86 lines
3.6 KiB
PHP
86 lines
3.6 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
if (!isset($_SESSION['user_role'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
require_once __DIR__ . '/db/config.php';
|
|
require_once __DIR__ . '/mail/MailService.php';
|
|
|
|
if (isset($_GET['id']) && isset($_GET['status'])) {
|
|
$leave_request_id = $_GET['id'];
|
|
$new_status = $_GET['status'];
|
|
|
|
if ($_SESSION['user_role'] === 'teacher') {
|
|
$allowed_statuses = ['approved_by_teacher', 'rejected_by_teacher'];
|
|
if (!in_array($new_status, $allowed_statuses)) {
|
|
die('Invalid status.');
|
|
}
|
|
} elseif ($_SESSION['user_role'] === 'admin') {
|
|
$allowed_statuses = ['approved_by_admin', 'rejected_by_admin'];
|
|
if (!in_array($new_status, $allowed_statuses)) {
|
|
die('Invalid status.');
|
|
}
|
|
} else {
|
|
die('You are not authorized to perform this action.');
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("UPDATE leave_requests SET status = ? WHERE id = ?");
|
|
$stmt->execute([$new_status, $leave_request_id]);
|
|
|
|
// Get student email
|
|
$stmt = $pdo->prepare("SELECT users.email, users.full_name FROM leave_requests JOIN users ON leave_requests.student_id = users.id WHERE leave_requests.id = ?");
|
|
$stmt->execute([$leave_request_id]);
|
|
$student = $stmt->fetch();
|
|
|
|
if ($student) {
|
|
$student_email = $student['email'];
|
|
$student_name = $student['full_name'];
|
|
|
|
if ($new_status === 'approved_by_teacher') {
|
|
// Notify admin
|
|
$admin_email = 'admin@example.com'; // Hardcoded for now
|
|
$subject = 'Leave Request Approved by Teacher';
|
|
$body = "<p>The leave request for {$student_name} has been approved by the teacher and is waiting for your final approval.</p><p>Please login to the dashboard to review the request.</p>";
|
|
MailService::sendMail($admin_email, $subject, $body);
|
|
|
|
// Notify student
|
|
$subject_student = 'Your Leave Request has been updated';
|
|
$body_student = "<p>Your leave request has been approved by your teacher and is now pending final approval from the admin.</p>";
|
|
MailService::sendMail($student_email, $subject_student, $body_student);
|
|
|
|
} elseif ($new_status === 'rejected_by_teacher') {
|
|
// Notify student
|
|
$subject_student = 'Your Leave Request has been updated';
|
|
$body_student = "<p>Your leave request has been rejected by your teacher.</p>";
|
|
MailService::sendMail($student_email, $subject_student, $body_student);
|
|
|
|
} elseif ($new_status === 'approved_by_admin') {
|
|
// Notify student
|
|
$subject_student = 'Your Leave Request has been approved';
|
|
$body_student = "<p>Your leave request has been approved by the admin.</p>";
|
|
MailService::sendMail($student_email, $subject_student, $body_student);
|
|
|
|
} elseif ($new_status === 'rejected_by_admin') {
|
|
// Notify student
|
|
$subject_student = 'Your Leave Request has been rejected';
|
|
$body_student = "<p>Your leave request has been rejected by the admin.</p>";
|
|
MailService::sendMail($student_email, $subject_student, $body_student);
|
|
}
|
|
}
|
|
|
|
if ($_SESSION['user_role'] === 'teacher') {
|
|
header('Location: teacher_dashboard.php');
|
|
} elseif ($_SESSION['user_role'] === 'admin') {
|
|
header('Location: admin_dashboard.php');
|
|
}
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
die('Database error: ' . $e->getMessage());
|
|
}
|
|
}
|