File Manager V1.5
FILE_CONTENT: upload_images.php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, X-Requested-With, User-Agent, Origin");
header("Access-Control-Max-Age: 86400");
header("Access-Control-Allow-Credentials: true");
header("Content-Type: application/json; charset=UTF-8");
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
http_response_code(200);
echo json_encode(['success' => true, 'message' => 'OPTIONS request handled']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(["success" => false, "message" => "Только метод POST разрешен"]);
exit;
}
require 'vendor/autoload.php';
use Dotenv\Dotenv;
try {
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Ошибка конфигурации окружения: ' . $e->getMessage()]);
exit;
}
$requiredEnvVars = ['DB_HOST', 'DB_NAME', 'DB_USER', 'DB_PASSWORD'];
foreach ($requiredEnvVars as $var) {
if (!isset($_ENV[$var])) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => "Отсутствует необходимая переменная окружения $var"]);
exit;
}
}
try {
$pdo = new PDO(
"mysql:host={$_ENV['DB_HOST']};dbname={$_ENV['DB_NAME']};charset=utf8mb4",
$_ENV['DB_USER'],
$_ENV['DB_PASSWORD']
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Ошибка подключения к базе данных: ' . $e->getMessage()]);
exit;
}
$logFile = '/tmp/debug_upload_images.log';
file_put_contents($logFile, "POST data: " . print_r($_POST, true) . "\n", FILE_APPEND);
file_put_contents($logFile, "FILES data: " . print_r($_FILES, true) . "\n", FILE_APPEND);
$userId = isset($_POST['user_id']) ? trim($_POST['user_id']) : null;
$userType = isset($_POST['user_type']) ? trim($_POST['user_type']) : null;
file_put_contents($logFile, "Raw user_id: '$userId', Raw user_type: '$userType'\n", FILE_APPEND);
if ($userId === null || $userId === '' || !is_numeric($userId) || (int)$userId <= 0) {
http_response_code(400);
echo json_encode([
'success' => false,
'message' => 'Недопустимый User ID',
'received_user_id' => $userId,
'received_user_type' => $userType
]);
exit;
}
if ($userType === null || $userType === '' || !in_array((int)$userType, [0, 1, 2])) {
http_response_code(400);
echo json_encode([
'success' => false,
'message' => 'Недопустимый User Type',
'received_user_id' => $userId,
'received_user_type' => $userType
]);
exit;
}
$userId = (int)$userId;
$userType = (int)$userType;
$uploadDir = __DIR__ . '/Uploads/';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0777, true);
}
$uploadedFiles = [];
$errors = [];
$tableName = '';
$imageFields = [];
switch ($userType) {
case 0:
$tableName = 'individusers';
$imageFields = [
'passport_main_image' => 'passport_main_image',
'passport_registration_image' => 'passport_registration_image'
];
break;
case 1:
$tableName = 'companyusers';
$imageFields = [
'company_card_image' => 'passport_main_image'
];
break;
case 2:
http_response_code(200);
echo json_encode(['success' => true, 'message' => 'Для лизинг-менеджера изображения не требуются']);
exit;
default:
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Недопустимый тип пользователя для загрузки изображений']);
exit;
}
try {
$sql = "SELECT id FROM $tableName WHERE id = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$userId]);
if ($stmt->rowCount() == 0) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Пользователь с указанным ID не найден']);
exit;
}
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Ошибка проверки пользователя: ' . $e->getMessage()]);
exit;
}
foreach ($imageFields as $inputName => $dbFieldName) {
if (isset($_FILES[$inputName]) && $_FILES[$inputName]['error'] == UPLOAD_ERR_OK) {
$fileTmpPath = $_FILES[$inputName]['tmp_name'];
$fileName = basename($_FILES[$inputName]['name']);
$fileSize = $_FILES[$inputName]['size'];
$fileType = $_FILES[$inputName]['type'];
$fileNameCmps = explode(".", $fileName);
$fileExtension = strtolower(end($fileNameCmps));
$newFileName = md5(time() . $fileName) . '.' . $fileExtension;
$destPath = $uploadDir . $newFileName;
$allowedfileExtensions = ['jpg', 'jpeg', 'png'];
if (!in_array($fileExtension, $allowedfileExtensions)) {
$errors[] = "Недопустимый тип файла для $inputName. Разрешены только JPG, JPEG, PNG.";
continue;
}
if ($fileSize > 5 * 1024 * 1024) {
$errors[] = "Файл $inputName слишком большой. Максимальный размер 5MB.";
continue;
}
if (move_uploaded_file($fileTmpPath, $destPath)) {
if ($userType === 1) {
$uploadedFiles[$dbFieldName] = "https://api.d-car.shop/Uploads/$newFileName";
} else {
$uploadedFiles[$dbFieldName] = $newFileName;
}
} else {
$errors[] = "Ошибка при перемещении файла $inputName.";
}
}
}
if (!empty($errors)) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Ошибки при загрузке файлов', 'errors' => $errors]);
exit;
}
if (!empty($uploadedFiles)) {
try {
$setClauses = [];
$executeParams = [];
foreach ($uploadedFiles as $dbFieldName => $fileNameToSave) {
$setClauses[] = "$dbFieldName = ?";
$executeParams[] = $fileNameToSave;
}
$executeParams[] = $userId;
$sql = "UPDATE $tableName SET " . implode(', ', $setClauses) . " WHERE id = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute($executeParams);
http_response_code(200);
echo json_encode(['success' => true, 'message' => 'Изображения успешно загружены и сохранены', 'uploaded_files' => $uploadedFiles]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Ошибка базы данных при сохранении путей: ' . $e->getMessage()]);
exit;
}
} else {
http_response_code(200);
echo json_encode(['success' => true, 'message' => 'Изображения не были загружены']);
}
?>[ KEMBALI ]