admin/37497-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: admin:master
Branches Tags
admin:master
admin:ai-dev
...
pull from: admin:ai-dev
Branches Tags
admin:ai-dev
admin:master

2 Commits
master ... ai-dev

Author SHA1 Message Date
Flatlogic Bot
12b49853d7 2 2026-01-19 09:07:59 +00:00
Flatlogic Bot
65bff23a0b 1 2026-01-16 09:31:10 +00:00
34 changed files with 1626 additions and 7 deletions
Show Stats Expand all files Collapse all files

24
api.php Normal file
View File

@ -0,0 +1,24 @@
<?php
require_once 'db/config.php';
header('Content-Type: application/json');
$action = $_GET['action'] ?? '';
if ($action == 'get_departments') {
$division_id = $_GET['division_id'] ?? 0;
$stmt = db()->prepare("SELECT id, name FROM departments WHERE division_id = ? ORDER BY name");
$stmt->execute([$division_id]);
$departments = $stmt->fetchAll();
echo json_encode($departments);
exit;
}
if ($action == 'get_roles') {
$department_id = $_GET['department_id'] ?? 0;
$stmt = db()->prepare("SELECT id, name FROM roles WHERE department_id = ? ORDER BY name");
$stmt->execute([$department_id]);
$roles = $stmt->fetchAll();
echo json_encode($roles);
exit;
}

92
approve_request.php Normal file
View File

@ -0,0 +1,92 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['request_id']) || !isset($_POST['action'])) {
header('Location: request_dashboard.php?error=invalid_request');
exit;
}
$request_id = $_POST['request_id'];
$action = $_POST['action'];
try {
$pdo = db();
// Get the request details
$stmt = $pdo->prepare('SELECT * FROM ChangeRequests WHERE id = ?');
$stmt->execute([$request_id]);
$request = $stmt->fetch();
if (!$request) {
header('Location: request_dashboard.php?error=not_found');
exit;
}
// Authorization check
$is_authorized = false;
if (isset($_SESSION['role'])) {
$user_role = $_SESSION['role'];
$user_department = $_SESSION['department'] ?? null;
$request_status = $request['status'];
$pending_level = $request['approval_level_pending'];
$request_department = $request['department_name'];
if ($request_status === 'Pending Approval' && $user_role === $pending_level) {
if ($user_role === 'Admin' || $user_department === $request_department) {
$is_authorized = true;
}
}
}
if (!$is_authorized) {
header('Location: request_dashboard.php?error=unauthorized');
exit;
}
$next_approval_level = '';
$new_status = '';
$rejection_reason = null;
if ($action === 'approve') {
$current_level = $request['approval_level_pending'];
$approval_flow = ['Dept Manager/GM', 'System Div Admin', 'Planning Dept', 'System GM'];
$current_index = array_search($current_level, $approval_flow);
if ($current_index !== false && $current_index < count($approval_flow) - 1) {
$next_approval_level = $approval_flow[$current_index + 1];
$new_status = 'Pending Approval';
} else {
$next_approval_level = 'None';
$new_status = 'Approved';
}
$sql = 'UPDATE ChangeRequests SET status = ?, approval_level_pending = ? WHERE id = ?';
$params = [$new_status, $next_approval_level, $request_id];
} elseif ($action === 'reject') {
$next_approval_level = $request['approval_level_pending'];
$new_status = 'Rejected';
$rejection_reason = $_POST['rejection_reason'] ?? '';
$sql = 'UPDATE ChangeRequests SET status = ?, approval_level_pending = ?, rejection_reason = ? WHERE id = ?';
$params = [$new_status, $next_approval_level, $rejection_reason, $request_id];
}
if (isset($sql)) {
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
}
header('Location: request_dashboard.php?success=updated');
exit;
} catch (PDOException $e) {
header('Location: request_dashboard.php?error=db_error');
exit;
}

70
assets/js/edit_user.js Normal file
View File

@ -0,0 +1,70 @@
document.addEventListener('DOMContentLoaded', function () {
const divisionSelect = document.getElementById('division_id');
const departmentSelect = document.getElementById('department_id');
const roleSelect = document.getElementById('role_id');
const initialDepartmentId = departmentSelect.dataset.initial;
const initialRoleId = roleSelect.dataset.initial;
function fetchDepartments(divisionId, selectedDepartmentId) {
return fetch(`api.php?action=get_departments&division_id=${divisionId}`)
.then(response => response.json())
.then(data => {
departmentSelect.innerHTML = '<option value="">Select Department</option>';
data.forEach(department => {
const option = document.createElement('option');
option.value = department.id;
option.textContent = department.name;
if (department.id == selectedDepartmentId) {
option.selected = true;
}
departmentSelect.appendChild(option);
});
});
}
function fetchRoles(departmentId, selectedRoleId) {
// Only fetch if a department is selected
if (!departmentId) {
roleSelect.innerHTML = '<option value="">Select Role</option>';
return Promise.resolve(); // Return a resolved promise
}
return fetch(`api.php?action=get_roles&department_id=${departmentId}`)
.then(response => response.json())
.then(data => {
roleSelect.innerHTML = '<option value="">Select Role</option>';
data.forEach(role => {
const option = document.createElement('option');
option.value = role.id;
option.textContent = role.name;
if (role.id == selectedRoleId) {
option.selected = true;
}
roleSelect.appendChild(option);
});
});
}
divisionSelect.addEventListener('change', function () {
const divisionId = this.value;
fetchDepartments(divisionId, null).then(() => {
// After departments are loaded, fetch roles for the (now cleared) department selection
fetchRoles(departmentSelect.value, null);
});
});
departmentSelect.addEventListener('change', function () {
const departmentId = this.value;
fetchRoles(departmentId, null);
});
// Initial load
if (divisionSelect.value) {
fetchDepartments(divisionSelect.value, initialDepartmentId).then(() => {
// After initial departments are loaded and correct one is selected,
// fetch the roles for that department.
fetchRoles(departmentSelect.value, initialRoleId);
});
}
});

BIN
assets/pasted-20260116-065324-ee98bca3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 612 KiB

BIN
assets/pasted-20260116-080540-0df3cd75.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
assets/pasted-20260116-082242-faefdc14.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

15
create_department.php Normal file
View File

@ -0,0 +1,15 @@
<?php
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['department_name'];
$division_id = $_POST['division_id'];
try {
$stmt = db()->prepare("INSERT INTO departments (name, division_id) VALUES (?, ?)");
$stmt->execute([$name, $division_id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
?>

