File: /home/imensosw/demo.imensosoftware.com/matrix/data_view.php
<?php
require_once 'config.php';
include 'header_data.php';
// ❌ DON'T hide errors in dev (keep if production)
error_reporting(0);
require 'vendor/autoload.php';
use PhpOffice\PhpSpreadsheet\IOFactory;
// ✅ Session check
if (!isset($_SESSION['user_id'])) {
die("Unauthorized access");
}
// ✅ sanitize input (VERY IMPORTANT)
$assignment_no = $_GET['assignment_no'] ?? '';
$assignment_no = preg_replace('/[^a-zA-Z0-9_-]/', '', $assignment_no);
if (empty($assignment_no)) {
die("Invalid assignment");
}
// ✅ safe file path
$basePath = __DIR__ . "/docs/";
$fileXls = $basePath . $assignment_no . "/" . $assignment_no . ".xls";
$fileXlsx = $basePath . $assignment_no . "/" . $assignment_no . ".xlsx";
if (file_exists($fileXls)) {
$inputFileName = $fileXls;
} elseif (file_exists($fileXlsx)) {
$inputFileName = $fileXlsx;
} else {
die("File not found");
}
// ✅ load Excel safely
try {
$spreadsheet = IOFactory::load($inputFileName);
} catch (Exception $e) {
die("Error loading Excel file");
}
$sheet = $spreadsheet->getActiveSheet();
$highestRow = $sheet->getHighestRow();
$highestColumn = $sheet->getHighestColumn();
$rowData = "";
?>
<div class="container-area">
<div class="container-fluid h-100">
<div class="row">
<!-- LEFT SIDE -->
<div class="left-side border-right">
<ul class="list-group list-group-flush">
<?php
for ($row = 1; $row <= $highestRow; $row++) {
// ✅ read row (optimized)
$rowData = $sheet->rangeToArray(
'A' . $row . ':' . $highestColumn . $row,
null, true, false
);
// skip header
if ($rowData[0][0] == "Document ID") continue;
$docId = trim($rowData[0][0] ?? '');
if ($docId === '') continue;
$check_data = "";
// ✅ same logic (unchanged)
if (!empty($rowData[0][3])) {
$check_data = "done doubt";
} elseif (!empty($rowData[0][2]) || !empty($rowData[0][1])) {
$check_data = "done";
} else {
$check_data = "default";
}
?>
<li class="list-group-item p-0 <?= $check_data ?>">
<a href="javascript:;"
id="row_link"
data-row_id="<?= $row ?>"
data-doc_id="<?= htmlspecialchars($docId) ?>">
<?= htmlspecialchars($docId) ?>
</a>
</li>
<?php } ?>
</ul>
</div>
<!-- RIGHT SIDE -->
<div class="right-side">
<div class="row h-100">
<div class="col-md-12 h-100">
<iframe id="row_iframe" src="" width="100%" class="h-100"></iframe>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- FOOTER FORM -->
<footer class="footer-area border-top">
<div class="container-fluid d-flex h-100">
<div class="row justify-content-end align-self-center w-100">
<div class="container-fluid">
<form class="form-inline w-100" id="formAddRow">
<input type="hidden" name="rowId" id="rowId">
<input type="hidden" name="docId" id="docId">
<input name="title"
id="title"
onkeyup="var start=this.selectionStart;var end=this.selectionEnd;this.value=this.value.toUpperCase();this.setSelectionRange(start,end);"
style="width:45%"
type="text"
class="form-control"
placeholder="Document Title">
<input type="text"
class="form-control date-format"
name="date"
id="date"
placeholder="Issue Date"
style="width:115px">
<span status="none" class="error" style="display:none">Invalid Date !!</span>
<input type="text"
class="form-control"
id="description"
name="description"
placeholder="Help Description"
style="width:27%">
</form>
</div>
</div>
</div>
</footer>
</body>
</html>