File: /srv/www/rectt-csmcri.res.in/admin_html/manage_posts.php
<?php
// --- Database Configuration ---
session_start();
include_once dirname(__DIR__) . '/public_html/sites/config/config.php';
if (!isset($_SESSION['admin_logged_in']) || !in_array($_SESSION['admin_role'], ['superadmin', 'manager'])) {
header("Location: admin_dashboard.php");
exit;
}
// 1) basic session checks
if (
empty($_SESSION['admin_id']) || empty($_SESSION['session_token'])
) {
header("Location: admin_login.php");
exit;
}
// 2) pull the token (and role) from the database
$stmt = $conn->prepare("SELECT session_token FROM admin_users WHERE id = ?");
$stmt->bind_param("i", $_SESSION['admin_id']);
$stmt->execute();
$result = $stmt->get_result()->fetch_assoc();
$stmt->close();
// 3) if the DB token is gone or doesn’t match the session’s, force logout
if (
! $result || $result['session_token'] !== $_SESSION['session_token']
) {
session_unset();
session_destroy();
header("Location: admin_login.php?error=" . urlencode("Your session has expired."));
exit;
}
// --- Helper Functions ---
function sanitize_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// Define category options
$category_options = [
"EWS" => "EWS",
"General" => "General",
"OBC (Non Creamy Layer)" => "OBC (Non Creamy Layer)",
"SC" => "SC",
"ST" => "ST"
];
// Define type options
$type_options = [
"technical" => "Technical",
"non-technical" => "Non-technical",
"scientist" => "Scientist"
];
// Initialize variables
$post_title = "";
$category = "";
$advertisement_id = "";
$age_limit = "";
$post_code = "";
$qualification_required = "";
$type = "";
$level_in_pay_matrix = "";
$edit_id = null;
$message = "";
$error_message = "";
$advertisements = [];
$filter_advertisement_id = isset($_GET['filter_advertisement_id']) ? sanitize_input($_GET['filter_advertisement_id']) : 'all';
// Fetch advertisements for the dropdowns
$sql_advertisements = "SELECT id, title FROM Advertisement ORDER BY title ASC";
$result_advertisements = $conn->query($sql_advertisements);
if ($result_advertisements->num_rows > 0) {
while ($row = $result_advertisements->fetch_assoc()) {
$advertisements[$row['id']] = htmlspecialchars($row['title']);
}
}
$result_advertisements->free();
// --- Handle Actions ---
// ADD POST
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['add_post'])) {
$post_title = sanitize_input($_POST['post_title']);
$category = sanitize_input($_POST['category']);
$advertisement_id = sanitize_input($_POST['advertisement_id']);
$age_limit = intval(sanitize_input($_POST['age_limit']));
$post_code = sanitize_input($_POST['post_code']);
$qualification_required = sanitize_input($_POST['qualification_required']);
$type = sanitize_input($_POST['type']);
$level_in_pay_matrix = sanitize_input($_POST['level_in_pay_matrix']);
if (empty($post_title) || empty($category) || empty($advertisement_id) || empty($post_code) || empty($qualification_required) || empty($type) || empty($level_in_pay_matrix) || $age_limit === 0) {
$_SESSION['error_message'] = "All fields are required and Age Limit must be a valid number.";
} else {
$stmt = $conn->prepare("INSERT INTO posts (post_title, category, advertisement_id, age_limit, post_code, qualification_required, type, level_in_pay_matrix) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssiissss", $post_title, $category, $advertisement_id, $age_limit, $post_code, $qualification_required, $type, $level_in_pay_matrix);
if ($stmt->execute()) {
$_SESSION['message'] = "New post added successfully!";
// Clear fields after successful add
$post_title = "";
$category = "";
$advertisement_id = "";
$age_limit = "";
$post_code = "";
$qualification_required = "";
$type = "";
$level_in_pay_matrix = "";
} else {
$_SESSION['error_message'] = "Error adding post: " . $stmt->error;
}
$stmt->close();
}
header("Location: manage_posts.php");
exit();
}
