| Server IP : 158.247.231.215 / Your IP : 216.73.217.84 Web Server : Apache/2.4.41 (Ubuntu) System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 8.0.30 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /mnt/blockstorage/ctms/api/custom-api/ |
Upload File : |
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
// Load WordPress and auth helper
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');
include('../database.php');
// Verify JWT token
$user_id = verify_jwt_token();
if (!$user_id) {
send_error_response('User not authenticated', 401);
}
/**
* Upload file for VR content
*/
function upload_vr_file($file, $content_id, $type = 'thumbnail', $index = null) {
if (!isset($file) || $file['error'] !== UPLOAD_ERR_OK) {
return array('success' => false, 'message' => 'File upload error: ' . $file['error']);
}
// Validate file type
$allowed_types = array(
'thumbnail' => array('image/jpeg', 'image/png', 'image/gif', 'image/webp'),
'video' => array('video/mp4', 'video/webm', 'video/ogg', 'video/quicktime'),
'gallery' => array('image/jpeg', 'image/png', 'image/gif', 'image/webp')
);
if (!isset($allowed_types[$type]) || !in_array($file['type'], $allowed_types[$type])) {
return array('success' => false, 'message' => 'Invalid file type for ' . $type);
}
// Create directory for content
$content_dir = '/mnt/blockstorage/ctms/vr-content-uploads/contents/' . $content_id;
if (!file_exists($content_dir)) {
mkdir($content_dir, 0755, true);
chown($content_dir, 'www-data');
chgrp($content_dir, 'www-data');
}
// Generate filename
$extension = pathinfo($file['name'], PATHINFO_EXTENSION);
if ($index !== null) {
$filename = $type . '_' . $index . '_' . time() . '.' . $extension;
} else {
$filename = $type . '.' . $extension;
}
$file_path = $content_dir . '/' . $filename;
// Move uploaded file
if (!move_uploaded_file($file['tmp_name'], $file_path)) {
return array('success' => false, 'message' => 'Failed to move uploaded file');
}
// Set permissions
chmod($file_path, 0644);
chown($file_path, 'www-data');
chgrp($file_path, 'www-data');
// Return relative path
$relative_path = 'contents/' . $content_id . '/' . $filename;
$url = 'https://training.contentsda.kr/vr-content-uploads/' . $relative_path;
return array('success' => true, 'path' => $relative_path, 'url' => $url);
}
/**
* Sanitize filename
*/
function sanitize_filename($filename) {
$filename = preg_replace('/[^a-zA-Z0-9-_.]/', '-', $filename);
$filename = preg_replace('/-+/', '-', $filename);
return $filename;
}
// Main processing
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try {
// Get POST data
$title = isset($_POST['title']) ? $conn->real_escape_string(trim($_POST['title'])) : '';
$description = isset($_POST['description']) ? $conn->real_escape_string(trim($_POST['description'])) : '';
$created_by = isset($_POST['created_by']) ? intval($_POST['created_by']) : 1;
// Validate required fields
if (empty($title)) {
throw new Exception('Title is required');
}
// Create content record
$sql = "INSERT INTO vr_contents (title, description, created_by, status)
VALUES ('$title', '$description', $created_by, 'active')";
if ($conn->query($sql) !== TRUE) {
throw new Exception('Failed to create content: ' . $conn->error);
}
$content_id = $conn->insert_id;
$thumbnail_url = null;
$video_path = null;
$video_url = null;
// Handle thumbnail upload (save to vr_content_images table)
if (isset($_FILES['thumbnail']) && $_FILES['thumbnail']['error'] === UPLOAD_ERR_OK) {
$result = upload_vr_file($_FILES['thumbnail'], $content_id, 'thumbnail');
if ($result['success']) {
$thumbnail_url = $result['url'];
// Insert into vr_content_images table
$image_path = $conn->real_escape_string($result['path']);
$insert_sql = "INSERT INTO vr_content_images (content_id, image_path, image_type, display_order)
