<?php
/**
 * Bild-Upload mit Validierung
 */

require_once __DIR__ . '/../config/config.php';

function handle_upload(array $file): string|false
{
    if ($file['error'] !== UPLOAD_ERR_OK) {
        return false;
    }

    if ($file['size'] > UPLOAD_MAX_SIZE) {
        return false;
    }

    // MIME-Typ serverseitig prüfen
    $finfo = new finfo(FILEINFO_MIME_TYPE);
    $mime = $finfo->file($file['tmp_name']);
    if (!in_array($mime, ALLOWED_MIME_TYPES, true)) {
        return false;
    }

    // Prüfen ob es ein echtes Bild ist
    $imageInfo = getimagesize($file['tmp_name']);
    if ($imageInfo === false) {
        return false;
    }

    // Dateiendung aus MIME ableiten
    $extensions = [
        'image/jpeg' => '.jpg',
        'image/png'  => '.png',
        'image/gif'  => '.gif',
        'image/webp' => '.webp',
    ];
    $ext = $extensions[$mime] ?? '.jpg';

    // Eindeutigen Dateinamen generieren
    $subdir = date('Y/m');
    $dir = rtrim(UPLOAD_DIR, '/') . '/' . $subdir;
    if (!is_dir($dir)) {
        mkdir($dir, 0755, true);
    }

    $filename = bin2hex(random_bytes(16)) . $ext;
    $filepath = $dir . '/' . $filename;

    if (!move_uploaded_file($file['tmp_name'], $filepath)) {
        return false;
    }

    return UPLOAD_URL . $subdir . '/' . $filename;
}