116 lines
4.3 KiB
PHP
116 lines
4.3 KiB
PHP
<?php
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
include('include/headscript.php');
|
|
|
|
$conn = new mysqli($servername, $username, $password, $database);
|
|
if ($conn->connect_error) {
|
|
die(json_encode(['success' => false, 'message' => "Connessione fallita: " . $conn->connect_error]));
|
|
}
|
|
|
|
// Verifica se è un upload di immagine
|
|
if (!empty($_FILES['photo']) && isset($_POST['idhome'])) {
|
|
$idhome = intval($_POST['idhome']);
|
|
|
|
$uploadDir = 'mainphoto/';
|
|
if (!file_exists($uploadDir)) {
|
|
mkdir($uploadDir, 0777, true);
|
|
}
|
|
|
|
$file = $_FILES['photo'];
|
|
$originalName = pathinfo($file['name'], PATHINFO_FILENAME);
|
|
$extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
|
|
$allowedExtensions = ['jpg', 'jpeg', 'png', 'gif'];
|
|
|
|
if (!in_array($extension, $allowedExtensions)) {
|
|
die(json_encode(['success' => false, 'message' => "Formato non valido. Usa JPG, PNG o GIF."]));
|
|
}
|
|
|
|
$newFilename = $iduserlogin . "-" . preg_replace("/[^a-zA-Z0-9]/", "", $originalName) . "-" . time() . "." . $extension;
|
|
$filePath = $uploadDir . $newFilename;
|
|
|
|
if (move_uploaded_file($file['tmp_name'], $filePath)) {
|
|
$stmt = $conn->prepare("UPDATE home SET mainphoto = ? WHERE idhome = ?");
|
|
$stmt->bind_param("si", $newFilename, $idhome);
|
|
$stmt->execute();
|
|
$stmt->close();
|
|
|
|
echo json_encode(['success' => true, 'filename' => $newFilename]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'message' => "Errore nel salvataggio del file."]);
|
|
}
|
|
exit();
|
|
}
|
|
|
|
// Aggiornamento AJAX degli altri campi
|
|
$idhome = isset($_POST['idhome']) ? intval($_POST['idhome']) : 0;
|
|
$field = isset($_POST['field']) ? $conn->real_escape_string($_POST['field']) : '';
|
|
$value = isset($_POST['value']) ? $conn->real_escape_string($_POST['value']) : '';
|
|
|
|
// Lista dei campi consentiti per la sicurezza
|
|
$allowedFields = [
|
|
'name',
|
|
'comment',
|
|
'fulladdress',
|
|
'address',
|
|
'zip',
|
|
'city',
|
|
'country',
|
|
'latitude',
|
|
'longitude',
|
|
'cadastral_municipality',
|
|
'cadastral_section',
|
|
'cadastral_sheet',
|
|
'cadastral_particle',
|
|
'cadastral_sub',
|
|
'cadastral_category',
|
|
'cadastral_class',
|
|
'cadastral_surface',
|
|
'cadastral_rendita',
|
|
'cadastral_notes'
|
|
];
|
|
|
|
// Se il campo non è nella lista, termina lo script per evitare SQL Injection
|
|
if (!in_array($field, $allowedFields)) {
|
|
die(json_encode(['success' => false, 'message' => "Campo non valido."]));
|
|
}
|
|
|
|
// Se è l'aggiornamento dell'indirizzo completo, aggiorniamo tutti i relativi campi
|
|
if ($field == 'fulladdress') {
|
|
$address = isset($_POST['address']) ? $conn->real_escape_string($_POST['address']) : '';
|
|
$city = isset($_POST['city']) ? $conn->real_escape_string($_POST['city']) : '';
|
|
$zip = isset($_POST['zip']) ? $conn->real_escape_string($_POST['zip']) : '';
|
|
$country = isset($_POST['country']) ? $conn->real_escape_string($_POST['country']) : '';
|
|
$latitude = isset($_POST['latitude']) ? $conn->real_escape_string($_POST['latitude']) : '';
|
|
$longitude = isset($_POST['longitude']) ? $conn->real_escape_string($_POST['longitude']) : '';
|
|
|
|
error_log("Aggiornamento indirizzo: fulladdress=$value, address=$address, city=$city, zip=$zip, country=$country, latitude=$latitude, longitude=$longitude, idhome=$idhome");
|
|
|
|
$query = "UPDATE home SET fulladdress = ?, address = ?, city = ?, zip = ?, country = ?, latitude = ?, longitude = ? WHERE idhome = ?";
|
|
$stmt = $conn->prepare($query);
|
|
if ($stmt === false) {
|
|
die(json_encode(['success' => false, 'message' => "Errore nella preparazione della query: " . $conn->error]));
|
|
}
|
|
$stmt->bind_param("sssssssi", $value, $address, $city, $zip, $country, $latitude, $longitude, $idhome);
|
|
} else {
|
|
// Aggiornamento di qualsiasi altro campo
|
|
$query = "UPDATE home SET $field = ? WHERE idhome = ?";
|
|
$stmt = $conn->prepare($query);
|
|
if ($stmt === false) {
|
|
die(json_encode(['success' => false, 'message' => "Errore nella preparazione della query: " . $conn->error]));
|
|
}
|
|
$stmt->bind_param("si", $value, $idhome);
|
|
}
|
|
|
|
// Esegui la query
|
|
if ($stmt->execute()) {
|
|
echo json_encode(['success' => true, 'message' => 'Aggiornamento riuscito']);
|
|
} else {
|
|
echo json_encode(['success' => false, 'message' => 'Errore: ' . $stmt->error]);
|
|
}
|
|
|
|
$stmt->close();
|
|
$conn->close();
|