false, 'message' => 'ID scadenza non valido.']); exit; } if (empty($_FILES['files']['name'][0])) { echo json_encode(['success' => false, 'message' => 'Nessun file selezionato.']); exit; } $deadlineId = (int)$_POST['deadline_id']; $db = DBHandlerSelect::getInstance(); $pdo = $db->getConnection(); // Verify deadline exists $check = $pdo->prepare("SELECT id FROM scad_deadlines WHERE id = ?"); $check->execute([$deadlineId]); if (!$check->fetch()) { echo json_encode(['success' => false, 'message' => 'Scadenza non trovata.']); exit; } $uploadDir = __DIR__ . '/../attachments/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0755, true); } $inserted = []; $pdo->beginTransaction(); $stmt = $pdo->prepare(" INSERT INTO scad_deadline_attachments (deadline_id, original_name, stored_name, mime_type, size, uploaded_by) VALUES (?, ?, ?, ?, ?, ?) "); $histStmt = $pdo->prepare("INSERT INTO scad_deadline_histories (deadline_id, user_id, action, notes) VALUES (?, ?, 'attachment_added', ?)"); $fileCount = count($_FILES['files']['name']); for ($i = 0; $i < $fileCount; $i++) { if ($_FILES['files']['error'][$i] !== UPLOAD_ERR_OK) continue; $originalName = $_FILES['files']['name'][$i]; $mimeType = $_FILES['files']['type'][$i]; $size = $_FILES['files']['size'][$i]; $storedName = uniqid('att_') . '_' . preg_replace('/[^a-zA-Z0-9._-]/', '_', $originalName); if (!move_uploaded_file($_FILES['files']['tmp_name'][$i], $uploadDir . $storedName)) { continue; } $stmt->execute([$deadlineId, $originalName, $storedName, $mimeType, $size, $currentUserId]); $histStmt->execute([$deadlineId, $currentUserId, $originalName]); $inserted[] = ['id' => $pdo->lastInsertId(), 'original_name' => $originalName, 'stored_name' => $storedName]; } $pdo->commit(); echo json_encode([ 'success' => true, 'message' => count($inserted) . ' file caricato/i con successo.', 'files' => $inserted ]); } catch (Exception $e) { if (isset($pdo) && $pdo->inTransaction()) $pdo->rollBack(); echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]); }