diff --git a/admin/upload-image.php b/admin/upload-image.php index f0ae933..8935361 100644 --- a/admin/upload-image.php +++ b/admin/upload-image.php @@ -2,11 +2,17 @@ /** * Tom's Java Jive - Admin Image Upload Handler */ -require_once __DIR__ . '/includes/header.php'; +require_once __DIR__ . '/../includes/auth.php'; +require_once __DIR__ . '/../includes/db.php'; -ob_end_clean(); header('Content-Type: application/json'); +if (!AdminAuth::getUser()) { + http_response_code(401); + echo json_encode(['error' => 'Unauthorized']); + exit; +} + if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) { echo json_encode(['error' => 'No file received']); exit; @@ -26,20 +32,17 @@ if ($file['size'] > $maxSize) { exit; } -// Create upload directory $uploadDir = __DIR__ . '/../uploads/products/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0755, true); } -// Generate unique filename -$ext = pathinfo($file['name'], PATHINFO_EXTENSION); -$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . strtolower($ext); +$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); +$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext; $filepath = $uploadDir . $filename; if (move_uploaded_file($file['tmp_name'], $filepath)) { - $url = '/uploads/products/' . $filename; - echo json_encode(['success' => true, 'url' => $url]); + echo json_encode(['success' => true, 'url' => '/uploads/products/' . $filename]); } else { echo json_encode(['error' => 'Failed to save file. Check directory permissions.']); }