From 1ff652509b11412f4d434220a5e6fdb6904c9aa2 Mon Sep 17 00:00:00 2001
From: Fabian Schieder <fabian.schieder.1010@gmail.com>
Date: Tue, 10 Feb 2026 21:35:09 +0100
Subject: [PATCH] enhance product addition form with image upload and URL
 options, add debug mode for error tracking

---
 account.php      |   2 +-
 productAdder.php | 249 +++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 209 insertions(+), 42 deletions(-)

diff --git a/account.php b/account.php
index 94d7f17..a652b9a 100644
--- a/account.php
+++ b/account.php
@@ -96,7 +96,7 @@ include 'header.php';
                 <div class="auth__field">
                     <label for="file">Profilbild auswählen</label>
                     <input type="file" name="uploadFile" id="file" accept="image/*" required>
-                    <p class="auth__hint">Erlaubt: JPG/PNG. max. 20MB.</p>
+                    <p class="auth__tip">Erlaubt: JPG/PNG. max. 20MB.</p>
                 </div>
 
                 <div class="auth__actions">
diff --git a/productAdder.php b/productAdder.php
index ac99854..771f380 100644
--- a/productAdder.php
+++ b/productAdder.php
@@ -12,6 +12,8 @@ session_start();
 $categoryID = 0;
 if (isset($_GET['categoryID']) && ctype_digit($_GET['categoryID'])) {
     $categoryID = (int)$_GET['categoryID'];
+} elseif (isset($_POST['categoryID']) && ctype_digit($_POST['categoryID'])) {
+    $categoryID = (int)$_POST['categoryID'];
 }
 
 /* =======================
@@ -72,6 +74,8 @@ if ($categoryID > 0) {
    5) Produkt speichern
    ======================= */
 $saveError = null;
+$debugMode = isset($_GET['debug']) && $_GET['debug'] === '1';
+$debugDetails = [];
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['saveProduct'])) {
 
     $model       = trim($_POST['model']);
@@ -79,60 +83,208 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['saveProduct'])) {
     $categoryID  = (int)$_POST['categoryID'];
     $brandID     = (int)($_POST['brandID'] ?? 0);
 
-    if ($brandID <= 0) {
+    $imageUrl = trim((string)($_POST['imageUrl'] ?? ''));
+    $imageFile = (isset($_FILES['productImage']) && is_array($_FILES['productImage'])) ? $_FILES['productImage'] : null;
+    $hasUpload = $imageFile && isset($imageFile['error']) && (int)$imageFile['error'] !== UPLOAD_ERR_NO_FILE;
+    $uploadMime = null;
+
+    if ($debugMode) {
+        $debugDetails['post_categoryID'] = $_POST['categoryID'] ?? null;
+        $debugDetails['post_brandID'] = $_POST['brandID'] ?? null;
+        $debugDetails['post_model'] = $model;
+        $debugDetails['file_present'] = $imageFile !== null ? 'yes' : 'no';
+        $debugDetails['file_error'] = $imageFile['error'] ?? null;
+        $debugDetails['file_name'] = $imageFile['name'] ?? null;
+        $debugDetails['file_size'] = $imageFile['size'] ?? null;
+        $debugDetails['file_tmp'] = isset($imageFile['tmp_name']) ? (string)$imageFile['tmp_name'] : null;
+        $debugDetails['upload_max_filesize'] = ini_get('upload_max_filesize');
+        $debugDetails['post_max_size'] = ini_get('post_max_size');
+    }
+
+    if ($categoryID <= 0) {
+        $saveError = 'Bitte eine Kategorie auswählen.';
+    } elseif ($brandID <= 0) {
         $saveError = 'Bitte eine Marke auswählen.';
-    } else {
+    } elseif ($model === '') {
+        $saveError = 'Bitte ein Modell angeben.';
+    } elseif ($imageUrl !== '' && !filter_var($imageUrl, FILTER_VALIDATE_URL)) {
+        $saveError = 'Bitte eine gueltige Bild-URL eingeben.';
+    } elseif ($hasUpload) {
+        $fileError = (int)$imageFile['error'];
+        if ($fileError !== UPLOAD_ERR_OK) {
+            $saveError = 'Bild-Upload fehlgeschlagen (Code ' . $fileError . ').';
+        } else {
+            $tmp = isset($imageFile['tmp_name']) ? (string)$imageFile['tmp_name'] : '';
+            if ($tmp === '' || !is_uploaded_file($tmp)) {
+                $saveError = 'Upload-Datei ungueltig.';
+            } else {
+                $allowedMimeToExt = [
+                    'image/jpeg' => 'jpg',
+                    'image/png' => 'png',
+                ];
+
+                $mime = null;
+                $imageInfo = @getimagesize($tmp);
+                $imageType = (is_array($imageInfo) && isset($imageInfo[2])) ? (int)$imageInfo[2] : null;
+
+                if ($imageType === IMAGETYPE_PNG) {
+                    $mime = 'image/png';
+                } elseif ($imageType === IMAGETYPE_JPEG) {
+                    $mime = 'image/jpeg';
+                }
+
+                if (!$mime) {
+                    $finfo = new finfo(FILEINFO_MIME_TYPE);
+                    $mime = $finfo->file($tmp);
+                }
+
+                $fileExt = strtolower(pathinfo((string)($imageFile['name'] ?? ''), PATHINFO_EXTENSION));
+                if ($debugMode) {
+                    $debugDetails['getimagesize_mime'] = $imageInfo['mime'] ?? null;
+                    $debugDetails['getimagesize_type'] = $imageType;
+                    $debugDetails['finfo_mime'] = $mime;
+                    $debugDetails['file_ext'] = $fileExt;
+                }
+
+                if (!$mime || !isset($allowedMimeToExt[$mime])) {
+                    if (in_array($fileExt, ['jpg', 'jpeg', 'png'], true)) {
+                        $uploadMime = ($fileExt === 'png') ? 'image/png' : 'image/jpeg';
+                    } else {
+                        $saveError = 'Nur JPG oder PNG sind erlaubt. Erkannter Typ: ' . ($mime ?: 'unbekannt');
+                    }
+                } else {
+                    $uploadMime = $mime;
+                }
+            }
+        }
+    }
+
+    if ($saveError === null) {
         // --- Produkt anlegen ---
         $stmt = $conn->prepare("
             INSERT INTO products (categoryID, brandID, model, description)
             VALUES (?, ?, ?, ?)
         ");
-        $stmt->bind_param("iiss", $categoryID, $brandID, $model, $description);
-        $stmt->execute();
+        if (!$stmt) {
+            $saveError = 'Datenbankfehler beim Anlegen des Produkts.';
+        } else {
+            $stmt->bind_param("iiss", $categoryID, $brandID, $model, $description);
+            $ok = $stmt->execute();
 
