fixed save photos for modsecurity
This commit is contained in:
@@ -1,36 +1,60 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
|
||||
include('include/headscript.php'); // აქედან უნდა იყოს DB კავშირიც
|
||||
include('include/headscript.php');
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', 1);
|
||||
|
||||
$dataURL = $_POST['dataURL'] ?? null;
|
||||
$filename = $_POST['filename'] ?? null;
|
||||
$iddatadb = $_POST['iddatadb'] ?? null; // 🟢 ახალი ველი
|
||||
$file = $_FILES['file'] ?? null;
|
||||
$filename = $_POST['filename'] ?? null;
|
||||
$iddatadb = $_POST['iddatadb'] ?? null;
|
||||
|
||||
if (!$dataURL || !$filename || !$iddatadb) {
|
||||
if (!$file || !$filename || !$iddatadb) {
|
||||
echo json_encode(['success' => false, 'message' => 'Dati mancanti']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]+\.(png|jpg|jpeg)$/', $filename)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Nome file non valido']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!is_numeric($iddatadb)) {
|
||||
echo json_encode(['success' => false, 'message' => 'ID non valido']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$allowedTypes = ['image/png', 'image/jpeg'];
|
||||
if (!in_array($file['type'], $allowedTypes)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Formato file non supportato']);
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
// --- ფაილის შენახვა ---
|
||||
$data = explode(',', $dataURL)[1];
|
||||
$decodedData = base64_decode($data);
|
||||
$dbHandler = DBHandlerSelect::getInstance();
|
||||
$pdo = $dbHandler->getConnection();
|
||||
$stmt = $pdo->prepare("SELECT iddatadb FROM datadb WHERE iddatadb = :iddatadb");
|
||||
$stmt->execute([':iddatadb' => $iddatadb]);
|
||||
if (!$stmt->fetch()) {
|
||||
echo json_encode(['success' => false, 'message' => 'iddatadb non valido']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$dirPath = '../photostrf/annotated';
|
||||
if (!file_exists($dirPath)) {
|
||||
mkdir($dirPath, 0777, true);
|
||||
mkdir($dirPath, 0755, true);
|
||||
}
|
||||
|
||||
$filePath = $dirPath . '/' . $filename;
|
||||
file_put_contents($filePath, $decodedData);
|
||||
if (file_exists($filePath)) {
|
||||
echo json_encode(['success' => false, 'message' => 'File già esistente']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$db = DBHandlerSelect::getInstance();
|
||||
$pdo = $db->getConnection();
|
||||
if (!move_uploaded_file($file['tmp_name'], $filePath)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Errore nel salvataggio del file']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// --- ბაზაში ჩაწერა ---
|
||||
$stmt = $pdo->prepare("
|
||||
INSERT INTO datadb_photos (iddatadb, file_path, file_name, uploaded_at, uploaded_by)
|
||||
VALUES (:iddatadb, :file_path, :file_name, NOW(), :uploaded_by)
|
||||
@@ -39,7 +63,7 @@ try {
|
||||
':iddatadb' => $iddatadb,
|
||||
':file_path' => $filePath,
|
||||
':file_name' => $filename,
|
||||
':uploaded_by'=> $iduserlogin
|
||||
':uploaded_by' => $iduserlogin
|
||||
]);
|
||||
|
||||
echo json_encode([
|
||||
@@ -47,7 +71,6 @@ try {
|
||||
'file_path' => $filePath,
|
||||
'message' => 'Foto salvata con successo e registrata nel DB'
|
||||
]);
|
||||
|
||||
} catch (Exception $e) {
|
||||
echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user