fix: correct require paths and database connection in album processors
- Fix rootPath calculation in all album processors (was going up too many levels) - Use global \ from connection.php instead of calling openDatabaseConnection() - Fix cleanup code in save_album.php to use existing \ - Update all processors to use proper config file includes (env.php, session.php, connection.php, functions.php) - Ensures validateCSRFToken() and other functions are properly available
This commit is contained in:
twotalesanimation
@@ -1,14 +1,14 @@
|
||||
<?php
|
||||
session_start();
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . '/src/config/env.php');
|
||||
require_once($rootPath . '/src/config/session.php');
|
||||
require_once($rootPath . '/src/config/connection.php');
|
||||
|
||||
if (!isset($_SESSION['user_id'])) {
|
||||
http_response_code(403);
|
||||
exit('Forbidden');
|
||||
}
|
||||
|
||||
$rootPath = dirname(dirname(dirname(__DIR__)));
|
||||
require_once($rootPath . '/connection.php');
|
||||
|
||||
$album_id = intval($_GET['id'] ?? 0);
|
||||
|
||||
if (!$album_id) {
|
||||
@@ -16,8 +16,6 @@ if (!$album_id) {
|
||||
exit('Album ID is required');
|
||||
}
|
||||
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
// Verify ownership
|
||||
$albumCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
|
||||
$albumCheck->bind_param("i", $album_id);
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
<?php
|
||||
session_start();
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . '/src/config/env.php');
|
||||
require_once($rootPath . '/src/config/session.php');
|
||||
require_once($rootPath . '/src/config/connection.php');
|
||||
require_once($rootPath . '/src/config/functions.php');
|
||||
|
||||
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
http_response_code(403);
|
||||
exit(json_encode(['error' => 'Forbidden']));
|
||||
}
|
||||
|
||||
$rootPath = dirname(dirname(dirname(__DIR__)));
|
||||
require_once($rootPath . '/connection.php');
|
||||
require_once($rootPath . '/functions.php');
|
||||
|
||||
// Validate CSRF token
|
||||
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
|
||||
http_response_code(400);
|
||||
@@ -24,8 +24,6 @@ if (!$photo_id) {
|
||||
exit(json_encode(['error' => 'Photo ID is required']));
|
||||
}
|
||||
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
// Get photo and verify ownership through album
|
||||
$photoStmt = $conn->prepare("
|
||||
SELECT p.photo_id, p.album_id, p.file_path, a.user_id
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
<?php
|
||||
session_start();
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . '/src/config/env.php');
|
||||
require_once($rootPath . '/src/config/session.php');
|
||||
require_once($rootPath . '/src/config/connection.php');
|
||||
|
||||
if (!isset($_SESSION['user_id'])) {
|
||||
http_response_code(403);
|
||||
exit(json_encode(['error' => 'Unauthorized']));
|
||||
}
|
||||
|
||||
$rootPath = dirname(dirname(dirname(__DIR__)));
|
||||
require_once($rootPath . '/connection.php');
|
||||
|
||||
$album_id = intval($_GET['id'] ?? 0);
|
||||
|
||||
if (!$album_id) {
|
||||
@@ -16,8 +16,6 @@ if (!$album_id) {
|
||||
exit(json_encode(['error' => 'Album ID is required']));
|
||||
}
|
||||
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
// Verify album exists and user has access
|
||||
$albumCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
|
||||
$albumCheck->bind_param("i", $album_id);
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
<?php
|
||||
session_start();
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . '/src/config/env.php');
|
||||
require_once($rootPath . '/src/config/session.php');
|
||||
require_once($rootPath . '/src/config/connection.php');
|
||||
require_once($rootPath . '/src/config/functions.php');
|
||||
|
||||
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
http_response_code(403);
|
||||
@@ -12,12 +16,6 @@ if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
|
||||
exit('Invalid request');
|
||||
}
|
||||
|
||||
$rootPath = dirname(dirname(dirname(__DIR__)));
|
||||
require_once($rootPath . '/connection.php');
|
||||
require_once($rootPath . '/functions.php');
|
||||
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
$title = trim($_POST['title'] ?? '');
|
||||
$description = trim($_POST['description'] ?? '');
|
||||
$user_id = $_SESSION['user_id'];
|
||||
@@ -138,9 +136,7 @@ try {
|
||||
rmdir($albumDir);
|
||||
}
|
||||
// Delete album record (will cascade delete photos)
|
||||
$cleanupConn = openDatabaseConnection();
|
||||
$cleanupConn->query("DELETE FROM photo_albums WHERE album_id = " . intval($album_id));
|
||||
$cleanupConn->close();
|
||||
$conn->query("DELETE FROM photo_albums WHERE album_id = " . intval($album_id));
|
||||
}
|
||||
|
||||
http_response_code(400);
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
<?php
|
||||
session_start();
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . '/src/config/env.php');
|
||||
require_once($rootPath . '/src/config/session.php');
|
||||
require_once($rootPath . '/src/config/connection.php');
|
||||
require_once($rootPath . '/src/config/functions.php');
|
||||
|
||||
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
http_response_code(403);
|
||||
@@ -12,12 +16,6 @@ if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
|
||||
exit('Invalid request');
|
||||
}
|
||||
|
||||
$rootPath = dirname(dirname(dirname(__DIR__)));
|
||||
require_once($rootPath . '/connection.php');
|
||||
require_once($rootPath . '/functions.php');
|
||||
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
$album_id = intval($_POST['album_id'] ?? 0);
|
||||
$title = trim($_POST['title'] ?? '');
|
||||
$description = trim($_POST['description'] ?? '');
|
||||
|
||||
Reference in New Issue
Block a user