// DELETE POST
if (isset($_GET['delete_id'])) {
$delete_id = intval($_GET['delete_id']);
$stmt = $conn->prepare("DELETE FROM posts WHERE id = ?");
$stmt->bind_param("i", $delete_id);
if ($stmt->execute()) {
$_SESSION['message'] = "Post deleted successfully!";
} else {
$_SESSION['error_message'] = "Error deleting post: " . $stmt->error;
}
$stmt->close();
header("Location: manage_posts.php");
exit();
}
// PREPARE FOR EDIT
if (isset($_GET['edit_id'])) {
$edit_id = intval($_GET['edit_id']);
$stmt = $conn->prepare("SELECT post_title, category, advertisement_id, age_limit, post_code, qualification_required, type, level_in_pay_matrix FROM posts WHERE id = ?");
$stmt->bind_param("i", $edit_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$post_title = $row['post_title'];
$category = $row['category'];
$advertisement_id = $row['advertisement_id'];
$age_limit = $row['age_limit'];
$post_code = $row['post_code'];
$qualification_required = $row['qualification_required'];
$type = $row['type'];
$level_in_pay_matrix = $row['level_in_pay_matrix'];
} else {
$_SESSION['error_message'] = "Post not found for editing.";
$edit_id = null;
}
$stmt->close();
}
// UPDATE POST
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['update_post'])) {
$update_id = intval($_POST['post_id']);
$post_title = sanitize_input($_POST['post_title']);
$category = sanitize_input($_POST['category']);
$advertisement_id = sanitize_input($_POST['advertisement_id']);
$age_limit = intval(sanitize_input($_POST['age_limit']));
$post_code = sanitize_input($_POST['post_code']);
$qualification_required = sanitize_input($_POST['qualification_required']);
$type = sanitize_input($_POST['type']);
$level_in_pay_matrix = sanitize_input($_POST['level_in_pay_matrix']);
if (empty($post_title) || empty($category) || empty($advertisement_id) || empty($post_code) || empty($qualification_required) || empty($type) || empty($level_in_pay_matrix) || $age_limit === 0) {
$_SESSION['error_message'] = "All fields are required for update and Age Limit must be a valid number.";
$edit_id = $update_id; // Keep edit form open if there's an error
} else {
$stmt = $conn->prepare("UPDATE posts SET post_title = ?, category = ?, advertisement_id = ?, age_limit = ?, post_code = ?, qualification_required = ?, type = ?, level_in_pay_matrix = ? WHERE id = ?");
$stmt->bind_param("ssiissssi", $post_title, $category, $advertisement_id, $age_limit, $post_code, $qualification_required, $type, $level_in_pay_matrix, $update_id);
if ($stmt->execute()) {
$_SESSION['message'] = "Post updated successfully!";
header("Location: manage_posts.php");
exit();
} else {
$_SESSION['error_message'] = "Error updating post: " . $stmt->error;
$edit_id = $update_id;
}
$stmt->close();
}
}
// Retrieve and clear messages from session
if (isset($_SESSION['message'])) {
$message = sanitize_input($_SESSION['message']);
unset($_SESSION['message']);
}
if (isset($_SESSION['error_message'])) {
$error_message = sanitize_input($_SESSION['error_message']);
unset($_SESSION['error_message']);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Post Management</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.3/font/bootstrap-icons.css" rel="stylesheet">
<style>
/* Custom minimalistic overrides */
body {
background-color: #fafafa;
color: #333;
}
.card {
border: none;
border-radius: 0.75rem;
}
.card-header {
background-color: #f8f9fa;
border-bottom: 1px solid #e5e5e5;
font-weight: 500;
}
.form-label {
font-size: 0.9rem;
font-weight: 500;
}
.btn i {
font-size: 1rem;
margin-right: 0.375rem;
}
.btn-primary {
background-color: #4e73df;
border-color: #4e73df;
}
.btn-primary:hover {
background-color: #3a5bbf;
border-color: #3a5bbf;
}
.btn-warning {
background-color: #f6c23e;
border-color: #f6c23e;
}
.btn-warning:hover {
background-color: #d4a02b;
border-color: #d4a02b;
}
.btn-danger {
background-color: #e74a3b;
