payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix upload paths to use Lucee webroot and accept uppercase OTP keys

Browse source 
Upload endpoints were saving files to PHP's DOCUMENT_ROOT instead of
the Lucee webroot where the Android app loads them from. Also fix
verifyLoginOTP and verifyOTP to accept both UUID/OTP and uuid/otp keys.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
John Mizerek 2026-03-14 22:04:27 -07:00
parent 3d9084d848
commit 4a4a098551
7 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api/auth/avatar.php
View file

@ -15,7 +15,10 @@ if ($userId <= 0) {
apiAbort(['OK' => false, 'ERROR' => 'not_logged_in', 'MESSAGE' => 'Authentication required']); apiAbort(['OK' => false, 'ERROR' => 'not_logged_in', 'MESSAGE' => 'Authentication required']);
} }
$uploadsDir = dirname(__DIR__, 2) . '/uploads/users'; $webroot = isDev()
? '/opt/lucee/tomcat/webapps/ROOT'
: '/var/www/biz.payfrit.com';
$uploadsDir = $webroot . '/uploads/users';
$avatarUrl = baseUrl() . '/uploads/users/'; $avatarUrl = baseUrl() . '/uploads/users/';
// Find existing avatar (check multiple extensions) // Find existing avatar (check multiple extensions)

4
api/auth/verifyLoginOTP.php
View file

@ -9,8 +9,8 @@ runAuth();
*/ */
$data = readJsonBody(); $data = readJsonBody();
$userUUID = trim($data['uuid'] ?? ''); $userUUID = trim($data['UUID'] ?? $data['uuid'] ?? '');
$otp = trim($data['otp'] ?? ''); $otp = trim($data['OTP'] ?? $data['otp'] ?? '');
if (empty($userUUID) || empty($otp)) { if (empty($userUUID) || empty($otp)) {
apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']); apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']);

4
api/auth/verifyOTP.php
View file

@ -9,8 +9,8 @@ runAuth();
*/ */
$data = readJsonBody(); $data = readJsonBody();
$userUUID = trim($data['uuid'] ?? ''); $userUUID = trim($data['UUID'] ?? $data['uuid'] ?? '');
$otp = trim($data['otp'] ?? ''); $otp = trim($data['OTP'] ?? $data['otp'] ?? '');
if (empty($userUUID) || empty($otp)) { if (empty($userUUID) || empty($otp)) {
apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']); apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']);

5
api/menu/getForBuilder.php
View file

@ -292,7 +292,10 @@ try {
// Build items lookup by CategoryID // Build items lookup by CategoryID
$itemsByCategory = []; $itemsByCategory = [];
$uploadsDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/items'; $webroot = isDev()
? '/opt/lucee/tomcat/webapps/ROOT'
: '/var/www/biz.payfrit.com';
$uploadsDir = $webroot . '/uploads/items';
foreach ($qItemRows as $item) { foreach ($qItemRows as $item) {
$catID = (int) $item['CategoryItemID']; $catID = (int) $item['CategoryItemID'];
$itemID = (int) $item['ID']; $itemID = (int) $item['ID'];

5
api/menu/uploadHeader.php
View file

@ -22,7 +22,10 @@ if (!isset($_FILES['header']) || $_FILES['header']['error'] !== UPLOAD_ERR_OK) {
jsonResponse(['OK' => false, 'ERROR' => 'no_file', 'MESSAGE' => 'No file was uploaded']); jsonResponse(['OK' => false, 'ERROR' => 'no_file', 'MESSAGE' => 'No file was uploaded']);
} }
$headersDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/headers'; $webroot = isDev()
? '/opt/lucee/tomcat/webapps/ROOT'
: '/var/www/biz.payfrit.com';
$headersDir = $webroot . '/uploads/headers';
if (!is_dir($headersDir)) { if (!is_dir($headersDir)) {
mkdir($headersDir, 0755, true); mkdir($headersDir, 0755, true);
} }

7
api/menu/uploadItemPhoto.php
View file

@ -25,8 +25,11 @@ if (!in_array($ext, $allowedExtensions)) {
jsonResponse(['OK' => false, 'ERROR' => 'invalid_type', 'MESSAGE' => "Only image files are accepted (jpg, jpeg, gif, png, webp, heic). Got: $ext"]); jsonResponse(['OK' => false, 'ERROR' => 'invalid_type', 'MESSAGE' => "Only image files are accepted (jpg, jpeg, gif, png, webp, heic). Got: $ext"]);
} }
// Determine uploads directory (server path) // Determine uploads directory (must be in Lucee webroot, not PHP docroot)
$itemsDir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/items'; $webroot = isDev()
? '/opt/lucee/tomcat/webapps/ROOT'
: '/var/www/biz.payfrit.com';
$itemsDir = $webroot . '/uploads/items';
if (!is_dir($itemsDir)) { if (!is_dir($itemsDir)) {
mkdir($itemsDir, 0755, true); mkdir($itemsDir, 0755, true);
} }

5
api/tasks/getDetails.php
View file

@ -68,9 +68,12 @@ try {
$customerPhotoUrl = ''; $customerPhotoUrl = '';
$customerUserID = (int) ($qTask['CustomerUserID'] ?? 0); $customerUserID = (int) ($qTask['CustomerUserID'] ?? 0);
if ($customerUserID > 0) { if ($customerUserID > 0) {
$webroot = isDev()
? '/opt/lucee/tomcat/webapps/ROOT'
: '/var/www/biz.payfrit.com';
$baseDir = '/uploads/users/'; $baseDir = '/uploads/users/';
foreach (['jpg', 'png', 'PNG'] as $ext) { foreach (['jpg', 'png', 'PNG'] as $ext) {
$checkPath = $_SERVER['DOCUMENT_ROOT'] . $baseDir . $customerUserID . '.' . $ext; $checkPath = $webroot . $baseDir . $customerUserID . '.' . $ext;
if (file_exists($checkPath)) { if (file_exists($checkPath)) {
$customerPhotoUrl = baseUrl() . $baseDir . $customerUserID . '.' . $ext; $customerPhotoUrl = baseUrl() . $baseDir . $customerUserID . '.' . $ext;
break; break;