Fix product image upload — remove header.php (outputs HTML), auth check directly

This commit is contained in:
2026-06-14 15:48:19 +00:00
parent 5058da704a
commit 1609dea8fb
+11 -8
View File
@@ -2,11 +2,17 @@
/** /**
* Tom's Java Jive - Admin Image Upload Handler * Tom's Java Jive - Admin Image Upload Handler
*/ */
require_once __DIR__ . '/includes/header.php'; require_once __DIR__ . '/../includes/auth.php';
require_once __DIR__ . '/../includes/db.php';
ob_end_clean();
header('Content-Type: application/json'); header('Content-Type: application/json');
if (!AdminAuth::getUser()) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) { if ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_FILES['image'])) {
echo json_encode(['error' => 'No file received']); echo json_encode(['error' => 'No file received']);
exit; exit;
@@ -26,20 +32,17 @@ if ($file['size'] > $maxSize) {
exit; exit;
} }
// Create upload directory
$uploadDir = __DIR__ . '/../uploads/products/'; $uploadDir = __DIR__ . '/../uploads/products/';
if (!is_dir($uploadDir)) { if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true); mkdir($uploadDir, 0755, true);
} }
// Generate unique filename $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
$ext = pathinfo($file['name'], PATHINFO_EXTENSION); $filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext;
$filename = 'product_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . strtolower($ext);
$filepath = $uploadDir . $filename; $filepath = $uploadDir . $filename;
if (move_uploaded_file($file['tmp_name'], $filepath)) { if (move_uploaded_file($file['tmp_name'], $filepath)) {
$url = '/uploads/products/' . $filename; echo json_encode(['success' => true, 'url' => '/uploads/products/' . $filename]);
echo json_encode(['success' => true, 'url' => $url]);
} else { } else {
echo json_encode(['error' => 'Failed to save file. Check directory permissions.']); echo json_encode(['error' => 'Failed to save file. Check directory permissions.']);
} }