border-color: #e74a3b;
}
.btn-danger:hover {
background-color: #c0392b;
border-color: #c0392b;
}
.btn-secondary {
background-color: #858796;
border-color: #858796;
}
.btn-secondary:hover {
background-color: #6d6e70;
border-color: #6d6e70;
}
.table thead th {
background-color: #4e73df;
color: #fff;
border: none;
}
.table-striped tbody tr:nth-of-type(odd) {
background-color: #f1f3f5;
}
.alert {
border-radius: 0.5rem;
}
.filter-form {
max-width: 400px;
}
</style>
</head>
<body>
<div class="container py-5">
<h1 class="mb-4 text-center">Post Management</h1>
<div class="d-flex justify-content-center mb-4 gap-2">
<a href="admin_dashboard.php" class="btn btn-secondary btn-sm">
Dashboard
</a>
<a href="admin_logout.php" class="btn btn-danger btn-sm">
Logout
</a>
</div>
<?php if (!empty($message)): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<?php echo $message; ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<?php if (!empty($error_message)): ?>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<?php echo $error_message; ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<div class="card shadow-sm mb-5">
<div class="card-header d-flex align-items-center">
<span class="fs-5 mb-0"><?php echo $edit_id ? 'Edit Post' : 'Add New Post'; ?></span>
</div>
<div class="card-body">
<form action="manage_posts.php<?php echo $edit_id ? '?edit_id=' . $edit_id : ''; ?>" method="POST">
<?php if ($edit_id): ?>
<input type="hidden" name="post_id" value="<?php echo $edit_id; ?>">
<?php endif; ?>
<div class="row g-3">
<div class="col-md-6">
<label for="post_title" class="form-label">Post Title</label>
<input type="text" class="form-control" id="post_title" name="post_title" value="<?php echo htmlspecialchars($post_title); ?>" required>
</div>
<div class="col-md-6">
<label for="advertisement_id" class="form-label">Advertisement</label>
<select class="form-select" id="advertisement_id" name="advertisement_id" required>
<option value="">Select Advertisement</option>
<?php foreach ($advertisements as $id => $title): ?>
<option value="<?php echo $id; ?>" <?php if ($id == $advertisement_id) echo 'selected'; ?>><?php echo $title; ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-md-4">
<label for="age_limit" class="form-label">Age Limit</label>
<input type="number" class="form-control" id="age_limit" name="age_limit" value="<?php echo htmlspecialchars($age_limit); ?>" required min="0">
</div>
<div class="col-md-4">
<label for="post_code" class="form-label">Post Code</label>
<input type="text" class="form-control" id="post_code" name="post_code" value="<?php echo htmlspecialchars($post_code); ?>" required>
</div>
<div class="col-md-4">
<label for="type" class="form-label">Type</label>
<select class="form-select" id="type" name="type" required>
<option value="">Select Type</option>
<?php foreach ($type_options as $value => $label): ?>
<option value="<?php echo $value; ?>" <?php if ($value == $type) echo 'selected'; ?>><?php echo $label; ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-md-6">
<label for="qualification_required" class="form-label">Qualification Required</label>
<textarea class="form-control" id="qualification_required" name="qualification_required" rows="2" required><?php echo htmlspecialchars($qualification_required); ?></textarea>
</div>
<div class="col-md-6">
<label for="level_in_pay_matrix" class="form-label">Level in Pay Matrix</label>
<input type="text" class="form-control" id="level_in_pay_matrix" name="level_in_pay_matrix" value="<?php echo htmlspecialchars($level_in_pay_matrix); ?>" required>
</div>
<div class="col-md-6">
<label for="category" class="form-label">Category</label>
<select class="form-select" id="category" name="category" required>
<option value="">Select Category</option>
<?php foreach ($category_options as $value => $label): ?>
<option value="<?php echo $value; ?>" <?php if ($value == $category) echo 'selected'; ?>><?php echo $label; ?></option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="mt-4 d-flex justify-content-start gap-2">
<?php if ($edit_id): ?>
<button type="submit" name="update_post" class="btn btn-warning">
Update
</button>
<a href="manage_posts.php" class="btn btn-secondary">
Cancel
</a>
<?php else: ?>
<button type="submit" name="add_post" class="btn btn-primary">
Add Post
</button>
<?php endif; ?>
</div>
</form>
</div>
</div>
<div class="d-flex justify-content-start align-items-center mb-3">
<h2 class="fs-4 mb-0 me-3">Current Posts</h2>
<form method="GET" action="manage_posts.php" class="filter-form">
<div class="input-group">
<select class="form-select" id="filter_advertisement_id" name="filter_advertisement_id" onchange="this.form.submit()">
<option value="all" <?php if ($filter_advertisement_id == 'all') echo 'selected'; ?>>View All</option>
<?php foreach ($advertisements as $id => $title): ?>
<option value="<?php echo $id; ?>" <?php if ($filter_advertisement_id == $id) echo 'selected'; ?>><?php echo $title; ?></option>
<?php endforeach; ?>
</select>
<button class="btn btn-secondary" type="submit">
Filter
</button>
</div>
</form>
</div>
<div class="table-responsive shadow-sm">
<table class="table table-striped table-hover align-middle mb-0">
<thead>
<tr>
<!-- New Serial No. column -->
<th scope="col">S.No.</th>
<th scope="col">ID</th>
<th scope="col">Title</th>
<th scope="col">Category</th>
<th scope="col">Advertisement</th>
<th scope="col">Age Limit</th>
<th scope="col">Post Code</th>
<th scope="col">Qualification</th>
<th scope="col">Type</th>
<th scope="col">Pay Level</th>
<th scope="col">Created At</th>
<th scope="col">Actions</th>
</tr>
</thead>
<tbody>
<?php
// Initialize serial counter
$serial = 1;
$sql = "SELECT p.id, p.post_title, p.category, p.advertisement_id, p.age_limit, p.post_code, p.qualification_required, p.type, p.level_in_pay_matrix, p.created_at, a.title AS advertisement_title
FROM posts p
JOIN Advertisement a ON p.advertisement_id = a.id";
if ($filter_advertisement_id != 'all') {
$sql .= " WHERE p.advertisement_id = ?";
$stmt_posts = $conn->prepare($sql);
$stmt_posts->bind_param("i", $filter_advertisement_id);
$stmt_posts->execute();
$result_posts = $stmt_posts->get_result();
} else {
$sql .= " ORDER BY p.id DESC";
$result_posts = $conn->query($sql);
}
if ($result_posts && $result_posts->num_rows > 0) {
while ($row = $result_posts->fetch_assoc()) {
?>
<tr>
<!-- Display and increment serial counter -->
<td><?php echo $serial++; ?></td>
<td><?php echo $row["id"]; ?></td>
<td><?php echo htmlspecialchars($row["post_title"]); ?></td>
<td><?php echo htmlspecialchars($row["category"]); ?></td>
<td><?php echo htmlspecialchars($row["advertisement_title"]); ?></td>
<td><?php echo htmlspecialchars($row["age_limit"]); ?></td>
<td><?php echo htmlspecialchars($row["post_code"]); ?></td>
<td><?php echo htmlspecialchars($row["qualification_required"]); ?></td>
<td><?php echo htmlspecialchars($row["type"]); ?></td>
<td><?php echo htmlspecialchars($row["level_in_pay_matrix"]); ?></td>
<td><?php echo date("Y-m-d H:i:s", strtotime($row["created_at"])); ?></td>
<td>
<div class="d-flex gap-1">
<a href="manage_posts.php?edit_id=<?php echo $row["id"]; ?>" class="btn btn-warning btn-sm">
Edit
</a>
<a href="manage_posts.php?delete_id=<?php echo $row["id"]; ?>" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to delete this post: <?php echo htmlspecialchars(addslashes($row["post_title"])); ?>?');">
Delete
</a>
</div>
</td>
</tr>
<?php
}
if (isset($stmt_posts)) {
$stmt_posts->close();
}
} else {
?>
<tr>
<td colspan="12" class="text-center py-4">No posts found for the selected advertisement.</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<?php
$conn->close();
?>
</body>
</html>