From 6e6fd0110af0e780fdba09689404925926a863d0 Mon Sep 17 00:00:00 2001
From: Jacek Pyziak <jacek.pyziak@project-pro.pl>
Date: Sun, 22 Feb 2026 10:59:14 +0100
Subject: [PATCH] feat: enhance file upload handling and improve data
 validation in Allegro class

---
 .claude/settings.local.json         |  5 ++-
 autoload/controls/class.Allegro.php | 48 ++++++++++++++++++++---------
 2 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index f3a5cf9..58ffdda 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -23,7 +23,10 @@
       "Bash(where:*)",
       "Bash(python:*)",
       "Bash(ls -la \"c:\\\\visual studio code\\\\projekty\\\\adsPRO\\\\docs\"\" 2>/dev/null || echo \"docs dir not found \")",
-      "WebFetch(domain:ai.google.dev)"
+      "WebFetch(domain:ai.google.dev)",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:oraios.github.io)",
+      "Bash(which uv:*)"
     ]
   },
   "statusLine": {
diff --git a/autoload/controls/class.Allegro.php b/autoload/controls/class.Allegro.php
index 6fe6950..3889e39 100644
--- a/autoload/controls/class.Allegro.php
+++ b/autoload/controls/class.Allegro.php
@@ -5,6 +5,10 @@ class Allegro {
 
   static public function main_view()
   {
+    $offers_added = null;
+    $history_added = null;
+    $history_updated = null;
+
     if ( \S::get_session( 'offers_added' ) )
     {
       $offers_added = \S::get_session( 'offers_added' );
@@ -38,17 +42,30 @@ class Allegro {
     $offers_added = 0;
     $history_added = 0;
     $history_updated = 0;
+    $data = [];
+
+    if ( !isset( $_FILES['file'] ) || $_FILES['file']['error'] !== UPLOAD_ERR_OK )
+    {
+      \S::alert( 'error', 'Nieprawidłowy plik. Wybierz plik CSV.' );
+      header( 'Location: /allegro/main_view/' );
+      exit;
+    }
 
     $file = $_FILES['file']['tmp_name'];
+    $ext = strtolower( pathinfo( $_FILES['file']['name'], PATHINFO_EXTENSION ) );
+
+    if ( $ext !== 'csv' )
+    {
+      \S::alert( 'error', 'Dozwolony format pliku: CSV.' );
+      header( 'Location: /allegro/main_view/' );
+      exit;
+    }
 
     if ( ( $handle = fopen( $file, 'r' ) ) !== false )
     {
       // Pomiń pierwszy wiersz (nagłówki)
       fgetcsv($handle, null, ";");
 
-      // Tablica asocjacyjna do przechowywania skumulowanych danych
-      $data = [];
-
       while (($row_data = fgetcsv($handle, null, ";")) !== false)
       {
         // Upewnij się, że wiersz jest poprawnie wczytany
@@ -108,22 +125,24 @@ class Allegro {
     {
       $offer_data = [];
 
-      $campain_name = 'allegro.pl - ' . $offer['campaign_name'] . ' - ' . $offer['group_name'];
+      $campaign_name = 'allegro.pl - ' . $offer['campaign_name'] . ' - ' . $offer['group_name'];
 
-      $client_id = $mdb -> get( 'clients', 'id', [ 'name' => $campain_name ] );
+      $client_id = $mdb -> get( 'clients', 'id', [ 'name' => $campaign_name ] );
       if ( !$client_id )
       {
-        $mdb -> insert( 'clients', [ 'name' => $campain_name ] );
+        $mdb -> insert( 'clients', [ 'name' => $campaign_name ] );
         $client_id = $mdb -> id();
       }
 
       if ( !$mdb -> count( 'products', [ 'AND' => [ 'client_id' => $client_id, 'offer_id' => $offer['offer_id'] ] ] ) )
       {
-        $offer_tmp['client_id'] = $client_id;
-        $offer_tmp['offer_id'] = $offer['offer_id'];
-        $offer_tmp['name'] = $offer['offer_name'];
+        $product_data = [
+          'client_id' => $client_id,
+          'offer_id' => $offer['offer_id'],
+          'name' => $offer['offer_name'],
+        ];
 
-        if ( $mdb -> insert( 'products', $offer_tmp ) )
+        if ( $mdb -> insert( 'products', $product_data ) )
         {
           $product_id = $mdb -> id();
           $offers_added++;
@@ -132,8 +151,9 @@ class Allegro {
       }
       else
       {
-        $product_id = $mdb -> get( 'products', 'id', [ 'AND' => [ 'client_id' => $client_id, 'offer_id' => $offer['offer_id'] ] ] );
-        $offer_current_name = $mdb -> get( 'products', 'name', [ 'AND' => [ 'client_id' => $client_id, 'offer_id' => $offer['offer_id'] ] ] );
+        $product = $mdb -> get( 'products', [ 'id', 'name' ], [ 'AND' => [ 'client_id' => $client_id, 'offer_id' => $offer['offer_id'] ] ] );
+        $product_id = $product['id'];
+        $offer_current_name = $product['name'];
 
         if ( $offer_current_name != $offer['offer_name'] and $offer['date_add'] == date( 'Y-m-d', strtotime( '-1 days', time() ) ) )
         {
@@ -142,14 +162,14 @@ class Allegro {
         }
       }
 
-      if ( $offer_id )
+      if ( $offer['offer_id'] )
       {
         $offer_data['impressions'] = $offer['impressions'];
         $offer_data['clicks'] = $offer['clicks'];
         $offer_data['cost'] = $offer['cost'];
         $offer_data['conversions'] = $offer['conversions'];
         $offer_data['conversions_value'] = $offer['conversions_value'];
-        $offer_data['ctr'] = $offer['clicks'] ? round( $offer['impressions'] / $offer['clicks'], 4 ) : 0;
+        $offer_data['ctr'] = $offer['impressions'] ? round( $offer['clicks'] / $offer['impressions'], 4 ) : 0;
         $offer_data['updated'] = 1;
 
         if ( $mdb -> count( 'products_history', [ 'AND' => [ 'product_id' => $product_id, 'date_add' => $offer['date_add'] ] ] ) )