assetmgt/api/v2/post/media_upload.php

<?php
defined($security_key) or exit;

//------------------------------------------
// Media_upload
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

if (!isset($_FILES['image'])) {
    echo json_encode(['error' => 'No file uploaded']);
    exit;
}

$file = $_FILES['image'];

// Validate file type
$allowedTypes = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
$filename = $file['name'];
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));

if (!in_array($ext, $allowedTypes)) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid file type. Only JPEG, PNG, GIF, and WebP allowed.']);
    exit;
}

$target_dir = dirname(__FILE__, 4)."/assets/images/media/";

$title = uniqid().'_'.time().'_'.$input['title'];
$full_path = $target_dir . $title;
$logical_dir = "assets/images/media/".$title;

if (move_uploaded_file($file['tmp_name'], $full_path)) {
    //BUILD UP PARTNERHIERARCHY FROM USER
    $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);

    //If succesfull recvieved store in DB
    $insert_media_sql = 'INSERT INTO `media`(`title`, `full_path`, `createdby`,`accounthierarchy`) VALUES (?,?,?,?)';
    $stmt = $pdo->prepare(  $insert_media_sql);
    $stmt->execute([$title,$logical_dir,$username,$partner_product]);
    // Return ID            
    $media_rowID = $pdo->lastInsertId();
    
    //assign picture to dealer
    if(isset($input['dealer_id']) && !empty($input['dealer_id'])){
        $dealer_id = decodeUuid($input['dealer_id']);
        $update_dealer = 'UPDATE dealers SET dealer_media = ? , updatedby = ? WHERE rowID = ?';
        $stmt = $pdo->prepare(  $update_dealer);
        $stmt->execute([$media_rowID,$username,$dealer_id]);
    }

    echo json_encode(['success' => true, 'path' => $logical_dir]);

} 
else {   
    echo json_encode(['error' => 'Failed to move file']);
}

?>