// --------- School Frontend Login (shortcode) ---------- function dc_school_login_form(){ global $wpdb; // already logged in? if(!empty($_SESSION['dc_school_id'])){ return '
You are already logged in. Logout | Go to Dashboard
'; } $output = ''; if(isset($_POST['dc_school_login'])){ $email = sanitize_email($_POST['email']); $password = $_POST['password']; $table = $wpdb->prefix.'dc_schools'; $school = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $table WHERE email = %s AND password = %s", $email, md5($password)) ); if($school){ // set session $_SESSION['dc_school_id'] = intval($school->id); $_SESSION['dc_school_name'] = $school->school_name; // redirect to dashboard page (current page) wp_safe_redirect( add_query_arg('dc_action','dashboard', $_SERVER['REQUEST_URI']) ); exit; } else { $output .= '
Invalid email or password.
'; } } $output .= '
'; $output .= ''; $output .= ''; $output .= ''; $output .= '
'; return $output; } add_shortcode('dc_school_login','dc_school_login_form'); // --------- School Logout Handler (URL param) ---------- function dc_frontend_action_handler(){ if(isset($_GET['dc_action']) && $_GET['dc_action'] == 'logout'){ // clear session unset($_SESSION['dc_school_id']); unset($_SESSION['dc_school_name']); // redirect to current page without param $url = remove_query_arg('dc_action', $_SERVER['REQUEST_URI']); wp_safe_redirect( $url ); exit; } if(isset($_GET['dc_action']) && $_GET['dc_action'] == 'dashboard'){ // redirect to a page (if needed). noop here. } } add_action('init','dc_frontend_action_handler'); // --------- School Dashboard Shortcode ---------- function dc_school_dashboard_shortcode(){ global $wpdb; // require login if(empty($_SESSION['dc_school_id'])){ return '
Please login first. Go to Login
'; } $school_id = intval($_SESSION['dc_school_id']); $output = '

Welcome, '.esc_html($_SESSION['dc_school_name']).'

'; $output .= '

Logout

'; // Handle CSV export if(isset($_GET['dc_export']) && $_GET['dc_export'] == 'csv'){ // which level? $level = isset($_GET['level']) ? sanitize_text_field($_GET['level']) : 'all'; // fetch rows if($level == 'all'){ $rows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d ORDER BY id DESC", $school_id), ARRAY_A ); $filename_level = 'all'; } else { $rows = $wpdb->get_results( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d AND level = %s ORDER BY id DESC", $school_id, $level), ARRAY_A ); // sanitize filename part $filename_level = preg_replace('/[^a-z0-9_\-]/i','_', $level); } // send CSV headers header('Content-Type: text/csv; charset=utf-8'); header('Content-Disposition: attachment; filename=students_school_'.$school_id.'_'.$filename_level.'_'.date('Ymd_His').'.csv'); $output_csv = fopen('php://output', 'w'); // header row fputcsv($output_csv, array('ID','Student Name','Mother Name','Father Name','Mobile','District','DOB','Gender','Level','Created At')); foreach($rows as $r){ fputcsv($output_csv, array( $r['id'], $r['student_name'], $r['mother_name'], $r['father_name'], $r['mobile'], $r['district'], $r['dob'], $r['gender'], $r['level'], $r['created_at'] )); } fclose($output_csv); exit; } // Filter form (select level) $output .= '
'; $output .= ''; // keep page id if used $output .= ''; $levels = array('all'=>'All','Elementary Grade Drawing Competition'=>'Elementary','Junior Grade Drawing Competition'=>'Junior','Senior Grade Drawing Competition'=>'Senior'); $selected = isset($_GET['level']) ? sanitize_text_field($_GET['level']) : 'all'; $output .= ''; $output .= ''; $output .= '
'; // Get students for this school (filtered) $level = isset($_GET['level']) ? sanitize_text_field($_GET['level']) : 'all'; if($level == 'all'){ $students = $wpdb->get_results( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d ORDER BY id DESC", $school_id) ); } else { $students = $wpdb->get_results( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d AND level = %s ORDER BY id DESC", $school_id, $level) ); } // Summary counts for school $total_all = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d", $school_id) ); $total_elementary = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d AND level = %s", $school_id, 'Elementary Grade Drawing Competition') ); $total_junior = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d AND level = %s", $school_id, 'Junior Grade Drawing Competition') ); $total_senior = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}dc_candidates WHERE school_id = %d AND level = %s", $school_id, 'Senior Grade Drawing Competition') ); $output .= '
'; $output .= 'Total Students: '.intval($total_all).'   '; $output .= 'Elementary: '.intval($total_elementary).'   '; $output .= 'Junior: '.intval($total_junior).'   '; $output .= 'Senior: '.intval($total_senior); $output .= '
'; // Export links // build base url keeping page params $base_url = remove_query_arg(array('dc_export','level'), $_SERVER['REQUEST_URI']); $export_all_url = add_query_arg(array('dc_export'=>'csv','level'=>'all'), $base_url); $export_elem_url = add_query_arg(array('dc_export'=>'csv','level'=>'Elementary Grade Drawing Competition'), $base_url); $export_jun_url = add_query_arg(array('dc_export'=>'csv','level'=>'Junior Grade Drawing Competition'), $base_url); $export_sen_url = add_query_arg(array('dc_export'=>'csv','level'=>'Senior Grade Drawing Competition'), $base_url); $output .= '

