TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: correct require paths and database connection in album processors

Browse Source 
- Fix rootPath calculation in all album processors (was going up too many levels)
- Use global \ from connection.php instead of calling openDatabaseConnection()
- Fix cleanup code in save_album.php to use existing \
- Update all processors to use proper config file includes (env.php, session.php, connection.php, functions.php)
- Ensures validateCSRFToken() and other functions are properly available
This commit is contained in:
twotalesanimation
2025-12-05 09:59:05 +02:00
parent 98ef03c7af
commit e6d298c506
6 changed files with 25 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pages/gallery/gallery.php
View File

@@ -208,7 +208,7 @@ require_once($rootPath . '/components/banner.php');
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2>Member Photo Gallery</h2>
<a href="create_album" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> Create Album
<i class="far fa-plus"></i> Create Album
</a>
</div>

10
src/processors/delete_album.php
View File

@@ -1,14 +1,14 @@
<?php
session_start();
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
if (!isset($_SESSION['user_id'])) {
http_response_code(403);
exit('Forbidden');
}
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/connection.php');
$album_id = intval($_GET['id'] ?? 0);
if (!$album_id) {
@@ -16,8 +16,6 @@ if (!$album_id) {
exit('Album ID is required');
}
$conn = openDatabaseConnection();
// Verify ownership
$albumCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
$albumCheck->bind_param("i", $album_id);

12
src/processors/delete_photo.php
View File

@@ -1,15 +1,15 @@
<?php
session_start();
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(403);
exit(json_encode(['error' => 'Forbidden']));
}
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/connection.php');
require_once($rootPath . '/functions.php');
// Validate CSRF token
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
http_response_code(400);
@@ -24,8 +24,6 @@ if (!$photo_id) {
exit(json_encode(['error' => 'Photo ID is required']));
}
$conn = openDatabaseConnection();
// Get photo and verify ownership through album
$photoStmt = $conn->prepare("
SELECT p.photo_id, p.album_id, p.file_path, a.user_id

10
src/processors/get_album_photos.php
View File

@@ -1,14 +1,14 @@
<?php
session_start();
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
if (!isset($_SESSION['user_id'])) {
http_response_code(403);
exit(json_encode(['error' => 'Unauthorized']));
}
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/connection.php');
$album_id = intval($_GET['id'] ?? 0);
if (!$album_id) {
@@ -16,8 +16,6 @@ if (!$album_id) {
exit(json_encode(['error' => 'Album ID is required']));
}
$conn = openDatabaseConnection();
// Verify album exists and user has access
$albumCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
$albumCheck->bind_param("i", $album_id);

16
src/processors/save_album.php
View File

@@ -1,5 +1,9 @@
<?php
session_start();
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(403);
@@ -12,12 +16,6 @@ if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
exit('Invalid request');
}
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/connection.php');
require_once($rootPath . '/functions.php');
$conn = openDatabaseConnection();
$title = trim($_POST['title'] ?? '');
$description = trim($_POST['description'] ?? '');
$user_id = $_SESSION['user_id'];
@@ -138,9 +136,7 @@ try {
rmdir($albumDir);
}
// Delete album record (will cascade delete photos)
$cleanupConn = openDatabaseConnection();
$cleanupConn->query("DELETE FROM photo_albums WHERE album_id = " . intval($album_id));
$cleanupConn->close();
$conn->query("DELETE FROM photo_albums WHERE album_id = " . intval($album_id));
}
http_response_code(400);

12
src/processors/update_album.php
View File

@@ -1,5 +1,9 @@
<?php
session_start();
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');
if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(403);
@@ -12,12 +16,6 @@ if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
exit('Invalid request');
}
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . '/connection.php');
require_once($rootPath . '/functions.php');
$conn = openDatabaseConnection();
$album_id = intval($_POST['album_id'] ?? 0);
$title = trim($_POST['title'] ?? '');
$description = trim($_POST['description'] ?? '');