function authLec(&$response, $mst_id, array $lec_id)
{
    if (!ctype_digit($mst_id)) {
        $response = array('code' => HTTP_Status::BAD_REQUEST, 'message' => 'ID must be digits only');
        return false;
    }
    try {
        $dbh = new MyDbCon();
        $dbh->select("Lectures");
        $dbh->select->columns(array("lec_id"));
        $dbh->select->where->equalTo("attd_mst_id", $mst_id);
        $dbh->prepare();
        if ($dbh->execute()) {
            $res = $dbh->fetchAssoc();
            $ids = array();
            foreach ($res as $lec) {
                $ids[] = $lec['lec_id'];
            }
            $dif = array_diff($lec_id, $ids);
            if (empty($dif)) {
                return true;
            }
        }
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => HTTP_Status::FORBIDDEN_MSG);
        return false;
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
function get_rights($for = "")
{
    try {
        $dbh = new MyDbCon();
        $dbh->select("Privilege_Master");
        $dbh->select->where(array("privilege_id" => $_SESSION['privilege_id']));
        $dbh->prepare();
        if ($dbh->execute()) {
            $obj = $dbh->fetchAll()[0];
            $rights = $obj->get_assoc_array();
            if (empty($for)) {
                return $rights;
            }
            $for = strtolower($for);
            if (isset($rights[$for])) {
                return $rights[$for];
            }
            $for .= "_access";
            if (isset($rights[$for])) {
                return $rights[$for];
            }
        }
    } catch (\Exception $e) {
        throw $e;
    }
    if (!empty($for)) {
        return "000";
    }
    return Privilege_Master::zero_rights();
}
 public static function fill($syllabus_id)
 {
     $dbh = new MyDbCon();
     $dbh->select("Syllabus");
     $dbh->select->where("syllabus_id={$syllabus_id}");
     $dbh->prepare();
     if ($dbh->execute()) {
         return $dbh->fetchAssoc()[0];
     }
     return false;
 }
 public static function getIds($oid)
 {
     $dbh = new MyDbCon();
     $dbh->select("Offers_Master");
     $dbh->select->where("o_id={$oid}");
     $dbh->prepare();
     if ($dbh->execute()) {
         $res = $dbh->fetchAssoc()[0];
         return $res;
     }
     return false;
 }
 public static function getSubjectName($sub_id)
 {
     $dbh = new MyDbCon();
     $dbh->select("Sub_Master");
     $dbh->select->columns(array("sub_name"));
     $dbh->select->where("sub_id={$sub_id}");
     $dbh->prepare();
     if ($dbh->execute()) {
         $res = $dbh->fetchAssoc()[0];
         return $res["sub_name"];
     }
     return false;
 }
function generateCSVReport(&$response, $title, $o_id, $sem, $ac_id, $div, array $sub_id = array(), $lec_type = 2, $batchno = null, $ltgt = null, $percentage = null, $sub_filter = null)
{
    global $dir;
    try {
        $dbh = new MyDbCon();
        $dbh->select("Offers_Master");
        $dbh->select->columns(array());
        $dbh->join("Inst_Master", new Expression("Inst_Master.inst_id = Offers_Master.inst_id and Offers_Master.o_id = {$o_id}"), array("inst_name"));
        $dbh->join("Prog_Master", new Expression("Prog_Master.prog_id = Offers_Master.prog_id and Offers_Master.o_id = {$o_id}"), array("prog_name"));
        $dbh->join("Dept_Master", new Expression("Dept_Master.dept_id = Offers_Master.dept_id and Offers_Master.o_id = {$o_id}"), array("dept_name"));
        $dbh->prepare();
        $dbh->execute();
        $class_details = $dbh->fetchAssoc()[0];
        $class_details['semester'] = $sem;
        $title = strtoupper($title);
        foreach ($class_details as $key => $val) {
            $class_details[$key] = strtoupper($val);
        }
        //var_dump($class_details);
        if (generateReportData($data, $o_id, $sem, $ac_id, $div, $sub_id, $lec_type, $batchno, $ltgt, $percentage, $sub_filter)) {
            //var_dump($data);
            $first = current($data);
            $cols = count($first['attendance']) + 1;
            $batch_label = $div_label = "";
            $cols_arr = array();
            $lec_label = "";
            if (intval($lec_type) == 2) {
                $lec_label = " | Lecture/Lab";
            } else {
                if (intval($lec_type == 1)) {
                    $lec_label = " | Lab";
                } else {
                    if (intval($lec_type == 0)) {
                        $lec_label = " | Lecture";
                    }
                }
            }
            if (!empty($div)) {
                $div_label = " | Division: {$div}";
            }
            if ($lec_type == 1) {
                $batch_label = " | Batch No.: {$batchno}";
            }
            $html = <<<EOF
"{$class_details['inst_name']}"
"{$class_details['prog_name']}",{$class_details['dept_name']}
"Semester: {$sem}{$div}{$lec_label}{$batch_label}"

EOF;
            if (isset($ltgt, $percentage, $sub_filter)) {
                $filter_label = "";
                if (strcmp($sub_filter, "any") == 0) {
                    $filter_label = "in any of the subject(s)";
                } else {
                    if (strcmp($sub_filter, "avg") == 0) {
                        $filter_label = "average of all subject(s)";
                    }
                }
                $html .= '"Attendance ' . $ltgt . ' ' . $percentage . '% ' . $filter_label . '"';
            }
            $html .= <<<EOF

"{$title}"

"Enrolment No."