30
create_division.php Normal file
View File

@ -0,0 +1,30 @@
<?php
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
try {
$stmt = db()->prepare("INSERT INTO divisions (name) VALUES (?)");
$stmt->execute([$name]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Create Division</title>
</head>
<body>
<h2>Create Division</h2>
<form method="post">
<label>Division Name:</label>
<input type="text" name="name" required>
<button type="submit">Create</button>
</form>
<a href="user_management.php">Back to User Management</a>
</body>
</html>

184
create_request.php Normal file
View File

@ -0,0 +1,184 @@
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require_once 'db/config.php';
$success_message = '';
$error_message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
$pdo = db();
// Basic validation
$required_fields = ['company', 'hq_name', 'department_name', 'requester_name', 'issued_date', 'request_title', 'background_purpose', 'implementation_details', 'category', 'impact_range'];
foreach ($required_fields as $field) {
if (empty($_POST[$field])) {
throw new Exception('Please fill in all required fields.');
}
}
// Generate Request Number
$department = $_POST['department_name'];
$yearMonth = date('Ym');
// Find the last running number for this department and month
$stmt = $pdo->prepare('SELECT request_number FROM ChangeRequests WHERE request_number LIKE ? ORDER BY request_number DESC LIMIT 1');
$stmt->execute(["RSS/$department/$yearMonth/%"]);
$lastRequest = $stmt->fetch();
$runningNumber = 1;
if ($lastRequest) {
$parts = explode('/', $lastRequest['request_number']);
$lastRunningNumber = (int)end($parts);
$runningNumber = $lastRunningNumber + 1;
}
$requestNumber = sprintf('RSS/%s/%s/%03d', $department, $yearMonth, $runningNumber);
$stmt = $pdo->prepare(
'INSERT INTO ChangeRequests (request_number, company, hq_name, department_name, requester_name, extension, issued_date, desired_date, request_title, background_purpose, implementation_details, quantitative_effect, basis_of_calculation, qualitative_effect, category, impact_range, status, approval_level_pending) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
);
$stmt->execute([
$requestNumber,
$_POST['company'],
$_POST['hq_name'],
$_POST['department_name'],
$_POST['requester_name'],
$_POST['extension'] ?? null,
$_POST['issued_date'],
$_POST['desired_date'] ?? null,
$_POST['request_title'],
$_POST['background_purpose'],
$_POST['implementation_details'],
$_POST['quantitative_effect'] ?? null,
$_POST['basis_of_calculation'] ?? null,
$_POST['qualitative_effect'] ?? null,
$_POST['category'],
$_POST['impact_range'],
'Pending Approval', // Initial status
'Dept Manager/GM' // Initial approval level
]);
$success_message = 'Request submitted successfully!';
} catch (Exception $e) {
$error_message = 'Error: ' . $e->getMessage();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Create Program Change Request</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<div style="text-align: right; margin-bottom: 20px;">
Logged in as <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong> | <a href="logout.php">Logout</a>
</div>
<h1>Create Program Change Request</h1>
<?php if ($success_message): ?>
<div class="alert alert-success"><?php echo $success_message; ?></div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="alert alert-danger"><?php echo $error_message; ?></div>
<?php endif; ?>
<form action="create_request.php" method="POST">
<div class="row">
<div class="col-md-6 mb-3">
<label for="company" class="form-label">Company / 会社名 *</label>
<input type="text" class="form-control" id="company" name="company" required>
</div>
<div class="col-md-6 mb-3">
<label for="hq_name" class="form-label">Headquarters / 本部名 *</label>
<input type="text" class="form-control" id="hq_name" name="hq_name" required>
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label for="department_name" class="form-label">Department / 部署名 *</label>
<select class="form-select" id="department_name" name="department_name" required>
<option value="">Select a department</option>
<option value="Sales">Sales</option>
<option value="Marketing">Marketing</option>
<option value="Engineering">Engineering</option>
<option value="HR">HR</option>
<option value="Other">Other</option>
</select>
</div>
<div class="col-md-6 mb-3">
<label for="requester_name" class="form-label">Requester Name / 依頼者名 *</label>
<input type="text" class="form-control" id="requester_name" name="requester_name" value="<?php echo htmlspecialchars($_SESSION['username']); ?>" required>
</div>
</div>
<div class="row">
<div class="col-md-4 mb-3">
<label for="extension" class="form-label">Extension / 内線</label>
<input type="text" class="form-control" id="extension" name="extension">
</div>
<div class="col-md-4 mb-3">
<label for="issued_date" class="form-label">Issued Date / 発行日 *</label>
<input type="date" class="form-control" id="issued_date" name="issued_date" required>
</div>
<div class="col-md-4 mb-3">
<label for="desired_date" class="form-label">Desired Date / 希望納期</label>
<input type="date" class="form-control" id="desired_date" name="desired_date">
</div>
</div>
<div class="mb-3">
<label for="request_title" class="form-label">Request Title / 依頼件名 *</label>
<input type="text" class="form-control" id="request_title" name="request_title" required>
</div>
<div class="mb-3">
<label for="background_purpose" class="form-label">Background & Purpose / 背景・目的 *</label>
<textarea class="form-control" id="background_purpose" name="background_purpose" rows="3" required></textarea>
</div>
<div class="mb-3">
<label for="implementation_details" class="form-label">Implementation Details / 内容 *</label>
<textarea class="form-control" id="implementation_details" name="implementation_details" rows="5" required></textarea>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label for="category" class="form-label">Category / カテゴリー *</label>
<select class="form-select" id="category" name="category" required>
<option value="">Select a category</option>
<option value="Legal">Legal / 法改正</option>
<option value="Business Challenge">Business Challenge / 経営課題</option>
<option value="Cust. Complaint">Cust. Complaint / 顧客クレーム</option>
<option value="Cust. Request">Cust. Request / 顧客要望</option>
<option value="Settings/Conversions">Settings/Conversions / 設定変更・変換</option>
<option value="Improvement">Improvement / 改善</option>
<option value="Other">Other / その他</option>
</select>
</div>
<div class="col-md-6 mb-3">
<label for="impact_range" class="form-label">Impact Range / 影響範囲 *</label>
<select class="form-select" id="impact_range" name="impact_range" required>
<option value="">Select impact range</option>
<option value="All ROHM">All ROHM / 全社</option>
<option value="Within Headquarters">Within Headquarters / 本部内</option>
<option value="Within Dept/Div">Within Dept/Div / 部門内</option>
<option value="Other">Other / その他</option>
</select>
</div>
</div>
<button type="submit" class="btn btn-primary">Submit Request</button>
<a href="index.php" class="btn btn-secondary">Back to Home</a>
</form>
</div>
</body>
</html>

