'No file received']); exit; } $file = $_FILES['image']; $allowed = ['image/jpeg','image/png','image/gif','image/webp']; if (!in_array($file['type'], $allowed)) { echo json_encode(['error' => 'Invalid type. Use JPG, PNG, WebP or GIF.']); exit; } if ($file['size'] > 5 * 1024 * 1024) { echo json_encode(['error' => 'File too large (max 5 MB).']); exit; } $dir = __DIR__ . '/../../uploads/splashes/'; if (!is_dir($dir)) mkdir($dir, 0755, true); $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); $name = 'splash_' . time() . '_' . bin2hex(random_bytes(4)) . '.' . $ext; $path = $dir . $name; if (move_uploaded_file($file['tmp_name'], $path)) { echo json_encode(['success' => true, 'url' => '/uploads/splashes/' . $name]); } else { echo json_encode(['error' => 'Could not save file.']); }