EOF;
            foreach ($first['attendance'] as $cols => $attd) {
                $html .= ',' . $cols;
                $cols_arr[] = $cols;
            }
            $html .= "\n";
            foreach ($data as $stud) {
                $html .= "\n\"=\"\"" . $stud['stud_enrolmentno'] . "\"\"\",";
                foreach ($cols_arr as $col) {
                    $con = "-";
                    if (isset($stud['attendance'][$col])) {
                        $con = "\"" . $stud['attendance'][$col] . "\"";
                    }
                    $html .= $con . ",";
                }
            }
            $filename = $dir . 'tmp/' . uniqid() . '.csv';
            $file = fopen($filename, "w") or exit("Unable to create file!");
            fwrite($file, $html);
            fclose($file);
            $now = (new DateTime())->format("d-m-Y");
            header("Content-type:text/csv");
            header("Content-Disposition:attachment;filename=report_{$now}.csv");
            readfile($filename);
            ob_end_flush();
            unlink($filename);
            return true;
        }
        $response = $data;
        return false;
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
function getStudentsByMst(&$response, $mst_id, $faculty_id = true, $now = true)
{
    if (!ctype_digit($mst_id)) {
        $response = array('code' => HTTP_Status::BAD_REQUEST, 'message' => 'Master ID must be digits only');
        return false;
    }
    $meta_data = array("batchno" => null, "division" => null, "inst_name" => null, "prog_name" => null, "dept_name" => null, "semester" => null, "subject" => null);
    try {
        $dbh = new MyDbCon();
        $dbh->select("Attendance_Master");
        $dbh->select->where->equalTo("attd_mst_id", $mst_id);
        $dbh->prepare();
        if ($dbh->execute()) {
            $tmp = $dbh->fetchAssoc()[0];
            $meta_data['batchno'] = $tmp['batchno'];
            $meta_data['division'] = $tmp['division'];
        } else {
            $response = array('code' => HTTP_Status::FORBIDDEN);
            return false;
        }
        $where_funcs = array('=' => 'equalTo', '<' => 'lessThan', '>' => 'greaterThan', '<=' => 'lessThanOrEqualTo', '>=' => 'greaterThanOrEqualTo', 'like' => 'like');
        $where = array("attd_mst_id" => $mst_id, "stud_status" => "C");
        if ($now) {
            try {
                $now = (new DateTime())->format("Y-m-d");
                //throw new Exception("asd");
            } catch (Exception $e) {
                $response = array('code' => HTTP_Status::INTERNAL_SERVER_ERROR);
                return false;
            }
            $where['end_date'] = "{$now}:>=";
            $where['start_date'] = "{$now}:<=";
        }
        if ($faculty_id && !Privilege_Master::is_super($_SESSION['privilege_id'])) {
            $where['faculty_id'] = $_SESSION['faculty_id'];
        }
        $join_tables = array("Academic_Calendar", "Teaches", "Syllabus", "Student_Master");
        $join_on = array("Academic_Calendar" => "Academic_Calendar.ac_id=Attendance_Master.ac_id", "Teaches" => "Attendance_Master.teaches_id=Teaches.teaches_id", "Syllabus" => "Teaches.syllabus_id=Syllabus.syllabus_id", "Student_Master" => "Student_Master.o_id=Syllabus.o_id AND Student_Master.stud_sem=Academic_Calendar.semester AND Student_Master.stud_div=Attendance_Master.division");
        if (!empty($meta_data['batchno'])) {
            $join_on["Student_Master"] .= " AND Student_Master.stud_batchno=Attendance_Master.batchno";
        }
        $join_columns = array("Academic_Calendar" => array("start_date", "end_date"), "Teaches" => array(), "Syllabus" => array("sub_id"), "Student_Master" => array("stud_id", "stud_enrolmentno", "stud_rollno", "stud_name", "stud_father_name", "stud_surname", "stud_sem", "stud_div", "stud_batchno", "o_id"));
        $meta_keys = array("stud_sem", "stud_div", "stud_batchno", "o_id", "sub_id", "start_date", "end_date");
