beginTransaction(); // Verify student exists $stmt = $DBH->prepare("SELECT * FROM tbl_user WHERE registration_no = ? AND teacher = 'false' AND status = 'Active'"); $stmt->execute([$registration_no]); $student = $stmt->fetch(PDO::FETCH_ASSOC); if (!$student) throw new Exception("Invalid admission number or inactive account."); // Lock and fetch PIN $stmt = $DBH->prepare("SELECT * FROM tbl_pin WHERE pin = ? FOR UPDATE"); $stmt->execute([$pin]); $pinRecord = $stmt->fetch(PDO::FETCH_ASSOC); if (!$pinRecord) throw new Exception("PIN not found."); $now = date('Y-m-d H:i:s'); if (!empty($pinRecord['reg_no'])) { if ($pinRecord['reg_no'] !== $registration_no) { throw new Exception("This PIN has already been used by another student."); } if ($pinRecord['year'] !== $session_input) { throw new Exception("This PIN was used in a different session: " . $pinRecord['year']); } // Allow login, increment used_count and log $DBH->prepare("UPDATE tbl_pin SET used_count = used_count + 1, updated_at = ? WHERE pin = ?") ->execute([$now, $pin]); } else { // First time use — assign $DBH->prepare(" UPDATE tbl_pin SET reg_no = ?, class = ?, term = ?, year = ?, date_time = ?, dt_stamp_start = ?, created_date_time = ?, updated_at = ?, used_count = 1 WHERE pin = ? ")->execute([ $registration_no, $class, $term, $session_input, $now, $now, $now, $now, $pin ]); } // Log to pin_logins table $DBH->prepare(" INSERT INTO pin_logins (pin, reg_no, class, term, year, login_time) VALUES (?, ?, ?, ?, ?, ?) ")->execute([$pin, $registration_no, $class, $term, $session_input, $now]); // Store session $_SESSION['student'] = $student; $_SESSION['exam_info'] = [ 'class' => $class, 'term' => $term, 'session' => $session_input, 'pin' => $pin ]; $DBH->commit(); header("Location: welcome.php"); exit(); } catch (Exception $e) { $DBH->rollBack(); $error = $e->getMessage(); } } ?> BKMS-BLC CBT Portal - Login

BKMS-BLC CBT Portal