Export: All | Elementary | Junior | Senior

'; // Students table if($students){ $output .= ''; $output .= ''; foreach($students as $s){ $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; // actions: view preview (link to candidate preview page), edit (if allowed), hall ticket $view_url = add_query_arg(array('dc_view_candidate' => $s->id), $_SERVER['REQUEST_URI']); $edit_url = add_query_arg(array('dc_edit_candidate' => $s->id), $_SERVER['REQUEST_URI']); $hall_url = add_query_arg(array('dc_hall' => $s->id), $_SERVER['REQUEST_URI']); $output .= ''; $output .= ''; } $output .= '
IDNameMobileDistrictLevelRegistered OnActions
'.intval($s->id).''.esc_html($s->student_name).''.esc_html($s->mobile).''.esc_html($s->district).''.esc_html($s->level).''.esc_html($s->created_at).'View | Edit | Hall Ticket
'; } else { $output .= '

No students found for selected filter.

'; } // handle view/edit/hall request (simple) if(isset($_GET['dc_view_candidate'])){ $cid = intval($_GET['dc_view_candidate']); $c = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE id = %d AND school_id = %d", $cid, $school_id) ); if($c){ $output .= '

Candidate Preview

'; $output .= '

Name: '.esc_html($c->student_name).'

'; $output .= '

Father: '.esc_html($c->father_name).'

'; $output .= '

Mother: '.esc_html($c->mother_name).'

'; $output .= '

Mobile: '.esc_html($c->mobile).'

'; $output .= '

Level: '.esc_html($c->level).'

'; if(!empty($c->photo)){ $photo_url = plugins_url('uploads/'.$c->photo, DC_PLUGIN_DIR.'../'); // better to serve uploads via plugin uploads or server uploads — adjust path if needed $output .= '

'; } $output .= '

'; } else { $output .= '
Candidate not found or you do not have permission.
'; } } // Edit handling: redirect to edit form page or display inline form if(isset($_GET['dc_edit_candidate'])){ $cid = intval($_GET['dc_edit_candidate']); $c = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE id = %d AND school_id = %d", $cid, $school_id) ); if($c){ // if POST update if(isset($_POST['dc_update_candidate']) && intval($_POST['candidate_id']) == $cid){ $wpdb->update( $wpdb->prefix.'dc_candidates', array( 'student_name' => sanitize_text_field($_POST['student_name']), 'father_name' => sanitize_text_field($_POST['father_name']), 'mother_name' => sanitize_text_field($_POST['mother_name']), 'mobile' => sanitize_text_field($_POST['mobile']), 'district' => sanitize_text_field($_POST['district']), 'dob' => sanitize_text_field($_POST['dob']), 'gender' => sanitize_text_field($_POST['gender']), 'level' => sanitize_text_field($_POST['level']) ), array('id' => $cid) ); $output .= '
Candidate updated successfully.
'; // refresh candidate data $c = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}dc_candidates WHERE id = %d", $cid) ); } // edit form $output .= '

Edit Candidate

'; $output .= '
'; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= ''; $output .= '
'; } else { $output .= '
Candidate not found or you do not have permission.
'; } } return $output; } add_shortcode('dc_school_dashboard','dc_school_dashboard_shortcode'); https://studentexam.online/2025/10/06/hello-world/