15
create_role.php Normal file
View File

@ -0,0 +1,15 @@
<?php
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['role_name'];
$department_id = $_POST['department_id'];
try {
$stmt = db()->prepare("INSERT INTO roles (name, department_id) VALUES (?, ?)");
$stmt->execute([$name, $department_id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
?>

46
create_user.php Normal file
View File

@ -0,0 +1,46 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'Admin') {
// Redirect non-admins to the dashboard or a permissions error page
header('Location: user_management.php?error=unauthorized');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
$role_id = $_POST['role_id'] ?? '';
if (empty($username) || empty($email) || empty($password) || empty($role_id)) {
header('Location: user_management.php?error=missing_fields');
exit;
}
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
$stmt->execute([$username, $email]);
if ($stmt->fetch()) {
header('Location: user_management.php?error=user_exists');
exit;
}
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$division_id = $_POST['division_id'] ?? null;
$department_id = $_POST['department_id'] ?? null;
$stmt = $pdo->prepare("INSERT INTO users (username, email, password, role_id, division_id, department_id) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute([$username, $email, $hashed_password, $role_id, $division_id, $department_id]);
header('Location: user_management.php?success=user_created');
exit;
} catch (PDOException $e) {
header('Location: user_management.php?error=db_error');
exit;
}
}

41
dashboard.php Normal file
View File

@ -0,0 +1,41 @@
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dashboard</title>
<style>
body { font-family: Inter, system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #F7F9FC; color: #333; margin: 0; padding: 20px; display: flex; justify-content: center; align-items: center; height: 100vh; }
.container { max-width: 800px; margin: 0 auto; background-color: #FFFFFF; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); padding: 40px; text-align: center; }
h1 { color: #4A90E2; margin-bottom: 30px; }
.nav-links a { display: block; background-color: #4A90E2; color: white; padding: 15px 20px; margin: 10px 0; border-radius: 5px; text-decoration: none; font-size: 18px; transition: background-color 0.3s; }
.nav-links a:hover { background-color: #357ABD; }
.logout-link { margin-top: 30px; }
.logout-link a { color: #E35050; text-decoration: none; }
</style>
</head>
<body>
<div class="container">
<div style="text-align: right; position: absolute; top: 20px; right: 20px;">
Logged in as <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong>
</div>
<h1>Dashboard</h1>
<div class="nav-links">
<a href="request_dashboard.php">Program Change Requests</a>
<?php if (isset($_SESSION['role']) && $_SESSION['role'] === 'Admin'): ?>
<a href="user_management.php">User Management</a>
<?php endif; ?>
</div>
<div class="logout-link">
<a href="logout.php">Logout</a>
</div>
</div>
</body>
</html>

35
db/migrations/001_create_tables.sql Normal file
View File

@ -0,0 +1,35 @@
CREATE TABLE IF NOT EXISTS `ChangeRequests` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`system_receipt_no` VARCHAR(255) NULL,
`request_mgmt_no` VARCHAR(255) NULL,
`company` VARCHAR(255) NOT NULL,
`hq_name` VARCHAR(255) NOT NULL,
`department_name` VARCHAR(255) NOT NULL,
`requester_name` VARCHAR(255) NOT NULL,
`extension` VARCHAR(255) NULL,
`issued_date` DATE NOT NULL,
`desired_date` DATE NULL,
`has_attachment` BOOLEAN DEFAULT FALSE,
`request_title` VARCHAR(255) NOT NULL,
`background_purpose` TEXT NOT NULL,
`implementation_details` TEXT NOT NULL,
`quantitative_effect` TEXT NULL,
`basis_of_calculation` TEXT NULL,
`qualitative_effect` TEXT NULL,
`category` ENUM('Legal', 'Business Challenge', 'Cust. Complaint', 'Cust. Request', 'Settings/Conversions', 'Improvement', 'Other') NOT NULL,
`impact_range` ENUM('All ROHM', 'Within Headquarters', 'Within Dept/Div', 'Other') NOT NULL,
`workload_estimation` DECIMAL(10, 2) NULL,
`scheduled_start_date` DATE NULL,
`system_div_comments` TEXT NULL,
`effect_confirmation_required` BOOLEAN DEFAULT FALSE,
`actual_effect_amount` DECIMAL(10, 2) NULL,
`status` ENUM('Draft', 'Dept_Approval_Pending', 'System_Reception', 'Under_Consideration', 'In_Progress', 'Completed', 'Rejected') DEFAULT 'Draft'
);
CREATE TABLE IF NOT EXISTS `Attachments` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`request_id` INT NOT NULL,
`file_path` VARCHAR(255) NOT NULL,
`file_name` VARCHAR(255) NOT NULL,
FOREIGN KEY (`request_id`) REFERENCES `ChangeRequests`(`id`) ON DELETE CASCADE
);

8
db/migrations/002_create_users_table.sql Normal file
View File

@ -0,0 +1,8 @@
CREATE TABLE IF NOT EXISTS `users` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(255) NOT NULL UNIQUE,
`email` VARCHAR(255) NOT NULL UNIQUE,
`password` VARCHAR(255) NOT NULL,
`role` ENUM('Requester', 'Dept Manager/GM', 'System Div Admin', 'Planning Dept', 'System GM', 'Admin') NOT NULL DEFAULT 'Requester',
`created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

7
db/migrations/003_add_approval_flow.sql Normal file
View File

@ -0,0 +1,7 @@
ALTER TABLE `users` ADD COLUMN `department` VARCHAR(255) NULL;
ALTER TABLE `ChangeRequests`
ADD COLUMN `approval_level_pending` ENUM('Dept Manager/GM', 'System Div Admin', 'Planning Dept', 'System GM', 'None') DEFAULT 'Dept Manager/GM',
ADD COLUMN `rejection_reason` TEXT NULL,
MODIFY COLUMN `status` ENUM('Draft', 'Pending Approval', 'Approved', 'Rejected', 'In Progress', 'Completed') DEFAULT 'Draft';

1
db/migrations/004_add_request_number.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `ChangeRequests` ADD `request_number` VARCHAR(255) NULL AFTER `id`;

23
db/migrations/005_add_organization_structure.sql Normal file
View File

@ -0,0 +1,23 @@
CREATE TABLE divisions (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255) NOT NULL UNIQUE
);
CREATE TABLE departments (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255) NOT NULL,
division_id INT NOT NULL,
FOREIGN KEY (division_id) REFERENCES divisions(id) ON DELETE CASCADE
);
CREATE TABLE roles (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255) NOT NULL,
department_id INT NOT NULL,
FOREIGN KEY (department_id) REFERENCES departments(id) ON DELETE CASCADE
);
ALTER TABLE users
ADD COLUMN division_id INT,
ADD COLUMN department_id INT,
ADD COLUMN role_id INT;

