GeoLite/upload_thumbnail.php at main · AcuGIS/GeoLite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
// Start session before ANY output
session_start();

// Start output buffering
ob_start();

// Include Auth and Database
require_once 'incl/const.php';
require_once 'incl/Auth.php';
require_once 'incl/Database.php';

// Function to send JSON and exit cleanly
function sendJson($data) {
    ob_end_clean();
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode($data);
    exit;
}

// Check authentication
ensureSession();
if (!isLoggedIn()) {
    sendJson(['success' => false, 'message' => 'Not authenticated']);
}

// Check method
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendJson(['success' => false, 'message' => 'Invalid request method']);
}

// Get parameters
$itemType = $_POST['item_type'] ?? '';
$itemId = intval($_POST['item_id'] ?? 0);

if (empty($itemType) || $itemId <= 0) {
    sendJson(['success' => false, 'message' => 'Invalid parameters']);
}

// Check if user has edit permission
if (!canEdit($itemType, $itemId)) {
    sendJson(['success' => false, 'message' => 'You do not have permission to edit this item']);
}

// Validate item type
$validTypes = ['map', 'dashboard', 'document', 'html_page'];
if (!in_array($itemType, $validTypes)) {
    sendJson(['success' => false, 'message' => 'Invalid item type']);
}

// Check file upload
if (!isset($_FILES['thumbnail']) || $_FILES['thumbnail']['error'] !== UPLOAD_ERR_OK) {
    sendJson(['success' => false, 'message' => 'No file uploaded or upload error']);
}

// Validate file type - use extension like documents.php does
$file = $_FILES['thumbnail'];
$originalFilename = basename($file['name']);
$extension = strtolower(pathinfo($originalFilename, PATHINFO_EXTENSION));

$allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
if (!in_array($extension, $allowedExtensions)) {
    sendJson(['success' => false, 'message' => 'Invalid file type. Only JPG, PNG, GIF, and WebP images are allowed.']);
}

// Validate file size (max 5MB)
$maxSize = 5 * 1024 * 1024;
if ($file['size'] > $maxSize) {
    sendJson(['success' => false, 'message' => 'File too large. Maximum size is 5MB.']);
}

// Create thumbnails directory
$uploadDir = 'assets/thumbnails';

// Generate unique filename
$filename = $itemType . '_' . $itemId . '_' . uniqid() . '.' . $extension;
$uploadPath = $uploadDir . '/' . $filename;

// Move uploaded file
if (!move_uploaded_file($file['tmp_name'], $uploadPath)) {
    sendJson(['success' => false, 'message' => 'Failed to save file']);
}

// Update database
$relativePath = 'assets/thumbnails/' . $filename;

try {
    switch ($itemType) {
        case 'map':
            updateMapThumbnail($itemId, $relativePath);
            break;
        case 'dashboard':
            updateDashboardThumbnail($itemId, $relativePath);
            break;
        case 'document':
            updateDocumentThumbnail($itemId, $relativePath);
            break;
        case 'html_page':
            updateHtmlPageThumbnail($itemId, $relativePath);
            break;
    }

    sendJson([
        'success' => true,
        'message' => 'Thumbnail uploaded successfully',
        'thumbnail_path' => $relativePath
    ]);

} catch (Exception $e) {
    // Delete uploaded file if database fails
    if (file_exists($uploadPath)) {
        unlink($uploadPath);
    }

    sendJson([
        'success' => false,
        'message' => 'Failed to update database: ' . $e->getMessage()
    ]);
}