admin/37684-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LPA-Health-V1.3

Browse Source
This commit is contained in:
Flatlogic Bot 2026-03-01 00:35:05 +00:00
parent 8b1250d5af
commit 6d7a771341
7 changed files with 184 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
admin_dashboard.php
View File

@ -149,7 +149,7 @@ try {
<tbody> <tbody>
<?php if (count($lpas) > 0): ?> <?php if (count($lpas) > 0): ?>
<?php foreach ($lpas as $lpa): ?> <?php foreach ($lpas as $lpa): ?>
<tr> <tr id="lpa-row-<?php echo $lpa['id']; ?>">
<td class="ps-4"> <td class="ps-4">
<div class="fw-bold mb-0"><?php echo htmlspecialchars($lpa['lpa_type']); ?></div> <div class="fw-bold mb-0"><?php echo htmlspecialchars($lpa['lpa_type']); ?></div>
<div class="text-muted small">ID: #<?php echo $lpa['id']; ?></div> <div class="text-muted small">ID: #<?php echo $lpa['id']; ?></div>
@ -169,7 +169,8 @@ try {
<span class="badge rounded-pill bg-info-subtle text-info"><?php echo ucfirst($lpa['status']); ?></span> <span class="badge rounded-pill bg-info-subtle text-info"><?php echo ucfirst($lpa['status']); ?></span>
</td> </td>
<td class="text-end pe-4"> <td class="text-end pe-4">
<a href="api/generate_pdf.php?id=<?php echo $lpa['id']; ?>" class="btn btn-sm btn-outline-primary px-3 rounded-pill">PDF</a> <a href="api/generate_pdf.php?id=<?php echo $lpa['id']; ?>" class="btn btn-sm btn-outline-primary px-3 rounded-pill me-2">PDF</a>
<button onclick="deleteLPA(<?php echo $lpa['id']; ?>)" class="btn btn-sm btn-outline-danger px-3 rounded-pill">Delete</button>
</td> </td>
</tr> </tr>
<?php endforeach; ?> <?php endforeach; ?>
@ -185,5 +186,35 @@ try {
</div> </div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<script>
function deleteLPA(id) {
if (confirm('Are you sure you want to delete this LPA application? This action cannot be undone.')) {
fetch('api/delete_lpa.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'id=' + id
})
.then(response => response.json())
.then(data => {
if (data.success) {
const row = document.getElementById('lpa-row-' + id);
if (row) {
row.remove();
// Update count display if needed or refresh
location.reload();
}
} else {
alert('Error: ' + data.error);
}
})
.catch(error => {
console.error('Error:', error);
alert('An error occurred while trying to delete the application.');
});
}
}
</script>
</body> </body>
</html> </html>

59
api/delete_lpa.php Normal file
View File

@ -0,0 +1,59 @@
<?php
header('Content-Type: application/json');
session_start();
// 1. Verify Authentication and Authorization
if (!isset($_SESSION["user_id"]) || ($_SESSION["user_role"] ?? '') !== 'Super User') {
echo json_encode(['success' => false, 'error' => 'Unauthorized access.']);
exit;
}
require_once __DIR__ . '/../db/config.php';
// 2. Validate Input
$lpa_id = isset($_POST['id']) ? (int)$_POST['id'] : null;
if (!$lpa_id) {
echo json_encode(['success' => false, 'error' => 'Application ID is missing.']);
exit;
}
try {
$pdo = db();
// 3. Start Transaction
$pdo->beginTransaction();
// 4. Delete related records
// Delete Attorneys
$stmtAttorneys = $pdo->prepare("DELETE FROM lpa_attorneys WHERE lpa_id = ?");
$stmtAttorneys->execute([$lpa_id]);
// Delete Notified Persons
$stmtNotified = $pdo->prepare("DELETE FROM lpa_notified_persons WHERE application_id = ?");
$stmtNotified->execute([$lpa_id]);
// 5. Delete the application itself
$stmtLpa = $pdo->prepare("DELETE FROM lpa_applications WHERE id = ?");
$stmtLpa->execute([$lpa_id]);
if ($stmtLpa->rowCount() === 0) {
$pdo->rollBack();
echo json_encode(['success' => false, 'error' => 'Application not found or already deleted.']);
exit;
}
// 6. Commit Transaction
$pdo->commit();
echo json_encode(['success' => true, 'message' => 'LPA application and all related data deleted successfully.']);
} catch (PDOException $e) {
// Rollback on error
if (isset($pdo)) {
$pdo->rollBack();
}
error_log("Delete LPA Error: " . $e->getMessage());
echo json_encode(['success' => false, 'error' => 'A database error occurred.']);
}