3
db/migrations/006_remove_old_user_columns.sql Normal file
View File

@ -0,0 +1,3 @@
-- Remove old role and department columns from users table
ALTER TABLE users DROP COLUMN role;
ALTER TABLE users DROP COLUMN department;

16
db/migrations/007_create_super_admin.sql Normal file
View File

@ -0,0 +1,16 @@
-- Create Super Admin Division, Department and Role if they do not exist
INSERT INTO divisions (name) SELECT 'Super Admin' WHERE NOT EXISTS (SELECT 1 FROM divisions WHERE name = 'Super Admin');
SET @division_id = (SELECT id FROM divisions WHERE name = 'Super Admin');
INSERT INTO departments (name, division_id) SELECT 'Super Admin', @division_id WHERE NOT EXISTS (SELECT 1 FROM departments WHERE name = 'Super Admin');
SET @department_id = (SELECT id FROM departments WHERE name = 'Super Admin');
INSERT INTO roles (name, department_id) SELECT 'Admin', @department_id WHERE NOT EXISTS (SELECT 1 FROM roles WHERE name = 'Admin');
-- Create Super Admin User
SET @role_id = (SELECT id FROM roles WHERE name = 'Admin' AND department_id = @department_id);
SET @hashed_password = '$2y$10$9.p6A8v.17O7.Q1yJgqjC.H9aJz/O1aB3F2aC6bF.p8aEwS2mS2W'; -- "password"
INSERT INTO users (username, password, email, division_id, department_id, role_id)
SELECT 'superadmin', @hashed_password, 'superadmin@example.com', @division_id, @department_id, @role_id
WHERE NOT EXISTS (SELECT 1 FROM users WHERE username = 'superadmin');

3
db/migrations/008_add_missing_columns_to_users.sql Normal file
View File

@ -0,0 +1,3 @@
ALTER TABLE users
ADD COLUMN division_id INT,
ADD COLUMN department_id INT;

12
delete_department.php Normal file
View File

@ -0,0 +1,12 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
try {
$stmt = db()->prepare("DELETE FROM departments WHERE id = ?");
$stmt->execute([$id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}

12
delete_division.php Normal file
View File

@ -0,0 +1,12 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
try {
$stmt = db()->prepare("DELETE FROM divisions WHERE id = ?");
$stmt->execute([$id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}

12
delete_role.php Normal file
View File

@ -0,0 +1,12 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
try {
$stmt = db()->prepare("DELETE FROM roles WHERE id = ?");
$stmt->execute([$id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}

50
edit_department.php Normal file
View File

@ -0,0 +1,50 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
$division_id = $_POST['division_id'];
try {
$stmt = db()->prepare("UPDATE departments SET name = ?, division_id = ? WHERE id = ?");
$stmt->execute([$name, $division_id, $id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
try {
$stmt = db()->prepare("SELECT * FROM departments WHERE id = ?");
$stmt->execute([$id]);
$department = $stmt->fetch();
$div_stmt = db()->query('SELECT id, name FROM divisions ORDER BY name');
$divisions = $div_stmt->fetchAll();
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit Department</title>
</head>
<body>
<h2>Edit Department</h2>
<form method="post">
<label>Department Name:</label>
<input type="text" name="name" value="<?= htmlspecialchars($department['name']) ?>" required>
<label>Division:</label>
<select name="division_id" required>
<?php foreach ($divisions as $division): ?>
<option value="<?= $division['id'] ?>" <?= $division['id'] == $department['division_id'] ? 'selected' : '' ?>><?= htmlspecialchars($division['name']) ?></option>
<?php endforeach; ?>
</select>
<button type="submit">Update</button>
</form>
<a href="user_management.php">Back to User Management</a>
</body>
</html>

40
edit_division.php Normal file
View File

@ -0,0 +1,40 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
try {
$stmt = db()->prepare("UPDATE divisions SET name = ? WHERE id = ?");
$stmt->execute([$name, $id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
try {
$stmt = db()->prepare("SELECT * FROM divisions WHERE id = ?");
$stmt->execute([$id]);
$division = $stmt->fetch();
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit Division</title>
</head>
<body>
<h2>Edit Division</h2>
<form method="post">
<label>Division Name:</label>
<input type="text" name="name" value="<?= htmlspecialchars($division['name']) ?>" required>
<button type="submit">Update</button>
</form>
<a href="user_management.php">Back to User Management</a>
</body>
</html>

50
edit_role.php Normal file
View File

@ -0,0 +1,50 @@
<?php
require_once 'db/config.php';
$id = $_GET['id'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
$department_id = $_POST['department_id'];
try {
$stmt = db()->prepare("UPDATE roles SET name = ?, department_id = ? WHERE id = ?");
$stmt->execute([$name, $department_id, $id]);
header('Location: user_management.php');
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
try {
$stmt = db()->prepare("SELECT * FROM roles WHERE id = ?");
$stmt->execute([$id]);
$role = $stmt->fetch();
$dept_stmt = db()->query('SELECT id, name FROM departments ORDER BY name');
$departments = $dept_stmt->fetchAll();
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Edit Role</title>
</head>
<body>
<h2>Edit Role</h2>
<form method="post">
<label>Role Name:</label>
<input type="text" name="name" value="<?= htmlspecialchars($role['name']) ?>" required>
<label>Department:</label>
<select name="department_id" required>
<?php foreach ($departments as $department): ?>
<option value="<?= $department['id'] ?>" <?= $department['id'] == $role['department_id'] ? 'selected' : '' ?>><?= htmlspecialchars($department['name']) ?></option>
<?php endforeach; ?>
</select>
<button type="submit">Update</button>
</form>
<a href="user_management.php">Back to User Management</a>
</body>
</html>

