From 04226101af68a5a2e49755bfc4e93dc513dc09c9 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Mon, 3 Feb 2025 22:19:32 +0000
Subject: [PATCH] Add ability for client to upload attachments to approved
 invoices

---
 guest/guest_post.php                    | 82 ++++++++++++++++++++++---
 guest/guest_quote_upload_file_modal.php | 37 +++++++++++
 guest/guest_view_quote.php              |  9 ++-
 uploads/quotes/index.php                |  1 +
 4 files changed, 120 insertions(+), 9 deletions(-)
 create mode 100644 guest/guest_quote_upload_file_modal.php
 create mode 100644 uploads/quotes/index.php

diff --git a/guest/guest_post.php b/guest/guest_post.php
index 97a33505..db202764 100644
--- a/guest/guest_post.php
+++ b/guest/guest_post.php
@@ -50,13 +50,13 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) {
             $subject = "Quote Accepted - $client_name - Quote $quote_prefix$quote_number";
             $body = "Hello, <br><br>This is a notification that a quote has been accepted in ITFlow. <br><br>Client: $client_name<br>Quote: <a href=\'https://$config_base_url/quote.php?quote_id=$quote_id\'>$quote_prefix$quote_number</a><br><br>~<br>$company_name - Billing<br>$config_quote_from_email";
 
-                $data[] = [
-                    'from' => $config_quote_from_email,
-                    'from_name' => $config_quote_from_name,
-                    'recipient' => $config_quote_notification_email,
-                    'subject' => $subject,
-                    'body' => $body,
-                ];
+            $data[] = [
+                'from' => $config_quote_from_email,
+                'from_name' => $config_quote_from_name,
+                'recipient' => $config_quote_notification_email,
+                'subject' => $subject,
+                'body' => $body,
+            ];
 
             $mail = addToMailQueue($data);
         }
@@ -200,4 +200,72 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
         echo "Invalid!!";
     }
 }
+
+if (isset($_POST['guest_quote_upload_file'])) {
+    $quote_id = intval($_POST['quote_id']);
+    $url_key = sanitizeInput($_POST['url_key']);
+
+    // Select only the necessary fields
+    $sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
+
+    if (mysqli_num_rows($sql) == 1) {
+        $row = mysqli_fetch_array($sql);
+        $quote_prefix = sanitizeInput($row['quote_prefix']);
+        $quote_number = intval($row['quote_number']);
+        $client_id = intval($row['client_id']);
+
+        // Define & create directories, as required
+        mkdirMissing('../uploads/quotes/');
+        $upload_file_dir = "../uploads/quotes/" . $quote_id . "/";
+        mkdirMissing($upload_file_dir);
+
+        // Store attached any file
+        if (!empty($_FILES)) {
+
+            for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
+                // Extract file details for this iteration
+                $single_file = [
+                    'name' => $_FILES['file']['name'][$i],
+                    'type' => $_FILES['file']['type'][$i],
+                    'tmp_name' => $_FILES['file']['tmp_name'][$i],
+                    'error' => $_FILES['file']['error'][$i],
+                    'size' => $_FILES['file']['size'][$i]
+                ];
+
+                if ($file_reference_name = checkFileUpload($single_file, array('pdf'))) {
+
+                    $file_tmp_path = $_FILES['file']['tmp_name'][$i];
+
+                    $file_name = sanitizeInput($_FILES['file']['name'][$i]);
+                    $extarr = explode('.', $_FILES['file']['name'][$i]);
+                    $file_extension = sanitizeInput(strtolower(end($extarr)));
+
+                    // Define destination file path
+                    $dest_path = $upload_file_dir . $file_reference_name;
+
+                    // Do upload
+                    move_uploaded_file($file_tmp_path, $dest_path);
+                    mysqli_query($mysqli, "INSERT INTO quote_attachments SET quote_attachment_name = '$file_name', quote_attachment_reference_name = '$file_reference_name', quote_attachment_quote_id = $quote_id");
+
+                    // Logging & feedback
+                    $_SESSION['alert_message'] = 'File uploaded!';
+                    mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Upload', history_description = 'Client uploaded file $file_name', history_quote_id = $quote_id");
+                    logAction("File", "Upload", "Guest uploaded file $file_name to quote $quote_prefix$quote_number", $client_id);
+
+                } else {
+                    $_SESSION['alert_type'] = 'error';
+                    $_SESSION['alert_message'] = 'Something went wrong uploading the file - please let the support team know.';
+
+                }
+
+            }
+        }
+
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+    } else {
+        echo "Invalid!!";
+    }
+}
+
 ?>
diff --git a/guest/guest_quote_upload_file_modal.php b/guest/guest_quote_upload_file_modal.php
new file mode 100644
index 00000000..c57eae06
--- /dev/null
+++ b/guest/guest_quote_upload_file_modal.php
@@ -0,0 +1,37 @@
+<div class="modal" id="uploadFileModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title"><i class="fa fa-fw fa-cloud-upload-alt mr-2"></i>Upload File</h5>
+                <button type="button" class="close text-white" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <form action="guest_post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
+                <input type="hidden" name="url_key" value="<?php echo $url_key; ?>">
+                <div class="modal-body bg-white">
+
+                    <div class="form-group">
+                        <label>Description</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-angle-right"></i></span>
+                            </div>
+                            <input type="text" class="form-control" name="description" maxlength="250" placeholder="Description of the file">
+                        </div>
+                    </div>
+
+                    <div class="form-group">
+                        <input type="file" class="form-control-file" name="file[]" id="fileInput" accept=".pdf">
+                    </div>
+
+                </div>
+                <div class="modal-footer bg-white">
+                    <button type="submit" name="guest_quote_upload_file" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Upload</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
diff --git a/guest/guest_view_quote.php b/guest/guest_view_quote.php
index 56f584f6..0baabd22 100644
--- a/guest/guest_view_quote.php
+++ b/guest/guest_view_quote.php
@@ -270,8 +270,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
             <div class="text-center"><?php echo nl2br($config_quote_footer); ?></div>
             <div class="">
                 <?php
-                    if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) {
-                        ?>
+                    if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) { ?>
                         <a class="btn btn-success confirm-link" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
                             <i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
                         </a>
@@ -279,6 +278,11 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
                             <i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
                         </a>
                     <?php } ?>
+                    <?php if ($quote_status == "Accepted") { ?>
+                        <button type="button" class="btn btn-success" data-toggle="modal" data-target="#uploadFileModal">
+                            <i class="fas fa-fw fa-cloud-upload-alt mr-2"></i>Upload File
+                        </button>
+                    <?php } ?>
             </div>
 
         </div>
@@ -712,5 +716,6 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
     </script>
 
 <?php
+require_once "guest_quote_upload_file_modal.php";
 require_once "guest_footer.php";
 
diff --git a/uploads/quotes/index.php b/uploads/quotes/index.php
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/uploads/quotes/index.php
@@ -0,0 +1 @@
+