File Manager
Editing: processproductuser.php
<?php session_start(); // Start the session // Disable output buffering if (ob_get_level()) { ob_end_flush(); } header('Content-Type: application/json'); header('Cache-Control: no-cache'); header('Connection: keep-alive'); flush(); // Check if the user is logged in if (!isset($_SESSION['user_id'])) { echo json_encode(["success" => false, "message" => "User not logged in"]); exit(); } $user_id = $_SESSION['user_id']; // Retrieve user ID from session $username = $_SESSION['username']; // Retrieve username from session // Database connection $host = "127.0.0.1:3306"; $dbUsername = "u404542307_dacotywebsites"; $password = "daCotywebs1te5"; $database = "u404542307_eizon"; try { $pdo = new PDO("mysql:host=$host;dbname=$database", $dbUsername, $password); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo json_encode(["success" => false, "message" => "Database connection error"]); exit(); } // Validate and process the form data if ($_SERVER["REQUEST_METHOD"] === "POST") { // Sanitize inputs $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $description = filter_input(INPUT_POST, 'description', FILTER_SANITIZE_STRING); $price = filter_input(INPUT_POST, 'price', FILTER_VALIDATE_FLOAT); $contacts = filter_input(INPUT_POST, 'contacts', FILTER_SANITIZE_STRING); $countryCode = filter_input(INPUT_POST, 'country_code', FILTER_SANITIZE_STRING); // Retrieve country code $category = filter_input(INPUT_POST, 'category', FILTER_SANITIZE_STRING); $region = filter_input(INPUT_POST, 'region', FILTER_SANITIZE_STRING); $state = filter_input(INPUT_POST, 'state', FILTER_SANITIZE_STRING); // Check for missing fields if (!$name || !$description || !$price || !$contacts || !$countryCode || !$category || !$region || !$state) { echo json_encode(["success" => false, "message" => "All fields are required."]); exit(); } // Validate and process uploaded images $imagePaths = []; $uploadDir = 'uploads/'; // Allowed MIME types $allowedMimeTypes = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'image/webp']; // Increase max file size to accommodate high-quality phone camera images $maxFileSize = 10 * 1024 * 1024; // 10 MB if (isset($_FILES['images']) && count(array_filter($_FILES['images']['name'])) === 3) { foreach ($_FILES['images']['name'] as $key => $filename) { if ($_FILES['images']['error'][$key] === UPLOAD_ERR_OK) { $tmpName = $_FILES['images']['tmp_name'][$key]; $fileSize = $_FILES['images']['size'][$key]; $fileType = mime_content_type($tmpName); // Validate file type and size if (!in_array($fileType, $allowedMimeTypes)) { echo json_encode(["success" => false, "message" => "Invalid file type for image " . ($key + 1)]); exit(); } if ($fileSize > $maxFileSize) { echo json_encode(["success" => false, "message" => "File size exceeds limit for image " . ($key + 1)]); exit(); } // Generate a unique name for the image $uniqueName = uniqid() . '.webp'; $destination = $uploadDir . $uniqueName; // Convert image to WebP format if ($fileType === 'image/jpeg' || $fileType === 'image/jpg') { $image = imagecreatefromjpeg($tmpName); } elseif ($fileType === 'image/png') { $image = imagecreatefrompng($tmpName); } elseif ($fileType === 'image/gif') { $image = imagecreatefromgif($tmpName); } elseif ($fileType === 'image/webp') { $image = imagecreatefromwebp($tmpName); } else { echo json_encode(["success" => false, "message" => "Unsupported image type for image " . ($key + 1)]); exit(); } // Save the image in WebP format if ($image && imagewebp($image, $destination, 80)) { // 80 is the quality (0-100) imagedestroy($image); // Free up memory $imagePaths[] = $destination; } else { echo json_encode(["success" => false, "message" => "Error converting image to WebP for image " . ($key + 1)]); exit(); } } else { echo json_encode(["success" => false, "message" => "Error in image upload " . ($key + 1)]); exit(); } } } else { echo json_encode(["success" => false, "message" => "Please upload exactly three images."]); exit(); } // Insert product into the database $delete_token = bin2hex(random_bytes(16)); // Generate a unique token $sql = "INSERT INTO cards (name, description, state, image1, image2, image3, price, contacts, country_code, category, delete_token, region, user_id) VALUES (:name, :description, :state, :image1, :image2, :image3, :price, :contacts, :country_code, :category, :delete_token, :region, :user_id)"; try { $stmt = $pdo->prepare($sql); $stmt->execute([ ':name' => $name, ':description' => $description, ':state' => $state, ':image1' => $imagePaths[0], ':image2' => $imagePaths[1], ':image3' => $imagePaths[2], ':price' => $price, ':contacts' => $contacts, ':country_code' => $countryCode, // Add country code to the database ':category' => $category, ':delete_token' => $delete_token, ':region' => $region, ':user_id' => $user_id, ]); // Generate HTML for the new product card $productHTML = " <div class='generalcard'> <div class='card'> <div class='card-inner'> <div class='card-front'> <div class='slideshow'> <img src='{$imagePaths[0]}' alt='Image 1'> <img src='{$imagePaths[1]}' alt='Image 2'> <img src='{$imagePaths[2]}' alt='Image 3'> </div> </div> <div class='card-back'> <h3>" . htmlspecialchars($name) . "</h3> <p class='over'>" . htmlspecialchars($description) . "</p> <p>" . htmlspecialchars($state) . "</p> <button class='edit-price-btn'>Edit Price</button> <button onclick='deleteProduct()'>Delete</button> </div> </div> </div> <div class='pricetag'> <p>Price: " . htmlspecialchars($price) . " /=</p> </div> </div> "; // Send success response echo json_encode(["success" => true, "message" => "Product added successfully.", "productHTML" => $productHTML]); } catch (PDOException $e) { echo json_encode(["success" => false, "message" => "Error inserting product: " . $e->getMessage()]); } } ?>
💾 Save
⬅ Back