108
edit_user.php Normal file
View File

@ -0,0 +1,108 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'Admin') {
header('Location: user_management.php?error=unauthorized');
exit;
}
$user_id = $_GET['id'] ?? null;
if (!$user_id) {
header('Location: user_management.php');
exit;
}
$pdo = db();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$role_id = $_POST['role_id'] ?? '';
$division_id = $_POST['division_id'] ?? null;
$department_id = $_POST['department_id'] ?? null;
if (empty($role_id)) {
header('Location: edit_user.php?id=' . $user_id . '&error=missing_fields');
exit;
}
try {
$stmt = $pdo->prepare("UPDATE users SET role_id = ?, division_id = ?, department_id = ? WHERE id = ?");
$stmt->execute([$role_id, $division_id, $department_id, $user_id]);
header('Location: user_management.php?success=user_updated');
exit;
} catch (PDOException $e) {
header('Location: edit_user.php?id=' . $user_id . '&error=db_error');
exit;
}
}
try {
// Fetch user data along with their division, department, and role IDs
$stmt = $pdo->prepare("SELECT id, username, email, role_id, department_id, division_id FROM users WHERE id = ?");
$stmt->execute([$user_id]);
$user = $stmt->fetch();
if (!$user) {
header('Location: user_management.php?error=user_not_found');
exit;
}
// Fetch all divisions
$divisions = $pdo->query("SELECT id, name FROM divisions ORDER BY name")->fetchAll();
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Edit User</title>
<style>
body { font-family: Inter, system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #F7F9FC; color: #333; margin: 0; padding: 20px; }
.container { max-width: 500px; margin: 0 auto; background-color: #FFFFFF; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); padding: 20px; }
h1 { color: #4A90E2; }
.form-label { display: block; margin-bottom: 5px; font-weight: bold; }
.form-control, .form-select { width: 100%; padding: 8px; margin-bottom: 10px; border-radius: 4px; border: 1px solid #ccc; }
.btn { padding: 10px 15px; border: none; border-radius: 4px; cursor: pointer; color: white; }
.btn-primary { background-color: #4A90E2; }
.btn-secondary { background-color: #6c757d; }
</style>
</head>
<body>
<div class="container mt-5">
<h1>Edit User: <?php echo htmlspecialchars($user['username']); ?></h1>
<?php if (isset($_GET['error'])): ?>
<div class="alert alert-danger">An error occurred. Please try again.</div>
<?php endif; ?>
<form method="POST">
<div class="mb-3">
<label for="division_id" class="form-label">Division</label>
<select class="form-select" id="division_id" name="division_id" required>
<option value="">Select Division</option>
<?php foreach ($divisions as $division): ?>
<option value="<?php echo $division['id']; ?>" <?php echo ($division['id'] == $user['division_id']) ? 'selected' : ''; ?>><?php echo htmlspecialchars($division['name']); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="mb-3">
<label for="department_id" class="form-label">Department</label>
<select class="form-select" id="department_id" name="department_id" required data-initial="<?php echo htmlspecialchars($user['department_id']); ?>">
<option value="">Select Department</option>
</select>
</div>
<div class="mb-3">
<label for="role_id" class="form-label">Role</label>
<select class="form-select" id="role_id" name="role_id" required data-initial="<?php echo htmlspecialchars($user['role_id']); ?>">
<option value="">Select Role</option>
</select>
</div>
<button type="submit" class="btn btn-primary">Update User</button>
<a href="user_management.php" class="btn btn-secondary">Cancel</a>
</form>
</div>
<script src="assets/js/edit_user.js?v=<?php echo time(); ?>"></script>
</body>
</html>

43
index.php
View File

@ -3,6 +3,7 @@ declare(strict_types=1);
@ini_set('display_errors', '1');
@error_reporting(E_ALL);
@date_default_timezone_set('UTC');
session_start();
$phpVersion = PHP_VERSION;
$now = date('Y-m-d H:i:s');
@ -129,18 +130,46 @@ $projectImageUrl = $_SERVER['PROJECT_IMAGE_URL'] ?? '';
font-size: 0.8rem;
opacity: 0.7;
}
.btn {
display: inline-block;
padding: 10px 20px;
margin: 5px;
border-radius: 5px;
text-decoration: none;
color: white;
font-weight: bold;
transition: background-color 0.3s;
}
.btn-primary {
background-color: #4A90E2;
}
.btn-primary:hover {
background-color: #357ABD;
}
.btn-secondary {
background-color: #50E3C2;
}
.btn-secondary:hover {
background-color: #45B8A0;
}
</style>
</head>
<body>
<main>
<div class="card">
<h1>Analyzing your requirements and generating your website…</h1>
<div class="loader" role="status" aria-live="polite" aria-label="Applying initial changes">
<span class="sr-only">Loading…</span>
</div>
<p class="hint"><?= ($_SERVER['HTTP_HOST'] ?? '') === 'appwizzy.com' ? 'AppWizzy' : 'Flatlogic' ?> AI is collecting your requirements and applying the first changes.</p>
<p class="hint">This page will update automatically as the plan is implemented.</p>
<p>Runtime: PHP <code><?= htmlspecialchars($phpVersion) ?></code> — UTC <code><?= htmlspecialchars($now) ?></code></p>
<h1>Program Change Request System</h1>
<p>Welcome to the Program Change Request System. You can use this system to submit, track, and manage program change requests.</p>
<?php if (isset($_SESSION['user_id'])): ?>
<p>Logged in as <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong>.</p>
<a href="create_request.php" class="btn btn-primary">Create a new Request</a>
<a href="request_dashboard.php" class="btn btn-secondary">View Requests</a>
<a href="dashboard.php" class="btn btn-secondary">Dashboard</a>
<a href="logout.php" class="btn btn-secondary">Logout</a>
<?php else: ?>
<a href="login.php" class="btn btn-primary">Login</a>
<a href="register.php" class="btn btn-secondary">Register</a>
<?php endif; ?>
</div>
</main>
<footer>

75
login.php Normal file
View File

@ -0,0 +1,75 @@
<?php
session_start();
require_once 'db/config.php';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$error = 'Please fill in both fields.';
} else {
try {
$stmt = db()->prepare("SELECT users.*, roles.name as role_name FROM users JOIN roles ON users.role_id = roles.id WHERE users.username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role_name'];
header("Location: request_dashboard.php");
exit;
} else {
$error = 'Invalid username or password.';
}
} catch (PDOException $e) {
$error = "DB Error: " . $e->getMessage();
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {
background-color: #f7f9fc;
}
.container {
max-width: 400px;
margin-top: 100px;
background-color: #fff;
padding: 40px;
border-radius: 10px;
box-shadow: 0 4px 20px rgba(0,0,0,0.1);
}
</style>
</head>
<body>
<div class="container">
<h2 class="text-center mb-4">Login</h2>
<?php if ($error): ?>
<div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<form method="POST">
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<button type="submit" class="btn btn-primary w-100">Login</button>
</form>
</div>
</body>
</html>

6
logout.php Normal file
View File

@ -0,0 +1,6 @@
<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php");
exit;

