false, 'message' => 'Metodo non consentito.']); exit; } $pdo = DBHandlerSelect::getInstance()->getConnection(); $trainingId = (int)($_POST['training_id'] ?? 0); if ($trainingId <= 0) { echo json_encode(['success' => false, 'message' => 'ID formazione non valido.']); exit; } $tr = $pdo->prepare("SELECT employee_id FROM employee_trainings WHERE id = :id"); $tr->execute(['id' => $trainingId]); $trainingRow = $tr->fetch(PDO::FETCH_ASSOC); if (!$trainingRow) { echo json_encode(['success' => false, 'message' => 'Formazione non trovata.']); exit; } $employeeId = (int)$trainingRow['employee_id']; if (empty($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) { $errCode = $_FILES['file']['error'] ?? -1; $msg = 'Errore nel caricamento del file.'; if ($errCode === UPLOAD_ERR_INI_SIZE || $errCode === UPLOAD_ERR_FORM_SIZE) { $msg = 'Il file supera la dimensione massima consentita.'; } echo json_encode(['success' => false, 'message' => $msg]); exit; } $originalName = $_FILES['file']['name']; $tmpPath = $_FILES['file']['tmp_name']; $size = (int)$_FILES['file']['size']; $mimeType = mime_content_type($tmpPath) ?: ($_FILES['file']['type'] ?? null); $dir = __DIR__ . '/../../files/employees/' . $employeeId . '/trainings'; if (!is_dir($dir)) { if (!mkdir($dir, 0775, true) && !is_dir($dir)) { echo json_encode(['success' => false, 'message' => 'Impossibile creare la cartella di destinazione.']); exit; } } $safeOriginal = preg_replace('/[^a-zA-Z0-9._-]/', '_', $originalName); $storedName = uniqid('tr_') . '_' . $safeOriginal; $destPath = $dir . '/' . $storedName; if (!move_uploaded_file($tmpPath, $destPath)) { echo json_encode(['success' => false, 'message' => 'Impossibile salvare il file su disco.']); exit; } try { $pdo->beginTransaction(); $ins = $pdo->prepare(" INSERT INTO employee_training_attachments (training_id, original_name, stored_name, mime_type, size, uploaded_by, created_at) VALUES (:tid, :original_name, :stored_name, :mime_type, :size, :uploaded_by, NOW()) "); $ins->execute([ 'tid' => $trainingId, 'original_name' => $originalName, 'stored_name' => $storedName, 'mime_type' => $mimeType, 'size' => $size, 'uploaded_by' => $currentUserId, ]); $attachmentId = (int)$pdo->lastInsertId(); $pdo->prepare(" INSERT INTO employee_training_log (employee_id, training_id, action, field, old_value, new_value, changed_by, changed_at) VALUES (:eid, :tid, 'attachment_added', 'attachment', NULL, :name, :cb, NOW()) ")->execute([ 'eid' => $employeeId, 'tid' => $trainingId, 'name' => $originalName, 'cb' => $currentUserId, ]); $pdo->commit(); echo json_encode(['success' => true, 'id' => $attachmentId]); } catch (Exception $e) { if ($pdo->inTransaction()) $pdo->rollBack(); @unlink($destPath); echo json_encode(['success' => false, 'message' => $e->getMessage()]); }