Initial commit

2026-01-07 14:09:59 +08:00
commit 8a00aa71d5
939 changed files with 40616 additions and 0 deletions
--- a/src-backup/api/export_activities.php
+++ b/src-backup/api/export_activities.php
@@ -0,0 +1,106 @@
+<?php
+require_once '../includes/config.php';
+
+header('Content-Type: application/json');
+
+// Check if user is logged in and is admin
+if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true || $_SESSION['role'] !== 'admin') {
+    echo json_encode(['success' => false, 'message' => 'Not authorized']);
+    exit();
+}
+
+// Get all activities with details
+$sql = "SELECT 
+            a.name,
+            a.date,
+            a.time_in,
+            a.time_out,
+            a.location,
+            a.description,
+            a.required_students,
+            c.code as course_code,
+            c.name as course_name,
+            d.code as department_code,
+            d.name as department_name,
+            u.full_name as created_by,
+            CASE a.status WHEN 1 THEN 'Active' ELSE 'Inactive' END as status,
+            a.created_at,
+            a.updated_at
+        FROM activities a
+        LEFT JOIN users u ON a.created_by = u.id
+        LEFT JOIN courses c ON a.course_id = c.id
+        LEFT JOIN departments d ON a.department_id = d.id
+        ORDER BY a.date DESC, a.time_in ASC";
+
+$result = query($conn, $sql);
+$activities = [];
+
+while ($row = mysqli_fetch_assoc($result)) {
+    $activities[] = $row;
+}
+
+// Create CSV file
+$filename = 'activities_' . date('Y-m-d_H-i-s') . '.csv';
+$filepath = '../exports/' . $filename;
+
+// Create exports directory if not exists
+if (!file_exists('../exports')) {
+    mkdir('../exports', 0777, true);
+}
+
+// Open file for writing
+$file = fopen($filepath, 'w');
+
+// Add UTF-8 BOM for Excel compatibility
+fputs($file, $bom = (chr(0xEF) . chr(0xBB) . chr(0xBF)));
+
+// Add headers
+$headers = [
+    'Activity Name',
+    'Date',
+    'Time In',
+    'Time Out',
+    'Location',
+    'Description',
+    'Participants',
+    'Course Code',
+    'Course Name',
+    'Department Code',
+    'Department Name',
+    'Created By',
+    'Status',
+    'Created At',
+    'Updated At'
+];
+fputcsv($file, $headers);
+
+// Add data rows
+foreach ($activities as $activity) {
+    fputcsv($file, [
+        $activity['name'],
+        $activity['date'],
+        $activity['time_in'],
+        $activity['time_out'],
+        $activity['location'],
+        $activity['description'],
+        $activity['required_students'],
+        $activity['course_code'],
+        $activity['course_name'],
+        $activity['department_code'],
+        $activity['department_name'],
+        $activity['created_by'],
+        $activity['status'],
+        $activity['created_at'],
+        $activity['updated_at']
+    ]);
+}
+
+fclose($file);
+
+echo json_encode([
+    'success' => true,
+    'message' => 'Export completed',
+    'download_url' => '../exports/' . $filename,
+    'count' => count($activities)
+]);
+?>
--- a/src-backup/api/export_reports.php
+++ b/src-backup/api/export_reports.php
@@ -0,0 +1,161 @@
+<?php
+require_once '../includes/config.php';
+
+header('Content-Type: application/json');
+
+// Check if user is logged in and is admin
+if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true || $_SESSION['role'] !== 'admin') {
+    echo json_encode(['success' => false, 'message' => 'Not authorized']);
+    exit();
+}
+
+// Get filter parameters
+$start_date = $_GET['start_date'] ?? date('Y-m-01');
+$end_date = $_GET['end_date'] ?? date('Y-m-t');
+$activity_id = $_GET['activity_id'] ?? '';
+$course_id = $_GET['course_id'] ?? '';
+$department_id = $_GET['department_id'] ?? '';
+$status = $_GET['status'] ?? '';
+
+// Build SQL query with filters
+$where_conditions = ["DATE(a.created_at) BETWEEN '$start_date' AND '$end_date'"];
+$join_tables = "";
+
+if ($activity_id) {
+    $where_conditions[] = "a.activity_id = " . intval($activity_id);
+}
+
+if ($course_id) {
+    $join_tables .= " LEFT JOIN students s ON a.student_id = s.id";
+    $where_conditions[] = "s.course_id = " . intval($course_id);
+}
+
+if ($department_id) {
+    if (strpos($join_tables, 'students s') === false) {
+        $join_tables .= " LEFT JOIN students s ON a.student_id = s.id";
+    }
+    $where_conditions[] = "s.department_id = " . intval($department_id);
+}
+
+if ($status && in_array($status, ['present', 'late', 'absent', 'excused'])) {
+    $where_conditions[] = "a.status = '$status'";
+}
