102 lines
3.3 KiB
PHP
102 lines
3.3 KiB
PHP
<?php
|
|
require_once("env.php");
|
|
require_once("session.php");
|
|
require_once("connection.php");
|
|
require_once("functions.php");
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
http_response_code(401);
|
|
echo "Not authorized";
|
|
exit;
|
|
}
|
|
|
|
$article_id = (int)($_POST['id'] ?? 0);
|
|
$title = $_POST['title'] ?? '';
|
|
$content = $_POST['content'] ?? '';
|
|
$description = $_POST['subtitle'] ?? '';
|
|
$category = $_POST['category'] ?? '';
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
|
|
// Default to current user
|
|
$author_id = $_SESSION['user_id'];
|
|
|
|
// Allow override if admin
|
|
$role = getUserRole();
|
|
if (($role === 'admin' || $role === 'superadmin') && isset($_POST['author'])) {
|
|
$author_id = (int)$_POST['author'];
|
|
}
|
|
echo $author_id;
|
|
|
|
$cover_image_path = null;
|
|
|
|
// Only attempt upload if a file was submitted
|
|
if (!empty($_FILES['cover_image']['name'])) {
|
|
$uploadDir = __DIR__ . "/uploads/blogs/".$article_id."/images/";
|
|
if (!is_dir($uploadDir)) {
|
|
mkdir($uploadDir, 0777, true);
|
|
}
|
|
|
|
// Sanitize and rename file
|
|
$originalName = basename($_FILES['cover_image']['name']);
|
|
$originalName = preg_replace("/[^a-zA-Z0-9\._-]/", "_", $originalName); // remove unsafe characters
|
|
|
|
$targetPath = $uploadDir . $originalName;
|
|
$publicPath = "/uploads/blogs/".$article_id."/images/" . $originalName;
|
|
|
|
// Error detection before upload
|
|
$fileError = $_FILES['cover_image']['error'];
|
|
if ($fileError !== UPLOAD_ERR_OK) {
|
|
$errorMessages = [
|
|
UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
|
|
UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive in the HTML form.',
|
|
UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
|
|
UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
|
|
UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
|
|
UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
|
|
UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the upload.',
|
|
];
|
|
$errorMessage = $errorMessages[$fileError] ?? 'Unknown upload error.';
|
|
http_response_code(500);
|
|
echo "Upload error: $errorMessage";
|
|
exit;
|
|
}
|
|
|
|
// Skip upload if identical file already exists
|
|
if (file_exists($targetPath)) {
|
|
$cover_image_path = $publicPath;
|
|
} else {
|
|
if (move_uploaded_file($_FILES['cover_image']['tmp_name'], $targetPath)) {
|
|
$cover_image_path = $publicPath;
|
|
} else {
|
|
http_response_code(500);
|
|
echo "Failed to move uploaded file.";
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Prepare SQL with/without image update
|
|
if ($cover_image_path) {
|
|
$stmt = $conn->prepare("
|
|
UPDATE blogs
|
|
SET title = ?, content = ?, description = ?, category = ?, image = ?, author = ?
|
|
WHERE blog_id = ?
|
|
");
|
|
$stmt->bind_param("ssssssi", $title, $content, $description, $category, $cover_image_path, $author_id, $article_id);
|
|
} else {
|
|
$stmt = $conn->prepare("
|
|
UPDATE blogs
|
|
SET title = ?, content = ?, description = ?, category = ?, author = ?
|
|
WHERE blog_id = ?
|
|
");
|
|
$stmt->bind_param("ssssii", $title, $content, $description, $category, $author_id, $article_id);
|
|
}
|
|
|
|
if ($stmt->execute()) {
|
|
echo "Saved";
|
|
} else {
|
|
http_response_code(500);
|
|
echo "Database update failed: " . $stmt->error;
|
|
}
|