11
api/generate_pdf.php
View File

@ -1,7 +1,13 @@
<?php <?php
session_start();
require_once __DIR__ . '/../db/config.php'; require_once __DIR__ . '/../db/config.php';
require_once __DIR__ . '/../fpdf/fpdf.php'; require_once __DIR__ . '/../fpdf/fpdf.php';
if (!isset($_SESSION["user_id"])) {
die('Authentication required.');
}
$user_id = $_SESSION["user_id"];
$lpa_id = isset($_GET['id']) ? (int)$_GET['id'] : null; $lpa_id = isset($_GET['id']) ? (int)$_GET['id'] : null;
if (!$lpa_id) { if (!$lpa_id) {
@ -17,6 +23,11 @@ if (!$lpa_data) {
die('LPA not found.'); die('LPA not found.');
} }
// Authorization check
if ($lpa_data['user_id'] != $user_id && ($_SESSION['user_role'] ?? '') !== 'Super User') {
die('Unauthorized access.');
}
// Fetch attorneys // Fetch attorneys
$stmt = db()->prepare("SELECT * FROM lpa_attorneys WHERE lpa_id = ? AND type = 'primary' ORDER BY id ASC"); $stmt = db()->prepare("SELECT * FROM lpa_attorneys WHERE lpa_id = ? AND type = 'primary' ORDER BY id ASC");
$stmt->execute([$lpa_id]); $stmt->execute([$lpa_id]);

63
api/save_lpa.php
View File

@ -1,6 +1,14 @@
<?php <?php
header('Content-Type: application/json'); header('Content-Type: application/json');
require_once __DIR__ . '/../db/config.php'; require_once __DIR__ . '/../db/config.php';
session_start();
if (!isset($_SESSION["user_id"])) {
echo json_encode(['success' => false, 'error' => 'Authentication required.']);
exit;
}
$user_id = $_SESSION["user_id"];
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check for specific actions first // Check for specific actions first
@ -15,6 +23,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
try { try {
// Verify ownership
$check = db()->prepare("SELECT id FROM lpa_applications WHERE id = ? AND user_id = ?");
$check->execute([$lpa_id, $user_id]);
if (!$check->fetch()) {
echo json_encode(['success' => false, 'error' => 'Unauthorized.']);
exit;
}
$stmt = db()->prepare("DELETE FROM lpa_attorneys WHERE id = ? AND lpa_id = ?"); $stmt = db()->prepare("DELETE FROM lpa_attorneys WHERE id = ? AND lpa_id = ?");
$stmt->execute([$attorney_id, $lpa_id]); $stmt->execute([$attorney_id, $lpa_id]);
echo json_encode(['success' => true, 'message' => 'Attorney removed.']); echo json_encode(['success' => true, 'message' => 'Attorney removed.']);
@ -32,6 +48,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
try { try {
// Verify ownership
$check = db()->prepare("SELECT id FROM lpa_applications WHERE id = ? AND user_id = ?");
$check->execute([$lpa_id, $user_id]);
if (!$check->fetch()) {
echo json_encode(['success' => false, 'error' => 'Unauthorized.']);
exit;
}
$stmt = db()->prepare("DELETE FROM lpa_notified_persons WHERE id = ? AND application_id = ?"); $stmt = db()->prepare("DELETE FROM lpa_notified_persons WHERE id = ? AND application_id = ?");
$stmt->execute([$person_id, $lpa_id]); $stmt->execute([$person_id, $lpa_id]);
echo json_encode(['success' => true, 'message' => 'Person removed.']); echo json_encode(['success' => true, 'message' => 'Person removed.']);
@ -45,10 +69,25 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$step = isset($_POST['step']) ? (int)$_POST['step'] : 1; $step = isset($_POST['step']) ? (int)$_POST['step'] : 1;
$lpa_id = isset($_POST['lpa_id']) ? (int)$_POST['lpa_id'] : null; $lpa_id = isset($_POST['lpa_id']) ? (int)$_POST['lpa_id'] : null;
// Verify ownership if lpa_id is provided
if ($lpa_id) {
try {
$check = db()->prepare("SELECT id FROM lpa_applications WHERE id = ? AND user_id = ?");
$check->execute([$lpa_id, $user_id]);
if (!$check->fetch()) {
echo json_encode(['success' => false, 'error' => 'Unauthorized access to this application.']);
exit;
}
} catch (PDOException $e) {
echo json_encode(['success' => false, 'error' => 'Database error.']);
exit;
}
}
try { try {
if ($step === 1) { if ($step === 1) {
$lpa_type = $_POST['lpa_type'] ?? ''; $lpa_type = $_POST['lpa_type'] ?? '';
$donor_name = $_POST['donor_name'] ?? ''; $donor_name = trim($_POST['donor_name'] ?? '');
$other_names = $_POST['other_names'] ?? ''; $other_names = $_POST['other_names'] ?? '';
$donor_dob = $_POST['donor_dob'] ?? ''; $donor_dob = $_POST['donor_dob'] ?? '';
$customer_email = $_POST['customer_email'] ?? ''; $customer_email = $_POST['customer_email'] ?? '';
@ -62,15 +101,29 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit; exit;
} }
// Check for existing LPA of the same type for the same donor (name and DOB)
$checkSql = "SELECT id FROM lpa_applications WHERE user_id = ? AND lpa_type = ? AND donor_name = ? AND donor_dob = ?";
$checkParams = [$user_id, $lpa_type, $donor_name, $donor_dob];
if ($lpa_id) {
$checkSql .= " AND id != ?";
$checkParams[] = $lpa_id;
}
$checkStmt = db()->prepare($checkSql);
$checkStmt->execute($checkParams);
if ($checkStmt->fetch()) {
echo json_encode(['success' => false, 'error' => "A '$lpa_type' LPA already exists for donor '$donor_name' (born $donor_dob). Each donor may only have one of each type."]);
exit;
}
if ($lpa_id) { if ($lpa_id) {
// Update existing // Update existing
$stmt = db()->prepare("UPDATE lpa_applications SET lpa_type = ?, donor_name = ?, other_names = ?, donor_dob = ?, customer_email = ?, donor_address_line1 = ?, donor_address_line2 = ?, donor_town = ?, donor_postcode = ?, step_reached = GREATEST(step_reached, 1) WHERE id = ?"); $stmt = db()->prepare("UPDATE lpa_applications SET lpa_type = ?, donor_name = ?, other_names = ?, donor_dob = ?, customer_email = ?, donor_address_line1 = ?, donor_address_line2 = ?, donor_town = ?, donor_postcode = ?, step_reached = GREATEST(step_reached, 1), user_id = ? WHERE id = ?");
$stmt->execute([$lpa_type, $donor_name, $other_names, $donor_dob, $customer_email, $address1, $address2, $town, $postcode, $lpa_id]); $stmt->execute([$lpa_type, $donor_name, $other_names, $donor_dob, $customer_email, $address1, $address2, $town, $postcode, $user_id, $lpa_id]);
$id = $lpa_id; $id = $lpa_id;
} else { } else {
// Create new // Create new
$stmt = db()->prepare("INSERT INTO lpa_applications (practice_id, lpa_type, donor_name, other_names, donor_dob, customer_email, donor_address_line1, donor_address_line2, donor_town, donor_postcode, step_reached) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt = db()->prepare("INSERT INTO lpa_applications (practice_id, user_id, lpa_type, donor_name, other_names, donor_dob, customer_email, donor_address_line1, donor_address_line2, donor_town, donor_postcode, step_reached) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([1, $lpa_type, $donor_name, $other_names, $donor_dob, $customer_email, $address1, $address2, $town, $postcode, 1]); $stmt->execute([1, $user_id, $lpa_type, $donor_name, $other_names, $donor_dob, $customer_email, $address1, $address2, $town, $postcode, 1]);
$id = db()->lastInsertId(); $id = db()->lastInsertId();
} }

