expDate); + $rowNum++; +} + +// Set filename (for example, including the trip name and current date) +$filename = "Trip_Expirations_" . preg_replace('/\s+/', '_', $trip['trip_name']) . "_" . date('Y-m-d') . ".xlsx"; + +// Redirect output to a client’s web browser (Xlsx) +header('Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'); +header("Content-Disposition: attachment; filename=\"$filename\""); +header('Cache-Control: max-age=0'); + +$staff_id = $_SESSION['staff_id']; +$staff_code = $_SESSION['staff_code']; +$action = "$staff_code created $filename with $itemCount records"; +$source = "Export Excel"; +// Call to the ../server/audit-log.php function +logAction($conn, $staff_id, $action, $source); + +$writer = new Xlsx($spreadsheet); +$writer->save('php://output'); +exit; diff --git a/trip/save_trip.php b/trip/save_trip.php new file mode 100644 index 0000000..6d93a42 --- /dev/null +++ b/trip/save_trip.php @@ -0,0 +1,53 @@ +prepare($sql); + $stmt->bindParam(':trip_name', $trip_name, PDO::PARAM_STR); + $stmt->bindParam(':start_date', $start_timestamp, PDO::PARAM_INT); + $stmt->bindParam(':end_date', $end_timestamp, PDO::PARAM_INT); + $stmt->bindParam(':takes', $selected_students_json, PDO::PARAM_STR); + $stmt->execute(); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created $trip_name, $start_date, $end_date, $student_count"; + $source = "Created Trip"; + + logAction($conn, $staff_id, $action, $source); + + // Clear the session selections once saved + unset($_SESSION['selected_students']); + + // Redirect or display a success message + header("Location: trip_management.php?success=1"); + exit; +} catch (PDOException $e) { + die("Error saving trip: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); +} +?> diff --git a/trip/select_students.php b/trip/select_students.php new file mode 100644 index 0000000..5c36a62 --- /dev/null +++ b/trip/select_students.php @@ -0,0 +1,186 @@ + + + + + + + Select Students for Trip + + + +
+
+ +
+ +
+

Select Students for Your Trip

+ + + +

+ + +

Currently selected student IDs:

+ + + + + +
+ + + +
+ prepare($sql); + $stmt->bindParam(':search', $search_param, PDO::PARAM_STR); + $stmt->bindParam(':limit', $results_per_page, PDO::PARAM_INT); + $stmt->bindParam(':offset', $start_from, PDO::PARAM_INT); + $stmt->execute(); + + $custom_headings = [ + 'takes_id' => 'ID', + 'first_name' => 'First Name', + 'last_name' => 'Last Name', + 'year' => 'Year', + 'med_name' => 'Medication Name', + 'brand_name' => 'Brand Name', + 'exp_date' => 'Expiry Date', + 'current_dose' => 'Current Dose', + 'min_dose' => 'Minimum Dose', + ]; + + $results = $stmt->fetchAll(PDO::FETCH_ASSOC); + + echo ""; + echo ""; + // Checkbox to select all students on this page + echo ""; + foreach ($custom_headings as $heading) { + echo ""; + } + echo ""; + + foreach ($results as $row) { + echo ""; + // Here we use the unique takes_id as the value; adjust as needed. + echo ""; + foreach ($custom_headings as $column => $heading) { + $value = $row[$column] ?? ''; + if ($column === 'exp_date' && is_numeric($value)) { + $value = date('d/m/Y', $value); + } + echo ""; + } + echo ""; + } + echo "
" . htmlspecialchars($heading, ENT_QUOTES) . "
+ + " . htmlspecialchars($value, ENT_QUOTES) . "
"; + } catch (PDOException $e) { + die("Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); + } + ?> +

