File: /srv/www/rectt-csmcri.res.in/public_html/process_non_tech.php
<?php
// session_start();
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// REMOVE IN PRODUCTION
ini_set("display_errors", 1);
ini_set("display_startup_errors", 1);
error_reporting(E_ALL);
// Throw exceptions on MySQLi errors
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
require 'sites/config/config.php';
require_once 'gen_non_tech.php';
// require_once "mail_pdf.php"; // Still using for PDF generation
if (!isset($_SESSION['registered']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
header("location: login.php");
exit;
}
if (!isset($_SESSION['user_id'], $_SESSION['session_token'])) {
session_destroy();
header("Location: logout.php");
exit;
}
$user_id = $_SESSION['user_id'];
$token = $_SESSION['session_token'];
$stmt = $conn->prepare("SELECT session_token FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->bind_result($db_token);
$stmt->fetch();
$stmt->close();
if ($token !== $db_token) {
session_destroy();
die("You have been logged out because your account was logged in elsewhere.");
}
$user_id = $_SESSION['user_id'] ?? null;
$ad_id = $_POST['ad_id'] ?? null;
$post_id = $_POST['post_id'] ?? null;
$additional_remarks = $_POST['additional_remarks'] ?? '';
if (!$user_id || !$ad_id || !$post_id) {
die("Invalid access or session expired.");
}
// META
$category = $_SESSION['category'] ?? 'General';
$disability = $_SESSION['disability'] ?? 'No';
$gender = $ex_servicemen = $csir_employee = '';
$stmt = $conn->prepare("SELECT gender, ex_servicemen, csir_employee FROM primary_details WHERE user_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$res = $stmt->get_result();
if ($row = $res->fetch_assoc()) {
$gender = $row['gender'];
$ex_servicemen = $row['ex_servicemen'];
$csir_employee = $row['csir_employee'];
}
$stmt->close();
$is_exempt = ($category == 'SC' || $category == 'ST' || $gender == 'Female' || $ex_servicemen == 'Yes' || $csir_employee == 'Yes' || $disability == 'Yes');
// Required Fields
$errors = [];
$computer_knowledge = $_POST['computer_knowledge'] ?? '';
$payment_reference = $_POST['paymentReferenceNo'] ?? '';
$declaration = isset($_POST['agree']) ? 1 : 0;
if (!$computer_knowledge) $errors[] = "Computer knowledge is required.";
if (!$declaration) $errors[] = "You must agree to the declaration.";
if (!$is_exempt && empty($payment_reference)) $errors[] = "Payment reference is required.";
$payment_date = $_POST['payment_date'] ?? null;
if (!$is_exempt && empty($payment_date)) $errors[] = "Payment date is required.";
// Continue validation
if (!empty($errors)) {
$_SESSION['form_errors'] = $errors;
header("Location: non_tech_form.php?post_id=$post_id&submit_error=1");
exit;
}
$required_files = ['ssc_marksheet', 'photograph', 'signature'];
if ($category !== 'General') $required_files[] = 'category_certificate';
if ($disability === 'Yes') $required_files[] = 'disability_certificate';
foreach ($required_files as $f) {
if (!isset($_FILES[$f]) || $_FILES[$f]['error'] !== UPLOAD_ERR_OK) {
$errors[] = ucfirst(str_replace('_', ' ', $f)) . " is required.";
}
}
if (!empty($errors)) {
$_SESSION['form_errors'] = $errors;
header("Location: non_tech_form.php?post_id=$post_id&submit_error=1");
exit;
}
// ✅ Begin transaction
$conn->begin_transaction();
try {
// 1. Insert into applications
$status = 'submitted';
if ($is_exempt) {
$stmt = $conn->prepare("INSERT INTO applications (
user_id, advertisement_id, post_id, computer_knowledge,
payment_reference_no, declaration, status, additional_remarks
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param(
"iiississ",
$user_id,
$ad_id,
$post_id,
$computer_knowledge,
$payment_reference,
$declaration,
$status,
$additional_remarks
);
} else {
$stmt = $conn->prepare("INSERT INTO applications (
user_id, advertisement_id, post_id, computer_knowledge,
payment_reference_no, payment_date, declaration, status, additional_remarks
