diff --git a/api/auth/avatar.php b/api/auth/avatar.php index d574526..c70c80c 100644 --- a/api/auth/avatar.php +++ b/api/auth/avatar.php @@ -15,7 +15,10 @@ if ($userId <= 0) { apiAbort(['OK' => false, 'ERROR' => 'not_logged_in', 'MESSAGE' => 'Authentication required']); } -$uploadsDir = dirname(__DIR__, 2) . '/uploads/users'; +$webroot = isDev() + ? '/opt/lucee/tomcat/webapps/ROOT' + : '/var/www/biz.payfrit.com'; +$uploadsDir = $webroot . '/uploads/users'; $avatarUrl = baseUrl() . '/uploads/users/'; // Find existing avatar (check multiple extensions) diff --git a/api/auth/verifyLoginOTP.php b/api/auth/verifyLoginOTP.php index 8c4e260..af67138 100644 --- a/api/auth/verifyLoginOTP.php +++ b/api/auth/verifyLoginOTP.php @@ -9,8 +9,8 @@ runAuth(); */ $data = readJsonBody(); -$userUUID = trim($data['uuid'] ?? ''); -$otp = trim($data['otp'] ?? ''); +$userUUID = trim($data['UUID'] ?? $data['uuid'] ?? ''); +$otp = trim($data['OTP'] ?? $data['otp'] ?? ''); if (empty($userUUID) || empty($otp)) { apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']); diff --git a/api/auth/verifyOTP.php b/api/auth/verifyOTP.php index 5314570..e6b4a67 100644 --- a/api/auth/verifyOTP.php +++ b/api/auth/verifyOTP.php @@ -9,8 +9,8 @@ runAuth(); */ $data = readJsonBody(); -$userUUID = trim($data['uuid'] ?? ''); -$otp = trim($data['otp'] ?? ''); +$userUUID = trim($data['UUID'] ?? $data['uuid'] ?? ''); +$otp = trim($data['OTP'] ?? $data['otp'] ?? ''); if (empty($userUUID) || empty($otp)) { apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']); diff --git a/api/menu/getForBuilder.php b/api/menu/getForBuilder.php index a040a39..453f2cd 100644 --- a/api/menu/getForBuilder.php +++ b/api/menu/getForBuilder.php @@ -292,7 +292,10 @@ try { // Build items lookup by CategoryID $itemsByCategory = []; - $uploadsDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/items'; + $webroot = isDev() + ? '/opt/lucee/tomcat/webapps/ROOT' + : '/var/www/biz.payfrit.com'; +$uploadsDir = $webroot . '/uploads/items'; foreach ($qItemRows as $item) { $catID = (int) $item['CategoryItemID']; $itemID = (int) $item['ID']; diff --git a/api/menu/uploadHeader.php b/api/menu/uploadHeader.php index a6a8fc7..ca367e7 100644 --- a/api/menu/uploadHeader.php +++ b/api/menu/uploadHeader.php @@ -22,7 +22,10 @@ if (!isset($_FILES['header']) || $_FILES['header']['error'] !== UPLOAD_ERR_OK) { jsonResponse(['OK' => false, 'ERROR' => 'no_file', 'MESSAGE' => 'No file was uploaded']); } -$headersDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/headers'; +$webroot = isDev() + ? '/opt/lucee/tomcat/webapps/ROOT' + : '/var/www/biz.payfrit.com'; +$headersDir = $webroot . '/uploads/headers'; if (!is_dir($headersDir)) { mkdir($headersDir, 0755, true); } diff --git a/api/menu/uploadItemPhoto.php b/api/menu/uploadItemPhoto.php index f3f4e6d..b040f79 100644 --- a/api/menu/uploadItemPhoto.php +++ b/api/menu/uploadItemPhoto.php @@ -25,8 +25,11 @@ if (!in_array($ext, $allowedExtensions)) { jsonResponse(['OK' => false, 'ERROR' => 'invalid_type', 'MESSAGE' => "Only image files are accepted (jpg, jpeg, gif, png, webp, heic). Got: $ext"]); } -// Determine uploads directory (server path) -$itemsDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/items'; +// Determine uploads directory (must be in Lucee webroot, not PHP docroot) +$webroot = isDev() + ? '/opt/lucee/tomcat/webapps/ROOT' + : '/var/www/biz.payfrit.com'; +$itemsDir = $webroot . '/uploads/items'; if (!is_dir($itemsDir)) { mkdir($itemsDir, 0755, true); } diff --git a/api/tasks/getDetails.php b/api/tasks/getDetails.php index 5763496..310c161 100644 --- a/api/tasks/getDetails.php +++ b/api/tasks/getDetails.php @@ -68,9 +68,12 @@ try { $customerPhotoUrl = ''; $customerUserID = (int) ($qTask['CustomerUserID'] ?? 0); if ($customerUserID > 0) { + $webroot = isDev() + ? '/opt/lucee/tomcat/webapps/ROOT' + : '/var/www/biz.payfrit.com'; $baseDir = '/uploads/users/'; foreach (['jpg', 'png', 'PNG'] as $ext) { - $checkPath = $_SERVER['DOCUMENT_ROOT'] . $baseDir . $customerUserID . '.' . $ext; + $checkPath = $webroot . $baseDir . $customerUserID . '.' . $ext; if (file_exists($checkPath)) { $customerPhotoUrl = baseUrl() . $baseDir . $customerUserID . '.' . $ext; break;