+ + +
+ +
+ + + +
+ + Proceed to Create Trip +
+ + + + diff --git a/trip/trip_expiration.php b/trip/trip_expiration.php new file mode 100644 index 0000000..2ae90ad --- /dev/null +++ b/trip/trip_expiration.php @@ -0,0 +1,133 @@ +prepare($sql); + $stmt->bindParam(':trip_id', $trip_id, PDO::PARAM_INT); + $stmt->execute(); + $trip = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$trip) { + die("Trip not found."); + } + + // Decode the JSON array (which should be an array of takes_id values) + $takesIDs = json_decode($trip['takes'], true); + if (!is_array($takesIDs) || empty($takesIDs)) { + die("No students associated with this trip."); + } + + // Prepare a string of placeholders for the IN clause + $placeholders = implode(',', array_fill(0, count($takesIDs), '?')); + + // Query the related 'takes' records (joined with related tables) + // Now ordering the results alphabetically by the student's last name. + $sqlTakes = "SELECT takes.takes_id, students.student_id, students.first_name, students.last_name, + med.med_name, brand.brand_name, takes.exp_date + FROM takes + INNER JOIN med ON takes.med_id = med.med_id + INNER JOIN brand ON takes.brand_id = brand.brand_id + INNER JOIN students ON takes.student_id = students.student_id + WHERE takes.takes_id IN ($placeholders) + ORDER BY students.last_name ASC"; + + $stmtTakes = $conn->prepare($sqlTakes); + // Bind each takes_id value + foreach ($takesIDs as $index => $id) { + $stmtTakes->bindValue($index + 1, $id, PDO::PARAM_INT); + } + $stmtTakes->execute(); + $takesResults = $stmtTakes->fetchAll(PDO::FETCH_ASSOC); + +} catch (PDOException $e) { + die("Database error: " . htmlspecialchars($e->getMessage(), ENT_QUOTES)); +} +?> + + + + + + Trip Expirations - <?php echo htmlspecialchars($trip['trip_name'], ENT_QUOTES); ?> + + + +
+
+ +
+ +
+

Trip:

+

+ Trip Dates: + +

+

Student Medication Expirations

+ + "; + echo ""; + echo "Takes ID"; + echo "Last Name"; + echo "First Name"; + echo "Medication"; + echo "Brand"; + echo "Expiry Date"; + echo ""; + + foreach ($takesResults as $record) { + // Format the expiration date if it is a Unix timestamp + $expDate = is_numeric($record['exp_date']) ? date('d/m/Y', $record['exp_date']) : htmlspecialchars($record['exp_date'], ENT_QUOTES); + echo ""; + echo "" . htmlspecialchars($record['takes_id'], ENT_QUOTES) . ""; + echo "" . htmlspecialchars($record['last_name'], ENT_QUOTES) . ""; + echo "" . htmlspecialchars($record['first_name'], ENT_QUOTES) . ""; + echo "" . htmlspecialchars($record['med_name'], ENT_QUOTES) . ""; + echo "" . htmlspecialchars($record['brand_name'], ENT_QUOTES) . ""; + echo "" . htmlspecialchars($expDate, ENT_QUOTES) . ""; + echo ""; + } + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $name = (htmlspecialchars($trip['trip_name'])); + $source = "Trip Expiration"; + $action = "$staff_code viewed $trip_id, $name"; + + logAction($conn, $staff_id, $action, $source); + + + echo ""; + } else { + echo "

No medication records found for this trip.

"; + } + ?> + +
+ > Go Back +
+ + diff --git a/trip/trip_management.php b/trip/trip_management.php new file mode 100644 index 0000000..d966744 --- /dev/null +++ b/trip/trip_management.php @@ -0,0 +1,83 @@ + + + + + + + Trip Management + + + +
+
+ +
+ +
+ +

Trip Management

+ + prepare($sql); + $stmt->execute(); + $trips = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($trips) { + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + + foreach ($trips as $trip) { + // Convert the Unix timestamps to human-readable dates + $startDate = date('d/m/Y', $trip['start_date']); + $endDate = date('d/m/Y', $trip['end_date']); + + // Decode the JSON field to count the number of students + $studentIDs = json_decode($trip['takes'], true); + $studentCount = is_array($studentIDs) ? count($studentIDs) : 0; + + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + // The "Check Expirations" action sends you to trip_expiration.php with the trip id + echo " + "; + echo ""; + } + echo "
Trip IDTrip NameStart DateEnd DateNumber of StudentsActions
" . htmlspecialchars($trip['trip_id'], ENT_QUOTES) . "" . htmlspecialchars($trip['trip_name'], ENT_QUOTES) . "" . htmlspecialchars($startDate, ENT_QUOTES) . "" . htmlspecialchars($endDate, ENT_QUOTES) . "" . htmlspecialchars($studentCount, ENT_QUOTES) . " + Check Expirations + Export Excel +
"; + } else { + echo "

No trips found.