15
apply.php
View File

@ -4,9 +4,9 @@ if (!isset($_SESSION["user_id"])) {
header("Location: login.php"); header("Location: login.php");
exit; exit;
} }
?>
<?php
require_once 'db/config.php'; require_once 'db/config.php';
$user_id = $_SESSION["user_id"];
$project_name = $_SERVER['PROJECT_NAME'] ?? 'LPA Online'; $project_name = $_SERVER['PROJECT_NAME'] ?? 'LPA Online';
$step = isset($_GET['step']) ? (int)$_GET['step'] : 1; $step = isset($_GET['step']) ? (int)$_GET['step'] : 1;
@ -17,6 +17,17 @@ if ($lpa_id) {
$stmt = db()->prepare("SELECT * FROM lpa_applications WHERE id = ?"); $stmt = db()->prepare("SELECT * FROM lpa_applications WHERE id = ?");
$stmt->execute([$lpa_id]); $stmt->execute([$lpa_id]);
$lpa_data = $stmt->fetch(); $lpa_data = $stmt->fetch();
if (!$lpa_data) {
header("Location: dashboard.php");
exit;
}
// Authorization check
if ($lpa_data['user_id'] != $user_id && ($_SESSION['user_role'] ?? '') !== 'Super User') {
header("Location: dashboard.php");
exit;
}
} }
// Redirect to step 1 if no ID but step > 1 // Redirect to step 1 if no ID but step > 1

5
dashboard.php
View File

@ -6,11 +6,12 @@ if (!isset($_SESSION["user_id"])) {
} }
require_once 'db/config.php'; require_once 'db/config.php';
$project_name = $_SERVER['PROJECT_NAME'] ?? 'LPA Online'; $project_name = $_SERVER['PROJECT_NAME'] ?? 'LPA Online';
$user_id = $_SESSION["user_id"];
$lpas = []; $lpas = [];
try { try {
$stmt = db()->prepare("SELECT * FROM lpa_applications ORDER BY created_at DESC"); $stmt = db()->prepare("SELECT * FROM lpa_applications WHERE user_id = ? ORDER BY created_at DESC");
$stmt->execute(); $stmt->execute([$user_id]);
$lpas = $stmt->fetchAll(); $lpas = $stmt->fetchAll();
} catch (PDOException $e) { } catch (PDOException $e) {
error_log($e->getMessage()); error_log($e->getMessage());

3
db/migrations/05_add_user_id_to_lpa_applications.sql Normal file
View File

@ -0,0 +1,3 @@
-- Add user_id to lpa_applications
ALTER TABLE lpa_applications ADD COLUMN user_id INT(11) AFTER practice_id;
ALTER TABLE lpa_applications ADD CONSTRAINT fk_user_id FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL;