zibo-dashboard/public/userarea/cad_area_upload.php

<?php
header('Content-Type: application/json');

require_once(__DIR__ . '/include/headscript.php');

try {
    $db = DBHandlerSelect::getInstance();
    $pdo = $db->getConnection();

    $iduser = $iduserlogin ?? null;

    $uploadDir = __DIR__ . '/uploads/cad_area/originals/';
    $publicBaseUrl = 'uploads/cad_area/originals/';

    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0755, true);
    }

    if (empty($_FILES['pdf_files'])) {
        throw new Exception('Nessun file ricevuto.');
    }

    $files = $_FILES['pdf_files'];
    $insertedIds = [];

    for ($i = 0; $i < count($files['name']); $i++) {
        if ($files['error'][$i] !== UPLOAD_ERR_OK) {
            continue;
        }

        $originalName = $files['name'][$i];
        $tmpName = $files['tmp_name'][$i];
        $size = (int)$files['size'][$i];

        $extension = strtolower(pathinfo($originalName, PATHINFO_EXTENSION));

        if ($extension !== 'pdf') {
            continue;
        }

        if ($size > 25 * 1024 * 1024) {
            continue;
        }

        $safeBaseName = preg_replace('/[^a-zA-Z0-9_\-]/', '_', pathinfo($originalName, PATHINFO_FILENAME));
        $storedName = date('Ymd_His') . '_' . bin2hex(random_bytes(4)) . '_' . $safeBaseName . '.pdf';

        $targetPath = $uploadDir . $storedName;

        if (!move_uploaded_file($tmpName, $targetPath)) {
            continue;
        }

        $relativeUrl = $publicBaseUrl . $storedName;

        $stmt = $pdo->prepare("
            INSERT INTO cad_area_jobs
            (
                iduser,
                original_filename,
                stored_filename,
                file_path,
                file_url,
                file_size,
                status
            )
            VALUES
            (
                :iduser,
                :original_filename,
                :stored_filename,
                :file_path,
                :file_url,
                :file_size,
                'uploaded'
            )
        ");

        $stmt->execute([
            ':iduser' => $iduser,
            ':original_filename' => $originalName,
            ':stored_filename' => $storedName,
            ':file_path' => $targetPath,
            ':file_url' => $relativeUrl,
            ':file_size' => $size
        ]);

        $insertedIds[] = (int)$pdo->lastInsertId();
    }

    if (empty($insertedIds)) {
        throw new Exception('Nessun PDF valido caricato.');
    }

    echo json_encode([
        'success' => true,
        'ids' => $insertedIds
    ]);
} catch (Throwable $e) {
    error_log('CAD area upload error: ' . $e->getMessage());

    echo json_encode([
        'success' => false,
        'message' => $e->getMessage()
    ]);
}