74 lines
3.1 KiB
PHP
Executable File
74 lines
3.1 KiB
PHP
Executable File
<?php
|
|
// ============================================================
|
|
// uploadImagePortrate.php
|
|
// رفع صورة الكابتن بأمان
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/connect.php'; // يفترض أنه يستدعي core/bootstrap.php
|
|
|
|
appLog("🚀 [upload_profile_image.php] بدأ تنفيذ سكربت رفع الصورة");
|
|
|
|
try {
|
|
// 1. Rate Limiting للرفع
|
|
$limiter = new RateLimiter($redis);
|
|
$limiter->enforce(RateLimiter::identifier($user_id ?? null), 'upload');
|
|
|
|
$driverID = filterRequest("driverID");
|
|
appLog("📥 Received driverID: $driverID");
|
|
|
|
if (empty($driverID)) {
|
|
jsonError('Driver ID is required.', 400);
|
|
}
|
|
|
|
// 2. استخدام دالة الرفع الآمنة (MIME check, random name, 5MB limit)
|
|
$target_dir = __DIR__ . "/portrate_captain_image/";
|
|
$uploadResult = uploadImageSecure('image', $target_dir, $driverID);
|
|
|
|
if (!$uploadResult['success']) {
|
|
securityLog("❌ Image upload failed", ['driverID' => $driverID, 'error' => $uploadResult['error']]);
|
|
jsonError($uploadResult['error'], 400);
|
|
}
|
|
|
|
$new_filename = $uploadResult['filename'];
|
|
appLog("✅ File moved successfully to: " . $uploadResult['path']);
|
|
|
|
// 3. تحديث قاعدة البيانات
|
|
$linkImage = 'https://api.intaleq.xyz/intaleq_v3/portrate_captain_image/' . $new_filename;
|
|
$uploadDate = date("Y-m-d H:i:s");
|
|
|
|
// تأكد من أن الاتصال قادم من connect.php أو اجلبه
|
|
$con = Database::get('main');
|
|
|
|
// التحقق من وجود السائق في جدول الصور الشخصية
|
|
$stmt = $con->prepare("SELECT COUNT(*) FROM imageProfileCaptain WHERE driverID = ?");
|
|
$stmt->execute([$driverID]);
|
|
$count = $stmt->fetchColumn();
|
|
|
|
if ($count > 0) {
|
|
// تحديث
|
|
$updateSQL = "UPDATE imageProfileCaptain SET image_name = ?, link = ? WHERE driverID = ?";
|
|
$updateStmt = $con->prepare($updateSQL);
|
|
// Note: imageProfileCaptain doesn't seem to have 'upload_date' in the original insert, but let's check if we should add it. Let's just update image_name and link as in the insert statement.
|
|
$success = $updateStmt->execute([$new_filename, $linkImage, $driverID]);
|
|
} else {
|
|
// إدخال جديد
|
|
$insertSQL = "INSERT INTO imageProfileCaptain (driverID, image_name, link) VALUES (?, ?, ?)";
|
|
$insertStmt = $con->prepare($insertSQL);
|
|
$success = $insertStmt->execute([$driverID, $new_filename, $linkImage]);
|
|
}
|
|
|
|
if ($success) {
|
|
appLog("✅ Record updated for driverID: $driverID");
|
|
jsonSuccess(['file_link' => $linkImage], 'Record updated successfully.');
|
|
} else {
|
|
appLog("❌ Failed to update DB record for driverID: $driverID");
|
|
jsonError('Failed to update record.', 500);
|
|
}
|
|
|
|
} catch (PDOException $e) {
|
|
securityLog("💥 PDO ERROR in uploadImage", ['error' => $e->getMessage()]);
|
|
jsonError('Database error.', 500);
|
|
} catch (Exception $e) {
|
|
securityLog("💥 GENERAL ERROR in uploadImage", ['error' => $e->getMessage()]);
|
|
jsonError('Server error.', 500);
|
|
} |