From 51278caac3d0053b055f10657f5ee7c9a2dcbe4b Mon Sep 17 00:00:00 2001
From: ENGO150 <v.smejkal06@gmail.com>
Date: Fri, 24 May 2024 19:08:15 +0200
Subject: [PATCH] using whole filename for photo_id

---
 res/forum/api/upload_picture.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/res/forum/api/upload_picture.php b/res/forum/api/upload_picture.php
index 35f8503..1392121 100644
--- a/res/forum/api/upload_picture.php
+++ b/res/forum/api/upload_picture.php
@@ -60,11 +60,11 @@ if (!(file_exists($dir) && is_dir($dir)))
 $safe_name = mysqli_real_escape_string($database, $_POST["name"]);
 $safe_desc = isset($_POST["desc"]) ? mysqli_real_escape_string($database, $_POST["desc"]) : null;
 
-$photo_id = count(glob($dir . "/*"));
+$photo_id = count(glob($dir . "/*")) . "." . $file_format;
 
-$database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", " . $photo_id . ")");
+$database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", \"" . $photo_id . "\")");
 
-move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id . "." . $file_format);
+move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id);
 
 send:
 header('Content-type: application/json');