91 lines
2.6 KiB
PHP
91 lines
2.6 KiB
PHP
<?php
|
|
require_once('../Connections/cmctrfdb.php'); // definisce $servername, $username, $password, $dbname
|
|
header('X-Content-Type-Options: nosniff');
|
|
|
|
function json_out($arr)
|
|
{
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
echo json_encode($arr);
|
|
exit;
|
|
}
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
// accetto sia POST (AJAX) che GET (link classico)
|
|
$idtrf = null;
|
|
$field = 'photofilename'; // campo di default per la “foto principale”
|
|
|
|
if ($method === 'POST') {
|
|
$idtrf = isset($_POST['idtrf']) ? (int)$_POST['idtrf'] : 0;
|
|
if (!empty($_POST['field'])) {
|
|
$field = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['field']); // sanitize
|
|
}
|
|
} else { // GET
|
|
$idtrf = isset($_GET['idtrf']) ? (int)$_GET['idtrf'] : 0;
|
|
if (!empty($_GET['field'])) {
|
|
$field = preg_replace('/[^a-zA-Z0-9_]/', '', $_GET['field']);
|
|
}
|
|
}
|
|
|
|
if ($idtrf <= 0) {
|
|
if ($method === 'POST') json_out(['ok' => false, 'msg' => 'bad id']);
|
|
header("Location: index.php");
|
|
exit;
|
|
}
|
|
|
|
// connessione
|
|
$conn = new mysqli($servername, $username, $password, $dbname);
|
|
if ($conn->connect_error) {
|
|
if ($method === 'POST') json_out(['ok' => false, 'msg' => 'db connect error']);
|
|
die("Connessione al database fallita");
|
|
}
|
|
|
|
// (opzionale) prendo il filename corrente per fare unlink
|
|
// NB: solo se il campo è uno dei previsti
|
|
$allowedFields = ['photofilename', 'photoone', 'phototwo'];
|
|
if (!in_array($field, $allowedFields, true)) {
|
|
$conn->close();
|
|
if ($method === 'POST') json_out(['ok' => false, 'msg' => 'invalid field']);
|
|
header("Location: adddocument.php?idtrf=$idtrf");
|
|
exit;
|
|
}
|
|
|
|
$col = $field; // alias per chiarezza
|
|
|
|
// recupero valore attuale
|
|
$currentFile = null;
|
|
$sqlSel = "SELECT `$col` AS f FROM `trf-details` WHERE idtrfdetails = ?";
|
|
$stmtSel = $conn->prepare($sqlSel);
|
|
$stmtSel->bind_param("i", $idtrf);
|
|
$stmtSel->execute();
|
|
$stmtSel->bind_result($currentFile);
|
|
$stmtSel->fetch();
|
|
$stmtSel->close();
|
|
|
|
// metto a NULL il campo
|
|
$sqlUpd = "UPDATE `trf-details` SET `$col` = NULL WHERE idtrfdetails = ?";
|
|
$stmtUpd = $conn->prepare($sqlUpd);
|
|
$stmtUpd->bind_param("i", $idtrf);
|
|
$stmtUpd->execute();
|
|
$affected = $stmtUpd->affected_rows;
|
|
$stmtUpd->close();
|
|
|
|
// (opzionale) elimino file fisico se presente
|
|
if (!empty($currentFile)) {
|
|
// photofilename e foto addizionali stanno in uploadimages/, le top photo spesso pure
|
|
$path = __DIR__ . "/uploadimages/" . $currentFile;
|
|
if (is_file($path)) {
|
|
@unlink($path);
|
|
}
|
|
}
|
|
|
|
$conn->close();
|
|
|
|
if ($method === 'POST') {
|
|
json_out(['ok' => ($affected >= 0), 'idtrf' => $idtrf, 'field' => $field]);
|
|
}
|
|
|
|
// GET → redirect alla pagina
|
|
header("Location: adddocument.php?idtrf=$idtrf&t=" . time());
|
|
exit;
|