From 2e87cb098352ebbdf12fe9a04ed8ec91966bb92f Mon Sep 17 00:00:00 2001 From: Fabian Schieder Date: Sun, 25 Jan 2026 22:55:57 +0100 Subject: [PATCH] Refactor profile picture upload path handling to ensure correct directory structure and improve logging --- upload.php | 51 ++++++++++++++++----------------------------------- 1 file changed, 16 insertions(+), 35 deletions(-) diff --git a/upload.php b/upload.php index 95ec13c..29f0fd3 100644 --- a/upload.php +++ b/upload.php @@ -32,7 +32,7 @@ $fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE; if ($fileError !== UPLOAD_ERR_OK) { error_log('Upload: PHP upload error code=' . $fileError); - header('Location: account.php?upload=err'); + header('Location: account.php?upload=err&code=php_' . $fileError); exit(); } @@ -40,7 +40,8 @@ if ($fileError !== UPLOAD_ERR_OK) $tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : ''; if ($tmp === '' || !is_uploaded_file($tmp)) { - header('Location: account.php?upload=err'); + error_log('Upload: tmp missing or not uploaded. tmp=' . $tmp); + header('Location: account.php?upload=err&code=tmp'); exit(); } @@ -55,49 +56,29 @@ $mime = $finfo->file($tmp); if (!$mime || !isset($allowedMimeToExt[$mime])) { - header('Location: account.php?upload=err'); + error_log('Upload: invalid mime=' . (string)$mime); + header('Location: account.php?upload=err&code=mime'); exit(); } $ext = $allowedMimeToExt[$mime]; -// Wichtig: Auf Linux ist ein Pfad mit führendem "/" ein Pfad ab Dateisystem-Root. -// Für move_uploaded_file() brauchen wir einen Dateisystempfad; die Public-URL ist separat. +// Zielordner IM Projekt (Webroot): assets/images/profilePictures +// Damit vermeiden wir alle DOCUMENT_ROOT/Alias/VHost Probleme. +$targetDir = rtrim(__DIR__, "\\/") . '/assets/images/profilePictures'; + +// Diagnose (landet im PHP/Apache Error-Log) $documentRoot = isset($_SERVER['DOCUMENT_ROOT']) ? (string)$_SERVER['DOCUMENT_ROOT'] : ''; -$webRoot = rtrim($documentRoot, "\\/"); - -$relativeTargetDir = '/assets/images/profilePictures'; - -// Robust: __DIR__ ist der Ordner, in dem upload.php liegt (bei dir: WEBROOT). -// DOCUMENT_ROOT kann auf manchen Setups leer oder z.B. nur '/' sein; dann würde in '/assets/...' geschrieben. -$dirBasedRoot = rtrim(__DIR__, "\\/"); - -define('UPLOAD_DEBUG', true); - -$candidateFromDocRoot = ($webRoot !== '' && $webRoot !== '/') ? ($webRoot . $relativeTargetDir) : ''; -$candidateFromDir = $dirBasedRoot . $relativeTargetDir; - -// Bevorzugt __DIR__; nur wenn DOCUMENT_ROOT plausibel ist und der DIR-Fallback nicht existiert, nutzen wir DOCUMENT_ROOT. -$targetDir = $candidateFromDir; -if ($candidateFromDocRoot !== '' && !is_dir($candidateFromDir) && is_dir($candidateFromDocRoot)) -{ - $targetDir = $candidateFromDocRoot; -} - -if (UPLOAD_DEBUG) -{ - error_log('Upload: DOCUMENT_ROOT=' . $documentRoot); - error_log('Upload: __DIR__=' . __DIR__); - error_log('Upload: targetDir=' . $targetDir); -} +error_log('Upload: DOCUMENT_ROOT=' . $documentRoot . ' __DIR__=' . __DIR__ . ' targetDir=' . $targetDir); if (!is_dir($targetDir)) { $mkOk = @mkdir($targetDir, 0755, true); if (!$mkOk) { - error_log('Upload: mkdir failed for ' . $targetDir); - header('Location: account.php?upload=err'); + $lastErr = error_get_last(); + error_log('Upload: mkdir failed for ' . $targetDir . ' - ' . (is_array($lastErr) && isset($lastErr['message']) ? $lastErr['message'] : 'unknown')); + header('Location: account.php?upload=err&code=mkdir'); exit(); } } @@ -105,7 +86,7 @@ if (!is_dir($targetDir)) if (!is_writable($targetDir)) { error_log('Upload: targetDir not writable: ' . $targetDir); - header('Location: account.php?upload=err'); + header('Location: account.php?upload=err&code=perm'); exit(); } @@ -121,7 +102,7 @@ if (!move_uploaded_file($tmp, $targetPath)) $lastErr = error_get_last(); $lastErrMsg = (is_array($lastErr) && isset($lastErr['message'])) ? (string)$lastErr['message'] : 'unknown'; error_log('Upload: move_uploaded_file failed to ' . $targetPath . ' - ' . $lastErrMsg); - header('Location: account.php?upload=err'); + header('Location: account.php?upload=err&code=move'); exit(); }