"; + } + } catch (PDOException $e) { + echo "

Error fetching trips: " . htmlspecialchars($e->getMessage(), ENT_QUOTES) . "

"; + } + ?> +
+ + diff --git a/uploads/67956ccaec213-import_students_template.csv b/uploads/67956ccaec213-import_students_template.csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/67956ccaec213-import_students_template.csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/uploads/679fd30548d12-import_students_template.csv b/uploads/679fd30548d12-import_students_template.csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/679fd30548d12-import_students_template.csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/uploads/679fd55727b0b-import_students_template (1).csv b/uploads/679fd55727b0b-import_students_template (1).csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/679fd55727b0b-import_students_template (1).csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/uploads/679fd5621e4f9-import_students_template (1).csv b/uploads/679fd5621e4f9-import_students_template (1).csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/679fd5621e4f9-import_students_template (1).csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/uploads/679fd57b97242-import_students_template (1).csv b/uploads/679fd57b97242-import_students_template (1).csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/679fd57b97242-import_students_template (1).csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/uploads/679fd581d72cb-import_students_template (1).csv b/uploads/679fd581d72cb-import_students_template (1).csv new file mode 100644 index 0000000..2257ab7 --- /dev/null +++ b/uploads/679fd581d72cb-import_students_template (1).csv @@ -0,0 +1,41 @@ +first_name,last_name,year +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,11 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,12 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,13 +student1,student2,12 +student1,student2,12 diff --git a/whole_school/active_records.php b/whole_school/active_records.php new file mode 100644 index 0000000..3469c37 --- /dev/null +++ b/whole_school/active_records.php @@ -0,0 +1,113 @@ +prepare($sql); + $stmt->bindParam(':whole_school_id', $whole_school_id, PDO::PARAM_INT); + $stmt->execute(); + $success_message = "Record archived successfully."; + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code archived whole_school_id:$whole_school_id"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); + + } catch (PDOException $e) { + $error_message = "Database error: " . htmlspecialchars($e->getMessage()); + } +} +?> + + + +Hours Tracking - Whole School +
+ +
+ +
+ +
+ +
+ + +
+

Whole School Records

+ query($sql); + $results = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($results) { + echo ""; + echo ""; + // Define custom headings + $customHeadings = [ + 'whole_school_id' => 'Record ID', + 'name' => 'Item Name', + 'exp_date' => 'Expiry Date', + 'amount_left' => 'Amount Left', + 'notes' => 'Notes', + ]; + + // Print custom headings based on fetched columns + foreach (array_keys($results[0]) as $header) { + echo ""; + } + echo ""; + echo ""; + + foreach ($results as $row) { + echo ""; + foreach ($row as $key => $value) { + if ($key === 'exp_date' && is_numeric($value)) { + $value = date('d/m/y', $value); + } + echo ""; + } + echo ""; + echo ""; + } + echo "
" . htmlspecialchars($customHeadings[$header] ?? $header) . "Actions
" . htmlspecialchars($value) . " +
+ + +
+ +
+ + +
+
"; + } else { + echo "

No records found.

"; + } + } catch (PDOException $e) { + echo "

Database error: " . htmlspecialchars($e->getMessage()) . "

"; + } + ?> +
+ + + + diff --git a/whole_school/archive_records.php b/whole_school/archive_records.php new file mode 100644 index 0000000..fa181c4 --- /dev/null +++ b/whole_school/archive_records.php @@ -0,0 +1,68 @@ + + + + +Hours Tracking - Create Whole School Item +
+
+ +
+ +
+ +
+

Archived Records

+ query($sql); + $archived_results = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($archived_results) { + echo ""; + echo ""; + + $customHeadings = [ + 'whole_school_id' => 'Record ID', + 'name' => 'Item Name', + 'exp_date' => 'Expiry Date', + 'amount_left' => 'Amount Left', + 'notes' => 'Notes', + ]; + + foreach (array_keys($archived_results[0]) as $header) { + echo ""; + } + echo ""; + + foreach ($archived_results as $row) { + echo ""; + foreach ($row as $key => $value) { + if ($key === 'exp_date' && is_numeric($value)) { + $value = date('d/m/y', $value); + } + echo ""; + } + echo ""; + } + echo "
" . htmlspecialchars($customHeadings[$header] ?? $header) . "
" . htmlspecialchars($value) . "
"; + } else { + echo "

No archived records found.