150
request_dashboard.php Normal file
View File

@ -0,0 +1,150 @@
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require_once 'db/config.php';
try {
$pdo = db();
// Default status filter
$status_filter = $_GET['status'] ?? null;
$sql = 'SELECT id, request_number, request_title, status, requester_name, issued_date, department_name, approval_level_pending FROM ChangeRequests';
$params = [];
// Role-based filtering for default view
if (isset($_SESSION['role']) && $_SESSION['role'] === 'Admin' && empty($status_filter)) {
$status_filter = 'Pending Approval';
}
if ($status_filter && $status_filter !== 'All') {
$sql .= ' WHERE status = :status';
$params[':status'] = $status_filter;
}
$sql .= ' ORDER BY issued_date DESC';
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$requests = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
function getStatusColor($status) {
switch ($status) {
case 'Draft':
return 'grey';
case 'Pending Approval':
return 'orange';
case 'Approved':
return 'green';
case 'Rejected':
return 'red';
case 'In Progress':
return 'blue';
case 'Completed':
return 'purple';
default:
return 'black';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Change Requests Dashboard</title>
<style>
body { font-family: Inter, system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #F7F9FC; color: #333; margin: 0; padding: 20px; }
.container { max-width: 1200px; margin: 0 auto; background-color: #FFFFFF; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); padding: 20px; }
h1 { color: #4A90E2; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; }
th, td { padding: 12px; border-bottom: 1px solid #ddd; text-align: left; vertical-align: middle; }
th { background-color: #f2f2f2; }
.status { padding: 5px 10px; border-radius: 15px; color: white; font-weight: bold; }
.actions form { display: inline-block; margin-right: 5px; }
.actions button {
padding: 6px 12px;
border: none;
border-radius: 4px;
cursor: pointer;
color: white;
font-weight: bold;
}
.actions button[value="approve"] { background-color: #50E3C2; }
.actions button[value="reject"] { background-color: #E35050; }
</style>
</head>
<body>
<div class="container">
<div style="text-align: right; margin-bottom: 20px;">
Logged in as <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong> | <a href="logout.php">Logout</a>
</div>
<h1>Program Change Requests Dashboard</h1>
<div class="filters" style="margin-bottom: 20px;">
<strong>Filter by status:</strong>
<a href="request_dashboard.php?status=All">All</a> |
<a href="request_dashboard.php?status=Pending Approval">Pending Approval</a> |
<a href="request_dashboard.php?status=Approved">Approved</a> |
<a href="request_dashboard.php?status=Rejected">Rejected</a>
</div>
<table>
<thead>
<tr>
<th>Request No.</th>
<th>Title</th>
<th>Requester</th>
<th>Department</th>
<th>Issued Date</th>
<th>Status</th>
<th>Pending Approval From</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php if (empty($requests)): ?>
<tr>
<td colspan="8" style="text-align:center;">No change requests found.</td>
</tr>
<?php else: ?>
<?php foreach ($requests as $request): ?>
<tr>
<td><?php echo htmlspecialchars($request['request_number'] ?? 'N/A'); ?></td>
<td><a href="view_request.php?id=<?php echo $request['id']; ?>"><?php echo htmlspecialchars($request['request_title']); ?></a></td>
<td><?php echo htmlspecialchars($request['requester_name']); ?></td>
<td><?php echo htmlspecialchars($request['department_name']); ?></td>
<td><?php echo htmlspecialchars($request['issued_date']); ?></td>
<td>
<span class="status" style="background-color: <?php echo getStatusColor($request['status']); ?>;">
<?php echo htmlspecialchars(str_replace('_', ' ', $request['status'])); ?>
</span>
</td>
<td><?php echo htmlspecialchars($request['approval_level_pending']); ?></td>
<td class="actions">
<?php
if ($request['status'] === 'Pending Approval' &&
isset($_SESSION['role']) && $_SESSION['role'] === $request['approval_level_pending'] &&
isset($_SESSION['department']) && $_SESSION['department'] === $request['department_name']):
?>
<form action="approve_request.php" method="POST">
<input type="hidden" name="request_id" value="<?php echo $request['id']; ?>">
<button type="submit" name="action" value="approve">Approve</button>
<button type="submit" name="action" value="reject">Reject</button>
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
<br>
<a href="dashboard.php">Menu</a>
</div>
</body>
</html>

33
update_status.php Normal file
View File

@ -0,0 +1,33 @@
<?php
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$requestId = $_POST['request_id'] ?? null;
$action = $_POST['action'] ?? null;
if ($requestId && $action) {
$newStatus = null;
if ($action === 'approve') {
$newStatus = 'System_Reception';
} elseif ($action === 'reject') {
$newStatus = 'Rejected';
}
if ($newStatus) {
try {
$pdo = db();
$stmt = $pdo->prepare('UPDATE ChangeRequests SET status = :status WHERE id = :id AND status = :current_status');
$stmt->execute([
':status' => $newStatus,
':id' => $requestId,
':current_status' => 'Dept_Approval_Pending'
]);
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
}
}
}
header('Location: request_dashboard.php');
exit;

