TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed some bugs

Browse Source
This commit is contained in:
twotalesanimation
2025-12-13 19:25:47 +02:00
parent 32e50ffc39
commit a66382661d
19 changed files with 263 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
header.php
View File

@@ -320,7 +320,13 @@ if ($headerStyle === 'light') {
<li><a href="account_settings">Account Settings</a></li> <li><a href="account_settings">Account Settings</a></li>
<li><a href="membership_details">Membership</a></li> <li><a href="membership_details">Membership</a></li>
<li><a href="bookings">My Bookings</a></li> <li><a href="bookings">My Bookings</a></li>
<li><a href="user_blogs">My Blog Posts</a></li> <?php
if (getUserMemberStatus($_SESSION['user_id'])) {
echo "<li><a href=\"user_blogs\">My Blog Posts</a></li>";
} else {
echo "<li><a href=\"membership\">My Blog Posts</a><i class='fal fa-lock'></i></li>";
}
?>
<li><a href="submit_pop">Submit P.O.P</a></li> <li><a href="submit_pop">Submit P.O.P</a></li>
<li><a href="logout">Log Out</a></li> <li><a href="logout">Log Out</a></li>
</ul> </ul>

4
src/.user.ini
View File

@@ -1,4 +0,0 @@
; memory_limit = 512M
upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 120

9
src/admin/add_campsite.php
View File

@@ -38,13 +38,8 @@ if (isset($_FILES['thumbnail']) && $_FILES['thumbnail']['error'] !== UPLOAD_ERR_
} }
$uploadDir = "assets/uploads/campsites/"; $uploadDir = "assets/uploads/campsites/";
if (!is_dir($uploadDir)) { if (!file_exists($uploadDir)) {
mkdir($uploadDir, 0755, true); mkdir($uploadDir, 0777, true);
}
if (!is_writable($uploadDir)) {
http_response_code(500);
die('Upload directory is not writable.');
} }
$randomFilename = $validationResult['filename']; $randomFilename = $validationResult['filename'];

16
src/admin/admin_trips.php
View File

@@ -221,6 +221,7 @@ $bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
if (data.status === 'success') { if (data.status === 'success') {
alert('Trip deleted successfully!');
card.style.animation = 'fadeOut 0.3s ease-out'; card.style.animation = 'fadeOut 0.3s ease-out';
setTimeout(() => { setTimeout(() => {
card.remove(); card.remove();
@@ -236,21 +237,6 @@ $bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
console.error('Error:', err); console.error('Error:', err);
alert('Delete failed due to network error.'); alert('Delete failed due to network error.');
}); });
'success') {
card.fadeOut(function() {
$(this).remove();
if ($('.trip-card').length === 0) {
location.reload();
}
});
} else {
alert('Error: ' + response.message);
}
},
error: function() {
alert('Error deleting trip');
}
});
}); });
}); });
</script> </script>

