admin/38350-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38350-vm/api/upload_chat_image.php
Flatlogic Bot 23ce9c4446 最新完美
2026-02-14 05:11:30 +00:00

80 lines
2.9 KiB
PHP
Raw Blame History

<?php
require_once '../db/config.php';
session_start();
header('Content-Type: application/json');
// Check authorization - either user session or admin session
// For simplicity in this environment, we assume if it's called from admin it might have different session or we check params
// But usually admin also has session_start() and auth.php
$pdo = db();
$sender = isset($_GET['sender']) && $_GET['sender'] === 'admin' ? 'admin' : 'user';
$user_id = isset($_GET['user_id']) ? $_GET['user_id'] : ($_SESSION['user_id'] ?? null);
if (!$user_id) {
echo json_encode(['success' => false, 'error' => 'Unauthorized or missing User ID']);
exit;
}
// Handle Confirm Payment action (User only)
if (isset($_GET['action']) && $_GET['action'] === 'confirm_payment' && $sender === 'user') {
$stmt = $pdo->prepare("SELECT id FROM fiat_orders WHERE user_id = ? AND status = 'matched' ORDER BY id DESC LIMIT 1");
$stmt->execute([$user_id]);
$order = $stmt->fetch();
if (!$order) {
echo json_encode(['success' => false, 'error' => '没有待确认的订单']);
exit;
}
$stmt = $pdo->prepare("UPDATE fiat_orders SET status = 'submitting' WHERE id = ?");
$stmt->execute([$order['id']]);
$pdo->prepare("INSERT INTO messages (user_id, sender, message) VALUES (?, 'user', '我已完成支付,请查收凭证。')")->execute([$user_id]);
echo json_encode(['success' => true]);
exit;
}
if (!isset($_FILES['image'])) {
echo json_encode(['success' => false, 'error' => 'No image uploaded']);
exit;
}
$file = $_FILES['image'];
$ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
$allowed = ['jpg', 'jpeg', 'png', 'gif'];
if (!in_array($ext, $allowed)) {
echo json_encode(['success' => false, 'error' => 'Invalid file type']);
exit;
}
$filename = 'chat_' . ($sender === 'admin' ? 'admin_' : '') . $user_id . '_' . time() . '_' . mt_rand(1000, 9999) . '.' . $ext;
$dir = '../assets/images/chat/';
if (!is_dir($dir)) mkdir($dir, 0775, true);
$target = $dir . $filename;
if (move_uploaded_file($file['tmp_name'], $target)) {
$path = 'assets/images/chat/' . $filename;
$stmt = $pdo->prepare("INSERT INTO messages (user_id, sender, type, message) VALUES (?, ?, 'image', ?)");
$stmt->execute([$user_id, $sender, $path]);
// If it's a user uploading, also update active order proof
if ($sender === 'user') {
$stmt = $pdo->prepare("SELECT id FROM fiat_orders WHERE user_id = ? AND status IN ('matched', 'matching', 'submitting') ORDER BY id DESC LIMIT 1");
$stmt->execute([$user_id]);
$order = $stmt->fetch();
if ($order) {
$stmt = $pdo->prepare("UPDATE fiat_orders SET proof_image = ? WHERE id = ?");
$stmt->execute([$path, $order['id']]);
}
}
echo json_encode(['success' => true, 'path' => $path]);
} else {
echo json_encode(['success' => false, 'error' => 'Failed to save image']);
}
Reference in New Issue View Git Blame Copy Permalink