-        $productID = $stmt->insert_id;
+            if (!$ok) {
+                error_log('Product insert failed: ' . $stmt->error);
+                $saveError = 'Produkt konnte nicht gespeichert werden (DB-Fehler).';
+                if ($debugMode) {
+                    $debugDetails['db_error'] = $stmt->error;
+                }
+            } else {
+                $productID = $stmt->insert_id;
 
-        // --- Attribute speichern ---
-        if (!empty($_POST['attributes'])) {
+                $publicImagePath = null;
 
-            $stmtAttr = $conn->prepare("
-                INSERT INTO productAttributes
-                (productID, attributeID, valueString, valueNumber, valueBool)
-                VALUES (?, ?, ?, ?, ?)
-            ");
+                if ($hasUpload) {
+                    $relativeTargetDir = 'assets/images/products';
+                    $dirTargetDir = rtrim(__DIR__, "\\/") . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $relativeTargetDir);
+                    $documentRoot = isset($_SERVER['DOCUMENT_ROOT']) ? (string)$_SERVER['DOCUMENT_ROOT'] : '';
+                    $docRootTrim = rtrim($documentRoot, "\\/");
+                    $docTargetDir = ($docRootTrim !== '')
+                        ? $docRootTrim . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $relativeTargetDir)
+                        : '';
 
-            foreach ($_POST['attributes'] as $attributeID => $value) {
+                    $targetDir = $dirTargetDir;
+                    if ($docTargetDir !== '' && !is_dir($dirTargetDir) && is_dir($docTargetDir)) {
+                        $targetDir = $docTargetDir;
+                    }
 
-                if ($value === '' || $value === null) {
-                    continue;
+                    if (!is_dir($targetDir) && !@mkdir($targetDir, 0755, true)) {
+                        $saveError = 'Zielordner fuer Upload nicht verfuegbar.';
+                    } elseif (!is_writable($targetDir)) {
+                        $saveError = 'Zielordner ist nicht beschreibbar.';
+                    } else {
+                        $tmp = (string)$imageFile['tmp_name'];
+                        $mime = $uploadMime;
+                        if (!$mime) {
+                            $finfo = new finfo(FILEINFO_MIME_TYPE);
+                            $mime = $finfo->file($tmp);
+                        }
+
+                        $filename = $productID . '.png';
+                        $targetPath = rtrim($targetDir, "\\/") . DIRECTORY_SEPARATOR . $filename;
+
+                        $savedOk = false;
+                        if ($mime === 'image/png') {
+                            $savedOk = move_uploaded_file($tmp, $targetPath);
+                        } elseif ($mime === 'image/jpeg') {
+                            $sourceImage = @imagecreatefromjpeg($tmp);
+                            if ($sourceImage !== false) {
+                                $savedOk = imagepng($sourceImage, $targetPath);
+                                imagedestroy($sourceImage);
+                            }
+                        }
+
+                        if ($savedOk) {
+                            $publicImagePath = $relativeTargetDir . '/' . $filename;
+                        } else {
+                            $saveError = 'Bild konnte nicht gespeichert werden.';
+                        }
+                    }
+                } elseif ($imageUrl !== '') {
+                    $publicImagePath = $imageUrl;
                 }
 