        $dbh = new MyDbCon();
        $dbh->select("Attendance_Master");
        $dbh->select->columns(array());
        // Join Tables
        foreach ($join_tables as $val) {
            $cols = Select::SQL_STAR;
            if (isset($join_columns[$val])) {
                $cols = $join_columns[$val];
            }
            $dbh->join($val, $join_on[$val], $cols);
        }
        // Where Clause
        foreach ($where as $key => $val) {
            $vals = explode(':', $val);
            $wh = $where_funcs['='];
            if (!empty($vals[1]) && isset($where_funcs[$vals[1]])) {
                $wh = $where_funcs[$vals[1]];
            }
            $dbh->select->where->{$wh}($key, $vals[0]);
        }
        $dbh->select->order("stud_rollno ASC");
        $dbh->prepare();
        if ($dbh->execute()) {
            $objs = $dbh->fetchAssoc();
            $meta_data['semester'] = $objs[0]['stud_sem'];
            $meta_data['start_date'] = $objs[0]['start_date'];
            $meta_data['end_date'] = $objs[0]['end_date'];
            $names = Offers_Master::getNames($objs[0]['o_id']);
            $meta_data['subject'] = Sub_Master::getSubjectName($objs[0]['sub_id']);
            if ($names) {
                $meta_data['inst_name'] = $names['inst_name'];
                $meta_data['prog_name'] = $names['prog_name'];
                $meta_data['dept_name'] = $names['dept_name'];
            }
            foreach ($objs as $row) {
                foreach ($meta_keys as $val) {
                    unset($row[$val]);
                }
                if (!empty($row['stud_father_name'])) {
                    $row['stud_name'] .= " " . $row['stud_father_name'];
                }
                if (!empty($row['stud_surname'])) {
                    $row['stud_name'] .= " " . $row['stud_surname'];
                }
                unset($row['stud_father_name']);
                unset($row['stud_surname']);
            }
            //var_dump($meta_data);
            //var_dump($objs);
            $response = array("metadata" => $meta_data, "data" => $objs);
            return true;
        } else {
            $response = array('code' => HTTP_Status::FORBIDDEN);
            return false;
        }
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
$dir = "../../../../";
require_once $dir . "core/post_pages_head.php";
$error_func = "list_error";
$right_index = 0;
require_once $dir . "core/modules/authenticate.php";
try {
    $dbh = new MyDbCon();
    $dbh->select($_GET['master']);
    include "./joins.php";
    $filepath = "./custom/{$_GET['master']}.get.php";
    if (file_exists($filepath)) {
        require_once $filepath;
    } else {
        require_once "./common.php";
    }
    $dbh->prepare();
    if ($dbh->execute()) {
        if (isset($clm)) {
            $res = $dbh->fetchAssoc();
            $final = json_encode($res);
        } else {
            $objs = $dbh->fetchAll();
            $final = json_encode($objs);
        }
        header('Content-Length: ' . strlen($final));
        header('Content-Type: application/json');
        echo $final;
    } else {
        list_error(HTTP_Status::NOT_FOUND);
    }
} catch (\Exception $e) {
function getLectureWiseAttendanceOfStudByMst(&$response, $mst_id, $stud_id)
{
    /*
    	select Lectures.lec_id,lec_date,presence from Lectures 
    	left join Attendance 
    	on Attendance.lec_id=Lectures.lec_id and stud_id=65 
    	where attd_mst_id=9 and Lectures.active = 1
    	group by Lectures.lec_id 
    	order by lec_date ASC
    */
    if (!ctype_digit($mst_id) || !ctype_digit($stud_id)) {
        $response = array('code' => HTTP_Status::BAD_REQUEST, 'message' => 'ID must be digits only');
        return false;
    }
    try {
        $dbh = new MyDbCon();
        $dbh->select("Lectures");
        $dbh->select->columns(array('lec_id', 'lec_date'));
        $dbh->join('Attendance', new Expression("Lectures.lec_id = Attendance.lec_id and stud_id = {$stud_id}"), array('presence'), 'left');
