From 0c068eeb6928f7c406cf6f8e6673ebaaacc35914 Mon Sep 17 00:00:00 2001 From: twotalesanimation <80506065+twotalesanimation@users.noreply.github.com> Date: Thu, 4 Dec 2025 15:34:15 +0200 Subject: [PATCH] Fix: Use absolute paths for all upload directories in processor files - upload_profile_picture.php: Use absolute path for profile picture uploads, store relative path in DB - submit_pop.php: Use absolute path for proof of payment uploads - process_signature.php: Use absolute path for signature uploads, store relative path in DB --- src/processors/process_signature.php | 11 +++++++---- src/processors/submit_pop.php | 2 +- src/processors/upload_profile_picture.php | 9 ++++++--- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/processors/process_signature.php b/src/processors/process_signature.php index ee0b0a35..2b0ded7f 100644 --- a/src/processors/process_signature.php +++ b/src/processors/process_signature.php @@ -26,11 +26,11 @@ if (isset($_POST['signature'])) { // Create a file path for the signature image $fileName = 'signature_' . $user_id . '.png'; - $filePath = 'uploads/signatures/' . $fileName; + $filePath = $rootPath . '/src/processors/uploads/signatures/' . $fileName; // Ensure the directory exists - if (!is_dir('uploads/signatures')) { - mkdir('uploads/signatures', 0777, true); + if (!is_dir($rootPath . '/src/processors/uploads/signatures')) { + mkdir($rootPath . '/src/processors/uploads/signatures', 0777, true); } // Save the image file @@ -41,9 +41,12 @@ if (isset($_POST['signature'])) { die(json_encode(['status' => 'error', 'message' => 'Database connection failed'])); } + // Store relative path for HTML display + $display_path = 'src/processors/uploads/signatures/' . $fileName; + // Update the signature and indemnity acceptance in the membership application table $stmt = $conn->prepare("UPDATE membership_application SET sig = ?, accept_indemnity = 1 WHERE user_id = ?"); - $stmt->bind_param('si', $filePath, $user_id); + $stmt->bind_param('si', $display_path, $user_id); if ($stmt->execute()) { // Check the payment status diff --git a/src/processors/submit_pop.php b/src/processors/submit_pop.php index 628bcf82..f14ffd65 100644 --- a/src/processors/submit_pop.php +++ b/src/processors/submit_pop.php @@ -34,7 +34,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { exit; } - $target_dir = "uploads/pop/"; + $target_dir = $rootPath . "/src/processors/uploads/pop/"; $randomFilename = $validationResult['filename']; $target_file = $target_dir . $randomFilename; diff --git a/src/processors/upload_profile_picture.php b/src/processors/upload_profile_picture.php index b54bdb47..775ea2a9 100644 --- a/src/processors/upload_profile_picture.php +++ b/src/processors/upload_profile_picture.php @@ -29,7 +29,7 @@ if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] != // Extract validated filename $randomFilename = $validationResult['filename']; - $target_dir = "assets/images/pp/"; + $target_dir = $rootPath . "/assets/images/pp/"; $target_file = $target_dir . $randomFilename; // Ensure upload directory exists and is writable @@ -48,6 +48,9 @@ if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] != // Set secure file permissions (readable but not executable) chmod($target_file, 0644); + // Store relative path for HTML display + $display_path = "assets/images/pp/" . $randomFilename; + // Update the profile picture path in the database $sql = "UPDATE users SET profile_pic = ? WHERE user_id = ?"; $stmt = $conn->prepare($sql); @@ -57,9 +60,9 @@ if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] != exit(); } - $stmt->bind_param("si", $target_file, $user_id); + $stmt->bind_param("si", $display_path, $user_id); if ($stmt->execute()) { - $_SESSION['profile_pic'] = $target_file; + $_SESSION['profile_pic'] = $display_path; $response['status'] = 'success'; $response['message'] = 'Profile picture updated successfully';