262
user_management.php Normal file
View File

@ -0,0 +1,262 @@
<?php
session_start();
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'Admin') {
header('Location: login.php');
exit;
}
require_once 'db/config.php';
try {
$pdo = db();
// Fetch users
$stmt = $pdo->query('SELECT u.id, u.username, u.email, u.created_at, r.name as role_name, d.name as department_name, dv.name as division_name FROM users u LEFT JOIN roles r ON u.role_id = r.id LEFT JOIN departments d ON r.department_id = d.id LEFT JOIN divisions dv ON d.division_id = dv.id ORDER BY u.created_at DESC');
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Fetch divisions
$div_stmt = $pdo->query('SELECT id, name FROM divisions ORDER BY name');
$divisions = $div_stmt->fetchAll(PDO::FETCH_ASSOC);
// Fetch departments
$dept_stmt = $pdo->query('SELECT d.id, d.name, v.name as division_name FROM departments d JOIN divisions v ON d.division_id = v.id ORDER BY v.name, d.name');
$departments = $dept_stmt->fetchAll(PDO::FETCH_ASSOC);
// Fetch roles
$role_stmt = $pdo->query('SELECT r.id, r.name, d.name as department_name FROM roles r JOIN departments d ON r.department_id = d.id ORDER BY d.name, r.name');
$roles = $role_stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
echo "<div class='alert alert-danger'>Database error: " . $e->getMessage() . "</div>";
$users = [];
$divisions = [];
$departments = [];
$roles = [];
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Management</title>
<style>
body { font-family: Inter, system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #F7F9FC; color: #333; margin: 0; padding: 20px; }
.container { max-width: 1200px; margin: 0 auto; background-color: #FFFFFF; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); padding: 20px; }
h1, h3 { color: #4A90E2; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; }
th, td { padding: 12px; border-bottom: 1px solid #ddd; text-align: left; }
th { background-color: #f2f2f2; }
.alert { padding: 15px; margin-bottom: 20px; border-radius: 4px; }
.alert-danger { background-color: #f8d7da; color: #721c24; border: 1px solid #f5c6cb; }
.alert-success { background-color: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
.form-label { display: block; margin-bottom: 5px; font-weight: bold; }
.form-control, .form-select { width: 100%; padding: 8px; margin-bottom: 10px; border-radius: 4px; border: 1px solid #ccc; }
.btn { padding: 10px 15px; border: none; border-radius: 4px; cursor: pointer; color: white; }
.btn-primary { background-color: #4A90E2; }
.mt-5 { margin-top: 3rem !important; }
</style>
</head>
<body>
<div class="container">
<div style="text-align: right; margin-bottom: 20px;">
Logged in as <strong><?php echo htmlspecialchars($_SESSION['username']); ?></strong> | <a href="logout.php">Logout</a>
</div>
<h1>User Management</h1>
<!-- All Users -->
<h3>All Users</h3>
<table>
<thead>
<tr>
<th>ID</th>
<th>Username</th>
<th>Email</th>
<th>Division</th>
<th>Department</th>
<th>Role</th>
<th>Registered At</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td><?php echo htmlspecialchars($user['username']); ?></td>
<td><?php echo htmlspecialchars($user['email']); ?></td>
<td><?php echo htmlspecialchars($user['division_name'] ?? 'N/A'); ?></td>
<td><?php echo htmlspecialchars($user['department_name'] ?? 'N/A'); ?></td>
<td><?php echo htmlspecialchars($user['role_name'] ?? 'N/A'); ?></td>
<td><?php echo htmlspecialchars($user['created_at']); ?></td>
<td><a href="edit_user.php?id=<?php echo $user['id']; ?>" class="btn btn-sm btn-primary">Edit</a></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<!-- Divisions -->
<h3 class="mt-5">Manage Divisions</h3>
<table>
<thead><tr><th>ID</th><th>Division Name</th><th>Actions</th></tr></thead>
<tbody>
<?php foreach ($divisions as $division): ?>
<tr>
<td><?php echo htmlspecialchars($division['id']); ?></td>
<td><?php echo htmlspecialchars($division['name']); ?></td>
<td>
<a href="edit_division.php?id=<?php echo $division['id']; ?>">Edit</a> |
<a href="delete_division.php?id=<?php echo $division['id']; ?>" onclick="return confirm('Are you sure?')">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<form action="create_division.php" method="POST" style="max-width: 500px; margin-top:1rem;">
<input type="text" name="division_name" placeholder="New Division Name" required class="form-control">
<button type="submit" class="btn btn-primary">Add Division</button>
</form>
<!-- Departments -->
<h3 class="mt-5">Manage Departments</h3>
<table>
<thead><tr><th>ID</th><th>Department Name</th><th>Division</th><th>Actions</th></tr></thead>
<tbody>
<?php foreach ($departments as $department): ?>
<tr>
<td><?php echo htmlspecialchars($department['id']); ?></td>
<td><?php echo htmlspecialchars($department['name']); ?></td>
<td><?php echo htmlspecialchars($department['division_name']); ?></td>
<td>
<a href="edit_department.php?id=<?php echo $department['id']; ?>">Edit</a> |
<a href="delete_department.php?id=<?php echo $department['id']; ?>" onclick="return confirm('Are you sure?')">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<form action="create_department.php" method="POST" style="max-width: 500px; margin-top:1rem;">
<select name="division_id" required class="form-select">
<option value="">Select Division</option>
<?php foreach ($divisions as $division): ?>
<option value="<?php echo $division['id']; ?>"><?php echo htmlspecialchars($division['name']); ?></option>
<?php endforeach; ?>
</select>
<input type="text" name="department_name" placeholder="New Department Name" required class="form-control">
<button type="submit" class="btn btn-primary">Add Department</button>
</form>
<!-- Roles -->
<h3 class="mt-5">Manage Roles</h3>
<table>
<thead><tr><th>ID</th><th>Role Name</th><th>Department</th><th>Actions</th></tr></thead>
<tbody>
<?php foreach ($roles as $role): ?>
<tr>
<td><?php echo htmlspecialchars($role['id']); ?></td>
<td><?php echo htmlspecialchars($role['name']); ?></td>
<td><?php echo htmlspecialchars($role['department_name']); ?></td>
<td>
<a href="edit_role.php?id=<?php echo $role['id']; ?>">Edit</a> |
<a href="delete_role.php?id=<?php echo $role['id']; ?>" onclick="return confirm('Are you sure?')">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<form action="create_role.php" method="POST" style="max-width: 500px; margin-top:1rem;">
<select name="department_id" required class="form-select">
<option value="">Select Department</option>
<?php foreach ($departments as $department): ?>
<option value="<?php echo $department['id']; ?>"><?php echo htmlspecialchars($department['name']); ?> (<?php echo htmlspecialchars($department['division_name']); ?>)</option>
<?php endforeach; ?>
</select>
<input type="text" name="role_name" placeholder="New Role Name" required class="form-control">
<button type="submit" class="btn btn-primary">Add Role</button>
</form>
<!-- Create New User -->
<h3 class="mt-5">Create New User</h3>
<form action="create_user.php" method="POST" style="max-width: 500px;">
<div class="mb-3">
<label for="new_username" class="form-label">Username</label>
<input type="text" class="form-control" id="new_username" name="username" required>
</div>
<div class="mb-3">
<label for="new_email" class="form-label">Email</label>
<input type="email" class="form-control" id="new_email" name="email" required>
</div>
<div class="mb-3">
<label for="new_password" class="form-label">Password</label>
<input type="password" class="form-control" id="new_password" name="password" required>
</div>
<div class="mb-3">
<label for="division_id" class="form-label">Division</label>
<select name="division_id" id="division_id" required class="form-select">
<option value="">Select Division</option>
<?php foreach ($divisions as $division): ?>
<option value="<?php echo $division['id']; ?>"><?php echo htmlspecialchars($division['name']); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="mb-3">
<label for="department_id" class="form-label">Department</label>
<select name="department_id" id="department_id" required class="form-select">
<option value="">Select Department</option>
</select>
</div>
<div class="mb-3">
<label for="role_id" class="form-label">Role</label>
<select name="role_id" id="role_id" required class="form-select">
<option value="">Select Role</option>
</select>
</div>
<button type="submit" class="btn btn-primary">Create User</button>
</form>
<script>
document.getElementById('division_id').addEventListener('change', function() {
var divisionId = this.value;
var departmentSelect = document.getElementById('department_id');
var roleSelect = document.getElementById('role_id');
departmentSelect.innerHTML = '<option value="">Select Department</option>';
roleSelect.innerHTML = '<option value="">Select Role</option>';
if (divisionId) {
fetch('api.php?action=get_departments&division_id=' + divisionId)
.then(response => response.json())
.then(data => {
data.forEach(function(department) {
var option = document.createElement('option');
option.value = department.id;
option.textContent = department.name;
departmentSelect.appendChild(option);
});
});
}
});
document.getElementById('department_id').addEventListener('change', function() {
var departmentId = this.value;
var roleSelect = document.getElementById('role_id');
roleSelect.innerHTML = '<option value="">Select Role</option>';
if (departmentId) {
fetch('api.php?action=get_roles&department_id=' + departmentId)
.then(response => response.json())
.then(data => {
data.forEach(function(role) {
var option = document.createElement('option');
option.value = role.id;
option.textContent = role.name;
roleSelect.appendChild(option);
});
});
}
});
</script>
<br>
<a href="dashboard.php">Menu</a>
</div>
</body>
</html>