        $dbh->select->where->equalTo('attd_mst_id', $mst_id);
        $dbh->select->where->equalTo('Lectures.active', 1);
        $dbh->select->group('Lectures.lec_id');
        $dbh->select->order('lec_date ASC');
        $dbh->prepare();
        //echo $dbh->select->getSqlString($dbh->getAdapter()->getPlatform());
        $dbh->execute();
        $response = $dbh->fetchAssoc();
        return true;
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
     $lec_date = new DateTime($_POST['date']);
     $st_date = new DateTime($students['metadata']['start_date']);
     $end_date = new DateTime($students['metadata']['end_date']);
 } catch (\Exception $e) {
     attd_error(HTTP_Status::BAD_REQUEST, "Invalid lecture date format.");
 }
 if ($lec_date < $st_date || $lec_date > $today) {
     attd_error(HTTP_Status::BAD_REQUEST, "Lecture date must be within " . $st_date->format("d-m-Y") . " to " . $today->format("d-m-Y") . ".");
 }
 $lec_date = $lec_date->format("Y-m-d");
 try {
     $db = new MyDbCon();
     $db->beginTransaction();
     $obj = new Lectures(array('lec_date' => $lec_date, 'attd_mst_id' => $queries['mst']));
     $db->insert($obj);
     $db->prepare();
     $db->execute();
     $lec_id = $db->getLastGeneratedValue();
     $db->setInsert(new Attendance());
     $abs_objs = array();
     foreach ($students['data'] as $stud) {
         //$ids[]=$stud['stud_id'];
         $presence = 1;
         if (in_array($stud['stud_id'], $abs_ids)) {
             $presence = 0;
         }
         $abs_objs[] = new Attendance(array('lec_id' => $lec_id, 'stud_id' => $stud['stud_id'], 'presence' => $presence));
     }
     $db->multiInsert($abs_objs);
     $db->execute();
     $db->commit();
function getMstByFaculty(&$response, $fac_id, $now = true)
{
    if (!ctype_digit($fac_id) && !Privilege_Master::is_super($_SESSION['privilege_id'])) {
        $response = array('code' => HTTP_Status::BAD_REQUEST, 'message' => 'Faculty ID must be digits only');
        return false;
    }
    try {
        $where_funcs = array('=' => 'equalTo', '<' => 'lessThan', '>' => 'greaterThan', '<=' => 'lessThanOrEqualTo', '>=' => 'greaterThanOrEqualTo', 'like' => 'like');
        if (!Privilege_Master::is_super($_SESSION['privilege_id'])) {
            $where = array("Teaches.faculty_id" => $fac_id);
        }
        try {
            $now = (new DateTime())->format("Y-m-d");
        } catch (Exception $e) {
            $response = array('code' => HTTP_Status::INTERNAL_SERVER_ERROR);
            return false;
        }
        $where['end_date'] = "{$now}:>=";
        $where['start_date'] = "{$now}:<=";
        $join_tables = array("Academic_Calendar", "Teaches", "Syllabus", "Offers_Master", "Inst_Master", "Prog_Master", "Dept_Master", "Sub_Master", "Faculty_Master");
        $join_on = array("Academic_Calendar" => "Academic_Calendar.ac_id=Attendance_Master.ac_id", "Teaches" => "Attendance_Master.teaches_id=Teaches.teaches_id", "Syllabus" => "Teaches.syllabus_id=Syllabus.syllabus_id", "Offers_Master" => "Offers_Master.o_id=Syllabus.o_id", "Inst_Master" => "Inst_Master.inst_id=Offers_Master.inst_id", "Prog_Master" => "Prog_Master.prog_id=Offers_Master.prog_id", "Dept_Master" => "Dept_Master.dept_id=Offers_Master.dept_id", "Sub_Master" => "Sub_Master.sub_id=Syllabus.sub_id", "Faculty_Master" => "Faculty_Master.faculty_id=Teaches.faculty_id");
        $join_columns = array("Academic_Calendar" => array("start_date", "end_date", "semester"), "Teaches" => array("type"), "Syllabus" => array("sub_id"), "Offers_Master" => array("o_id"), "Inst_Master" => array("inst_name"), "Prog_Master" => array("prog_name"), "Dept_Master" => array("dept_name"), "Sub_Master" => array("sub_name"), "Faculty_Master" => array("faculty_name", "faculty_father_name", "faculty_surname"));
        $dbh = new MyDbCon();
        $dbh->select("Attendance_Master");
