admin/35273-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35273-vm/upload.php
Flatlogic Bot a3fa722e5f c3
2025-10-27 12:46:17 +00:00

105 lines
4.3 KiB
PHP
Raw Blame History

<?php
require_once 'config.php';
require_once 'db/config.php';
include 'header.php';
// Protected page
if (!isset($_SESSION['user_email'])) {
header('Location: login.php');
exit;
}
$message = '';
$message_type = ''; // 'success' or 'danger'
// Handle file upload
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xmlfile'])) {
$file = $_FILES['xmlfile'];
// Check for upload errors
if ($file['error'] !== UPLOAD_ERR_OK) {
$message = 'An error occurred during file upload. Please try again.';
$message_type = 'danger';
} else {
// Check file extension
$file_extension = pathinfo($file['name'], PATHINFO_EXTENSION);
if (strtolower($file_extension) !== 'xml') {
$message = 'Invalid file type. Only .xml files are allowed.';
$message_type = 'danger';
} else {
// Ensure the uploads directory exists and is writable.
if (!is_dir(UPLOADS_PATH)) {
mkdir(UPLOADS_PATH, 0755, true);
}
// Create a unique filename to prevent overwrites and sanitize the original name.
$original_filename = basename($file['name']);
$safe_filename = preg_replace("/[^a-zA-Z0-9-_\.]/", "", $original_filename);
$unique_id = uniqid();
$new_filename = $unique_id . '_' . $safe_filename;
$destination = UPLOADS_PATH . '/' . $new_filename;
// Move the file to the permanent location.
if (move_uploaded_file($file['tmp_name'], $destination)) {
// Insert a record into the database
try {
$pdo = db();
$stmt = $pdo->prepare(
'INSERT INTO uploaded_files (original_filename, new_filename, uploaded_by) VALUES (?, ?, ?)'
);
$stmt->execute([$original_filename, $new_filename, $_SESSION['user_email']]);
$message = '<strong>Success!</strong> Your file "' . htmlspecialchars($original_filename) . '" has been uploaded and is pending validation.';
$message_type = 'success';
} catch (PDOException $e) {
// If DB insert fails, it's critical to let the user know.
$message = 'File uploaded, but failed to record the submission. Please contact support.';
$message_type = 'danger';
// Optionally, log the detailed error: error_log($e->getMessage());
}
} else {
$message = 'An error occurred while saving the file. Please try again.';
$message_type = 'danger';
}
}
}
}
?>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-8">
<div class="card">
<div class="card-header">
<h2>Submit a new Report</h2>
</div>
<div class="card-body">
<p class="card-text">Please select the E-PRTR XML report file you wish to submit. The file will be validated against the required schema before being processed.</p>
<?php if ($message): ?>
<div class="alert alert-<?php echo $message_type; ?>">
<?php echo $message; ?>
</div>
<?php endif; ?>
<form action="upload.php" method="post" enctype="multipart/form-data">
<div class="mb-3">
<label for="xmlfile" class="form-label">XML Report File</label>
<input class="form-control" type="file" id="xmlfile" name="xmlfile" accept=".xml" required>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary btn-lg">
<i class="bi bi-upload me-2"></i>Upload and Validate
</button>
</div>
</form>
</div>
</div>
<div class="text-center mt-3">
<a href="dashboard.php"><i class="bi bi-arrow-left-circle"></i> Back to Dashboard</a>
</div>
</div>
</div>
</div>
<?php include 'footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink