Path : /home/vishqocm/pcib.in/admin/
File Upload :
Current File : //home/vishqocm/pcib.in/admin/add_slider.php

<?php
session_start();
require_once '../config/database.php';

// Check if user is logged in and is admin
if (!isset($_SESSION['user_id']) || ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'director')) {
    header('Location: login.php');
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $title = trim($_POST['title'] ?? '');
    $description = trim($_POST['description'] ?? '');
    $link_url = trim($_POST['link_url'] ?? '');
    
    $errors = [];
    
    // Validate title
    if (empty($title)) {
        $errors[] = "Title is required";
    }
    
    // Validate image
    if (!isset($_FILES['image']) || $_FILES['image']['error'] !== UPLOAD_ERR_OK) {
        $errors[] = "Image is required";
    } else {
        $file = $_FILES['image'];
        $allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
        $max_size = 5 * 1024 * 1024; // 5MB
        
        if (!in_array($file['type'], $allowed_types)) {
            $errors[] = "Invalid file type. Only JPG, PNG, and GIF are allowed";
        }
        
        if ($file['size'] > $max_size) {
            $errors[] = "File size too large. Maximum size is 5MB";
        }
    }
    
    if (empty($errors)) {
        // Create uploads directory if it doesn't exist
        $upload_dir = '../uploads/slider/';
        if (!file_exists($upload_dir)) {
            mkdir($upload_dir, 0777, true);
        }
        
        // Generate unique filename
        $file_extension = pathinfo($file['name'], PATHINFO_EXTENSION);
        $filename = uniqid() . '.' . $file_extension;
        $filepath = $upload_dir . $filename;
        
        // Move uploaded file
        if (move_uploaded_file($file['tmp_name'], $filepath)) {
            // Get the next order number
            $stmt = $conn->prepare("SELECT MAX(order_number) as max_order FROM slider_images");
            $stmt->execute();
            $result = $stmt->get_result();
            $max_order = $result->fetch_assoc()['max_order'];
            $next_order = $max_order ? $max_order + 1 : 0;
            
            // Insert slider into database
            $image_url = 'uploads/slider/' . $filename;
            $stmt = $conn->prepare("
                INSERT INTO slider_images (title, description, image_url, link_url, order_number)
                VALUES (?, ?, ?, ?, ?)
            ");
            
            $stmt->bind_param("ssssi", $title, $description, $image_url, $link_url, $next_order);
            
            if ($stmt->execute()) {
                $_SESSION['success_message'] = "Slider image added successfully";
                header('Location: slider.php');
                exit();
            } else {
                $errors[] = "Error adding slider: " . $conn->error;
            }
        } else {
            $errors[] = "Error uploading file";
        }
    }
    
    // If there are errors, store them in session and redirect back
    $_SESSION['error_messages'] = $errors;
    $_SESSION['form_data'] = $_POST;
    header('Location: slider.php');
    exit();
}

// If not POST request, redirect to slider page
header('Location: slider.php');
exit();