<?php
// upload_photo.php
include('include/headscript.php');

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_FILES['photo']) || !isset($_POST['iddatadb'])) {
    echo json_encode(['success' => false, 'message' => 'Richiesta non valida']);
    exit;
}

$iddatadb = intval($_POST['iddatadb']);
$photo = $_FILES['photo'];

// Verifica che l'utente loggato esista in auth_users
$db = DBHandlerSelect::getInstance();
$pdo = $db->getConnection();

$stmt = $pdo->prepare("SELECT id FROM auth_users WHERE id = ?");
$stmt->execute([$iduserlogin]);
$userExists = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$userExists) {
    echo json_encode(['success' => false, 'message' => 'Utente non valido']);
    exit;
}

// Usa un percorso assoluto per la cartella photostrf
$uploadDir = realpath(__DIR__ . '/../photostrf') . '/';
if (!is_dir($uploadDir)) {
    if (!mkdir($uploadDir, 0755, true)) {
        echo json_encode(['success' => false, 'message' => 'Impossibile creare la cartella photostrf']);
        exit;
    }
}

// Verifica i permessi della cartella
if (!is_writable($uploadDir)) {
    echo json_encode(['success' => false, 'message' => 'La cartella photostrf non è scrivibile']);
    exit;
}

// Verifica che il file sia un'immagine
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
if (!in_array($photo['type'], $allowedTypes)) {
    echo json_encode(['success' => false, 'message' => 'Il file deve essere un\'immagine (JPEG, PNG, GIF)']);
    exit;
}

// Verifica che il file temporaneo esista
if (!file_exists($photo['tmp_name']) || !is_uploaded_file($photo['tmp_name'])) {
    echo json_encode(['success' => false, 'message' => 'File temporaneo non valido']);
    exit;
}

// Rinomina il file: idriga-timestamp-nomeoriginale.estensione
$timestamp = date('YmdHis');
$originalName = pathinfo($photo['name'], PATHINFO_FILENAME);
$extension = pathinfo($photo['name'], PATHINFO_EXTENSION);
$newFileName = "{$iddatadb}-{$timestamp}-{$originalName}.{$extension}";
$destination = $uploadDir . $newFileName;

// Debug: verifica i percorsi
error_log("Upload directory: $uploadDir");
error_log("Destination: $destination");
error_log("Temp file: " . $photo['tmp_name']);

// Salva il file
if (!move_uploaded_file($photo['tmp_name'], $destination)) {
    $error = error_get_last();
    echo json_encode(['success' => false, 'message' => 'Errore durante il caricamento del file: ' . (isset($error['message']) ? $error['message'] : 'Sconosciuto')]);
    exit;
}

// Salva il riferimento nel database
$stmt = $pdo->prepare("INSERT INTO datadb_photos (iddatadb, file_path, file_name, uploaded_by) VALUES (?, ?, ?, ?)");
$stmt->execute([$iddatadb, $newFileName, $photo['name'], $iduserlogin]);

echo json_encode(['success' => true, 'message' => 'Foto caricata con successo']);