167
view_request.php Normal file
View File

@ -0,0 +1,167 @@
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require_once 'db/config.php';
if (!isset($_GET['id']) || empty($_GET['id'])) {
header('Location: request_dashboard.php');
exit;
}
$request_id = $_GET['id'];
try {
$pdo = db();
$stmt = $pdo->prepare('SELECT * FROM ChangeRequests WHERE id = ?');
$stmt->execute([$request_id]);
$request = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$request) {
die('Request not found.');
}
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
function getStatusColor($status) {
switch ($status) {
case 'Draft': return 'grey';
case 'Pending Approval': return 'orange';
case 'Approved': return 'green';
case 'Rejected': return 'red';
case 'In Progress': return 'blue';
case 'Completed': return 'purple';
default: return 'black';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>View Change Request</title>
<style>
body { font-family: Inter, system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; background-color: #F7F9FC; color: #333; margin: 0; padding: 20px; }
.container { max-width: 800px; margin: 0 auto; background-color: #FFFFFF; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); padding: 20px; }
h1 { color: #4A90E2; }
.request-details { margin-top: 20px; }
.request-details p { margin: 10px 0; }
.request-details strong { display: inline-block; width: 150px; }
.status { padding: 5px 10px; border-radius: 15px; color: white; font-weight: bold; }
.actions { margin-top: 30px; }
.actions form { display: inline-block; margin-right: 5px; }
.actions button {
padding: 10px 20px;
border: none;
border-radius: 4px;
cursor: pointer;
color: white;
font-weight: bold;
}
.actions button[value="approve"] { background-color: #50E3C2; }
.actions button[value="reject"] { background-color: #E35050; }
.rejection-reason { margin-top: 15px; }
.rejection-reason textarea { width: 100%; padding: 10px; border-radius: 4px; border: 1px solid #ddd; }
</style>
</head>
<body>
<div class="container">
<h1>Request Details</h1>
<div class="request-details">
<p><strong>Request No.:</strong> <?php echo htmlspecialchars($request['request_number'] ?? 'N/A'); ?></p>
<p><strong>Title:</strong> <?php echo htmlspecialchars($request['request_title']); ?></p>
<p><strong>Background & Purpose:</strong></p>
<div style="padding: 10px; border: 1px solid #eee; border-radius: 5px; background: #fafafa;">
<?php echo nl2br(htmlspecialchars($request['background_purpose'])); ?>
</div>
<p><strong>Implementation Details:</strong></p>
<div style="padding: 10px; border: 1px solid #eee; border-radius: 5px; background: #fafafa;">
<?php echo nl2br(htmlspecialchars($request['implementation_details'])); ?>
</div>
<p><strong>Requester:</strong> <?php echo htmlspecialchars($request['requester_name']); ?></p>
<p><strong>Department:</strong> <?php echo htmlspecialchars($request['department_name']); ?></p>
<p><strong>Issued Date:</strong> <?php echo htmlspecialchars($request['issued_date']); ?></p>
<p><strong>Status:</strong>
<span class="status" style="background-color: <?php echo getStatusColor($request['status']); ?>;">
<?php echo htmlspecialchars(str_replace('_', ' ', $request['status'])); ?>
</span>
</p>
<p><strong>Pending Approval:</strong> <?php echo htmlspecialchars($request['approval_level_pending']); ?></p>
<?php if ($request['status'] === 'Rejected' && !empty($request['rejection_reason'])): ?>
<p><strong>Rejection Reason:</strong> <?php echo htmlspecialchars($request['rejection_reason']); ?></p>
<?php endif; ?>
</div>
<div class="actions">
<?php
$is_authorized = false;
if (isset($_SESSION['role'])) {
$user_role = $_SESSION['role'];
$user_department = $_SESSION['department'] ?? null;
$request_status = $request['status'];
$pending_level = $request['approval_level_pending'];
$request_department = $request['department_name'];
if ($request_status === 'Pending Approval' && $user_role === $pending_level) {
if ($user_role === 'Admin' || $user_department === $request_department) {
$is_authorized = true;
}
}
}
if ($is_authorized): ?>
<form action="approve_request.php" method="POST" id="approvalForm">
<input type="hidden" name="request_id" value="<?php echo $request['id']; ?>">
<button type="submit" name="action" value="approve">Approve</button>
<button type="button" id="rejectBtn" name="action" value="reject">Reject</button>
<div class="rejection-reason" id="rejectionReasonContainer" style="display:none;">
<label for="rejection_reason"><strong>Reason for Rejection:</strong></label>
<textarea id="rejection_reason" name="rejection_reason" rows="4"></textarea>
<button type="submit" id="submitRejectionBtn">Submit Rejection</button>
</div>
</form>
<?php endif; ?>
</div>
<br>
<a href="request_dashboard.php">Back to Dashboard</a>
</div>
<script>
const rejectBtn = document.getElementById('rejectBtn');
const rejectionReasonContainer = document.getElementById('rejectionReasonContainer');
const approvalForm = document.getElementById('approvalForm');
const submitRejectionBtn = document.getElementById('submitRejectionBtn');
const rejectionReasonTextarea = document.getElementById('rejection_reason');
if (rejectBtn) {
rejectBtn.addEventListener('click', () => {
rejectionReasonContainer.style.display = rejectionReasonContainer.style.display === 'none' ? 'block' : 'none';
});
}
if (submitRejectionBtn) {
submitRejectionBtn.addEventListener('click', (e) => {
e.preventDefault();
if (rejectionReasonTextarea.value.trim() === '') {
alert('Rejection reason is required.');
return;
}
const actionInput = document.createElement('input');
actionInput.setAttribute('type', 'hidden');
actionInput.setAttribute('name', 'action');
actionInput.setAttribute('value', 'reject');
approvalForm.appendChild(actionInput);
approvalForm.submit();
});
}
</script>
</body>
</html>