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param(
"iiisssiss",
$user_id,
$ad_id,
$post_id,
$computer_knowledge,
$payment_reference,
$payment_date,
$declaration,
$status,
$additional_remarks
);
}
$stmt->execute();
$application_id = $conn->insert_id;
$stmt->close();
// $status = 'submitted';
// $stmt = $conn->prepare("INSERT INTO applications (user_id, advertisement_id, post_id, computer_knowledge, payment_reference_no, declaration, status, additional_remarks) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
// $stmt->bind_param("iiississ", $user_id, $ad_id, $post_id, $computer_knowledge, $payment_reference, $declaration, $status, $additional_remarks);
// $stmt->execute();
// $application_id = $conn->insert_id;
// $stmt->close();
// 2. Insert into application_posts
// $stmt = $conn->prepare("INSERT INTO application_posts (application_id, post_id) VALUES (?, ?)");
// $stmt->bind_param("ii", $application_id, $post_id);
// $stmt->execute();
// $stmt->close();
// 3. Qualifications
// Qualification type mapping (for DB ENUM)
$qual_type_enum = [
'ssc' => 'SSC',
'hsc' => 'HSC',
'diploma' => 'Diploma',
'ug' => 'UG',
'pg' => 'PG'
];
$qual_map = [
'ssc' => ['ssc_school', 'ssc_board', 'ssc_subjects', 'ssc_marks', 'ssc_scale', 'ssc_pass_date', 'ssc_mode', 'ssc_remarks'],
'hsc' => ['hsc_school', 'hsc_board', 'hsc_subjects', 'hsc_marks', 'hsc_scale', 'hsc_pass_date', 'hsc_mode', 'hsc_remarks'],
'diploma' => ['diploma_school', 'diploma_board', 'diploma_subjects', 'diploma_marks', 'diploma_scale', 'diploma_pass_date', 'diploma_mode', 'diploma_remarks'],
'ug' => ['ug_school', 'ug_board', 'ug_subjects', 'ug_marks', 'ug_scale', 'ug_pass_date', 'ug_mode', 'ug_remarks'],
'pg' => ['pg_school', 'pg_board', 'pg_subjects', 'pg_marks', 'pg_scale', 'pg_pass_date', 'pg_mode', 'pg_remarks'],
];
$stmt = $conn->prepare("INSERT INTO qualifications (application_id, qualification_type, school_name, board_or_university, subjects, marks, scale, pass_date, mode_of_study, remarks) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
foreach ($qual_map as $type => $fields) {
$school = $_POST[$fields[0]] ?? '';
$board = $_POST[$fields[1]] ?? '';
$subjects = $_POST[$fields[2]] ?? '';
$marks = isset($_POST[$fields[3]]) ? floatval($_POST[$fields[3]]) : null;
$scale_input = strtolower(trim($_POST[$fields[4]] ?? ''));
$valid_scales = ['percentage', 'cgpa10', 'cgpa5'];
$scale = in_array($scale_input, $valid_scales) ? $scale_input : null;
$pass_date = $_POST[$fields[5]] ?? null;
if ($pass_date === '') {
$pass_date = null;
}
$mode = $_POST[$fields[6]] ?? '';
$remarks = $_POST[$fields[7]] ?? '';
// Use the correct ENUM value for the qualification_type column
$qual_type = $qual_type_enum[$type];
// Insert only if at least one field is filled
if ($school || $board || $subjects || $marks || $scale || $pass_date || $mode || $remarks) {
$stmt->bind_param(
"isssssssss",
$application_id,
$qual_type,
$school,
$board,
$subjects,
$marks,
$scale,
$pass_date,
$mode,
$remarks
);
if (!$stmt->execute()) {
echo "Error inserting $qual_type: " . $stmt->error . "<br>";
}
}
}
$stmt->close();
// 4. Work Experience (if submitted)
if (!empty($_POST['experience'])) {
$stmt = $conn->prepare("INSERT INTO experiences (application_id, org_type, organization, position, `from`, `to`, nature, last_pay, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
foreach ($_POST['experience'] as $exp) {
$org_type = $exp['org_type'] ?? '';
$organization = $exp['organization'] ?? '';
$position = $exp['position'] ?? '';
$from = $exp['from'] ?? null;
if ($from === '') {
$from = null;
}
$to = $exp['to'] ?? null;
if ($to === '') {
$to = null;
}
$nature = $exp['nature'] ?? '';
$last_pay = $exp['last_pay'] ?? '';
$status = $exp['status'] ?? '';
// Insert only if at least one field is filled
if ($org_type || $organization || $position || $from || $to || $nature || $last_pay || $status) {
$stmt->bind_param("issssssss", $application_id, $org_type, $organization, $position, $from, $to, $nature, $last_pay, $status);