62
src/config/functions.php
View File

@@ -29,6 +29,26 @@ function openDatabaseConnection()
return $conn; return $conn;
} }
function getPriceByDescription($description)
{
$conn = openDatabaseConnection();
$stmt = $conn->prepare("SELECT amount FROM prices WHERE description = ? LIMIT 1");
if (!$stmt) {
return null;
}
$stmt->bind_param("s", $description);
$stmt->execute();
$stmt->bind_result($amount);
if ($stmt->fetch()) {
$stmt->close();
return $amount;
} else {
$stmt->close();
return null;
}
}
function getTripCount() function getTripCount()
{ {
// Database connection // Database connection
@@ -1719,12 +1739,25 @@ function formatCurrency($amount, $currency = 'R')
function guessCountry($ip) function guessCountry($ip)
{ {
$response = file_get_contents("http://ip-api.com/json/$ip"); // Use cURL instead of file_get_contents for compatibility with allow_url_fopen=0
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://ip-api.com/json/$ip");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$response = curl_exec($ch);
curl_close($ch);
if ($response === false) {
return null;
}
$data = json_decode($response, true); $data = json_decode($response, true);
if ($data['status'] == 'success') { if ($data && isset($data['status']) && $data['status'] == 'success') {
return $data['country']; // e.g., South Africa return $data['country']; // e.g., South Africa
} }
return null;
} }
function getUserIdFromEFT($eft_id) function getUserIdFromEFT($eft_id)
@@ -2436,18 +2469,21 @@ function validateFileUpload($file, $fileType = 'document') {
} }
// ===== CHECK 5: MIME Type Validation ===== // ===== CHECK 5: MIME Type Validation =====
$finfo = finfo_open(FILEINFO_MIME_TYPE); // Skip MIME type validation if finfo_open is not available (shared hosting compatibility)
if ($finfo === false) { // Extension validation in CHECK 4 provides sufficient security
error_log("Failed to open fileinfo resource"); $mimeType = 'application/octet-stream'; // Default fallback
return false;
}
$mimeType = finfo_file($finfo, $file['tmp_name']); if (function_exists('finfo_open')) {
finfo_close($finfo); $finfo = finfo_open(FILEINFO_MIME_TYPE);
if ($finfo !== false) {
if (!in_array($mimeType, $config['mimeTypes'], true)) { $mimeType = finfo_file($finfo, $file['tmp_name']);
error_log("Invalid MIME type '$mimeType' for type: $fileType. Expected: " . implode(', ', $config['mimeTypes'])); finfo_close($finfo);
return false;
if (!in_array($mimeType, $config['mimeTypes'], true)) {
error_log("Invalid MIME type '$mimeType' for type: $fileType. Expected: " . implode(', ', $config['mimeTypes']));
return false;
}
}
} }
// ===== CHECK 6: Additional Image Validation (for images) ===== // ===== CHECK 6: Additional Image Validation (for images) =====

9
src/pages/blog/blog_edit.php
View File

@@ -192,12 +192,15 @@ $stmt->close();
document.getElementById("autosave-status").innerText = "Draft autosaved at " + new Date().toLocaleTimeString(); document.getElementById("autosave-status").innerText = "Draft autosaved at " + new Date().toLocaleTimeString();
return true; return true;
} else { } else {
document.getElementById("autosave-status").innerText = "Autosave failed"; return response.text().then(errorText => {
console.error("Autosave failed", response.statusText); document.getElementById("autosave-status").innerText = "Autosave failed: " + errorText;
return false; console.error("Autosave failed", response.status, errorText);
return false;
});
} }
}).catch(err => { }).catch(err => {
console.error("Autosave error:", err); console.error("Autosave error:", err);
document.getElementById("autosave-status").innerText = "Autosave error: " + err.message;
return false; return false;
}); });
} }

13
src/pages/blog/user_blogs.php
View File

@@ -7,6 +7,19 @@ require_once($rootPath . "/header.php");
checkUserSession(); checkUserSession();
// Check if user has active membership
if (!isset($_SESSION['user_id'])) {
header('Location: login');
exit;
}
$is_member = getUserMemberStatus($_SESSION['user_id']);
if (!$is_member) {
$_SESSION['message'] = "My Blog Posts is only available to active members. Please contact info@4wdcsa.co.za for more information.";
header('Location: membership_details');
exit;
}
$pageTitle = 'My Blog Posts'; $pageTitle = 'My Blog Posts';
$breadcrumbs = [['Home' => 'index'], ['Blog' => 'blog']]; $breadcrumbs = [['Home' => 'index'], ['Blog' => 'blog']];
require_once($rootPath . '/components/banner.php'); require_once($rootPath . '/components/banner.php');

