From 1609dea8fb533e41c3814bf7c248fb59fb0c5e68 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sun, 14 Jun 2026 15:48:19 +0000 Subject: [PATCH] =?UTF-8?q?Fix=20product=20image=20upload=20=E2=80=94=20re?= =?UTF-8?q?move=20header.php=20(outputs=20HTML),=20auth=20check=20directly?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/upload-image.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/admin/upload-image.php b/admin/upload-image.php index f0ae933..8935361 100644 --- a/admin/upload-image.php +++ b/admin/upload-image.php @@ -2,11 +2,17 @@ /** * Tom's Java Jive - Admin Image Upload Handler */ -require_once __DIR__ . '/includes/header.php'; +require_once __DIR__ . '/../includes/auth.php'; +require_once __DIR__ . '/../includes/db.php'; -ob_end_clean(); header('Content-Type: application/json'); +if (!AdminAuth::getUser()) { + http_response_code(401); + echo json_encode(['error' => 'Unauthorized']); + exit; +} + if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) { echo json_encode(['error' => 'No file received']); exit; @@ -26,20 +32,17 @@ if ($file['size'] > $maxSize) { exit; } -// Create upload directory $uploadDir = __DIR__ . '/../uploads/products/'; if (!is_dir($uploadDir)) { mkdir($uploadDir, 0755, true); } -// Generate unique filename -$ext = pathinfo($file['name'], PATHINFO_EXTENSION); -$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . strtolower($ext); +$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); +$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext; $filepath = $uploadDir . $filename; if (move_uploaded_file($file['tmp_name'], $filepath)) { - $url = '/uploads/products/' . $filename; - echo json_encode(['success' => true, 'url' => $url]); + echo json_encode(['success' => true, 'url' => '/uploads/products/' . $filename]); } else { echo json_encode(['error' => 'Failed to save file. Check directory permissions.']); }