-                $valueString = null;
-                $valueNumber = null;
-                $valueBool   = null;
-
-                if (is_numeric($value)) {
-                    $valueNumber = $value;
-                } elseif ($value === '0' || $value === '1') {
-                    $valueBool = (int)$value;
-                } else {
-                    $valueString = trim($value);
+                if ($saveError === null && $publicImagePath !== null) {
+                    $stmtImg = $conn->prepare("UPDATE products SET imagePath = ? WHERE productID = ?");
+                    if ($stmtImg) {
+                        $stmtImg->bind_param("si", $publicImagePath, $productID);
+                        $stmtImg->execute();
+                    }
                 }
 
-                $stmtAttr->bind_param(
-                    "iisdi",
-                    $productID,
-                    $attributeID,
-                    $valueString,
-                    $valueNumber,
-                    $valueBool
-                );
-                $stmtAttr->execute();
+                // --- Attribute speichern ---
+                if (!empty($_POST['attributes'])) {
+
+                    $stmtAttr = $conn->prepare("
+                        INSERT INTO productAttributes
+                        (productID, attributeID, valueString, valueNumber, valueBool)
+                        VALUES (?, ?, ?, ?, ?)
+                    ");
+
+                    foreach ($_POST['attributes'] as $attributeID => $value) {
+
+                        if ($value === '' || $value === null) {
+                            continue;
+                        }
+
+                        $valueString = null;
+                        $valueNumber = null;
+                        $valueBool   = null;
+
+                        if (is_numeric($value)) {
+                            $valueNumber = $value;
+                        } elseif ($value === '0' || $value === '1') {
+                            $valueBool = (int)$value;
+                        } else {
+                            $valueString = trim($value);
+                        }
+
+                        $stmtAttr->bind_param(
+                            "iisdi",
+                            $productID,
+                            $attributeID,
+                            $valueString,
+                            $valueNumber,
+                            $valueBool
+                        );
+                        $stmtAttr->execute();
+                    }
+                }
+
+                if ($saveError === null) {
+                    header("Location: productAdder.php?categoryID=" . $categoryID);
+                    exit;
+                }
             }
         }
-
-        header("Location: productAdder.php?categoryID=" . $categoryID);
-        exit;
     }
 }
 
@@ -173,13 +325,17 @@ include 'header.php';
                     <h2 class="auth__title">Produkt hinzufügen</h2>
                 </header>
 
-                <form method="post" class="auth__form">
+                <form method="post" class="auth__form" enctype="multipart/form-data">
                     <input type="hidden" name="categoryID" value="<?= $categoryID ?>">
 
                     <?php if ($saveError): ?>
                         <p class="auth__error"><?= htmlspecialchars($saveError) ?></p>
                     <?php endif; ?>
 
+                    <?php if ($debugMode && !empty($debugDetails)): ?>
+                        <pre class="auth__error"><?= htmlspecialchars(print_r($debugDetails, true)) ?></pre>
+                    <?php endif; ?>
+
                     <label for="brandID">Marke</label>
                     <select id="brandID" name="brandID" class="auth__select" required>
                         <option value="">Marke wählen</option>
@@ -196,6 +352,15 @@ include 'header.php';
                     <label for="description">Beschreibung</label>
                     <textarea id="description" name="description" class="auth__input"></textarea>
 
+                    <label for="productImage">Produktbild hochladen (PNG oder JPG)</label>
+                    <div class="auth__field">
+                        <input id="productImage" type="file" name="productImage" accept="image/*">
+                        <p class="auth__tip">Erlaubt: JPG/PNG. max. 20MB.</p>
+                    </div>
+
+                    <label for="imageUrl">oder Bild-URL</label>
+                    <input id="imageUrl" type="url" name="imageUrl" class="auth__input" placeholder="https://...">
+
                     <h3 class="auth__title">Attribute</h3>
 
                     <?php foreach ($attributes as $attr): ?>
@@ -213,9 +378,11 @@ include 'header.php';
                         >
                     <?php endforeach; ?>
 
-                    <button type="submit" name="saveProduct" class="auth__input">
-                        Produkt speichern
-                    </button>
+                    <div class="auth__actions">
+                        <button type="submit" name="saveProduct" class="auth__submit">
+                            Produkt speichern
+                        </button>
+                    </div>
                 </form>
             </div>
         <?php endif; ?>