141 lines
3.4 KiB
PHP
141 lines
3.4 KiB
PHP
<?php
|
|
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
session_start();
|
|
|
|
if (empty($_SESSION['user_id']))
|
|
{
|
|
header('Location: login.php');
|
|
exit();
|
|
}
|
|
|
|
$userId = (int)$_SESSION['user_id'];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST')
|
|
{
|
|
header('Location: account.php');
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_FILES['uploadFile']) || !is_array($_FILES['uploadFile']))
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
$file = $_FILES['uploadFile'];
|
|
|
|
$fileError = isset($file['error']) ? (int)$file['error'] : UPLOAD_ERR_NO_FILE;
|
|
if ($fileError !== UPLOAD_ERR_OK)
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
// Basic Validierung
|
|
$tmp = isset($file['tmp_name']) ? (string)$file['tmp_name'] : '';
|
|
if ($tmp === '' || !is_uploaded_file($tmp))
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
$allowedMimeToExt = [
|
|
'image/jpeg' => 'jpg',
|
|
'image/png' => 'png',
|
|
'image/webp' => 'webp'
|
|
];
|
|
|
|
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
|
$mime = $finfo->file($tmp);
|
|
|
|
if (!$mime || !isset($allowedMimeToExt[$mime]))
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
$ext = $allowedMimeToExt[$mime];
|
|
|
|
// Wichtig: Auf Linux ist ein Pfad mit führendem "/" ein Pfad ab Dateisystem-Root.
|
|
// Für move_uploaded_file() brauchen wir einen Dateisystempfad; die Public-URL ist separat.
|
|
$documentRoot = isset($_SERVER['DOCUMENT_ROOT']) ? (string)$_SERVER['DOCUMENT_ROOT'] : '';
|
|
$webRoot = rtrim($documentRoot, "\\/");
|
|
$targetDir = $webRoot !== ''
|
|
? $webRoot . 'assets/images/profilePictures'
|
|
: __DIR__ . 'assets/images/profilePictures';
|
|
|
|
if (!is_dir($targetDir))
|
|
{
|
|
$mkOk = @mkdir($targetDir, 0755, true);
|
|
if (!$mkOk)
|
|
{
|
|
error_log('Upload: mkdir failed for ' . $targetDir);
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
}
|
|
|
|
if (!is_writable($targetDir))
|
|
{
|
|
error_log('Upload: targetDir not writable: ' . $targetDir);
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
// Fallback-kompatibler Name (auch ohne random_bytes)
|
|
$rand = uniqid('', true);
|
|
$rand = str_replace('.', '', $rand);
|
|
$filename = 'user_' . $userId . '_' . $rand . '.' . $ext;
|
|
$targetPath = rtrim($targetDir, "\\/") . DIRECTORY_SEPARATOR . $filename;
|
|
|
|
if (!move_uploaded_file($tmp, $targetPath))
|
|
{
|
|
$lastErr = error_get_last();
|
|
$lastErrMsg = (is_array($lastErr) && isset($lastErr['message'])) ? (string)$lastErr['message'] : 'unknown';
|
|
error_log('Upload: move_uploaded_file failed to ' . $targetPath . ' - ' . $lastErrMsg);
|
|
header('Location: account.php?upload=err&code=move');
|
|
exit();
|
|
}
|
|
|
|
// Pfad, der in HTML genutzt wird (URL relativ zur Webroot)
|
|
$publicPath = 'assets/images/profilePictures/' . $filename;
|
|
|
|
$servername = "localhost";
|
|
$port = 3306;
|
|
$username = "FSST";
|
|
$password = "L9wUNZZ9Qkbt";
|
|
$db = "FSST";
|
|
|
|
$conn = mysqli_connect($servername, $username, $password, $db, $port);
|
|
if (!$conn)
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
$stmt = mysqli_prepare($conn, "UPDATE users SET profilePicture = ? WHERE userID = ?");
|
|
if (!$stmt)
|
|
{
|
|
mysqli_close($conn);
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
mysqli_stmt_bind_param($stmt, 'si', $publicPath, $userId);
|
|
$ok = mysqli_stmt_execute($stmt);
|
|
mysqli_stmt_close($stmt);
|
|
mysqli_close($conn);
|
|
|
|
if (!$ok)
|
|
{
|
|
header('Location: account.php?upload=err');
|
|
exit();
|
|
}
|
|
|
|
header('Location: account.php?upload=ok');
|
|
exit();
|