+
+$where_clause = count($where_conditions) > 0 ? "WHERE " . implode(" AND ", $where_conditions) : "";
+
+// Get attendance records
+$sql = "SELECT 
+            DATE_FORMAT(a.created_at, '%Y-%m-%d') as date,
+            DATE_FORMAT(a.created_at, '%H:%i:%s') as time,
+            s.student_id,
+            s.full_name as student_name,
+            s.year_level,
+            c.code as course_code,
+            c.name as course_name,
+            d.code as department_code,
+            d.name as department_name,
+            ac.name as activity_name,
+            ac.location as activity_location,
+            a.time_in,
+            a.time_out,
+            a.status,
+            u.full_name as recorded_by,
+            a.notes
+        FROM attendance a
+        LEFT JOIN students s ON a.student_id = s.id
+        LEFT JOIN courses c ON s.course_id = c.id
+        LEFT JOIN departments d ON s.department_id = d.id
+        LEFT JOIN activities ac ON a.activity_id = ac.id
+        LEFT JOIN users u ON a.created_by = u.id
+        $join_tables
+        $where_clause
+        ORDER BY a.created_at DESC";
+
+$result = query($conn, $sql);
+$records = [];
+
+while ($row = mysqli_fetch_assoc($result)) {
+    $records[] = $row;
+}
+
+// Create CSV file
+$filename = 'attendance_report_' . date('Y-m-d_H-i-s') . '.csv';
+$filepath = '../exports/' . $filename;
+
+// Create exports directory if not exists
+if (!file_exists('../exports')) {
+    mkdir('../exports', 0777, true);
+}
+
+// Open file for writing
+$file = fopen($filepath, 'w');
+
+// Add UTF-8 BOM for Excel compatibility
+fputs($file, $bom = (chr(0xEF) . chr(0xBB) . chr(0xBF)));
+
+// Add headers
+$headers = [
+    'Date',
+    'Time',
+    'Student ID',
+    'Student Name',
+    'Year Level',
+    'Course Code',
+    'Course Name',
+    'Department Code',
+    'Department Name',
+    'Activity Name',
+    'Activity Location',
+    'Time In',
+    'Time Out',
+    'Status',
+    'Recorded By',
+    'Notes'
+];
+fputcsv($file, $headers);
+
+// Add data rows
+foreach ($records as $record) {
+    fputcsv($file, [
+        $record['date'],
+        $record['time'],
+        $record['student_id'],
+        $record['student_name'],
+        $record['year_level'],
+        $record['course_code'],
+        $record['course_name'],
+        $record['department_code'],
+        $record['department_name'],
+        $record['activity_name'],
+        $record['activity_location'],
+        $record['time_in'],
+        $record['time_out'],
+        ucfirst($record['status']),
+        $record['recorded_by'],
+        $record['notes']
+    ]);
+}
+
+fclose($file);
+
+// Get statistics for summary sheet
+$stats_sql = "SELECT 
+                COUNT(*) as total,
+                SUM(CASE WHEN status = 'present' THEN 1 ELSE 0 END) as present,
+                SUM(CASE WHEN status = 'late' THEN 1 ELSE 0 END) as late,
+                SUM(CASE WHEN status = 'absent' THEN 1 ELSE 0 END) as absent,
+                SUM(CASE WHEN status = 'excused' THEN 1 ELSE 0 END) as excused
+              FROM attendance 
+              WHERE DATE(created_at) BETWEEN '$start_date' AND '$end_date'";
+$stats_result = query($conn, $stats_sql);
+$stats = mysqli_fetch_assoc($stats_result);
+
+echo json_encode([
+    'success' => true,
+    'message' => 'Export completed',
+    'download_url' => '../exports/' . $filename,
+    'count' => count($records),
+    'stats' => $stats,
+    'period' => "$start_date to $end_date"
+]);
+?>
--- a/src-backup/api/get_courses.php
+++ b/src-backup/api/get_courses.php
@@ -0,0 +1,25 @@
+<?php
+require_once '../includes/config.php';
+
+$department_id = isset($_GET['department_id']) ? intval($_GET['department_id']) : 0;
+
+$courses = [];
+if ($department_id > 0) {
+    $sql = "SELECT id, code, name FROM courses 
+            WHERE department_id = ? AND status = 1 
+            ORDER BY code";
+    
+    $stmt = mysqli_prepare($conn, $sql);
+    mysqli_stmt_bind_param($stmt, 'i', $department_id);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    
+    while ($row = mysqli_fetch_assoc($result)) {
+        $courses[] = $row;
+    }
+    mysqli_stmt_close($stmt);
+}
+
+header('Content-Type: application/json');
+echo json_encode($courses);
+?>
--- a/src-backup/api/get_departments.php
+++ b/src-backup/api/get_departments.php
@@ -0,0 +1,25 @@
+<?php
+require_once '../includes/config.php';
+
+$school_id = isset($_GET['school_id']) ? intval($_GET['school_id']) : 0;
+
+$departments = [];