$stmt->execute();
}
}
$stmt->close();
}
// 5. Upload files
$uploadRelBase = "sites/upload/applications/";
$uploadAbsBase = dirname(__DIR__) . "/public_html/sites/upload/applications/";
// Append application_id to both relative and absolute path
$uploadRel = $uploadRelBase . $application_id . '/';
$uploadAbs = $uploadAbsBase . $application_id . '/';
// Create application-specific directory if it does not exist
// if (!is_dir($uploadAbs)) mkdir($uploadAbs, 0755, true);
if (!is_dir($uploadAbs)) mkdir($uploadAbs, 0777, true);
$allowedMimes = ['image/jpeg', 'image/png', 'application/pdf'];
$maxSizes = [
'photograph' => 100 * 1024, // 100KB
'signature' => 100 * 1024, // 100KB
'category_certificate' => 1024 * 1024, // 1MB
'disability_certificate' => 1024 * 1024, // 1MB
'ssc_marksheet' => 1024 * 1024, // 1MB
'hsc_marksheet' => 1024 * 1024 // 1MB
];
$stmt = $conn->prepare("INSERT INTO uploads (application_id, document_type, file_path) VALUES (?, ?, ?)");
foreach ($required_files as $f) {
if (!isset($_FILES[$f]) || $_FILES[$f]['error'] !== UPLOAD_ERR_OK) {
throw new Exception("File missing or upload error: $f");
}
$file = $_FILES[$f];
$mime = (new finfo(FILEINFO_MIME_TYPE))->file($file['tmp_name']);
if (!in_array($mime, $allowedMimes)) {
throw new Exception("Invalid file type: $f");
}
$maxSize = isset($maxSizes[$f]) ? $maxSizes[$f] : (2 * 1024 * 1024); // Fallback: 2MB
if ($file['size'] > $maxSize) {
throw new Exception("File too large: $f");
}
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
$safeName = uniqid($f . '_', true) . '.' . $ext;
$destAbs = $uploadAbs . $safeName;
$destRel = $uploadRel . $safeName;
if (!move_uploaded_file($file['tmp_name'], $destAbs)) {
throw new Exception("Upload failed: $f");
}
$stmt->bind_param("iss", $application_id, $f, $destRel);
$stmt->execute();
}
// Handle hsc_marksheet if it was uploaded (OPTIONAL)
if (isset($_FILES['hsc_marksheet']) && $_FILES['hsc_marksheet']['error'] === UPLOAD_ERR_OK) {
$file = $_FILES['hsc_marksheet'];
$mime = (new finfo(FILEINFO_MIME_TYPE))->file($file['tmp_name']);
if (!in_array($mime, $allowedMimes)) {
throw new Exception("Invalid file type: hsc_marksheet");
}
$maxSize = isset($maxSizes['hsc_marksheet']) ? $maxSizes['hsc_marksheet'] : (2 * 1024 * 1024);
if ($file['size'] > $maxSize) {
throw new Exception("File too large: hsc_marksheet");
}
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
$safeName = uniqid('hsc_marksheet_', true) . '.' . $ext;
$destAbs = $uploadAbs . $safeName;
$destRel = $uploadRel . $safeName;
if (!move_uploaded_file($file['tmp_name'], $destAbs)) {
throw new Exception("Upload failed: hsc_marksheet");
}
// $stmt->bind_param("iss", $application_id, 'hsc_marksheet', $destRel);
$type = 'hsc_marksheet';
$stmt->bind_param("iss", $application_id, $type, $destRel);
$stmt->execute();
}
$stmt->close();
$date_only = date("dmY");
$registration_id = $date_only . "U" . $user_id . "A" . $ad_id . "P" . $post_id;
$outputPath = genNonTechApplicationHtml($user_id, $post_id, $application_id, $registration_id, $ad_id);
// 6. Insert into all_applications (master ledger)
$app_type = 'non-tech';
$status = 'submitted'; // or reuse the variable $status
$stmt = $conn->prepare("INSERT INTO all_applications (user_id,registration_id, post_id, ad_id, application_type, application_table_id, status, pdf_path) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("isiisiss", $user_id, $registration_id, $post_id, $ad_id, $app_type, $application_id, $status, $outputPath);
$stmt->execute();
$stmt->close();
// Now commit the transaction
$conn->commit();
$_SESSION['app_submitted'] = "True";
unset($_SESSION['active_post_id']);
header("Location: dashboard.php?submitted=1");
exit;
} catch (Exception $e) {
$conn->rollback();
$_SESSION["flash"] = [$e->getMessage()];
header("Location: non_tech_form.php?post_id=$post_id");
exit;
} finally {
$conn->close();
}