VALUES ($content_id, '$image_path', 'thumbnail', -1)";
if ($conn->query($insert_sql) !== TRUE) {
error_log('Failed to insert thumbnail into vr_content_images: ' . $conn->error);
}
} else {
// Non-fatal error, continue
error_log('Thumbnail upload failed: ' . $result['message']);
}
}
// Handle video upload
if (isset($_FILES['video']) && $_FILES['video']['error'] === UPLOAD_ERR_OK) {
$result = upload_vr_file($_FILES['video'], $content_id, 'video');
if ($result['success']) {
$video_path = $result['path'];
$video_url = $result['url'];
// Update vr_contents with video path
$update_sql = "UPDATE vr_contents SET video_path = '" . $conn->real_escape_string($video_path) . "' WHERE id = $content_id";
$conn->query($update_sql);
} else {
// Non-fatal error, continue
error_log('Video upload failed: ' . $result['message']);
}
}
// Handle multiple gallery images
$gallery_images = array();
if (isset($_FILES['images']) && is_array($_FILES['images']['tmp_name'])) {
$file_count = count($_FILES['images']['tmp_name']);
for ($i = 0; $i < $file_count; $i++) {
// Skip if no file or error
if (!isset($_FILES['images']['tmp_name'][$i]) || $_FILES['images']['error'][$i] !== UPLOAD_ERR_OK) {
continue;
}
// Prepare file array for upload_vr_file function
$file = array(
'name' => $_FILES['images']['name'][$i],
'type' => $_FILES['images']['type'][$i],
'tmp_name' => $_FILES['images']['tmp_name'][$i],
'error' => $_FILES['images']['error'][$i],
'size' => $_FILES['images']['size'][$i]
);
$result = upload_vr_file($file, $content_id, 'gallery', $i);
if ($result['success']) {
// Insert into vr_content_images table
$image_path = $conn->real_escape_string($result['path']);
$insert_sql = "INSERT INTO vr_content_images (content_id, image_path, image_type, display_order)
VALUES ($content_id, '$image_path', 'gallery', $i)";
if ($conn->query($insert_sql) === TRUE) {
$gallery_images[] = array(
'id' => $conn->insert_id,
'url' => $result['url'],
'display_order' => $i
);
}
} else {
error_log('Gallery image upload failed: ' . $result['message']);
}
}
}
// Get all images from vr_content_images table
$all_images = array();
$all_images_sql = "SELECT * FROM vr_content_images WHERE content_id = $content_id ORDER BY display_order";
$all_images_result = $conn->query($all_images_sql);
while ($img_row = $all_images_result->fetch_assoc()) {
$all_images[] = array(
'id' => intval($img_row['id']),
'url' => 'https://training.contentsda.kr/vr-content-uploads/' . $img_row['image_path'],
'image_type' => $img_row['image_type'],
'display_order' => intval($img_row['display_order'])
);
}
// Success response
$response = array(
'status' => 'success',
'message' => 'VR content created successfully',
'data' => array(
'content_id' => $content_id,
'title' => $title,
'description' => $description,
'thumbnail_url' => $thumbnail_url, // Deprecated, use all_images
'video_url' => $video_url,
'all_images' => $all_images,
'images_count' => count($all_images)
)
);
header('Content-Type: application/json');
echo json_encode($response);
} catch (Exception $e) {
// Rollback: delete content if it was created
if (isset($content_id)) {
$conn->query("DELETE FROM vr_contents WHERE id = $content_id");
// Delete uploaded files
$content_dir = '/mnt/blockstorage/ctms/vr-content-uploads/contents/' . $content_id;
if (file_exists($content_dir)) {
array_map('unlink', glob("$content_dir/*.*"));
rmdir($content_dir);
}
}
$response = array(
'status' => 'error',
'message' => $e->getMessage()
);
header('Content-Type: application/json');
http_response_code(400);
echo json_encode($response);
}
$conn->close();
} else {
$response = array(
'status' => 'error',
'message' => 'Only POST requests are allowed'
);
header('Content-Type: application/json');
http_response_code(405);
echo json_encode($response);
}
?>