+if ($school_id > 0) {
+    $sql = "SELECT id, code, name FROM departments 
+            WHERE school_id = ? AND status = 1 
+            ORDER BY code";
+    
+    $stmt = mysqli_prepare($conn, $sql);
+    mysqli_stmt_bind_param($stmt, 'i', $school_id);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    
+    while ($row = mysqli_fetch_assoc($result)) {
+        $departments[] = $row;
+    }
+    mysqli_stmt_close($stmt);
+}
+
+header('Content-Type: application/json');
+echo json_encode($departments);
+?>
--- a/src-backup/api/manual_entry.php
+++ b/src-backup/api/manual_entry.php
@@ -0,0 +1,180 @@
+<?php
+require_once '../includes/config.php';
+
+header('Content-Type: application/json');
+
+// Check if user is logged in
+if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
+    echo json_encode(['success' => false, 'message' => 'Not authenticated']);
+    exit();
+}
+
+$response = [
+    'success' => false,
+    'message' => '',
+    'data' => []
+];
+
+// Get input data
+$input = json_decode(file_get_contents('php://input'), true);
+$student_id_input = $input['student_id'] ?? '';
+
+if (empty($student_id_input)) {
+    $response['message'] = 'Student ID is required';
+    echo json_encode($response);
+    exit();
+}
+
+// Get student by student ID
+$sql = "SELECT s.*, c.code as course_code, d.name as department_name 
+        FROM students s 
+        JOIN courses c ON s.course_id = c.id 
+        JOIN departments d ON s.department_id = d.id 
+        WHERE s.student_id = '" . escape($conn, $student_id_input) . "' AND s.status = 1";
+$result = query($conn, $sql);
+
+if (!$result || mysqli_num_rows($result) === 0) {
+    $response['message'] = 'Student not found with ID: ' . $student_id_input;
+    echo json_encode($response);
+    exit();
+}
+
+$student = mysqli_fetch_assoc($result);
+
+// Get current time and date
+$current_time = date('H:i:s');
+$current_date = date('Y-m-d');
+
+// Find active activity for the student
+$activity_sql = "SELECT * FROM activities 
+                WHERE status = 1 
+                AND date = '$current_date' 
+                AND time_in <= '$current_time' 
+                AND time_out >= '$current_time' 
+                AND (
+                    required_students = 'all' 
+                    OR (required_students = 'specific_course' AND course_id = " . $student['course_id'] . ")
+                    OR (required_students = 'specific_department' AND department_id = " . $student['department_id'] . ")
+                )
+                LIMIT 1";
+
+$activity_result = query($conn, $activity_sql);
+
+if (!$activity_result || mysqli_num_rows($activity_result) === 0) {
+    // If no current activity, check for any today's activity
+    $activity_sql = "SELECT * FROM activities 
+                    WHERE status = 1 
+                    AND date = '$current_date'
+                    ORDER BY time_in DESC 
+                    LIMIT 1";
+    $activity_result = query($conn, $activity_sql);
+}
+
+if (!$activity_result || mysqli_num_rows($activity_result) === 0) {
+    $response['message'] = 'No active activity found for today';
+    echo json_encode($response);
+    exit();
+}
+
+$activity = mysqli_fetch_assoc($activity_result);
+
+// Check if attendance already exists
+$attendance_sql = "SELECT * FROM attendance 
+                   WHERE student_id = " . $student['id'] . " 
+                   AND activity_id = " . $activity['id'];
+$attendance_result = query($conn, $attendance_sql);
+
+if ($attendance_result && mysqli_num_rows($attendance_result) > 0) {
+    $attendance = mysqli_fetch_assoc($attendance_result);
+    
+    if ($attendance['time_out']) {
+        $response['message'] = 'Attendance already completed for this activity';
+        echo json_encode($response);
+        exit();
+    }
+    
+    // Update time out
+    $time_out = date('Y-m-d H:i:s');
+    $update_sql = "UPDATE attendance 
+                   SET time_out = '$time_out',
+                       status = 'present',
+                       updated_at = NOW()
+                   WHERE id = " . $attendance['id'];
+    
+    if (query($conn, $update_sql)) {
+        // Log the action
+        $log_sql = "INSERT INTO attendance_logs 
+                    (attendance_id, action, old_value, new_value, changed_by, notes) 
+                    VALUES (
+                        " . $attendance['id'] . ", 
+                        'time_out', 
+                        NULL, 
+                        '$time_out', 
