WIP: Blogposts

autosave.php

@@ -0,0 +1,101 @@
+<?php
+require_once("env.php");
+require_once("session.php");
+require_once("connection.php");
+require_once("functions.php");
+
+if (!isset($_SESSION['user_id'])) {
+    http_response_code(401);
+    echo "Not authorized";
+    exit;
+}
+
+$article_id = (int)($_POST['id'] ?? 0);
+$title = $_POST['title'] ?? '';
+$content = $_POST['content'] ?? '';
+$description = $_POST['subtitle'] ?? '';
+$category = $_POST['category'] ?? '';
+$user_id = $_SESSION['user_id'];
+
+
+// Default to current user
+$author_id = $_SESSION['user_id'];
+
+// Allow override if admin
+$role = getUserRole();
+if (($role === 'admin' || $role === 'superadmin') && isset($_POST['author'])) {
+    $author_id = (int)$_POST['author'];
+}
+echo $author_id;
+
+$cover_image_path = null;
+
+// Only attempt upload if a file was submitted
+if (!empty($_FILES['cover_image']['name'])) {
+    $uploadDir = __DIR__ . "/uploads/blogs/".$article_id."/images/";
+    if (!is_dir($uploadDir)) {
+        mkdir($uploadDir, 0777, true);
+    }
+
+    // Sanitize and rename file
+    $originalName = basename($_FILES['cover_image']['name']);
+    $originalName = preg_replace("/[^a-zA-Z0-9\._-]/", "_", $originalName); // remove unsafe characters
+
+    $targetPath = $uploadDir . $originalName;
+    $publicPath = "/uploads/blogs/".$article_id."/images/" . $originalName;
+
+    // Error detection before upload
+    $fileError = $_FILES['cover_image']['error'];
+    if ($fileError !== UPLOAD_ERR_OK) {
+        $errorMessages = [
+            UPLOAD_ERR_INI_SIZE   => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
+            UPLOAD_ERR_FORM_SIZE  => 'The uploaded file exceeds the MAX_FILE_SIZE directive in the HTML form.',
+            UPLOAD_ERR_PARTIAL    => 'The uploaded file was only partially uploaded.',
+            UPLOAD_ERR_NO_FILE    => 'No file was uploaded.',
+            UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
+            UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
+            UPLOAD_ERR_EXTENSION  => 'A PHP extension stopped the upload.',
+        ];
+        $errorMessage = $errorMessages[$fileError] ?? 'Unknown upload error.';
+        http_response_code(500);
+        echo "Upload error: $errorMessage";
+        exit;
+    }
+
+    // Skip upload if identical file already exists
+    if (file_exists($targetPath)) {
+        $cover_image_path = $publicPath;
+    } else {
+        if (move_uploaded_file($_FILES['cover_image']['tmp_name'], $targetPath)) {
+            $cover_image_path = $publicPath;
+        } else {
+            http_response_code(500);
+            echo "Failed to move uploaded file.";
+            exit;
+        }
+    }
+}
+
+// Prepare SQL with/without image update
+if ($cover_image_path) {
+    $stmt = $conn->prepare("
+        UPDATE blogs
+        SET title = ?, content = ?, description = ?, category = ?, image = ?, author = ?
+        WHERE blog_id = ?
+    ");
+    $stmt->bind_param("ssssssi", $title, $content, $description, $category, $cover_image_path, $author_id, $article_id);
+} else {
+    $stmt = $conn->prepare("
+        UPDATE blogs
+        SET title = ?, content = ?, description = ?, category = ?, author = ?
+        WHERE blog_id = ?
+    ");
+    $stmt->bind_param("ssssii", $title, $content, $description, $category, $author_id, $article_id);
+}
+
+if ($stmt->execute()) {
+    echo "Saved";
+} else {
+    http_response_code(500);
+    echo "Database update failed: " . $stmt->error;
+}