103 lines
3.4 KiB
PHP
103 lines
3.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
|
|
|
|
try {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'message' => 'Method not allowed. Use POST.']);
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_FILES['certificate']) || ($_FILES['certificate']['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'Missing file field: certificate']);
|
|
exit;
|
|
}
|
|
|
|
$file = $_FILES['certificate'];
|
|
|
|
$document_name = trim((string)($_POST['document_name'] ?? 'certificato'));
|
|
if ($document_name === '') $document_name = 'certificato';
|
|
|
|
$expiry_date = (string)($_POST['expiry_date'] ?? '');
|
|
if ($expiry_date === '' || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $expiry_date)) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'expiry_date is required (YYYY-MM-DD)']);
|
|
exit;
|
|
}
|
|
|
|
$notes = trim((string)($_POST['notes'] ?? ''));
|
|
|
|
// Allowed extensions
|
|
$allowed_ext = ['jpg', 'jpeg', 'png', 'pdf', 'heic', 'heif'];
|
|
$ext = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));
|
|
|
|
if (!in_array($ext, $allowed_ext, true)) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'Unsupported format. Allowed: jpg, jpeg, png, pdf, heic, heif']);
|
|
exit;
|
|
}
|
|
|
|
if ((int)$file['size'] > 10 * 1024 * 1024) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'File too large (max 10MB)']);
|
|
exit;
|
|
}
|
|
|
|
// Upload dir: ../certificate relative to /public/userarea/api
|
|
$upload_dir = realpath(__DIR__ . '/..') . DIRECTORY_SEPARATOR . 'certificate' . DIRECTORY_SEPARATOR;
|
|
if (!is_dir($upload_dir)) {
|
|
mkdir($upload_dir, 0755, true);
|
|
}
|
|
|
|
$safe_name = preg_replace('/[^a-zA-Z0-9\._-]/', '_', basename((string)$file['name']));
|
|
$new_filename = $iduserlogin . '-' . time() . '-' . $safe_name;
|
|
|
|
$destination = $upload_dir . $new_filename;
|
|
|
|
if (!move_uploaded_file((string)$file['tmp_name'], $destination)) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'Error saving the file.']);
|
|
exit;
|
|
}
|
|
|
|
$stored_path = 'userarea/certificate/' . $new_filename;
|
|
|
|
// OPTIONAL: if you later add school_id column, include it here too.
|
|
$stmt = $pdo->prepare("
|
|
INSERT INTO user_medical_certificates
|
|
(user_id, filename, stored_path, document_name, expiry_date, notes, uploaded_at)
|
|
VALUES (?, ?, ?, ?, ?, ?, NOW())
|
|
");
|
|
|
|
$stmt->execute([
|
|
$iduserlogin,
|
|
(string)$file['name'],
|
|
$stored_path,
|
|
$document_name,
|
|
$expiry_date,
|
|
$notes
|
|
]);
|
|
|
|
$newId = (int)$pdo->lastInsertId();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'certificate' => [
|
|
'id' => $newId,
|
|
'document_name' => $document_name,
|
|
'filename' => (string)$file['name'],
|
|
'stored_path' => $stored_path,
|
|
'file_url' => '/' . $stored_path,
|
|
'expiry_date' => $expiry_date,
|
|
'notes' => $notes !== '' ? $notes : null
|
|
]
|
|
], JSON_UNESCAPED_UNICODE);
|
|
} catch (Throwable $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
|
|
}
|