+                        " . $_SESSION['user_id'] . ", 
+                        'Manual entry - time out'
+                    )";
+        query($conn, $log_sql);
+        
+        $response['success'] = true;
+        $response['message'] = 'Time out recorded successfully';
+        $response['data'] = [
+            'student_name' => $student['full_name'],
+            'activity_name' => $activity['name'],
+            'time' => date('h:i:s A'),
+            'action' => 'time_out'
+        ];
+    }
+} else {
+    // Create new attendance record
+    $time_in = date('Y-m-d H:i:s');
+    $status = 'present';
+    
+    // Check if late
+    $activity_start = strtotime($activity['date'] . ' ' . $activity['time_in']);
+    $current_timestamp = time();
+    
+    if (($current_timestamp - $activity_start) > 900) {
+        $status = 'late';
+    }
+    
+    $insert_sql = "INSERT INTO attendance 
+                   (student_id, activity_id, time_in, status, created_at, updated_at) 
+                   VALUES (
+                       " . $student['id'] . ", 
+                       " . $activity['id'] . ", 
+                       '$time_in', 
+                       '$status', 
+                       NOW(), 
+                       NOW()
+                   )";
+    
+    if (query($conn, $insert_sql)) {
+        $attendance_id = getInsertId($conn);
+        
+        // Log the action
+        $log_sql = "INSERT INTO attendance_logs 
+                    (attendance_id, action, old_value, new_value, changed_by, notes) 
+                    VALUES (
+                        $attendance_id, 
+                        'time_in', 
+                        NULL, 
+                        '$time_in', 
+                        " . $_SESSION['user_id'] . ", 
+                        'Manual entry - time in'
+                    )";
+        query($conn, $log_sql);
+        
+        $response['success'] = true;
+        $response['message'] = 'Time in recorded successfully';
+        $response['data'] = [
+            'student_name' => $student['full_name'],
+            'activity_name' => $activity['name'],
+            'time' => date('h:i:s A'),
+            'status' => $status,
+            'action' => 'time_in'
+        ];
+    }
+}
+
+echo json_encode($response);
+?>
--- a/src-backup/api/scan_qr.php
+++ b/src-backup/api/scan_qr.php
@@ -0,0 +1,192 @@
+<?php
+require_once '../includes/config.php';
+
+header('Content-Type: application/json');
+
+// Check if user is logged in
+if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
+    echo json_encode(['success' => false, 'message' => 'Not authenticated']);
+    exit();
+}
+
+$response = [
+    'success' => false,
+    'message' => '',
+    'data' => []
+];
+
+// Get input data
+$input = json_decode(file_get_contents('php://input'), true);
+$qr_code = $input['qr_code'] ?? '';
+
+if (empty($qr_code)) {
+    $response['message'] = 'QR code is required';
+    echo json_encode($response);
+    exit();
+}
+
+// Extract student ID from QR code (format: STU_23-0217_692b07dd55c31)
+$qr_parts = explode('_', $qr_code);
+if (count($qr_parts) < 3 || $qr_parts[0] !== 'STU') {
+    $response['message'] = 'Invalid QR code format';
+    echo json_encode($response);
+    exit();
+}
+
+$student_id_str = $qr_parts[1]; // e.g., 23-0217
+
+// Get student details
+$sql = "SELECT s.*, c.code as course_code, d.name as department_name 
+        FROM students s 
+        JOIN courses c ON s.course_id = c.id 
+        JOIN departments d ON s.department_id = d.id 
+        WHERE s.qr_code = '" . escape($conn, $qr_code) . "' AND s.status = 1";
+$result = query($conn, $sql);
+
+if (!$result || mysqli_num_rows($result) === 0) {
+    $response['message'] = 'Student not found or QR code invalid';
+    echo json_encode($response);
+    exit();
+}
+
+$student = mysqli_fetch_assoc($result);
+
+// Get current time
+$current_time = date('H:i:s');
+$current_date = date('Y-m-d');
+
+// Find active activity for the student
+$activity_sql = "SELECT * FROM activities 
+                WHERE status = 1 
+                AND date = '$current_date' 
+                AND time_in <= '$current_time' 
+                AND time_out >= '$current_time' 
+                AND (
+                    required_students = 'all' 
+                    OR (required_students = 'specific_course' AND course_id = " . $student['course_id'] . ")
+                    OR (required_students = 'specific_department' AND department_id = " . $student['department_id'] . ")
