mirror of
https://github.com/myronblair/tomsjavajive
synced 2026-06-30 17:50:32 -05:00
Fix product image upload — remove header.php (outputs HTML), auth check directly
This commit is contained in:
+11
-8
@@ -2,11 +2,17 @@
|
|||||||
/**
|
/**
|
||||||
* Tom's Java Jive - Admin Image Upload Handler
|
* Tom's Java Jive - Admin Image Upload Handler
|
||||||
*/
|
*/
|
||||||
require_once __DIR__ . '/includes/header.php';
|
require_once __DIR__ . '/../includes/auth.php';
|
||||||
|
require_once __DIR__ . '/../includes/db.php';
|
||||||
|
|
||||||
ob_end_clean();
|
|
||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
|
|
||||||
|
if (!AdminAuth::getUser()) {
|
||||||
|
http_response_code(401);
|
||||||
|
echo json_encode(['error' => 'Unauthorized']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) {
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) {
|
||||||
echo json_encode(['error' => 'No file received']);
|
echo json_encode(['error' => 'No file received']);
|
||||||
exit;
|
exit;
|
||||||
@@ -26,20 +32,17 @@ if ($file['size'] > $maxSize) {
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create upload directory
|
|
||||||
$uploadDir = __DIR__ . '/../uploads/products/';
|
$uploadDir = __DIR__ . '/../uploads/products/';
|
||||||
if (!is_dir($uploadDir)) {
|
if (!is_dir($uploadDir)) {
|
||||||
mkdir($uploadDir, 0755, true);
|
mkdir($uploadDir, 0755, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate unique filename
|
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
|
||||||
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
|
$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext;
|
||||||
$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . strtolower($ext);
|
|
||||||
$filepath = $uploadDir . $filename;
|
$filepath = $uploadDir . $filename;
|
||||||
|
|
||||||
if (move_uploaded_file($file['tmp_name'], $filepath)) {
|
if (move_uploaded_file($file['tmp_name'], $filepath)) {
|
||||||
$url = '/uploads/products/' . $filename;
|
echo json_encode(['success' => true, 'url' => '/uploads/products/' . $filename]);
|
||||||
echo json_encode(['success' => true, 'url' => $url]);
|
|
||||||
} else {
|
} else {
|
||||||
echo json_encode(['error' => 'Failed to save file. Check directory permissions.']);
|
echo json_encode(['error' => 'Failed to save file. Check directory permissions.']);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user