Sindbad~EG File Manager

<?php
require_once '../config/config.php';

header('Content-Type: application/json');

// Verify access code
$input = json_decode(file_get_contents('php://input'), true);
$access_code = $input['access_code'] ?? '';

if (empty($access_code)) {
    echo json_encode(['success' => false, 'message' => 'Access code required']);
    exit;
}

$db = new Database();
$conn = $db->getConnection();

// Verify special code
$query = "SELECT * FROM special_codes WHERE code = ? AND is_active = 1 
          AND (expires_at IS NULL OR expires_at > NOW())";
$stmt = $conn->prepare($query);
$stmt->execute([$access_code]);
$code_info = $stmt->fetch();

if (!$code_info) {
    echo json_encode(['success' => false, 'message' => 'Invalid access code']);
    exit;
}

try {
    // Build WHERE clause based on filters
    $where_conditions = [];
    $params = [];
    
    if (!empty($input['program'])) {
        $where_conditions[] = "ar.program_id = ?";
        $params[] = $input['program'];
    }
    
    if (!empty($input['district'])) {
        $where_conditions[] = "ar.district_id = ?";
        $params[] = $input['district'];
    }
    
    if (!empty($input['officer_type'])) {
        $where_conditions[] = "ar.officer_type = ?";
        $params[] = $input['officer_type'];
    }
    
    if (!empty($input['from_date'])) {
        $where_conditions[] = "DATE(ar.submitted_at) >= ?";
        $params[] = $input['from_date'];
    }
    
    if (!empty($input['to_date'])) {
        $where_conditions[] = "DATE(ar.submitted_at) <= ?";
        $params[] = $input['to_date'];
    }
    
    $where_clause = !empty($where_conditions) ? 'WHERE ' . implode(' AND ', $where_conditions) : '';
    
    // Get extra statistics
    $stats_query = "SELECT 
                        COUNT(ar.id) as total_records,
                        COUNT(DISTINCT CONCAT(ar.full_name, '-', ar.email)) as unique_attendees,
                        COUNT(CASE WHEN ar.latitude IS NOT NULL AND ar.longitude IS NOT NULL THEN 1 END) as gps_records
                    FROM attendance_records ar 
                    JOIN programs p ON ar.program_id = p.id 
                    LEFT JOIN locations ld ON ar.district_id = ld.id 
                    LEFT JOIN locations la ON ar.assembly_id = la.id 
                    $where_clause";
    
    $stats_stmt = $conn->prepare($stats_query);
    $stats_stmt->execute($params);
    $stats = $stats_stmt->fetch();
    
    // Determine grouping based on group_by parameter
    $group_by = $input['group_by'] ?? 'district';
    $group_field = '';
    $group_name = '';
    
    switch ($group_by) {
        case 'officer_type':
            $group_field = 'ar.officer_type';
            $group_name = 'officer_type';
            break;
        case 'gps_location':
            $group_field = 'CONCAT(ROUND(ar.latitude, 3), ",", ROUND(ar.longitude, 3))';
            $group_name = 'gps_location';
            break;
        default: // district
            $group_field = 'ld.name';
            $group_name = 'district_name';
            break;
    }
    
    // Get grouped data with GPS information
    $data_query = "SELECT 
                       ar.full_name,
                       ar.email,
                       ar.telephone,
                       ar.officer_type,
                       p.name as program_name,
                       ld.name as district_name,
                       la.name as assembly_name,
                       ar.latitude,
                       ar.longitude,
                       ar.location_accuracy,
                       ar.location_address,
                       ar.submitted_at,
                       $group_field as group_value
                   FROM attendance_records ar 
                   JOIN programs p ON ar.program_id = p.id 
                   LEFT JOIN locations ld ON ar.district_id = ld.id 
                   LEFT JOIN locations la ON ar.assembly_id = la.id 
                   $where_clause
                   ORDER BY group_value, ar.full_name
                   LIMIT 1000"; // Limit for performance
    
    $data_stmt = $conn->prepare($data_query);
    $data_stmt->execute($params);
    $data = $data_stmt->fetchAll();
    
    // Count unique groups
    $groups_query = "SELECT COUNT(DISTINCT $group_field) as group_count
                     FROM attendance_records ar 
                     JOIN programs p ON ar.program_id = p.id 
                     LEFT JOIN locations ld ON ar.district_id = ld.id 
                     LEFT JOIN locations la ON ar.assembly_id = la.id 
                     $where_clause";
    
    $groups_stmt = $conn->prepare($groups_query);
    $groups_stmt->execute($params);
    $groups_result = $groups_stmt->fetch();
    $stats['groups'] = $groups_result['group_count'];
    
    // Process GPS data
    foreach ($data as &$record) {
        // Format GPS coordinates
        if ($record['latitude'] && $record['longitude']) {
            $record['gps_coordinates'] = number_format($record['latitude'], 6) . ', ' . number_format($record['longitude'], 6);
            $record['has_gps'] = true;
        } else {
            $record['gps_coordinates'] = 'Not available';
            $record['has_gps'] = false;
        }
        
        // Format accuracy
        if ($record['location_accuracy']) {
            $record['accuracy_formatted'] = number_format($record['location_accuracy'], 2) . 'm';
        } else {
            $record['accuracy_formatted'] = 'Unknown';
        }
    }
    
    echo json_encode([
        'success' => true,
        'stats' => $stats,
        'data' => $data,
        'group_by' => $group_by,
        'group_name' => $group_name
    ]);
    
} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
?>