"; echo "UPLOAD MAX FILESIZE: " . ini_get('upload_max_filesize') . "
"; echo "POST MAX SIZE: " . ini_get('post_max_size') . "
"; var_dump($_FILES); exit(); } // Basic Validierung $tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : ''; if ($tmp === '' || !is_uploaded_file($tmp)) { header('Location: account.php?upload=err'); exit(); } $allowedMimeToExt = [ 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/webp' => 'webp' ]; $finfo = new finfo(FILEINFO_MIME_TYPE); $mime = $finfo->file($tmp); if (!$mime || !isset($allowedMimeToExt[$mime])) { header('Location: account.php?upload=err'); exit(); } $ext = $allowedMimeToExt[$mime]; $targetDir = __DIR__ . DIRECTORY_SEPARATOR . 'assets' . DIRECTORY_SEPARATOR . 'images' . DIRECTORY_SEPARATOR . 'profilePictures'; if (!is_dir($targetDir)) { @mkdir($targetDir, 0755, true); } // Fallback-kompatibler Name (auch ohne random_bytes) $rand = uniqid('', true); $rand = str_replace('.', '', $rand); $filename = 'user_' . $userId . '_' . $rand . '.' . $ext; $targetPath = $targetDir . DIRECTORY_SEPARATOR . $filename; if (!move_uploaded_file($tmp, $targetPath)) { header('Location: account.php?upload=err'); exit(); } // Pfad, der in HTML genutzt wird (relativ zur Webroot) $publicPath = 'assets/images/profilePictures/' . $filename; $servername = "localhost"; $port = 3306; $username = "FSST"; $password = "L9wUNZZ9Qkbt"; $db = "FSST"; $conn = mysqli_connect($servername, $username, $password, $db, $port); if (!$conn) { header('Location: account.php?upload=err'); exit(); } $stmt = mysqli_prepare($conn, "UPDATE users SET profilePicture = ? WHERE userID = ?"); if (!$stmt) { mysqli_close($conn); header('Location: account.php?upload=err'); exit(); } mysqli_stmt_bind_param($stmt, 'si', $publicPath, $userId); $ok = mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); mysqli_close($conn); if (!$ok) { header('Location: account.php?upload=err'); exit(); } header('Location: account.php?upload=ok'); exit();