FVS-Social-Projekt-Neu/FVS-Social/upload-profile/upload.php

<?php
session_start();
include '../db_connect.php'; 

if (!isset($_SESSION['user_id'])) {
    die("Du musst eingeloggt sein!");
}

$user_id = $_SESSION['user_id']; 
$upload_dir = "../profile-pics/";
$max_size = 2 * 1024 * 1024; 

if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_FILES['profile_picture'])) {
    $file = $_FILES['profile_picture'];
    $file_name = basename($file['name']);
    $file_tmp = $file['tmp_name'];
    $file_size = $file['size'];
    $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
    $allowed_ext = ["jpg", "jpeg", "png", "gif"];

    if (!in_array($file_ext, $allowed_ext)) {
        die("Nur JPG, JPEG, PNG und GIF erlaubt.");
    }


    if ($file_size > $max_size) {
        die("Datei ist zu groß (max. 2MB).");
    }


    $stmt1 = $pdo->prepare("SELECT file_path FROM profile_pictures WHERE user_id = :id");
    $stmt1->execute([':id' => $user_id]);
    $user = $stmt1->fetch(PDO::FETCH_ASSOC);
    
    if($user && !empty($user['file_path'])){
        $file_Path3 = "../" . $user['file_path'];
    
        if(file_exists($file_Path3)){
            unlink($file_Path3);
        }
    
        $stmt = $pdo->prepare("DELETE FROM profile_pictures WHERE user_id = :id");
        $stmt->execute([':id' => $user_id]);
    }

    $new_file_name = "profile_" . $user_id . "." . $file_ext;
    $file_path = $upload_dir . $new_file_name;
    $file_path1 = "profile-pics/" . $new_file_name;
    if (move_uploaded_file($file_tmp, $file_path)) {


        $stmt = $pdo->prepare("INSERT INTO profile_pictures (user_id, file_path) VALUES (:user_id, :file_path)
                                   ON DUPLICATE KEY UPDATE file_path = VALUES(file_path)");
        $stmt->execute([':user_id' => $user_id, ':file_path' => $file_path1]);
    
        header("Location: ../index.php");
        
    } else {
        echo "Fehler beim Hochladen. Prüfe Folgendes:<br>";
        echo "Temp-Datei: " . htmlspecialchars($file_tmp) . "<br>";
        echo "Ziel-Pfad: " . htmlspecialchars($file_path) . "<br>";
    
        if (!is_writable($upload_dir)) {
            echo " Fehler: Der Ordner '$upload_dir' ist nicht beschreibbar!<br>";;
    }
}
}
?>