FVS-Social-Projekt-Neu/FVS-Social/upload-profile/upload.php

68 lines
2.1 KiB
PHP
Raw Permalink Normal View History

<?php
session_start();
include '../db_connect.php';
if (!isset($_SESSION['user_id'])) {
die("Du musst eingeloggt sein!");
}
$user_id = $_SESSION['user_id'];
$upload_dir = "../profile-pics/";
$max_size = 2 * 1024 * 1024;
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_FILES['profile_picture'])) {
$file = $_FILES['profile_picture'];
$file_name = basename($file['name']);
$file_tmp = $file['tmp_name'];
$file_size = $file['size'];
$file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
$allowed_ext = ["jpg", "jpeg", "png", "gif"];
if (!in_array($file_ext, $allowed_ext)) {
die("Nur JPG, JPEG, PNG und GIF erlaubt.");
}
if ($file_size > $max_size) {
die("Datei ist zu groß (max. 2MB).");
}
$stmt1 = $pdo->prepare("SELECT file_path FROM profile_pictures WHERE user_id = :id");
$stmt1->execute([':id' => $user_id]);
$user = $stmt1->fetch(PDO::FETCH_ASSOC);
if($user && !empty($user['file_path'])){
$file_Path3 = "../" . $user['file_path'];
if(file_exists($file_Path3)){
unlink($file_Path3);
}
$stmt = $pdo->prepare("DELETE FROM profile_pictures WHERE user_id = :id");
$stmt->execute([':id' => $user_id]);
}
$new_file_name = "profile_" . $user_id . "." . $file_ext;
$file_path = $upload_dir . $new_file_name;
$file_path1 = "profile-pics/" . $new_file_name;
if (move_uploaded_file($file_tmp, $file_path)) {
$stmt = $pdo->prepare("INSERT INTO profile_pictures (user_id, file_path) VALUES (:user_id, :file_path)
ON DUPLICATE KEY UPDATE file_path = VALUES(file_path)");
$stmt->execute([':user_id' => $user_id, ':file_path' => $file_path1]);
header("Location: ../index.php");
} else {
echo "Fehler beim Hochladen. Prüfe Folgendes:<br>";
echo "Temp-Datei: " . htmlspecialchars($file_tmp) . "<br>";
echo "Ziel-Pfad: " . htmlspecialchars($file_path) . "<br>";
if (!is_writable($upload_dir)) {
echo " Fehler: Der Ordner '$upload_dir' ist nicht beschreibbar!<br>";;
}
}
}
?>