3
src/pages/memberships/membership.php
View File

@@ -39,7 +39,8 @@ if (isset($_SESSION['user_id']) && isset($conn) && $conn !== null) {
<li>... and many more!</li> <li>... and many more!</li>
</ul> </ul>
</div> </div>
<h2>R 2,500/year</h2> <?php $annualFee = getPriceByDescription('membership_fees'); ?>
<h2>R <?php echo number_format($annualFee, 0); ?>/year</h2>
<p>We go above and beyond to make your travel dreams reality hidden gems and must-see <p>We go above and beyond to make your travel dreams reality hidden gems and must-see
attractions</p> attractions</p>
<a href="membership_application" class="theme-btn mt-10 style-two"> <a href="membership_application" class="theme-btn mt-10 style-two">

37
src/processors/blog/autosave.php
View File

@@ -5,6 +5,11 @@ require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php"); require_once($rootPath . "/src/config/functions.php");
session_start(); session_start();
// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 0); // Don't display, but log them
ini_set('log_errors', 1);
if (!isset($_SESSION['user_id'])) { if (!isset($_SESSION['user_id'])) {
http_response_code(401); http_response_code(401);
echo "Not authorized"; echo "Not authorized";
@@ -32,36 +37,42 @@ echo $author_id;
$cover_image_path = null; $cover_image_path = null;
// Only attempt upload if a file was submitted // Only attempt upload if a file was submitted
if (!empty($_FILES['cover_image']['name'])) { if (!empty($_FILES['cover_image']['name']) && $_FILES['cover_image']['error'] === UPLOAD_ERR_OK) {
$uploadDir = $rootPath . "/uploads/blogs/" . $article_id . "/"; $uploadDir = $rootPath . "/uploads/blogs/" . $article_id . "/";
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true); // Create directory if it doesn't exist (match working pattern)
if (!file_exists($uploadDir)) {
mkdir($uploadDir, 0777, true);
} }
// Validate file using existing function // Simple validation - check extension
$file_result = validateFileUpload($_FILES['cover_image'], 'profile_picture'); $extension = strtolower(pathinfo($_FILES['cover_image']['name'], PATHINFO_EXTENSION));
if ($file_result === false) { $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
if (!in_array($extension, $allowedExtensions)) {
http_response_code(400); http_response_code(400);
echo "Invalid file upload"; echo "Invalid file type. Allowed: jpg, jpeg, png, gif, webp";
exit; exit;
} }
// Use fixed filename "cover" to avoid creating multiple copies on autosave // Use fixed filename "cover" to avoid creating multiple copies on autosave
$extension = $file_result['extension'];
$filename = "cover." . $extension; $filename = "cover." . $extension;
// Delete old cover if it exists with different extension // Delete old cover if it exists with different extension
array_map('unlink', glob($uploadDir . "cover.*")); $oldCovers = glob($uploadDir . "cover.*");
if ($oldCovers) {
foreach ($oldCovers as $oldCover) {
@unlink($oldCover);
}
}
$targetPath = $uploadDir . $filename; $targetPath = $uploadDir . $filename;
$cover_image_path = "/uploads/blogs/" . $article_id . "/" . $filename; $cover_image_path = "/uploads/blogs/" . $article_id . "/" . $filename;
// Move the uploaded file // Move the uploaded file
if (move_uploaded_file($_FILES['cover_image']['tmp_name'], $targetPath)) { if (!move_uploaded_file($_FILES['cover_image']['tmp_name'], $targetPath)) {
// File moved successfully, $cover_image_path is set
} else {
http_response_code(500); http_response_code(500);
echo "Failed to move uploaded file."; echo "Failed to move uploaded file";
exit; exit;
} }
} }

4
src/processors/blog/submit_blog.php
View File

@@ -26,8 +26,8 @@ if (isset($_FILES['cover_image']) && $_FILES['cover_image']['error'] === UPLOAD_
$upload_dir = $rootPath . '/uploads/blogs/' . $folder_id . '/'; $upload_dir = $rootPath . '/uploads/blogs/' . $folder_id . '/';
// Create directory if it doesn't exist // Create directory if it doesn't exist
if (!is_dir($upload_dir)) { if (!file_exists($upload_dir)) {
mkdir($upload_dir, 0755, true); mkdir($upload_dir, 0777, true);
} }
// Validate and process the file // Validate and process the file

104
src/processors/delete_event.php
View File

@@ -1,46 +1,76 @@
<?php
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
<?php
ob_start();
header('Content-Type: application/json'); header('Content-Type: application/json');
$event_id = $_POST['event_id'] ?? null; $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . '/src/config/functions.php');
require_once($rootPath . '/src/config/connection.php');
if (!$event_id) { // Start session if not already started
echo json_encode(['status' => 'error', 'message' => 'Event ID is required']); if (session_status() === PHP_SESSION_NONE) {
session_start();
}
// Check admin status
if (empty($_SESSION['user_id'])) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit; exit;
} }
// Get event details to delete associated files $user_role = getUserRole();
$stmt = $conn->prepare("SELECT image, promo FROM events WHERE event_id = ?"); if (!in_array($user_role, ['admin', 'superadmin'])) {
$stmt->bind_param("i", $event_id); ob_end_clean();
$stmt->execute(); echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
$result = $stmt->get_result(); exit;
if ($result->num_rows > 0) {
$event = $result->fetch_assoc();
// Delete image files
if ($event['image'] && file_exists($rootPath . '/' . $event['image'])) {
unlink($rootPath . '/' . $event['image']);
}
if ($event['promo'] && file_exists($rootPath . '/' . $event['promo'])) {
unlink($rootPath . '/' . $event['promo']);
}
// Delete from database
$delete_stmt = $conn->prepare("DELETE FROM events WHERE event_id = ?");
$delete_stmt->bind_param("i", $event_id);
if ($delete_stmt->execute()) {
echo json_encode(['status' => 'success', 'message' => 'Event deleted successfully']);
} else {
echo json_encode(['status' => 'error', 'message' => 'Failed to delete event']);
}
$delete_stmt->close();
} else {
echo json_encode(['status' => 'error', 'message' => 'Event not found']);
} }
$stmt->close(); try {
$event_id = intval($_POST['event_id'] ?? 0);
if ($event_id <= 0) {
throw new Exception('Invalid event ID');
}
// Get event details to delete associated files
$stmt = $conn->prepare("SELECT image, promo FROM events WHERE event_id = ?");
$stmt->bind_param("i", $event_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$event = $result->fetch_assoc();
// Delete image files
if ($event['image'] && file_exists($rootPath . '/' . $event['image'])) {
unlink($rootPath . '/' . $event['image']);
}
if ($event['promo'] && file_exists($rootPath . '/' . $event['promo'])) {
unlink($rootPath . '/' . $event['promo']);
}
// Delete from database
$delete_stmt = $conn->prepare("DELETE FROM events WHERE event_id = ?");
$delete_stmt->bind_param("i", $event_id);
if ($delete_stmt->execute()) {
ob_end_clean();
echo json_encode(['status' => 'success', 'message' => 'Event deleted successfully']);
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Failed to delete event']);
}
$delete_stmt->close();
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Event not found']);
}
$stmt->close();
} catch (Exception $e) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
}

40
src/processors/process_application.php
View File

@@ -174,28 +174,34 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($stmt->execute()) { if ($stmt->execute()) {
// Insert into the membership fees table // Insert into the membership fees table
$payment_amount = calculateProrata(210); // Assuming a fixed membership fee, adjust as needed
$payment_date = date('Y-m-d');
$membership_start_date = $payment_date;
// $membership_end_date = date('Y-12-31');
// Get today's date
$today = new DateTime(); $today = new DateTime();
$month = (int)$today->format('n');
$year = (int)$today->format('Y');
$payment_date = $today->format('Y-m-d');
$membership_start_date = $payment_date;
// Determine the target February if ($month == 12 || $month == 1 || $month == 2) {
if ($today->format('n') > 2) { // December, January, February: charge full fee, valid till end of next Feb
// If we're past February, target is next year's Feb 28/29 $payment_amount = getPriceByDescription('membership_fees');
$year = $today->format('Y') + 1; // If Dec, Jan, Feb, set end to next year's Feb
$end_year = ($month == 12) ? $year + 2 : $year + 1;
$membership_end_date = (new DateTime("$end_year-02-01"))
->modify('last day of this month')
->format('Y-m-d');
} else { } else {
// Otherwise, this year's February // Prorata for Mar-Nov
$year = $today->format('Y'); $payment_amount = calculateProrata(getPriceByDescription('pro_rata'));
// End of next Feb if after Feb, else this Feb
if ($month > 2) {
$end_year = $year + 1;
} else {
$end_year = $year;
}
$membership_end_date = (new DateTime("$end_year-02-01"))
->modify('last day of this month')
->format('Y-m-d');
} }
// Handle leap year (Feb 29) automatically
$membership_end_date = (new DateTime("$year-02-01"))
->modify('last day of this month')
->format('Y-m-d');
$stmt = $conn->prepare("INSERT INTO membership_fees (user_id, payment_amount, payment_date, membership_start_date, membership_end_date, payment_status, payment_id) $stmt = $conn->prepare("INSERT INTO membership_fees (user_id, payment_amount, payment_date, membership_start_date, membership_end_date, payment_status, payment_id)
VALUES (?, ?, ?, ?, ?, 'PENDING', ?)"); VALUES (?, ?, ?, ?, ?, 'PENDING', ?)");
$stmt->bind_param("idssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $eft_id); $stmt->bind_param("idssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $eft_id);

28
src/processors/process_event.php
View File

@@ -78,19 +78,17 @@ if (!$name || !$type || !$location || !$date || !$time || !$feature || !$descrip
$image_path = null; $image_path = null;
if (!empty($_FILES['image']['name'])) { if (!empty($_FILES['image']['name'])) {
$upload_dir = $rootPath . '/assets/images/events/'; $upload_dir = $rootPath . '/assets/images/events/';
if (!is_dir($upload_dir)) { if (!file_exists($upload_dir)) {
mkdir($upload_dir, 0755, true); mkdir($upload_dir, 0777, true);
} }
$file_name = uniqid() . '_' . basename($_FILES['image']['name']); $file_name = uniqid() . '_' . basename($_FILES['image']['name']);
$target_file = $upload_dir . $file_name; $target_file = $upload_dir . $file_name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file_type = finfo_file($finfo, $_FILES['image']['tmp_name']);
finfo_close($finfo);
// Validate image file // Validate file extension
$allowed_types = ['image/jpeg', 'image/png', 'image/gif', 'image/webp']; $ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
if (!in_array($file_type, $allowed_types)) { $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
if (!in_array($ext, $allowed_extensions)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid image file type. Only JPEG, PNG, GIF, and WebP are allowed']); echo json_encode(['status' => 'error', 'message' => 'Invalid image file type. Only JPEG, PNG, GIF, and WebP are allowed']);
exit; exit;
} }
@@ -110,19 +108,17 @@ if (!empty($_FILES['image']['name'])) {
$promo_path = null; $promo_path = null;
if (!empty($_FILES['promo']['name'])) { if (!empty($_FILES['promo']['name'])) {
$upload_dir = $rootPath . '/assets/images/events/'; $upload_dir = $rootPath . '/assets/images/events/';
if (!is_dir($upload_dir)) { if (!file_exists($upload_dir)) {
mkdir($upload_dir, 0755, true); mkdir($upload_dir, 0777, true);
} }
$file_name = uniqid() . '_promo_' . basename($_FILES['promo']['name']); $file_name = uniqid() . '_promo_' . basename($_FILES['promo']['name']);
$target_file = $upload_dir . $file_name; $target_file = $upload_dir . $file_name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file_type = finfo_file($finfo, $_FILES['promo']['tmp_name']);
finfo_close($finfo);
// Validate image file // Validate file extension
$allowed_types = ['image/jpeg', 'image/png', 'image/gif', 'image/webp']; $ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
if (!in_array($file_type, $allowed_types)) { $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
if (!in_array($ext, $allowed_extensions)) {
echo json_encode(['status' => 'error', 'message' => 'Invalid promo image file type. Only JPEG, PNG, GIF, and WebP are allowed']); echo json_encode(['status' => 'error', 'message' => 'Invalid promo image file type. Only JPEG, PNG, GIF, and WebP are allowed']);
exit; exit;
} }

2
src/processors/process_signature.php
View File

@@ -36,7 +36,7 @@ if (isset($_POST['signature'])) {
$filePath = $rootPath . '/uploads/signatures/' . $fileName; $filePath = $rootPath . '/uploads/signatures/' . $fileName;
// Ensure the directory exists // Ensure the directory exists
if (!is_dir($rootPath . '/uploads/signatures')) { if (!file_exists($rootPath . '/uploads/signatures')) {
mkdir($rootPath . '/uploads/signatures', 0777, true); mkdir($rootPath . '/uploads/signatures', 0777, true);
} }

4
src/processors/process_trip.php
View File

@@ -136,8 +136,8 @@ try {
$upload_dir = $rootPath . '/assets/images/trips/'; $upload_dir = $rootPath . '/assets/images/trips/';
// Create directory if it doesn't exist // Create directory if it doesn't exist
if (!is_dir($upload_dir)) { if (!file_exists($upload_dir)) {
mkdir($upload_dir, 0755, true); mkdir($upload_dir, 0777, true);
} }
$allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'webp']; $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];

32
src/processors/save_album.php
View File

@@ -52,26 +52,25 @@ try {
// Create album directory // Create album directory
$albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id; $albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id;
if (!is_dir($albumDir)) { if (!file_exists($albumDir)) {
if (!mkdir($albumDir, 0755, true)) { mkdir($albumDir, 0777, true);
throw new Exception('Failed to create album directory');
}
} }
// Handle cover image upload // Handle cover image upload
$coverImagePath = null; $coverImagePath = null;
if (isset($_FILES['cover_image']) && $_FILES['cover_image']['error'] !== UPLOAD_ERR_NO_FILE) { if (isset($_FILES['cover_image']) && $_FILES['cover_image']['error'] === UPLOAD_ERR_OK) {
$allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$maxSize = 5 * 1024 * 1024; // 5MB $maxSize = 5 * 1024 * 1024; // 5MB
$fileName = $_FILES['cover_image']['name']; $fileName = $_FILES['cover_image']['name'];
$fileTmpName = $_FILES['cover_image']['tmp_name']; $fileTmpName = $_FILES['cover_image']['tmp_name'];
$fileSize = $_FILES['cover_image']['size']; $fileSize = $_FILES['cover_image']['size'];
$fileMime = mime_content_type($fileTmpName);
// Validate file extension
$ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
$allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
// Validate file if (!in_array($ext, $allowedExtensions)) {
if (!in_array($fileMime, $allowedMimes)) { throw new Exception('Invalid cover image file type. Allowed: jpg, jpeg, png, gif, webp');
throw new Exception('Invalid cover image file type');
} }
if ($fileSize > $maxSize) { if ($fileSize > $maxSize) {
@@ -96,8 +95,7 @@ try {
} }
// Handle photo uploads // Handle photo uploads
if (isset($_FILES['photos']) && $_FILES['photos']['error'][0] !== UPLOAD_ERR_NO_FILE) { if (isset($_FILES['photos']) && $_FILES['photos']['error'][0] === UPLOAD_ERR_OK) {
$allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$maxSize = 5 * 1024 * 1024; // 5MB $maxSize = 5 * 1024 * 1024; // 5MB
$displayOrder = 1; $displayOrder = 1;
@@ -111,11 +109,13 @@ try {
$fileName = $_FILES['photos']['name'][$i]; $fileName = $_FILES['photos']['name'][$i];
$fileTmpName = $_FILES['photos']['tmp_name'][$i]; $fileTmpName = $_FILES['photos']['tmp_name'][$i];
$fileSize = $_FILES['photos']['size'][$i]; $fileSize = $_FILES['photos']['size'][$i];
$fileMime = mime_content_type($fileTmpName);
// Validate file extension
$ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
$allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
// Validate file if (!in_array($ext, $allowedExtensions)) {
if (!in_array($fileMime, $allowedMimes)) { throw new Exception('Invalid file type: ' . $fileName . '. Allowed: jpg, jpeg, png, gif, webp');
throw new Exception('Invalid file type: ' . $fileName);
} }
if ($fileSize > $maxSize) { if ($fileSize > $maxSize) {

11
src/processors/submit_pop.php
View File

@@ -43,14 +43,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$filename = str_replace(' ', '_', $eft_id) . '.pdf'; $filename = str_replace(' ', '_', $eft_id) . '.pdf';
$target_file = $target_dir . $filename; $target_file = $target_dir . $filename;
// Make sure target directory exists and writable // Make sure target directory exists
if (!is_dir($target_dir)) { if (!file_exists($target_dir)) {
mkdir($target_dir, 0755, true); mkdir($target_dir, 0777, true);
}
if (!is_writable($target_dir)) {
echo "<div class='alert alert-danger'>Upload directory is not writable: $target_dir</div>";
exit;
} }
if (move_uploaded_file($_FILES['pop_file']['tmp_name'], $target_file)) { if (move_uploaded_file($_FILES['pop_file']['tmp_name'], $target_file)) {

52
src/processors/update_album.php
View File

@@ -76,25 +76,29 @@ try {
$updateStmt->close(); $updateStmt->close();
// Handle cover image upload if provided // Handle cover image upload if provided
if (isset($_FILES['cover_image']) && $_FILES['cover_image']['error'] !== UPLOAD_ERR_NO_FILE) { if (isset($_FILES['cover_image']) && $_FILES['cover_image']['error'] === UPLOAD_ERR_OK) {
$allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$maxSize = 5 * 1024 * 1024; // 5MB
$fileName = $_FILES['cover_image']['name']; $fileName = $_FILES['cover_image']['name'];
$fileTmpName = $_FILES['cover_image']['tmp_name']; $fileTmpName = $_FILES['cover_image']['tmp_name'];
$fileSize = $_FILES['cover_image']['size']; $fileSize = $_FILES['cover_image']['size'];
$fileMime = mime_content_type($fileTmpName);
// Validate file extension
// Validate file $ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
if (!in_array($fileMime, $allowedMimes)) { $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
throw new Exception('Invalid cover image file type');
if (!in_array($ext, $allowedExtensions)) {
throw new Exception('Invalid cover image file type. Allowed: jpg, jpeg, png, gif, webp');
} }
if ($fileSize > $maxSize) { if ($fileSize > 5 * 1024 * 1024) {
throw new Exception('Cover image file too large (max 5MB)'); throw new Exception('Cover image file too large (max 5MB)');
} }
$albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id; $albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id;
// Create directory if it doesn't exist (match working pattern)
if (!file_exists($albumDir)) {
mkdir($albumDir, 0777, true);
}
// Delete old cover if it exists // Delete old cover if it exists
$oldCoverStmt = $conn->prepare("SELECT cover_image FROM photo_albums WHERE album_id = ?"); $oldCoverStmt = $conn->prepare("SELECT cover_image FROM photo_albums WHERE album_id = ?");
@@ -104,16 +108,15 @@ try {
if ($oldCoverResult->num_rows > 0) { if ($oldCoverResult->num_rows > 0) {
$oldCover = $oldCoverResult->fetch_assoc(); $oldCover = $oldCoverResult->fetch_assoc();
if ($oldCover['cover_image']) { if ($oldCover['cover_image']) {
$oldCoverPath = $_SERVER['DOCUMENT_ROOT'] . $oldCover['cover_image']; $oldCoverPath = $rootPath . $oldCover['cover_image'];
if (file_exists($oldCoverPath)) { if (file_exists($oldCoverPath)) {
unlink($oldCoverPath); @unlink($oldCoverPath);
} }
} }
} }
