615866d215
- Implemented complete PayPal payment integration with checkout flow - Added payments table to database for transaction tracking - Created image upload functionality for band profiles - Added gallery management in band profiles - Updated booking flow to support PayPal payments - Added payment status display in user profiles - Included comprehensive documentation for new features New files: - upload-handler.php: REST API for image uploads - paypal-checkout.php: PayPal checkout page - paypal-process.php: Payment processing backend - PAYPAL_UPLOAD_FEATURES.md: Complete documentation - storage/uploads/bands/: Upload directory Modified files: - database.sql: Added payments table - profil.php: Added gallery and payment tracking - anfrage.php: Integrated PayPal payment option
121 lines
3.4 KiB
PHP
121 lines
3.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/includes/auth.php';
|
|
requireLogin();
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$user = currentUser();
|
|
if ($user['role'] !== 'band') {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Nur Bands können Bilder hochladen']);
|
|
exit;
|
|
}
|
|
|
|
// Get band
|
|
$stmt = db()->prepare('SELECT * FROM bands WHERE user_id = :id');
|
|
$stmt->execute([':id' => $user['id']]);
|
|
$band = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$band) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Kein Bandprofil gefunden']);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {
|
|
$file = $_FILES['image'];
|
|
|
|
// Validate file
|
|
$allowedTypes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
|
|
$maxSize = 5 * 1024 * 1024; // 5MB
|
|
|
|
if (!in_array($file['type'], $allowedTypes)) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Ungültiger Dateityp. Erlaubt sind: JPG, PNG, GIF, WEBP']);
|
|
exit;
|
|
}
|
|
|
|
if ($file['size'] > $maxSize) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Datei zu groß (max 5MB)']);
|
|
exit;
|
|
}
|
|
|
|
if ($file['error'] !== UPLOAD_ERR_OK) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Upload-Fehler']);
|
|
exit;
|
|
}
|
|
|
|
// Generate unique filename
|
|
$extension = pathinfo($file['name'], PATHINFO_EXTENSION);
|
|
$filename = 'band_' . $band['id'] . '_' . uniqid() . '.' . $extension;
|
|
$uploadPath = __DIR__ . '/storage/uploads/bands/' . $filename;
|
|
|
|
// Move file
|
|
if (!move_uploaded_file($file['tmp_name'], $uploadPath)) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Datei konnte nicht gespeichert werden']);
|
|
exit;
|
|
}
|
|
|
|
// Save to database
|
|
$url = 'storage/uploads/bands/' . $filename;
|
|
$stmt = db()->prepare('INSERT INTO band_media (band_id, type, url) VALUES (:band_id, :type, :url)');
|
|
$stmt->execute([
|
|
':band_id' => $band['id'],
|
|
':type' => 'image',
|
|
':url' => $url
|
|
]);
|
|
|
|
$mediaId = (int) db()->lastInsertId();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'id' => $mediaId,
|
|
'url' => $url,
|
|
'message' => 'Bild erfolgreich hochgeladen'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
// Delete image
|
|
if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
|
|
parse_str(file_get_contents('php://input'), $deleteData);
|
|
$mediaId = (int) ($deleteData['media_id'] ?? 0);
|
|
|
|
if (!$mediaId) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Keine Media-ID angegeben']);
|
|
exit;
|
|
}
|
|
|
|
// Check ownership
|
|
$stmt = db()->prepare('SELECT * FROM band_media WHERE id = :id AND band_id = :band_id');
|
|
$stmt->execute([':id' => $mediaId, ':band_id' => $band['id']]);
|
|
$media = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$media) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Bild nicht gefunden']);
|
|
exit;
|
|
}
|
|
|
|
// Delete file
|
|
$filePath = __DIR__ . '/' . $media['url'];
|
|
if (file_exists($filePath) && strpos($media['url'], 'storage/uploads/') === 0) {
|
|
unlink($filePath);
|
|
}
|
|
|
|
// Delete from database
|
|
$stmt = db()->prepare('DELETE FROM band_media WHERE id = :id');
|
|
$stmt->execute([':id' => $mediaId]);
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Bild gelöscht']);
|
|
exit;
|
|
}
|
|
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Ungültige Anfrage']);
|