Add PayPal integration and band image upload features
- Implemented complete PayPal payment integration with checkout flow - Added payments table to database for transaction tracking - Created image upload functionality for band profiles - Added gallery management in band profiles - Updated booking flow to support PayPal payments - Added payment status display in user profiles - Included comprehensive documentation for new features New files: - upload-handler.php: REST API for image uploads - paypal-checkout.php: PayPal checkout page - paypal-process.php: Payment processing backend - PAYPAL_UPLOAD_FEATURES.md: Complete documentation - storage/uploads/bands/: Upload directory Modified files: - database.sql: Added payments table - profil.php: Added gallery and payment tracking - anfrage.php: Integrated PayPal payment option
This commit is contained in:
@@ -0,0 +1,120 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
require_once __DIR__ . '/includes/auth.php';
|
||||
requireLogin();
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$user = currentUser();
|
||||
if ($user['role'] !== 'band') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Nur Bands können Bilder hochladen']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Get band
|
||||
$stmt = db()->prepare('SELECT * FROM bands WHERE user_id = :id');
|
||||
$stmt->execute([':id' => $user['id']]);
|
||||
$band = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$band) {
|
||||
http_response_code(404);
|
||||
echo json_encode(['error' => 'Kein Bandprofil gefunden']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {
|
||||
$file = $_FILES['image'];
|
||||
|
||||
// Validate file
|
||||
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
|
||||
$maxSize = 5 * 1024 * 1024; // 5MB
|
||||
|
||||
if (!in_array($file['type'], $allowedTypes)) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Ungültiger Dateityp. Erlaubt sind: JPG, PNG, GIF, WEBP']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($file['size'] > $maxSize) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Datei zu groß (max 5MB)']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($file['error'] !== UPLOAD_ERR_OK) {
|
||||
http_response_code(500);
|
||||
echo json_encode(['error' => 'Upload-Fehler']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Generate unique filename
|
||||
$extension = pathinfo($file['name'], PATHINFO_EXTENSION);
|
||||
$filename = 'band_' . $band['id'] . '_' . uniqid() . '.' . $extension;
|
||||
$uploadPath = __DIR__ . '/storage/uploads/bands/' . $filename;
|
||||
|
||||
// Move file
|
||||
if (!move_uploaded_file($file['tmp_name'], $uploadPath)) {
|
||||
http_response_code(500);
|
||||
echo json_encode(['error' => 'Datei konnte nicht gespeichert werden']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Save to database
|
||||
$url = 'storage/uploads/bands/' . $filename;
|
||||
$stmt = db()->prepare('INSERT INTO band_media (band_id, type, url) VALUES (:band_id, :type, :url)');
|
||||
$stmt->execute([
|
||||
':band_id' => $band['id'],
|
||||
':type' => 'image',
|
||||
':url' => $url
|
||||
]);
|
||||
|
||||
$mediaId = (int) db()->lastInsertId();
|
||||
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'id' => $mediaId,
|
||||
'url' => $url,
|
||||
'message' => 'Bild erfolgreich hochgeladen'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Delete image
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
|
||||
parse_str(file_get_contents('php://input'), $deleteData);
|
||||
$mediaId = (int) ($deleteData['media_id'] ?? 0);
|
||||
|
||||
if (!$mediaId) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Keine Media-ID angegeben']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check ownership
|
||||
$stmt = db()->prepare('SELECT * FROM band_media WHERE id = :id AND band_id = :band_id');
|
||||
$stmt->execute([':id' => $mediaId, ':band_id' => $band['id']]);
|
||||
$media = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$media) {
|
||||
http_response_code(404);
|
||||
echo json_encode(['error' => 'Bild nicht gefunden']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Delete file
|
||||
$filePath = __DIR__ . '/' . $media['url'];
|
||||
if (file_exists($filePath) && strpos($media['url'], 'storage/uploads/') === 0) {
|
||||
unlink($filePath);
|
||||
}
|
||||
|
||||
// Delete from database
|
||||
$stmt = db()->prepare('DELETE FROM band_media WHERE id = :id');
|
||||
$stmt->execute([':id' => $mediaId]);
|
||||
|
||||
echo json_encode(['success' => true, 'message' => 'Bild gelöscht']);
|
||||
exit;
|
||||
}
|
||||
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Ungültige Anfrage']);
|
||||
Reference in New Issue
Block a user