Sindbad~EG File Manager
<?php
require_once '../../config/config.php';
// Check if user is logged in and has appropriate permissions
if (!isLoggedIn()) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit;
}
// Only superuser can manage locations
if (!hasRole('superuser')) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Insufficient permissions']);
exit;
}
// Set content type
header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD'];
$db = new Database();
$conn = $db->getConnection();
try {
switch ($method) {
case 'GET':
// Get locations
$type = $_GET['type'] ?? 'all';
$active_only = isset($_GET['active_only']) ? (bool)$_GET['active_only'] : true;
$query = "SELECT l.*, p.name as parent_name
FROM locations l
LEFT JOIN locations p ON l.parent_id = p.id
WHERE 1=1";
$params = [];
if ($type !== 'all') {
$query .= " AND l.type = ?";
$params[] = $type;
}
if ($active_only) {
$query .= " AND l.is_active = 1";
}
$query .= " ORDER BY l.type, l.name";
$stmt = $conn->prepare($query);
$stmt->execute($params);
$locations = $stmt->fetchAll();
echo json_encode([
'success' => true,
'locations' => $locations
]);
break;
case 'POST':
// Create new location
$data = json_decode(file_get_contents('php://input'), true);
$name = sanitizeInput($data['name'] ?? '');
$type = $data['type'] ?? '';
$parent_id = !empty($data['parent_id']) ? (int)$data['parent_id'] : null;
$address = sanitizeInput($data['address'] ?? '');
$contact_person = sanitizeInput($data['contact_person'] ?? '');
$contact_phone = sanitizeInput($data['contact_phone'] ?? '');
$contact_email = sanitizeInput($data['contact_email'] ?? '');
// Validate required fields
if (empty($name) || empty($type)) {
throw new Exception('Name and type are required');
}
if (!in_array($type, ['district', 'assembly'])) {
throw new Exception('Invalid location type');
}
// For assemblies, parent_id should be a district
if ($type === 'assembly' && $parent_id) {
$parent_check = $conn->prepare("SELECT type FROM locations WHERE id = ? AND type = 'district'");
$parent_check->execute([$parent_id]);
if (!$parent_check->fetch()) {
throw new Exception('Assembly must belong to a valid district');
}
}
$query = "INSERT INTO locations (name, type, parent_id, address, contact_person, contact_phone, contact_email)
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$stmt->execute([$name, $type, $parent_id, $address, $contact_person, $contact_phone, $contact_email]);
$location_id = $conn->lastInsertId();
// Log activity
logActivity($_SESSION['user_id'], 'create_location', "Created $type: $name");
echo json_encode([
'success' => true,
'message' => ucfirst($type) . ' created successfully',
'location_id' => $location_id
]);
break;
case 'PUT':
// Update location
$data = json_decode(file_get_contents('php://input'), true);
$id = (int)($data['id'] ?? 0);
$name = sanitizeInput($data['name'] ?? '');
$type = $data['type'] ?? '';
$parent_id = !empty($data['parent_id']) ? (int)$data['parent_id'] : null;
$address = sanitizeInput($data['address'] ?? '');
$contact_person = sanitizeInput($data['contact_person'] ?? '');
$contact_phone = sanitizeInput($data['contact_phone'] ?? '');
$contact_email = sanitizeInput($data['contact_email'] ?? '');
$is_active = isset($data['is_active']) ? (bool)$data['is_active'] : true;
if (!$id || empty($name) || empty($type)) {
throw new Exception('ID, name and type are required');
}
// Check if location exists
$check_query = "SELECT * FROM locations WHERE id = ?";
$check_stmt = $conn->prepare($check_query);
$check_stmt->execute([$id]);
$existing = $check_stmt->fetch();
if (!$existing) {
throw new Exception('Location not found');
}
$query = "UPDATE locations
SET name = ?, type = ?, parent_id = ?, address = ?,
contact_person = ?, contact_phone = ?, contact_email = ?, is_active = ?
WHERE id = ?";
$stmt = $conn->prepare($query);
$stmt->execute([$name, $type, $parent_id, $address, $contact_person, $contact_phone, $contact_email, $is_active, $id]);
// Log activity
logActivity($_SESSION['user_id'], 'update_location', "Updated $type: $name");
echo json_encode([
'success' => true,
'message' => ucfirst($type) . ' updated successfully'
]);
break;
case 'DELETE':
// Delete/deactivate location
$data = json_decode(file_get_contents('php://input'), true);
$id = (int)($data['id'] ?? 0);
if (!$id) {
throw new Exception('Location ID is required');
}
// Check if location exists
$check_query = "SELECT name, type FROM locations WHERE id = ?";
$check_stmt = $conn->prepare($check_query);
$check_stmt->execute([$id]);
$location = $check_stmt->fetch();
if (!$location) {
throw new Exception('Location not found');
}
// Check if location is being used
$usage_checks = [
"SELECT COUNT(*) as count FROM attendance_records WHERE district_id = ? OR assembly_id = ?",
"SELECT COUNT(*) as count FROM programs WHERE location_id = ?",
"SELECT COUNT(*) as count FROM locations WHERE parent_id = ?"
];
$is_used = false;
foreach ($usage_checks as $check) {
$stmt = $conn->prepare($check);
if (strpos($check, 'attendance_records') !== false) {
$stmt->execute([$id, $id]);
} else {
$stmt->execute([$id]);
}
if ($stmt->fetch()['count'] > 0) {
$is_used = true;
break;
}
}
if ($is_used) {
// Soft delete - just deactivate
$query = "UPDATE locations SET is_active = 0 WHERE id = ?";
$stmt = $conn->prepare($query);
$stmt->execute([$id]);
$message = ucfirst($location['type']) . ' deactivated (has associated records)';
} else {
// Hard delete - completely remove
$query = "DELETE FROM locations WHERE id = ?";
$stmt = $conn->prepare($query);
$stmt->execute([$id]);
$message = ucfirst($location['type']) . ' deleted successfully';
}
// Log activity
logActivity($_SESSION['user_id'], 'delete_location', "Deleted {$location['type']}: {$location['name']}");
echo json_encode([
'success' => true,
'message' => $message
]);
break;
default:
throw new Exception('Method not allowed');
}
} catch (Exception $e) {
http_response_code(400);
echo json_encode([
'success' => false,
'message' => $e->getMessage()
]);
}
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists