Restore: Recover src/processors folder accidentally deleted during merge

src/processors/upload_profile_picture.php

@@ -0,0 +1,81 @@
+<?php
+session_start();
+$rootPath = dirname(dirname(__DIR__));
+include_once($rootPath . '/src/config/connection.php');
+require_once($rootPath . "/src/config/functions.php");
+require_once($rootPath . "/src/config/env.php");
+
+$response = array('status' => 'error', 'message' => 'Something went wrong');
+
+// Check if the user is logged in
+if (!isset($_SESSION['user_id'])) {
+    $response['message'] = 'You are not logged in.';
+    echo json_encode($response);
+    exit();
+}
+
+$user_id = $_SESSION['user_id'];
+
+// Handle profile picture upload
+if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] != UPLOAD_ERR_NO_FILE) {
+    // Validate file using hardened validation function
+    $validationResult = validateFileUpload($_FILES['profile_picture'], 'profile_picture');
+    
+    if ($validationResult === false) {
+        $response['message'] = 'Invalid file. Only JPG, JPEG, PNG, GIF, and WEBP images under 5MB are allowed.';
+        echo json_encode($response);
+        exit();
+    }
+    
+    // Extract validated filename
+    $randomFilename = $validationResult['filename'];
+    $target_dir = "assets/images/pp/";
+    $target_file = $target_dir . $randomFilename;
+    
+    // Ensure upload directory exists and is writable
+    if (!is_dir($target_dir)) {
+        mkdir($target_dir, 0755, true);
+    }
+    
+    if (!is_writable($target_dir)) {
+        $response['message'] = 'Upload directory is not writable.';
+        echo json_encode($response);
+        exit();
+    }
+    
+    // Move the uploaded file
+    if (move_uploaded_file($_FILES['profile_picture']['tmp_name'], $target_file)) {
+        // Set secure file permissions (readable but not executable)
+        chmod($target_file, 0644);
+        
+        // Update the profile picture path in the database
+        $sql = "UPDATE users SET profile_pic = ? WHERE user_id = ?";
+        $stmt = $conn->prepare($sql);
+        if (!$stmt) {
+            $response['message'] = 'Database error.';
+            echo json_encode($response);
+            exit();
+        }
+        
+        $stmt->bind_param("si", $target_file, $user_id);
+        if ($stmt->execute()) {
+            $_SESSION['profile_pic'] = $target_file;
+            $response['status'] = 'success';
+            $response['message'] = 'Profile picture updated successfully';
+            
+            // Log the action
+            auditLog($user_id, 'PROFILE_PIC_UPLOAD', 'users', $user_id, ['filename' => $randomFilename]);
+        } else {
+            $response['message'] = 'Failed to update profile picture in the database';
+        }
+        $stmt->close();
+    } else {
+        $response['message'] = 'Failed to move uploaded file.';
+    }
+} else {
+    $response['message'] = 'No file uploaded or file error.';
+}
+
+echo json_encode($response);
+?>
+