zibo-dashboard/public/userarea/save_annotated_photo.php

<?php
header('Content-Type: application/json');
include('include/headscript.php');
error_reporting(E_ALL);
ini_set('display_errors', 1);

$file = $_FILES['file'] ?? null;
$filename = $_POST['filename'] ?? null;
$iddatadb = $_POST['iddatadb'] ?? null;

if (!$file || !$filename || !$iddatadb) {
    echo json_encode(['success' => false, 'message' => 'Dati mancanti']);
    exit;
}

if (!preg_match('/^[a-zA-Z0-9_-]+\.(png|jpg|jpeg)$/', $filename)) {
    echo json_encode(['success' => false, 'message' => 'Nome file non valido']);
    exit;
}

if (!is_numeric($iddatadb)) {
    echo json_encode(['success' => false, 'message' => 'ID non valido']);
    exit;
}

$allowedTypes = ['image/png', 'image/jpeg'];
if (!in_array($file['type'], $allowedTypes)) {
    echo json_encode(['success' => false, 'message' => 'Formato file non supportato']);
    exit;
}

try {
    $dbHandler = DBHandlerSelect::getInstance();
    $pdo = $dbHandler->getConnection();
    $stmt = $pdo->prepare("SELECT iddatadb FROM datadb WHERE iddatadb = :iddatadb");
    $stmt->execute([':iddatadb' => $iddatadb]);
    if (!$stmt->fetch()) {
        echo json_encode(['success' => false, 'message' => 'iddatadb non valido']);
        exit;
    }

    $dirPath = '../photostrf/annotated';
    if (!file_exists($dirPath)) {
        mkdir($dirPath, 0755, true);
    }

    $filePath = $dirPath . '/' . $filename;
    if (file_exists($filePath)) {
        echo json_encode(['success' => false, 'message' => 'File già esistente']);
        exit;
    }

    if (!move_uploaded_file($file['tmp_name'], $filePath)) {
        echo json_encode(['success' => false, 'message' => 'Errore nel salvataggio del file']);
        exit;
    }

    $stmt = $pdo->prepare("
        INSERT INTO datadb_photos (iddatadb, file_path, file_name, uploaded_at, uploaded_by)
        VALUES (:iddatadb, :file_path, :file_name, NOW(), :uploaded_by)
    ");
    $stmt->execute([
        ':iddatadb'   => $iddatadb,
        ':file_path'  => $filePath,
        ':file_name'  => $filename,
        ':uploaded_by' => $iduserlogin
    ]);

    echo json_encode([
        'success'   => true,
        'file_path' => $filePath,
        'message'   => 'Foto salvata con successo e registrata nel DB'
    ]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]);
}