+                )
+                LIMIT 1";
+
+$activity_result = query($conn, $activity_sql);
+
+if (!$activity_result || mysqli_num_rows($activity_result) === 0) {
+    // If no current activity, check for any today's activity
+    $activity_sql = "SELECT * FROM activities 
+                    WHERE status = 1 
+                    AND date = '$current_date'
+                    ORDER BY time_in DESC 
+                    LIMIT 1";
+    $activity_result = query($conn, $activity_sql);
+}
+
+if (!$activity_result || mysqli_num_rows($activity_result) === 0) {
+    $response['message'] = 'No active activity found for today';
+    echo json_encode($response);
+    exit();
+}
+
+$activity = mysqli_fetch_assoc($activity_result);
+
+// Check if attendance already exists
+$attendance_sql = "SELECT * FROM attendance 
+                   WHERE student_id = " . $student['id'] . " 
+                   AND activity_id = " . $activity['id'];
+$attendance_result = query($conn, $attendance_sql);
+
+if ($attendance_result && mysqli_num_rows($attendance_result) > 0) {
+    // Update time out if already has time in
+    $attendance = mysqli_fetch_assoc($attendance_result);
+    
+    if ($attendance['time_out']) {
+        $response['message'] = 'Attendance already completed for this activity';
+        echo json_encode($response);
+        exit();
+    }
+    
+    // Update time out
+    $time_out = date('Y-m-d H:i:s');
+    $update_sql = "UPDATE attendance 
+                   SET time_out = '$time_out',
+                       status = 'present',
+                       updated_at = NOW()
+                   WHERE id = " . $attendance['id'];
+    
+    if (query($conn, $update_sql)) {
+        // Log the action
+        $log_sql = "INSERT INTO attendance_logs 
+                    (attendance_id, action, old_value, new_value, changed_by, notes) 
+                    VALUES (
+                        " . $attendance['id'] . ", 
+                        'time_out', 
+                        NULL, 
+                        '$time_out', 
+                        " . $_SESSION['user_id'] . ", 
+                        'QR code scan - time out'
+                    )";
+        query($conn, $log_sql);
+        
+        $response['success'] = true;
+        $response['message'] = 'Time out recorded successfully';
+        $response['data'] = [
+            'student_name' => $student['full_name'],
+            'activity_name' => $activity['name'],
+            'time' => date('h:i:s A'),
+            'status' => 'present',
+            'action' => 'time_out'
+        ];
+    }
+} else {
+    // Create new attendance record
+    $time_in = date('Y-m-d H:i:s');
+    $status = 'present';
+    
+    // Check if late (more than 15 minutes after activity start)
+    $activity_start = strtotime($activity['date'] . ' ' . $activity['time_in']);
+    $current_timestamp = time();
+    
+    if (($current_timestamp - $activity_start) > 900) { // 900 seconds = 15 minutes
+        $status = 'late';
+    }
+    
+    $insert_sql = "INSERT INTO attendance 
+                   (student_id, activity_id, time_in, status, created_at, updated_at) 
+                   VALUES (
+                       " . $student['id'] . ", 
+                       " . $activity['id'] . ", 
+                       '$time_in', 
+                       '$status', 
+                       NOW(), 
+                       NOW()
+                   )";
+    
+    if (query($conn, $insert_sql)) {
+        $attendance_id = getInsertId($conn);
+        
+        // Log the action
+        $log_sql = "INSERT INTO attendance_logs 
+                    (attendance_id, action, old_value, new_value, changed_by, notes) 
+                    VALUES (
+                        $attendance_id, 
+                        'time_in', 
+                        NULL, 
+                        '$time_in', 
+                        " . $_SESSION['user_id'] . ", 
+                        'QR code scan - time in'
+                    )";
+        query($conn, $log_sql);
+        
+        $response['success'] = true;
+        $response['message'] = 'Time in recorded successfully';
+        $response['data'] = [
+            'student_name' => $student['full_name'],
+            'activity_name' => $activity['name'],
+            'time' => date('h:i:s A'),
+            'status' => $status,
+            'action' => 'time_in'
+        ];
+    }
+}
+
+echo json_encode($response);
+?>