From a3fa722e5fb556c794f91a1449bd2b5986db3f8f Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Mon, 27 Oct 2025 12:46:17 +0000
Subject: [PATCH] c3

---
 analysis.php                                  | 79 ++++++++-----------
 config.php                                    | 20 +++++
 dashboard.php                                 |  1 +
 .../001_create_uploaded_files_table.sql       | 11 +++
 header.php                                    |  2 +-
 index.php                                     |  1 +
 login.php                                     |  3 +-
 upload.php                                    | 41 ++++++++--
 8 files changed, 103 insertions(+), 55 deletions(-)
 create mode 100644 config.php
 create mode 100644 db/migrations/001_create_uploaded_files_table.sql

diff --git a/analysis.php b/analysis.php
index 1153c69..4882666 100644
--- a/analysis.php
+++ b/analysis.php
@@ -1,4 +1,6 @@
 <?php
+require_once 'config.php';
+require_once 'db/config.php';
 include 'header.php';
 
 // Protected page
@@ -86,60 +88,43 @@ if (!isset($_SESSION['user_email'])) {
 
 
                     <!-- Data Table -->
-                    <h5>Aggregated Emissions Data</h5>
+                    <h5>Submitted Reports</h5>
                     <div class="table-responsive">
                         <table class="table table-striped table-hover">
                             <thead class="table-dark">
                                 <tr>
-                                    <th>Facility Name</th>
-                                    <th>Region</th>
-                                    <th>Pollutant</th>
-                                    <th>Total Emissions</th>
-                                    <th>Unit</th>
-                                    <th>Year</th>
+                                    <th>ID</th>
+                                    <th>Original Filename</th>
+                                    <th>Upload Time</th>
+                                    <th>Status</th>
+                                    <th>Uploaded By</th>
                                 </tr>
                             </thead>
                             <tbody>
-                                <tr>
-                                    <td>West Burton Power Station</td>
-                                    <td>UKD1</td>
-                                    <td>Carbon Dioxide (CO2)</td>
-                                    <td>1,500,000</td>
-                                    <td>Tonnes</td>
-                                    <td>2024</td>
-                                </tr>
-                                <tr>
-                                    <td>Drax Power Station</td>
-                                    <td>UKE2</td>
-                                    <td>Carbon Dioxide (CO2)</td>
-                                    <td>1,250,000</td>
-                                    <td>Tonnes</td>
-                                    <td>2024</td>
-                                </tr>
-                                <tr>
-                                    <td>Rugeley Power Station</td>
-                                    <td>UKG2</td>
-                                    <td>Nitrogen Oxides (NOx)</td>
-                                    <td>80,000</td>
-                                    <td>Kilograms</td>
-                                    <td>2024</td>
-                                </tr>
-                                <tr>
-                                    <td>Fiddlers Ferry Power Station</td>
-                                    <td>UKD2</td>
-                                    <td>Methane (CH4)</td>
-                                    <td>5,500</td>
-                                    <td>Kilograms</td>
-                                    <td>2024</td>
-                                </tr>
-                                 <tr>
-                                    <td>Cottam Development Centre</td>
-                                    <td>UKF1</td>
-                                    <td>Carbon Dioxide (CO2)</td>
-                                    <td>950,000</td>
-                                    <td>Tonnes</td>
-                                    <td>2024</td>
-                                </tr>
+                                <?php
+                                try {
+                                    $pdo = db();
+                                    $stmt = $pdo->query('SELECT id, original_filename, upload_time, status, uploaded_by FROM uploaded_files ORDER BY upload_time DESC');
+                                    $files = $stmt->fetchAll();
+
+                                    if (empty($files)):
+                                ?>
+                                    <tr>
+                                        <td colspan="5" class="text-center">No files have been uploaded yet.</td>
+                                    </tr>
+                                <?php else: foreach ($files as $file): ?>
+                                    <tr>
+                                        <td><?php echo htmlspecialchars($file['id']); ?></td>
+                                        <td><?php echo htmlspecialchars($file['original_filename']); ?></td>
+                                        <td><?php echo htmlspecialchars($file['upload_time']); ?></td>
+                                        <td><span class="badge bg-secondary"><?php echo htmlspecialchars($file['status']); ?></span></td>
+                                        <td><?php echo htmlspecialchars($file['uploaded_by']); ?></td>
+                                    </tr>
+                                <?php endforeach; endif;
+                                } catch (PDOException $e) {
+                                    echo '<tr><td colspan="5" class="text-center text-danger">Error fetching data: ' . htmlspecialchars($e->getMessage()) . '</td></tr>';
+                                }
+                                ?>
                             </tbody>
                         </table>
                     </div>
diff --git a/config.php b/config.php
new file mode 100644
index 0000000..ffb5283
--- /dev/null
+++ b/config.php
@@ -0,0 +1,20 @@
+<?php
+// Central configuration and bootstrap file.
+
+// 1. Error Reporting (Development vs. Production)
+// For development, show all errors. In a production environment, this should be logged, not displayed.
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+// 2. Session Management
+// Ensures a session is started on all pages that include this file.
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// 3. Application Constants (optional, but good practice)
+define('ROOT_PATH', __DIR__);
+define('UPLOADS_PATH', ROOT_PATH . '/uploads');
+
+?>
\ No newline at end of file
diff --git a/dashboard.php b/dashboard.php
index 6982b8c..b18c5bf 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -1,4 +1,5 @@
 <?php
+require_once 'config.php';
 include 'header.php';
 
