perbaikan validasi upload file, gambar, dan validasi show gambar dan file pada kirim surat

app/kirim/upload_dok.php

@@ -1,12 +1,49 @@
 <?php
 include("../koneksi.php");
-$surat_id=$_POST['surat_id'];
-$folder = "dok";
-$tmp_name = $_FILES["file_dok"]["tmp_name"];
-$name = $folder."/".$surat_id."_".$_FILES["file_dok"]["name"];
-$name_ins = $surat_id."_".$_FILES["file_dok"]["name"];
-move_uploaded_file($tmp_name, $name);
-$input = pg_query("INSERT INTO scan (file,surat_id) VALUES ('$name_ins','$surat_id')");
-echo $surat_id;
-?>
+// $surat_id = $_POST['surat_id'];
+// $folder = "dok";
 
+// $tmp_name = $_FILES["file_dok"]["tmp_name"];
+// $name = $folder . "/" . $surat_id . "_" . $_FILES["file_dok"]["name"];
+// $name_ins = $surat_id . "_" . $_FILES["file_dok"]["name"];
+// move_uploaded_file($tmp_name, $name);
+// $input = pg_query($koneksi, "INSERT INTO scan (file,surat_id) VALUES ('$name_ins','$surat_id')");
+// echo $surat_id;
+
+
+$surat_id = $_POST['surat_id'];
+$folder = "dok";
+
+// Allowed MIME types and extensions
+$allowed_types = array('image/png', 'image/jpeg');
+$allowed_extensions = array('png', 'jpg', 'jpeg', 'PNG', 'JPG', 'JPEG');
+
+// Get the file details
+$tmp_name = $_FILES["file_dok"]["tmp_name"];
+$file_name = $_FILES["file_dok"]["name"];
+$file_type = mime_content_type($tmp_name);
+$file_extension = pathinfo($file_name, PATHINFO_EXTENSION);
+
+// Validate the file type and extension
+if (in_array($file_type, $allowed_types) && in_array($file_extension, $allowed_extensions)) {
+    // Define the new file path
+    $name = $folder . "/" . $surat_id . "_" . $file_name;
+    $name_ins = $surat_id . "_" . $file_name;
+
+    // Move the uploaded file
+    if (move_uploaded_file($tmp_name, $name)) {
+        // Insert into the database
+        $input = pg_query($koneksi, "INSERT INTO scan (file, surat_id) VALUES ('$name_ins', '$surat_id')");
+        
+        if ($input) {
+            echo $surat_id;
+        } else {
+            echo "Database insert error: " . pg_last_error($koneksi);
+        }
+    } else {
+        echo "Error moving the uploaded file.";
+    }
+} else {
+    echo "Invalid file type or extension.";
+}
+?>