        $dbh->select->columns(array("attd_mst_id", "batchno", "division"));
        // Join Tables
        foreach ($join_tables as $val) {
            $cols = Select::SQL_STAR;
            if (isset($join_columns[$val])) {
                $cols = $join_columns[$val];
            }
            $dbh->join($val, $join_on[$val], $cols);
        }
        // Where Clause
        foreach ($where as $key => $val) {
            $vals = explode(':', $val);
            $wh = $where_funcs['='];
            if (!empty($vals[1]) && isset($where_funcs[$vals[1]])) {
                $wh = $where_funcs[$vals[1]];
            }
            $dbh->select->where->{$wh}($key, $vals[0]);
        }
        $dbh->prepare();
        if ($dbh->execute()) {
            $objs = $dbh->fetchAssoc();
            foreach ($objs as $row) {
                if (!empty($row['faculty_father_name'])) {
                    $row['faculty_name'] .= " " . $row['faculty_father_name'];
                }
                if (!empty($row['faculty_surname'])) {
                    $row['faculty_name'] .= " " . $row['faculty_surname'];
                }
                unset($row['faculty_father_name']);
                unset($row['faculty_surname']);
            }
            $response = $objs;
            return true;
        } else {
            $response = array('code' => HTTP_Status::NOT_FOUND);
            return false;
        }
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
function deleteLecture(&$response, $lec_id)
{
    try {
        $arr = array('active' => 0);
        $obj = new Lectures($arr);
        $dbh = new MyDbCon();
        $dbh->updateThese($obj, array("lec_id" => $lec_id), array("active", "last_updated_by"));
        $dbh->prepare();
        $dbh->execute();
        return true;
    } catch (\Exception $e) {
        $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage();
        $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode();
        $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message;
        $response = array('code' => HTTP_Status::FORBIDDEN, 'message' => $err);
        return false;
    }
}
<?php

if ('POST' == $_SERVER['REQUEST_METHOD']) {
    // Validation
    $user = trim($_POST['user_name']);
    $pass = trim($_POST['user_password']);
    if (!isset($user) || !isset($pass) || empty($user) || empty($pass)) {
        $err = "Wrong Username/Password!!";
    } else {
        try {
            $con = new MyDbCon();
            $con->select("User_Master");
            $con->select->where(array("user_name" => $user));
            $con->prepare();
            if ($con->execute()) {
                $obj = $con->fetchAll()[0];
                if ($obj->match_password($pass)) {
                    $status = $obj->get_by_key('user_status');
                    if ($status != 0) {
                        $_SESSION['login'] = true;
                        $_SESSION['privilege_id'] = $obj->get_by_key('privilege_id');
                        $_SESSION['user_name'] = $user;
                        $_SESSION['faculty_id'] = $obj->get_by_key('faculty_id');
                        header('Location: ./dashboard/');
                        exit;
                    } else {
                        $err = "Your Account is Locked!!";
                    }
                } else {
                    $err = "Wrong Username/Password!!";
                }
 public static function is_super($priv_id)
 {
     $dbh = new MyDbCon();
     $dbh->select("Privilege_Master");
     $dbh->select->where(array("privilege_id" => $priv_id));
     $dbh->prepare();
     if ($dbh->execute()) {
         $rights = $dbh->fetchAssoc()[0];
         unset($rights['privilege_id']);
         unset($rights['privilege_name']);
         foreach ($rights as $val) {
             for ($i = 0; $i < strlen($val); $i++) {
                 if (intval($val[$i]) !== 1) {
                     return false;
                 }
             }
         }
     }
     return true;
 }