# PDF Upload Structure - Issue Found & Fixed

## Problem Identified ⚠️

The PDFs were being stored in the wrong location:
- **Wrong**: `/php/uploads/KKCPNotdpdfs/` (custom folder)
- **Correct**: `/php/uploads/notices/` (application expects this)

## Why This Matters

1. **NoticeController.php** uploads attachments to `/php/uploads/notices/`
2. **NoticeModel** stores paths as `uploads/notices/filename.pdf`
3. **API endpoint** (`php/api/notices.php`) constructs URLs expecting files in `/php/uploads/notices/`
4. The separate `KKCPNotdpdfs` folder was not integrated with the application

## What Was Fixed

### Before
```
php/uploads/
├── members/
├── KKCPNotdpdfs/  ← Wrong location (30 PDFs)
└── notices        ← Was a FILE, not a directory!
```

### After
```
php/uploads/
├── members/       ← Profile pictures
├── notices/       ← Notice attachments (PDFs, docs, images)
└── .htaccess      ← Security: disables PHP execution
```

## Actions Taken

1. ✅ Removed the `KKCPNotdpdfs` folder
2. ✅ Fixed `notices` - was a file, now a proper directory
3. ✅ Added `.htaccess` to disable PHP execution in uploads
4. ✅ Verified upload directory structure

## Next Steps

### If You Have Existing PDFs
The 30 PDFs that were in `KKCPNotdpdfs` need to be:
1. Checked if they're actually notice attachments
2. If yes: Move them to `/php/uploads/notices/`
3. Update the database `notices` table with correct `AttachmentUrl` paths

### Verify Database
```sql
SELECT Id, Name, AttachmentUrl FROM notices WHERE AttachmentUrl IS NOT NULL;
```

Should show paths like: `uploads/notices/1770114560.pdf`

## Upload Security

The `.htaccess` file in `/php/uploads/` now:
- ✅ Disables PHP execution
- ✅ Prevents directory listing
- ✅ Blocks access to executable files
- ✅ Allows only image and document files

## File Upload Handling

### For Notices (via NoticeController)
- Location: `/php/uploads/notices/`
- Allowed types: PDF, DOC, DOCX, JPG, PNG, GIF
- Naming: `{timestamp}_{sanitized_filename}.{ext}`

### For Member Profiles (via FileUpload class)
- Location: `/php/uploads/members/`
- Allowed types: JPG, PNG, GIF (images only)
- MIME validation: Yes (using `finfo_file()`)
- Naming: `member_{uniqid}.{ext}`

## Summary

✅ **Fixed**: PDF upload directory structure
✅ **Fixed**: `notices` directory creation
✅ **Added**: Security protections in uploads
⚠️ **Action Required**: Verify and move existing PDFs if needed
