Build a complete, single-file PHP web application called "JavaGoat Blood Bank Management System" along with its MySQL schema. Deliver both an index.php file and a schema.sql file. 1. Database schema (schema.sql) Create database blood_bank_db with these tables: users — id, username (unique), password (hashed with bcrypt), name, role (default 'System Admin'), created_at. Seed one default admin user (username admin, password password123, hashed). donors — id, name, age, blood_type, phone, email, address, gender, last_donation, created_at. patients — id, name, age, blood_type, phone, disease, gender, address, created_at. donations — id, donor_id (FK → donors, cascade delete), blood_type, units (decimal), donated_at, notes, created_at. blood_requests — id, patient_id (FK → patients, cascade delete), blood_type, units_required (decimal), urgent (boolean), notes, status (enum: Pending/Approved/Rejected, default Pending), approved_at, created_at. blood_inventory — blood_type (primary key), units_available (decimal), updated_at (auto-update timestamp). 2. PHP application (index.php) — single file containing connection logic, auth, a JSON API, and the full dashboard UI: DB connection: mysqli with prepared statements where input is user-supplied; mysqli_report set to throw on error. Session-based auth: login form (styled split-screen layout) checks username + password_verify(); stores user_id/name/username/role in session; logout via ?logout=1. JSON API (?api=), requiring an authenticated session, supporting: stats — dashboard totals (donors, patients, units, pending requests, 30-day donations, critical stock), per-blood-type inventory, and a 6-month donations-vs-requests chart dataset. get_donors / add_donor / update_donor / delete_donor (with search by name/blood type) get_patients / add_patient / update_patient / delete_patient (with search) add_donation / get_donations — recording a donation increments blood_inventory and updates the donor's last_donation add_request / get_requests / approve_request / reject_request — approving checks stock sufficiency and deducts inventory get_inventory / update_inventory — upsert into blood_inventory Dashboard UI (after login): sidebar navigation (Dashboard, Inventory, Donors, Donations, Patients, Requests with a pending-count badge), topbar with refresh and user info, and per-section views: Dashboard: 6 gradient stat cards, live blood-type availability cards with stock-level bars/status, a bar chart (donations vs requests) and doughnut chart (blood distribution) via Chart.js, plus "recent donations" and "pending requests" mini-tables. Inventory: table of blood types with stock status and an edit modal. Donors / Patients: searchable tables with add/edit/delete modals. Donations: table + "record donation" modal that auto-fills blood type from the selected donor. Requests: table + "new request" modal (with urgent flag) and approve/reject actions. Styling: Poppins font, RemixIcon icons, CSS custom properties for a red/blue/gradient theme, card-based design with shadows, hover lift effects, toasts for feedback, and responsive breakpoints for mobile (collapsing sidebar). All CRUD operations should be wired to the API via fetch() and re-render the relevant table/section on success, with toast notifications for success/error states. Output: two complete files — schema.sql and index.php — ready to drop into a PHP+MySQL stack (e.g., XAMPP/LAMP) with no missing pieces. One note worth flagging since you'll likely run this prompt against a model to regenerate the code: the original index.php builds several SQL queries by string-concatenating real_escape_string()'d values rather than using prepared statements throughout (the login query is prepared, but most CRUD actions aren't). If you regenerate this, it's worth asking explicitly for prepared statements on every query that includes user input, since real_escape_string is more error-prone than parameter binding — that'd be a good one-line addition to the prompt above if security hardening matters to you.