From 57ddd4bb5a96968015b7ebc2451a74656486e8ea Mon Sep 17 00:00:00 2001
From: Claudio <info@claudiosironi.com>
Date: Mon, 22 Sep 2025 11:22:05 +0200
Subject: [PATCH] fixed photo quotations

---
 public/userarea/save_annotated_photo_quotation.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/userarea/save_annotated_photo_quotation.php b/public/userarea/save_annotated_photo_quotation.php
index 1b89b07..0abb218 100644
--- a/public/userarea/save_annotated_photo_quotation.php
+++ b/public/userarea/save_annotated_photo_quotation.php
@@ -8,8 +8,8 @@ $file = $_FILES['file'] ?? null;
 $filename = $_POST['filename'] ?? null;
 $idquotations = $_POST['idquotations'] ?? null;
 
-if (!$file || !$filename || !$idquotations) {
-    echo json_encode(['success' => false, 'message' => 'Dati mancanti']);
+if (!$file || !$filename || !$idquotations || !isset($iduserlogin)) {
+    echo json_encode(['success' => false, 'message' => 'Dati mancanti o utente non autenticato']);
     exit;
 }
 
@@ -32,7 +32,7 @@ if (!in_array($file['type'], $allowedTypes)) {
 try {
     $dbHandler = DBHandlerSelect::getInstance();
     $pdo = $dbHandler->getConnection();
-    $stmt = $pdo->prepare("SELECT idquotations FROM quotations WHERE idquotations = :idquotations");
+    $stmt = $pdo->prepare("SELECT id FROM quotations WHERE id = :idquotations");
     $stmt->execute([':idquotations' => $idquotations]);
     if (!$stmt->fetch()) {
         echo json_encode(['success' => false, 'message' => 'idquotations non valido']);