190 lines
6.0 KiB
PHP
190 lines
6.0 KiB
PHP
<?php
|
|
include('include/headscript.php');
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
$response = [
|
|
'success' => false,
|
|
'message' => '',
|
|
'uploaded' => [],
|
|
'errors' => []
|
|
];
|
|
|
|
try {
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
throw new Exception('Metodo non consentito');
|
|
}
|
|
|
|
if (!isset($_POST['idmatrice']) || !is_numeric($_POST['idmatrice'])) {
|
|
throw new Exception('ID matrice non valido');
|
|
}
|
|
|
|
if (!isset($_FILES['files'])) {
|
|
throw new Exception('Nessun file ricevuto');
|
|
}
|
|
|
|
$idmatrice = (int)$_POST['idmatrice'];
|
|
$descriptions = isset($_POST['descriptions']) && is_array($_POST['descriptions']) ? $_POST['descriptions'] : [];
|
|
|
|
$db = DBHandlerSelect::getInstance();
|
|
$pdo = $db->getConnection();
|
|
|
|
// Verifica esistenza matrice
|
|
$checkStmt = $pdo->prepare("SELECT id FROM matrice WHERE id = :id LIMIT 1");
|
|
$checkStmt->execute([':id' => $idmatrice]);
|
|
if (!$checkStmt->fetchColumn()) {
|
|
throw new Exception('Matrice non trovata');
|
|
}
|
|
|
|
$uploadDirRelative = 'photos/matrici/allegati/';
|
|
$uploadDirAbsolute = __DIR__ . '/' . $uploadDirRelative;
|
|
|
|
if (!is_dir($uploadDirAbsolute)) {
|
|
if (!mkdir($uploadDirAbsolute, 0775, true) && !is_dir($uploadDirAbsolute)) {
|
|
throw new Exception('Impossibile creare la cartella di upload');
|
|
}
|
|
}
|
|
|
|
$allowedExtensions = [
|
|
'pdf',
|
|
'jpg',
|
|
'jpeg',
|
|
'png',
|
|
'gif',
|
|
'bmp',
|
|
'webp',
|
|
'heic',
|
|
'heif',
|
|
'doc',
|
|
'docx'
|
|
];
|
|
|
|
$imageExtensions = ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'heic', 'heif'];
|
|
|
|
$fileNames = $_FILES['files']['name'] ?? [];
|
|
$tmpNames = $_FILES['files']['tmp_name'] ?? [];
|
|
$errors = $_FILES['files']['error'] ?? [];
|
|
$sizes = $_FILES['files']['size'] ?? [];
|
|
|
|
if (!is_array($fileNames) || count($fileNames) === 0) {
|
|
throw new Exception('Nessun file valido ricevuto');
|
|
}
|
|
|
|
$maxFileSize = 20 * 1024 * 1024; // 20 MB per file
|
|
|
|
$pdo->beginTransaction();
|
|
|
|
$sortStmt = $pdo->prepare("SELECT COALESCE(MAX(sort_order), 0) FROM matrice_attachments WHERE matrice_id = :matrice_id");
|
|
$sortStmt->execute([':matrice_id' => $idmatrice]);
|
|
$nextSort = (int)$sortStmt->fetchColumn();
|
|
|
|
$insertSql = "INSERT INTO matrice_attachments
|
|
(matrice_id, file_name, file_path, file_type, description, sort_order, created_at, updated_at)
|
|
VALUES
|
|
(:matrice_id, :file_name, :file_path, :file_type, :description, :sort_order, NOW(), NOW())";
|
|
$insertStmt = $pdo->prepare($insertSql);
|
|
|
|
foreach ($fileNames as $index => $originalName) {
|
|
$originalName = trim((string)$originalName);
|
|
$tmpName = $tmpNames[$index] ?? '';
|
|
$errorCode = $errors[$index] ?? UPLOAD_ERR_NO_FILE;
|
|
$size = (int)($sizes[$index] ?? 0);
|
|
$description = isset($descriptions[$index]) ? trim((string)$descriptions[$index]) : '';
|
|
|
|
if ($errorCode === UPLOAD_ERR_NO_FILE) {
|
|
continue;
|
|
}
|
|
|
|
if ($errorCode !== UPLOAD_ERR_OK) {
|
|
$response['errors'][] = "Errore upload file: {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
if (!is_uploaded_file($tmpName)) {
|
|
$response['errors'][] = "File non valido: {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
if ($size <= 0) {
|
|
$response['errors'][] = "File vuoto: {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
if ($size > $maxFileSize) {
|
|
$response['errors'][] = "File troppo grande (max 20 MB): {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
$safeOriginalName = preg_replace('/[^\w.\- ]+/u', '_', $originalName);
|
|
$extension = strtolower(pathinfo($safeOriginalName, PATHINFO_EXTENSION));
|
|
|
|
if (!in_array($extension, $allowedExtensions, true)) {
|
|
$response['errors'][] = "Formato non ammesso: {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
if (in_array($extension, $imageExtensions, true)) {
|
|
$fileType = 'image';
|
|
} elseif ($extension === 'pdf') {
|
|
$fileType = 'pdf';
|
|
} elseif (in_array($extension, ['doc', 'docx'], true)) {
|
|
$fileType = 'doc';
|
|
} else {
|
|
$fileType = 'other';
|
|
}
|
|
|
|
$uniqueName = 'matrice_' . $idmatrice . '_' . date('Ymd_His') . '_' . bin2hex(random_bytes(4)) . '.' . $extension;
|
|
$destinationAbsolute = $uploadDirAbsolute . $uniqueName;
|
|
$destinationRelative = $uploadDirRelative . $uniqueName;
|
|
|
|
if (!move_uploaded_file($tmpName, $destinationAbsolute)) {
|
|
$response['errors'][] = "Impossibile salvare il file: {$originalName}";
|
|
continue;
|
|
}
|
|
|
|
$nextSort++;
|
|
|
|
$insertStmt->execute([
|
|
':matrice_id' => $idmatrice,
|
|
':file_name' => $safeOriginalName,
|
|
':file_path' => $destinationRelative,
|
|
':file_type' => $fileType,
|
|
':description' => $description,
|
|
':sort_order' => $nextSort
|
|
]);
|
|
|
|
$response['uploaded'][] = [
|
|
'id' => (int)$pdo->lastInsertId(),
|
|
'file_name' => $safeOriginalName,
|
|
'file_path' => $destinationRelative,
|
|
'file_type' => $fileType,
|
|
'description' => $description
|
|
];
|
|
}
|
|
|
|
if (empty($response['uploaded']) && !empty($response['errors'])) {
|
|
$pdo->rollBack();
|
|
$response['message'] = 'Nessun file caricato';
|
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
|
exit;
|
|
}
|
|
|
|
$pdo->commit();
|
|
|
|
$response['success'] = true;
|
|
|
|
if (!empty($response['errors'])) {
|
|
$response['message'] = 'Upload completato con alcuni avvisi';
|
|
} else {
|
|
$response['message'] = 'File caricati correttamente';
|
|
}
|
|
} catch (Throwable $e) {
|
|
if (isset($pdo) && $pdo instanceof PDO && $pdo->inTransaction()) {
|
|
$pdo->rollBack();
|
|
}
|
|
$response['message'] = $e->getMessage();
|
|
}
|
|
|
|
echo json_encode($response, JSON_UNESCAPED_UNICODE);
|
|
exit;
|