1 files changed, 0 insertions, 66 deletions
diff --git a/src/upload.php b/src/upload.php
deleted file mode 100644
index 62db139..0000000
--- a/src/upload.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php
-/* upload.php — handle image uploads */
-header('Content-Type: application/json');
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    http_response_code(405);
-    echo json_encode(['error' => 'Method not allowed']);
-    exit;
-}
-if (!isset($_FILES['image']) || $_FILES['image']['error'] !== UPLOAD_ERR_OK) {
-    $code = $_FILES['image']['error'] ?? 'unknown';
-    http_response_code(400);
-    echo json_encode(['error' => "Upload failed (code: $code)"]);
-    exit;
-}
-$file    = $_FILES['image'];
-$allowed = [
-    'image/png', 'image/jpeg', 'image/gif',
-    'image/webp', 'image/svg+xml', 'image/bmp',
-];
-$finfo = finfo_open(FILEINFO_MIME_TYPE);
-$mime  = finfo_file($finfo, $file['tmp_name']);
-finfo_close($finfo);
-if (!in_array($mime, $allowed, true)) {
-    http_response_code(400);
-    echo json_encode(['error' => "Invalid file type: $mime"]);
-    exit;
-}
-$ext = match ($mime) {
-    'image/png'     => 'png',
-    'image/jpeg'    => 'jpg',
-    'image/gif'     => 'gif',
-    'image/webp'    => 'webp',
-    'image/svg+xml' => 'svg',
-    'image/bmp'     => 'bmp',
-    default         => 'bin',
-};
-/* generate safe filename */
-$basename = pathinfo($file['name'], PATHINFO_FILENAME);
-$basename = preg_replace('/[^a-zA-Z0-9_-]/', '_', $basename);
-$basename = substr($basename, 0, 64);
-$filename = $basename . '_' . bin2hex(random_bytes(4)) . '.' . $ext;
-$uploadDir = __DIR__ . '/uploads';
-if (!is_dir($uploadDir)) {
-    mkdir($uploadDir, 0755, true);
-}
-$dest = $uploadDir . '/' . $filename;
-if (!move_uploaded_file($file['tmp_name'], $dest)) {
-    http_response_code(500);
-    echo json_encode(['error' => 'Failed to save file']);
-    exit;
-}
-echo json_encode([
-    'filename' => $filename,
-    'url'      => 'uploads/' . $filename,
-]);

diff --git a/src/upload.php b/src/upload.php deleted file mode 100644 index 62db139..0000000 --- a/src/upload.php +++ /dev/null
@@ -1,66 +0,0 @@
1	<?php
2	/* upload.php — handle image uploads */
3
4	header('Content-Type: application/json');
5
6	if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
7	http_response_code(405);
8	echo json_encode(['error' => 'Method not allowed']);
9	exit;
10	}
11
12	if (!isset($_FILES['image']) \|\| $_FILES['image']['error'] !== UPLOAD_ERR_OK) {
13	$code = $_FILES['image']['error'] ?? 'unknown';
14	http_response_code(400);
15	echo json_encode(['error' => "Upload failed (code: $code)"]);
16	exit;
17	}
18
19	$file = $_FILES['image'];
20	$allowed = [
21	'image/png', 'image/jpeg', 'image/gif',
22	'image/webp', 'image/svg+xml', 'image/bmp',
23	];
24
25	$finfo = finfo_open(FILEINFO_MIME_TYPE);
26	$mime = finfo_file($finfo, $file['tmp_name']);
27	finfo_close($finfo);
28
29	if (!in_array($mime, $allowed, true)) {
30	http_response_code(400);
31	echo json_encode(['error' => "Invalid file type: $mime"]);
32	exit;
33	}
34
35	$ext = match ($mime) {
36	'image/png' => 'png',
37	'image/jpeg' => 'jpg',
38	'image/gif' => 'gif',
39	'image/webp' => 'webp',
40	'image/svg+xml' => 'svg',
41	'image/bmp' => 'bmp',
42	default => 'bin',
43	};
44
45	/* generate safe filename */
46	$basename = pathinfo($file['name'], PATHINFO_FILENAME);
47	$basename = preg_replace('/[^a-zA-Z0-9_-]/', '_', $basename);
48	$basename = substr($basename, 0, 64);
49	$filename = $basename . '_' . bin2hex(random_bytes(4)) . '.' . $ext;
50
51	$uploadDir = __DIR__ . '/uploads';
52	if (!is_dir($uploadDir)) {
53	mkdir($uploadDir, 0755, true);
54	}
55
56	$dest = $uploadDir . '/' . $filename;
57	if (!move_uploaded_file($file['tmp_name'], $dest)) {
58	http_response_code(500);
59	echo json_encode(['error' => 'Failed to save file']);
60	exit;
61	}
62
63	echo json_encode([
64	'filename' => $filename,
65	'url' => 'uploads/' . $filename,
66	]);