File: C:/laragon/www/dropbymatte/upload.php
<?php ob_start(); ?>
<?php session_start(); ?>
<?php header('Content-Type: application/json'); ?>
<?php require 'config.php'; ?>
<?php ob_end_clean(); ?>
<?php
if (!isset($_SESSION['admin'])) {
echo json_encode(['success' => false, 'error' => 'Sessione scaduta']);
exit;
}
if (!isset($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) {
echo json_encode(['success' => false, 'error' => 'File non ricevuto']);
exit;
}
$file_password = $_POST['password'] ?? '';
if (empty($file_password)) {
echo json_encode(['success' => false, 'error' => 'Password mancante']);
exit;
}
// ✅ ORDINE CORRETTO - PRIMA filename
$filename = preg_replace('/[^a-zA-Z0-9._-]/', '_', $_FILES['file']['name']);
$id = bin2hex(random_bytes(16));
$filepath = "uploads/" . $id . "_" . $filename;
$filesize = $_FILES['file']['size'];
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $_FILES['file']['tmp_name']);
finfo_close($finfo);
if (!str_starts_with($mime, 'audio/')) {
echo json_encode(['success' => false, 'error' => 'Solo audio']);
exit;
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $filepath)) {
$stmt = $pdo->prepare("INSERT INTO files (id, filename, filepath, filesize, file_password) VALUES (?, ?, ?, ?, ?)");
$stmt->execute([$id, $filename, $filepath, $filesize, password_hash($file_password, PASSWORD_DEFAULT)]);
echo json_encode(['success' => true, 'link' => "player.php?id=$id"]);
} else {
echo json_encode(['success' => false, 'error' => 'Errore salvataggio']);
}
?>