 // This is a protected page. If the user is not logged in, redirect to login.
diff --git a/db/migrations/001_create_uploaded_files_table.sql b/db/migrations/001_create_uploaded_files_table.sql
new file mode 100644
index 0000000..e83eab5
--- /dev/null
+++ b/db/migrations/001_create_uploaded_files_table.sql
@@ -0,0 +1,11 @@
+-- SQL Migration for creating the uploaded_files table.
+-- This table will store metadata for each XML file uploaded.
+
+CREATE TABLE IF NOT EXISTS `uploaded_files` (
+  `id` INT AUTO_INCREMENT PRIMARY KEY,
+  `original_filename` VARCHAR(255) NOT NULL,
+  `new_filename` VARCHAR(255) NOT NULL,
+  `upload_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  `status` VARCHAR(50) DEFAULT 'pending_validation',
+  `uploaded_by` VARCHAR(255) NOT NULL COMMENT 'User email or identifier'
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/header.php b/header.php
index 58fdd73..cf624d6 100644
--- a/header.php
+++ b/header.php
@@ -1,4 +1,4 @@
-<?php if (session_status() === PHP_SESSION_NONE) { session_start(); } ?>
+
 <!DOCTYPE html>
 <html lang="en">
 <head>
diff --git a/index.php b/index.php
index 5029e8d..9dedd62 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,5 @@
 <?php
+require_once 'config.php';
 include 'header.php';
 
 if (isset($_GET['logout'])) {
diff --git a/login.php b/login.php
index f11b5fd..85b521d 100644
--- a/login.php
+++ b/login.php
@@ -1,4 +1,5 @@
 <?php
+require_once 'config.php';
 include 'header.php';
 
 $error = '';
@@ -34,7 +35,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     <?php endif; ?>
                     <form action="login.php" method="POST">
                         <div class="form-floating mb-3">
-                            <input class="form-control" id="inputEmail" type="email" name="email" placeholder="name@example.com" required value="<?php echo isset($_POST[''''email''']) ? htmlspecialchars($_POST[''''email''']) : ''; ?>">
+                            <input class="form-control" id="inputEmail" type="email" name="email" placeholder="name@example.com" required value="<?php echo isset($_POST['email']) ? htmlspecialchars($_POST['email']) : ''; ?>">
                             <label for="inputEmail">Email address</label>
                         </div>
                         <div class="form-floating mb-3">
diff --git a/upload.php b/upload.php
index 4bc27be..bb462ca 100644
--- a/upload.php
+++ b/upload.php
@@ -1,4 +1,6 @@
 <?php
+require_once 'config.php';
+require_once 'db/config.php';
 include 'header.php';
 
 // Protected page
@@ -25,12 +27,39 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
             $message = 'Invalid file type. Only .xml files are allowed.';
             $message_type = 'danger';
         } else {
-            // In a real application, you would move the file to a permanent location
-            // and process it. For now, we just show a success message.
-            // move_uploaded_file($file['tmp_name'], 'uploads/' . basename($file['name']));
-            
-            $message = '<strong>Success!</strong> Your file "' . htmlspecialchars(basename($file['name'])) . '" has been uploaded and is pending validation.';
-            $message_type = 'success';
+            // Ensure the uploads directory exists and is writable.
+            if (!is_dir(UPLOADS_PATH)) {
+                mkdir(UPLOADS_PATH, 0755, true);
+            }
+
+            // Create a unique filename to prevent overwrites and sanitize the original name.
+            $original_filename = basename($file['name']);
+            $safe_filename = preg_replace("/[^a-zA-Z0-9-_\.]/", "", $original_filename);
+            $unique_id = uniqid();
+            $new_filename = $unique_id . '_' . $safe_filename;
+            $destination = UPLOADS_PATH . '/' . $new_filename;
+
+            // Move the file to the permanent location.
+            if (move_uploaded_file($file['tmp_name'], $destination)) {
+                // Insert a record into the database
+                try {
+                    $pdo = db();
+                    $stmt = $pdo->prepare(
+                        'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by) VALUES (?, ?, ?)'
+                    );
+                    $stmt->execute([$original_filename, $new_filename, $_SESSION['user_email']]);
+                    $message = '<strong>Success!</strong> Your file "' . htmlspecialchars($original_filename) . '" has been uploaded and is pending validation.';
+                    $message_type = 'success';
+                } catch (PDOException $e) {
+                    // If DB insert fails, it's critical to let the user know.
+                    $message = 'File uploaded, but failed to record the submission. Please contact support.';
+                    $message_type = 'danger';
+                    // Optionally, log the detailed error: error_log($e->getMessage());
+                }
+            } else {
+                $message = 'An error occurred while saving the file. Please try again.';
+                $message_type = 'danger';
+            }
         }
     }
 }