91 lines
3.0 KiB
PHP
91 lines
3.0 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../core/bootstrap.php';
|
|
require_once __DIR__ . '/../../functions.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
try {
|
|
$con = Database::get('main');
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['status' => 'Database connection failed.']);
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_FILES['image']) || $_FILES['image']['error'] != UPLOAD_ERR_OK) {
|
|
echo json_encode(['status' => 'The image file was not uploaded successfully.']);
|
|
exit;
|
|
}
|
|
|
|
$image_file = $_FILES['image'];
|
|
$driverID = filterRequest("driver_id");
|
|
|
|
if (empty($driverID)) {
|
|
echo json_encode(['status' => 'Missing driver ID.']);
|
|
exit;
|
|
}
|
|
|
|
// التحقق من نوع الملف (MIME Type) للحماية من رفع سكربتات خبيثة
|
|
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
|
$mime_type = finfo_file($finfo, $image_file['tmp_name']);
|
|
finfo_close($finfo);
|
|
|
|
$allowed_mime_types = ['image/jpeg', 'image/png', 'image/jpg'];
|
|
if (!in_array($mime_type, $allowed_mime_types)) {
|
|
echo json_encode(['status' => 'The image file is not a valid image file.']);
|
|
exit;
|
|
}
|
|
|
|
$image_name = $image_file['name'];
|
|
$image_extension = strtolower(pathinfo($image_name, PATHINFO_EXTENSION));
|
|
$allowed_extensions = ['jpg', 'jpeg', 'png'];
|
|
|
|
if (!in_array($image_extension, $allowed_extensions)) {
|
|
echo json_encode(['status' => 'Invalid file extension.']);
|
|
exit;
|
|
}
|
|
|
|
$new_filename = $driverID . '.' . $image_extension;
|
|
$target_dir = __DIR__ . "/../../card_image/";
|
|
|
|
if (!is_dir($target_dir)) {
|
|
mkdir($target_dir, 0755, true);
|
|
}
|
|
|
|
$target_file = $target_dir . $new_filename;
|
|
if (!move_uploaded_file($image_file['tmp_name'], $target_file)) {
|
|
echo json_encode(['status' => 'Failed to move uploaded file.']);
|
|
exit;
|
|
}
|
|
|
|
$linlImage = 'https://ride.mobile-app.store/card_image/' . $new_filename;
|
|
|
|
try {
|
|
// استخدام Prepared Statements للحماية من الحقن (SQL Injection)
|
|
$stmt = $con->prepare("SELECT id FROM card_images WHERE driver_id = :driver_id");
|
|
$stmt->execute([':driver_id' => $driverID]);
|
|
|
|
if ($stmt->rowCount() > 0) {
|
|
$uploadDate = date("Y-m-d H:i:s");
|
|
$updateStmt = $con->prepare("UPDATE card_images SET upload_date = :upload_date WHERE driver_id = :driver_id");
|
|
$updateStmt->execute([
|
|
':upload_date' => $uploadDate,
|
|
':driver_id' => $driverID
|
|
]);
|
|
|
|
echo json_encode(['status' => 'Record updated successfully']);
|
|
} else {
|
|
$insertStmt = $con->prepare("INSERT INTO card_images (id, driver_id, image_name, link) VALUES (SHA2(UUID(), 256), :driver_id, :image_name, :link)");
|
|
$insertStmt->execute([
|
|
':driver_id' => $driverID,
|
|
':image_name' => $new_filename,
|
|
':link' => $linlImage
|
|
]);
|
|
|
|
echo json_encode(['status' => 'Record inserted successfully']);
|
|
}
|
|
} catch (PDOException $e) {
|
|
error_log("Database Error in card-image-driver/add.php: " . $e->getMessage());
|
|
echo json_encode(['status' => 'Database operation failed.']);
|
|
}
|
|
?>
|