'jpg', 'image/png' => 'png', ]; $finfo = new finfo(FILEINFO_MIME_TYPE); $mime = $finfo->file($tmp); if (!$mime || !isset($allowedMimeToExt[$mime])) { // Mime loggen ist ok (kein Secret), hilft bei Support error_log('Upload: invalid mime=' . (string)$mime); header('Location: account.php?upload=err&code=mime'); exit(); } $ext = $allowedMimeToExt[$mime]; // Zielordner: assets/images/profilePictures relativ zum Projekt (upload.php liegt im Webroot) $relativeTargetDir = 'assets/images/profilePictures'; // Kandidat 1: relativ zu __DIR__ (robust gegen VHost/Alias) $dirTargetDir = rtrim(__DIR__, "\\/") . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $relativeTargetDir); // Kandidat 2: relativ zu DOCUMENT_ROOT (nur wenn gesetzt) $documentRoot = isset($_SERVER['DOCUMENT_ROOT']) ? (string)$_SERVER['DOCUMENT_ROOT'] : ''; $docRootTrim = rtrim($documentRoot, "\\/"); $docTargetDir = ($docRootTrim !== '') ? $docRootTrim . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $relativeTargetDir) : ''; // Bevorzugt __DIR__. Falls __DIR__ aus irgendeinem Grund nicht ins Projekt zeigt, und DOCUMENT_ROOT plausibel ist, nutze DOCUMENT_ROOT. $targetDir = $dirTargetDir; if ($docTargetDir !== '' && !is_dir($dirTargetDir) && is_dir($docTargetDir)) { $targetDir = $docTargetDir; } if (!is_dir($targetDir)) { $mkOk = @mkdir($targetDir, 0755, true); if (!$mkOk) { $lastErr = error_get_last(); $lastErrMsg = (is_array($lastErr) && isset($lastErr['message'])) ? (string)$lastErr['message'] : 'unknown'; error_log('Upload: mkdir failed for ' . $targetDir . ' - ' . $lastErrMsg); header('Location: account.php?upload=err&code=mkdir'); exit(); } } if (!is_writable($targetDir)) { error_log('Upload: targetDir not writable: ' . $targetDir); header('Location: account.php?upload=err&code=perm'); exit(); } // Dateiname: user__. // Format ist dateisystem-sicher (keine Doppelpunkte) und eindeutig genug. $timestamp = gmdate('Ymd-His'); $filename = 'user_' . $userId . '_' . $timestamp . '.' . $ext; $targetPath = rtrim($targetDir, "\\/") . DIRECTORY_SEPARATOR . $filename; if (!move_uploaded_file($tmp, $targetPath)) { $lastErr = error_get_last(); $lastErrMsg = (is_array($lastErr) && isset($lastErr['message'])) ? (string)$lastErr['message'] : 'unknown'; error_log('Upload: move_uploaded_file failed to ' . $targetPath . ' - ' . $lastErrMsg); header('Location: account.php?upload=err&code=move'); exit(); } // Pfad, der in HTML genutzt wird (URL relativ zur Webroot) $publicPath = 'assets/images/profilePictures/' . $filename; $servername = "localhost"; $port = 3306; $username = "FSST"; $password = "L9wUNZZ9Qkbt"; $db = "FSST"; $conn = mysqli_connect($servername, $username, $password, $db, $port); if (!$conn) { header('Location: account.php?upload=err'); exit(); } $stmt = mysqli_prepare($conn, "UPDATE users SET profilePicture = ? WHERE userID = ?"); if (!$stmt) { mysqli_close($conn); header('Location: account.php?upload=err'); exit(); } mysqli_stmt_bind_param($stmt, 'si', $publicPath, $userId); $ok = mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); mysqli_close($conn); if (!$ok) { header('Location: account.php?upload=err'); exit(); } header('Location: account.php?upload=ok'); exit();