HomeSplash/upload_icon.php at main · mwlistscom/HomeSplash · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
// upload_icon.php - compatible with both old and new clients
header('Content-Type: application/json');

function respond($arr, $code = 200) {
    http_response_code($code);
    echo json_encode($arr);
    exit;
}

$targetDir = __DIR__ . "/icons/";
$targetRelDir = "icons/";

// Accept either field name: "icon" (new) or "icon_file" (old)
$field = null;
if (isset($_FILES['icon'])) $field = 'icon';
if (isset($_FILES['icon_file'])) $field = 'icon_file';

if ($field === null) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "No file uploaded (expected field icon or icon_file)."
    ], 400);
}

$f = $_FILES[$field];

if (!isset($f['error']) || $f['error'] !== UPLOAD_ERR_OK) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "Upload error code: " . ($f['error'] ?? 'unknown')
    ], 400);
}

// Ensure directory exists
if (!is_dir($targetDir)) {
    if (!mkdir($targetDir, 0755, true)) {
        respond([
            "success" => false,
            "ok" => false,
            "error" => "Could not create icons directory."
        ], 500);
    }
}

// Constraints
$maxFileSize = 5 * 1024 * 1024; // 5MB
if (($f['size'] ?? 0) > $maxFileSize) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "File too large. Max 5MB."
    ], 400);
}

$origName = basename($f['name'] ?? 'icon');
$ext = strtolower(pathinfo($origName, PATHINFO_EXTENSION));

// Allow common icon types (kept your original list; you can add svg/webp/ico if you want)
$allowedTypes = ['jpg', 'jpeg', 'png', 'gif'];
if (!in_array($ext, $allowedTypes, true)) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "Invalid file type. Allowed: " . implode(", ", $allowedTypes)
    ], 400);
}

// Validate it is an image
$check = @getimagesize($f['tmp_name']);
if ($check === false) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "File is not a valid image."
    ], 400);
}

// Sanitize base filename
$base = pathinfo($origName, PATHINFO_FILENAME);
$base = preg_replace('/[^a-zA-Z0-9_\-]/', '_', $base);
$base = trim($base, '_');
if ($base === '') $base = 'icon';

// Resolve collisions with incrementing counter
$unique = $base . "." . $ext;
$counter = 1;
while (file_exists($targetDir . $unique)) {
    $unique = $base . "_" . $counter . "." . $ext;
    $counter++;
}

$absPath = $targetDir . $unique;
$relPath = $targetRelDir . $unique;

if (!move_uploaded_file($f['tmp_name'], $absPath)) {
    respond([
        "success" => false,
        "ok" => false,
        "error" => "Error saving uploaded file."
    ], 500);
}

@chmod($absPath, 0644);

// Return BOTH formats so any frontend can consume it
respond([
    "success" => true,
    "filename" => $unique,

    "ok" => true,
    "path" => $relPath
]);