FVS-Social-Projekt-Neu/FVS-Social/upload-profile/upload.php

<?php
session_start();
include '../db_connect.php'; 

if (!isset($_SESSION['user_id'])) {
    die("Du musst eingeloggt sein!");
}

$user_id = $_SESSION['user_id']; 
$upload_dir = "../profile-pics/";
$max_size = 2 * 1024 * 1024; 

if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_FILES['profile_picture'])) {
    $file = $_FILES['profile_picture'];
    $file_name = basename($file['name']);
    $file_tmp = $file['tmp_name'];
    $file_size = $file['size'];
    $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
    $allowed_ext = ["jpg", "jpeg", "png", "gif"];

    if (!in_array($file_ext, $allowed_ext)) {
        die("Nur JPG, JPEG, PNG und GIF erlaubt.");
    }


    if ($file_size > $max_size) {
        die("Datei ist zu groß (max. 2MB).");
    }


    $stmt1 = $pdo->prepare("SELECT file_path FROM profile_pictures WHERE user_id = :id");
    $stmt1->execute([':id' => $user_id]);
    $user = $stmt1->fetch(PDO::FETCH_ASSOC);
    
    if($user && !empty($user['file_path'])){
        $file_Path3 = "../" . $user['file_path'];
    
        if(file_exists($file_Path3)){
            unlink($file_Path3);
        }
    
        $stmt = $pdo->prepare("DELETE FROM profile_pictures WHERE user_id = :id");
        $stmt->execute([':id' => $user_id]);
    }

    $new_file_name = "profile_" . $user_id . "." . $file_ext;
    $file_path = $upload_dir . $new_file_name;
    $file_path1 = "profile-pics/" . $new_file_name;
    if (move_uploaded_file($file_tmp, $file_path)) {


        $stmt = $pdo->prepare("INSERT INTO profile_pictures (user_id, file_path) VALUES (:user_id, :file_path)
                                   ON DUPLICATE KEY UPDATE file_path = VALUES(file_path)");
        $stmt->execute([':user_id' => $user_id, ':file_path' => $file_path1]);
    
        header("Location: ../index.php");
        
    } else {
        echo "Fehler beim Hochladen. Prüfe Folgendes:<br>";
        echo "Temp-Datei: " . htmlspecialchars($file_tmp) . "<br>";
        echo "Ziel-Pfad: " . htmlspecialchars($file_path) . "<br>";
    
        if (!is_writable($upload_dir)) {
            echo " Fehler: Der Ordner '$upload_dir' ist nicht beschreibbar!<br>";;
    }
}
}
?>
Version 0.6 - Uploaden von Posts möglich - Kleine verbesserung vorgenommen Signed-off-by: erik <micheler@steinbeis.schule> 2025-02-12 20:13:29 +01:00			`<?php`
			`session_start();`
			`include '../db_connect.php';`

			`if (!isset($_SESSION['user_id'])) {`
			`die("Du musst eingeloggt sein!");`
			`}`

			`$user_id = $_SESSION['user_id'];`
			`$upload_dir = "../profile-pics/";`
			`$max_size = 2 * 1024 * 1024;`

			`if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_FILES['profile_picture'])) {`
			`$file = $_FILES['profile_picture'];`
			`$file_name = basename($file['name']);`
			`$file_tmp = $file['tmp_name'];`
			`$file_size = $file['size'];`
			`$file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));`
			`$allowed_ext = ["jpg", "jpeg", "png", "gif"];`

			`if (!in_array($file_ext, $allowed_ext)) {`
			`die("Nur JPG, JPEG, PNG und GIF erlaubt.");`
			`}`


			`if ($file_size > $max_size) {`
			`die("Datei ist zu groß (max. 2MB).");`
			`}`


			`$stmt1 = $pdo->prepare("SELECT file_path FROM profile_pictures WHERE user_id = :id");`
			`$stmt1->execute([':id' => $user_id]);`
			`$user = $stmt1->fetch(PDO::FETCH_ASSOC);`

			`if($user && !empty($user['file_path'])){`
			`$file_Path3 = "../" . $user['file_path'];`

			`if(file_exists($file_Path3)){`
			`unlink($file_Path3);`
			`}`

			`$stmt = $pdo->prepare("DELETE FROM profile_pictures WHERE user_id = :id");`
			`$stmt->execute([':id' => $user_id]);`
			`}`

			`$new_file_name = "profile_" . $user_id . "." . $file_ext;`
			`$file_path = $upload_dir . $new_file_name;`
			`$file_path1 = "profile-pics/" . $new_file_name;`
			`if (move_uploaded_file($file_tmp, $file_path)) {`


			`$stmt = $pdo->prepare("INSERT INTO profile_pictures (user_id, file_path) VALUES (:user_id, :file_path)`
			`ON DUPLICATE KEY UPDATE file_path = VALUES(file_path)");`
			`$stmt->execute([':user_id' => $user_id, ':file_path' => $file_path1]);`

			`header("Location: ../index.php");`

			`} else {`
			`echo "Fehler beim Hochladen. Prüfe Folgendes:<br>";`
			`echo "Temp-Datei: " . htmlspecialchars($file_tmp) . "<br>";`
			`echo "Ziel-Pfad: " . htmlspecialchars($file_path) . "<br>";`

			`if (!is_writable($upload_dir)) {`
			`echo " Fehler: Der Ordner '$upload_dir' ist nicht beschreibbar!<br>";;`
			`}`
			`}`
			`}`
			`?>`