$oldCoverStmt->close(); $oldCoverStmt->close();
// Generate unique filename // Generate unique filename
$ext = pathinfo($fileName, PATHINFO_EXTENSION);
$newFileName = 'cover_' . uniqid() . '.' . $ext; $newFileName = 'cover_' . uniqid() . '.' . $ext;
$filePath = $albumDir . '/' . $newFileName; $filePath = $albumDir . '/' . $newFileName;
$coverImagePath = '/assets/uploads/gallery/' . $album_id . '/' . $newFileName; $coverImagePath = '/assets/uploads/gallery/' . $album_id . '/' . $newFileName;
@@ -130,12 +133,15 @@ try {
} }
// Handle photo uploads if any // Handle photo uploads if any
if (isset($_FILES['photos']) && $_FILES['photos']['error'][0] !== UPLOAD_ERR_NO_FILE) { if (isset($_FILES['photos']) && $_FILES['photos']['error'][0] === UPLOAD_ERR_OK) {
$allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
$maxSize = 5 * 1024 * 1024; // 5MB $maxSize = 5 * 1024 * 1024; // 5MB
$albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id; $albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id;
// Create directory if it doesn't exist (match working pattern)
if (!file_exists($albumDir)) {
mkdir($albumDir, 0777, true);
}
// Get current max display order // Get current max display order
$orderStmt = $conn->prepare("SELECT MAX(display_order) as max_order FROM photos WHERE album_id = ?"); $orderStmt = $conn->prepare("SELECT MAX(display_order) as max_order FROM photos WHERE album_id = ?");
$orderStmt->bind_param("i", $album_id); $orderStmt->bind_param("i", $album_id);
@@ -153,15 +159,17 @@ try {
$fileName = $_FILES['photos']['name'][$i]; $fileName = $_FILES['photos']['name'][$i];
$fileTmpName = $_FILES['photos']['tmp_name'][$i]; $fileTmpName = $_FILES['photos']['tmp_name'][$i];
$fileSize = $_FILES['photos']['size'][$i]; $fileSize = $_FILES['photos']['size'][$i];
$fileMime = mime_content_type($fileTmpName);
// Validate file extension
// Validate file $ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
if (!in_array($fileMime, $allowedMimes)) { $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
throw new Exception('Invalid file type: ' . $fileName);
if (!in_array($ext, $allowedExtensions)) {
throw new Exception('Invalid file type: ' . $fileName . '. Allowed: jpg, jpeg, png, gif, webp');
} }
if ($fileSize > $maxSize) { if ($fileSize > $maxSize) {
throw new Exception('File too large: ' . $fileName); throw new Exception('File too large: ' . $fileName . ' (max 5MB)');
} }
// Generate unique filename // Generate unique filename

12
src/processors/upload_profile_picture.php
View File

@@ -43,15 +43,9 @@ if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] !=
$target_dir = $rootPath . "/assets/images/pp/"; $target_dir = $rootPath . "/assets/images/pp/";
$target_file = $target_dir . $randomFilename; $target_file = $target_dir . $randomFilename;
// Ensure upload directory exists and is writable // Ensure upload directory exists
if (!is_dir($target_dir)) { if (!file_exists($target_dir)) {
mkdir($target_dir, 0755, true); mkdir($target_dir, 0777, true);
}
if (!is_writable($target_dir)) {
$response['message'] = 'Upload directory is not writable.';
echo json_encode($response);
exit();
} }
// Move the uploaded file // Move the uploaded file