"; + } + } catch (PDOException $e) { + echo "

Database error: " . htmlspecialchars($e->getMessage()) . "

"; + } + ?> \ No newline at end of file diff --git a/whole_school/edit_school_record.php b/whole_school/edit_school_record.php index 3c5e419..381e7e1 100644 --- a/whole_school/edit_school_record.php +++ b/whole_school/edit_school_record.php @@ -1,6 +1,10 @@ bindParam(':whole_school_id', $whole_school_id, PDO::PARAM_INT); $update_stmt->execute(); + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code updated $whole_school_id , $name , $exp_date, $amount_left, $notes"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); + + $success_message = "Record updated successfully."; + header("location: active_records.php"); } catch (PDOException $e) { $error_message = "Database error: " . htmlspecialchars($e->getMessage()); } } else { $error_message = "All fields are required, and amount left must be a non-negative integer."; + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code failed to edit record mutliple invalid inputs"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); } } ?> @@ -65,26 +84,6 @@ Hours Tracking - Whole School
- -

Edit Whole School Record

diff --git a/whole_school/whole_school_form.php b/whole_school/whole_school_form.php index d2480cb..5e3b478 100644 --- a/whole_school/whole_school_form.php +++ b/whole_school/whole_school_form.php @@ -1,6 +1,11 @@ = 0) { - $exp_date = strtotime($exp_date_input); // Convert date to timestamp + // Convert date to UNIX epoch timestamp at start of day + $exp_date = strtotime('today', strtotime($exp_date_input)); // Ensure the date conversion is successful if ($exp_date) { @@ -24,17 +30,37 @@ $stmt->bindParam(':amount_left', $amount_left, PDO::PARAM_INT); $stmt->bindParam(':notes', $notes, PDO::PARAM_STR); $stmt->execute(); - - header("Location: whole_school_table.php"); + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code created $name , $exp_date, $amount_left, $notes"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); + + header("Location: active_records.php"); $success_message = "New record added successfully."; } catch (PDOException $e) { $error_message = "Database error: " . htmlspecialchars($e->getMessage()); } } else { $error_message = "Invalid expiration date. Please use the format 'dd/mm/yyyy'."; + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code failed to create $name , $exp_date, $amount_left, $notes"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); } } else { $error_message = "All fields are required, and amount left must be a non-negative integer."; + + $staff_id = $_SESSION['staff_id']; + $staff_code = $_SESSION['staff_code']; + $action = "$staff_code failed to create multiple invalid fields"; + $source = "Whole School Medication"; + + logAction($conn, $staff_id, $action, $source); } } ?> @@ -43,22 +69,14 @@ Hours Tracking - Create Whole School Item
-
-
- + \ No newline at end of file diff --git a/whole_school/whole_school_table.php b/whole_school/whole_school_table.php deleted file mode 100644 index 61374b9..0000000 --- a/whole_school/whole_school_table.php +++ /dev/null @@ -1,137 +0,0 @@ -prepare($sql); - $stmt->bindParam(':whole_school_id', $whole_school_id, PDO::PARAM_INT); - $stmt->execute(); - $success_message = "Record archived successfully."; - } catch (PDOException $e) { - $error_message = "Database error: " . htmlspecialchars($e->getMessage()); - } -} -?> - - - -Hours Tracking - Whole School -
- - -

- - - - - - -
-

Whole School Records

- query($sql); - $results = $stmt->fetchAll(PDO::FETCH_ASSOC); - - if ($results) { - echo ""; - echo ""; - foreach (array_keys($results[0]) as $header) { - echo ""; - } - echo ""; - echo ""; - - foreach ($results as $row) { - echo ""; - foreach ($row as $key => $value) { - if ($key === 'exp_date' && is_numeric($value)) { - $value = date('d/m/y', $value); - } - echo ""; - } - echo ""; - echo ""; - } - echo "
" . htmlspecialchars($header) . "Actions
" . htmlspecialchars($value) . " -
- - -
-
- - -
-
"; - } else { - echo "

No records found.

"; - } - } catch (PDOException $e) { - echo "

Database error: " . htmlspecialchars($e->getMessage()) . "

"; - } - ?> - - - - -
-

Archived Records

- query($sql); - $archived_results = $stmt->fetchAll(PDO::FETCH_ASSOC); - - if ($archived_results) { - echo ""; - echo ""; - foreach (array_keys($archived_results[0]) as $header) { - echo ""; - } - echo ""; - - foreach ($archived_results as $row) { - echo ""; - foreach ($row as $key => $value) { - if ($key === 'exp_date' && is_numeric($value)) { - $value = date('d/m/y', $value); - } - echo ""; - } - echo ""; - } - echo "
" . htmlspecialchars($header) . "
" . htmlspecialchars($value) . "
"; - } else { - echo "

No archived records found.

"; - } - } catch (PDOException $e) { - echo "

Database error: " . htmlspecialchars($e->getMessage()) . "

"; - } - ?> -
-