fixed save photos for modsecurity
This commit is contained in:
@@ -1,21 +1,35 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
|
||||
include('include/headscript.php');
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', 1);
|
||||
|
||||
$dataURL = $_POST['dataURL'] ?? null;
|
||||
$file = $_FILES['file'] ?? null;
|
||||
$filename = $_POST['filename'] ?? null;
|
||||
$idquotations = $_POST['idquotations'] ?? null;
|
||||
|
||||
if (!$dataURL || !$filename || !$idquotations) {
|
||||
if (!$file || !$filename || !$idquotations) {
|
||||
echo json_encode(['success' => false, 'message' => 'Dati mancanti']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!preg_match('/^[a-zA-Z0-9_-]+\.(png|jpg|jpeg)$/', $filename)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Nome file non valido']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!is_numeric($idquotations)) {
|
||||
echo json_encode(['success' => false, 'message' => 'ID non valido']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$allowedTypes = ['image/png', 'image/jpeg'];
|
||||
if (!in_array($file['type'], $allowedTypes)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Formato file non supportato']);
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
// Verifica che idquotations esista nella tabella quotations
|
||||
$dbHandler = DBHandlerSelect::getInstance();
|
||||
$pdo = $dbHandler->getConnection();
|
||||
$stmt = $pdo->prepare("SELECT idquotations FROM quotations WHERE idquotations = :idquotations");
|
||||
@@ -25,34 +39,37 @@ try {
|
||||
exit;
|
||||
}
|
||||
|
||||
// Salva l'immagine
|
||||
$data = explode(',', $dataURL)[1];
|
||||
$decodedData = base64_decode($data);
|
||||
|
||||
$dirPath = '../photostrf/annotated';
|
||||
if (!file_exists($dirPath)) {
|
||||
mkdir($dirPath, 0777, true);
|
||||
mkdir($dirPath, 0755, true);
|
||||
}
|
||||
|
||||
$filePath = $dirPath . '/' . $filename;
|
||||
file_put_contents($filePath, $decodedData);
|
||||
if (file_exists($filePath)) {
|
||||
echo json_encode(['success' => false, 'message' => 'File già esistente']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!move_uploaded_file($file['tmp_name'], $filePath)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Errore nel salvataggio del file']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Registra nel database
|
||||
$stmt = $pdo->prepare("
|
||||
INSERT INTO datadb_photos (idquotations, file_path, file_name, uploaded_at, uploaded_by)
|
||||
VALUES (:idquotations, :file_path, :file_name, NOW(), :uploaded_by)
|
||||
");
|
||||
$stmt->execute([
|
||||
':idquotations' => $idquotations,
|
||||
':file_path' => $filePath,
|
||||
':file_name' => $filename,
|
||||
':uploaded_by' => $iduserlogin
|
||||
':file_path' => $filePath,
|
||||
':file_name' => $filename,
|
||||
':uploaded_by' => $iduserlogin
|
||||
]);
|
||||
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'success' => true,
|
||||
'file_path' => $filePath,
|
||||
'message' => 'Foto salvata con successo e registrata nel DB'
|
||||
'message' => 'Foto salvata con successo e registrata nel DB'
|
||||
]);
|
||||
} catch (Exception $e) {
|
||||
echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]);
|
||||
|
||||
Reference in New Issue
Block a user