Sindbad~EG File Manager

Current Path : /home/copmadinaarea/thecopmadinaarea.org/portal/api/
Upload File :
Current File : /home/copmadinaarea/thecopmadinaarea.org/portal/api/get-locations.php

<?php
require_once '../config/config.php';

header('Content-Type: application/json');

if (!isLoggedIn()) {
    http_response_code(401);
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$type = $_GET['type'] ?? '';
$accessLevel = $_SESSION['access_level'] ?? 'assembly';
$userAreaId = $_SESSION['area_id'] ?? null;
$userDistrictId = $_SESSION['district_id'] ?? null;
$userAssemblyId = $_SESSION['assembly_id'] ?? null;

try {
    $db = Database::getInstance()->getConnection();
    $locations = [];
    
    switch ($type) {
        case 'area':
            if ($accessLevel === 'superuser') {
                $stmt = $db->query("SELECT id, area_name as name FROM areas WHERE is_active = 1 ORDER BY area_name");
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'area') {
                $stmt = $db->prepare("SELECT id, area_name as name FROM areas WHERE id = :area_id AND is_active = 1");
                $stmt->execute(['area_id' => $userAreaId]);
                $locations = $stmt->fetchAll();
            }
            break;
            
        case 'district':
            if ($accessLevel === 'superuser') {
                $stmt = $db->query("SELECT id, district_name as name FROM districts WHERE is_active = 1 ORDER BY district_name");
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'area') {
                $stmt = $db->prepare("SELECT id, district_name as name FROM districts WHERE area_id = :area_id AND is_active = 1 ORDER BY district_name");
                $stmt->execute(['area_id' => $userAreaId]);
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'district') {
                $stmt = $db->prepare("SELECT id, district_name as name FROM districts WHERE id = :district_id AND is_active = 1");
                $stmt->execute(['district_id' => $userDistrictId]);
                $locations = $stmt->fetchAll();
            }
            break;
            
        case 'assembly':
            if ($accessLevel === 'superuser') {
                $stmt = $db->query("SELECT id, assembly_name as name FROM assemblies WHERE is_active = 1 ORDER BY assembly_name");
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'area') {
                $stmt = $db->prepare("
                    SELECT a.id, a.assembly_name as name 
                    FROM assemblies a 
                    JOIN districts d ON a.district_id = d.id 
                    WHERE d.area_id = :area_id AND a.is_active = 1 
                    ORDER BY a.assembly_name
                ");
                $stmt->execute(['area_id' => $userAreaId]);
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'district') {
                $stmt = $db->prepare("SELECT id, assembly_name as name FROM assemblies WHERE district_id = :district_id AND is_active = 1 ORDER BY assembly_name");
                $stmt->execute(['district_id' => $userDistrictId]);
                $locations = $stmt->fetchAll();
            } elseif ($accessLevel === 'assembly') {
                $stmt = $db->prepare("SELECT id, assembly_name as name FROM assemblies WHERE id = :assembly_id AND is_active = 1");
                $stmt->execute(['assembly_id' => $userAssemblyId]);
                $locations = $stmt->fetchAll();
            }
            break;
    }
    
    echo json_encode($locations);
    
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Database error']);
}
?>

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists