Initial commit with updated Auth and media ignored
This commit is contained in:
Hamza-Ayed
73
uploadImagePortrate.php
Executable file
73
uploadImagePortrate.php
Executable file
@@ -0,0 +1,73 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// uploadImagePortrate.php
|
||||
// رفع صورة الكابتن بأمان
|
||||
// ============================================================
|
||||
|
||||
require_once __DIR__ . '/connect.php'; // يفترض أنه يستدعي core/bootstrap.php
|
||||
|
||||
appLog("🚀 [upload_profile_image.php] بدأ تنفيذ سكربت رفع الصورة");
|
||||
|
||||
try {
|
||||
// 1. Rate Limiting للرفع
|
||||
$limiter = new RateLimiter($redis);
|
||||
$limiter->enforce(RateLimiter::identifier($user_id ?? null), 'upload');
|
||||
|
||||
$driverID = filterRequest("driverID");
|
||||
appLog("📥 Received driverID: $driverID");
|
||||
|
||||
if (empty($driverID)) {
|
||||
jsonError('Driver ID is required.', 400);
|
||||
}
|
||||
|
||||
// 2. استخدام دالة الرفع الآمنة (MIME check, random name, 5MB limit)
|
||||
$target_dir = __DIR__ . "/portrate_captain_image/";
|
||||
$uploadResult = uploadImageSecure('image', $target_dir, $driverID);
|
||||
|
||||
if (!$uploadResult['success']) {
|
||||
securityLog("❌ Image upload failed", ['driverID' => $driverID, 'error' => $uploadResult['error']]);
|
||||
jsonError($uploadResult['error'], 400);
|
||||
}
|
||||
|
||||
$new_filename = $uploadResult['filename'];
|
||||
appLog("✅ File moved successfully to: " . $uploadResult['path']);
|
||||
|
||||
// 3. تحديث قاعدة البيانات
|
||||
$linkImage = 'https://intaleq.xyz/portrate_captain_image/' . $new_filename;
|
||||
$uploadDate = date("Y-m-d H:i:s");
|
||||
|
||||
// تأكد من أن الاتصال قادم من connect.php أو اجلبه
|
||||
$con = Database::get('main');
|
||||
|
||||
// التحقق من وجود السائق
|
||||
$stmt = $con->prepare("SELECT COUNT(*) FROM card_images WHERE driverID = ?");
|
||||
$stmt->execute([$driverID]);
|
||||
$count = $stmt->fetchColumn();
|
||||
|
||||
if ($count > 0) {
|
||||
// تحديث
|
||||
$updateSQL = "UPDATE card_images SET upload_date = ?, image_name = ?, link = ? WHERE driverID = ?";
|
||||
$updateStmt = $con->prepare($updateSQL);
|
||||
$success = $updateStmt->execute([$uploadDate, $new_filename, $linkImage, $driverID]);
|
||||
} else {
|
||||
// إدخال جديد
|
||||
$insertSQL = "INSERT INTO imageProfileCaptain (driverID, image_name, link) VALUES (?, ?, ?)";
|
||||
$insertStmt = $con->prepare($insertSQL);
|
||||
$success = $insertStmt->execute([$driverID, $new_filename, $linkImage]);
|
||||
}
|
||||
|
||||
if ($success) {
|
||||
appLog("✅ Record updated for driverID: $driverID");
|
||||
jsonSuccess(['file_link' => $linkImage], 'Record updated successfully.');
|
||||
} else {
|
||||
appLog("❌ Failed to update DB record for driverID: $driverID");
|
||||
jsonError('Failed to update record.', 500);
|
||||
}
|
||||
|
||||
} catch (PDOException $e) {
|
||||
securityLog("💥 PDO ERROR in uploadImage", ['error' => $e->getMessage()]);
|
||||
jsonError('Database error.', 500);
|
||||
} catch (Exception $e) {
|
||||
securityLog("💥 GENERAL ERROR in uploadImage", ['error' => $e->getMessage()]);
|
||||
jsonError('Server error.', 500);
|
||||
}
|
||||
Reference in New Issue
Block a user