AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1166 from itflow-org/quote-upload 

Ability to upload files to an approved quote
This commit is contained in:
wrongecho 2025-02-17 11:31:46 +00:00 committed by GitHub
parent b0a79c1b6f 72a84af1a7
commit 08f2a307d3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 216 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
database_updates.php
View File

@ -2490,10 +2490,20 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.2'");
}
// if (CURRENT_DATABASE_VERSION == '1.8.2') {
// // Insert queries here required to update to DB version 1.8.3
if (CURRENT_DATABASE_VERSION == '1.8.2') {
mysqli_query($mysqli, "CREATE TABLE `quote_files` (
`quote_id` INT(11) NOT NULL,
`file_id` INT(11) NOT NULL,
PRIMARY KEY (`quote_id`, `file_id`)
)");
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.3'");
}
// if (CURRENT_DATABASE_VERSION == '1.8.3') {
// // Insert queries here required to update to DB version 1.8.4
// // Then, update the database to the next sequential version
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.3'");
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.4'");
// }
} else {

14
db.sql
View File

@ -1308,6 +1308,20 @@ CREATE TABLE `quotes` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `quote_files`
--
DROP TABLE IF EXISTS `quote_files`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `quote_files` (
`quote_id` int(11) NOT NULL,
`file_id` int(11) NOT NULL,
PRIMARY KEY (`quote_id`,`file_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `rack_units`
--

105
guest/guest_post.php
View File

@ -50,13 +50,13 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) {
$subject = "Quote Accepted - $client_name - Quote $quote_prefix$quote_number";
$body = "Hello, <br><br>This is a notification that a quote has been accepted in ITFlow. <br><br>Client: $client_name<br>Quote: <a href=\'https://$config_base_url/quote.php?quote_id=$quote_id\'>$quote_prefix$quote_number</a><br><br>~<br>$company_name - Billing<br>$config_quote_from_email";
$data[] = [
'from' => $config_quote_from_email,
'from_name' => $config_quote_from_name,
'recipient' => $config_quote_notification_email,
'subject' => $subject,
'body' => $body,
];
$data[] = [
'from' => $config_quote_from_email,
'from_name' => $config_quote_from_name,
'recipient' => $config_quote_notification_email,
'subject' => $subject,
'body' => $body,
];
$mail = addToMailQueue($data);
}
@ -200,4 +200,95 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
echo "Invalid!!";
}
}
if (isset($_POST['guest_quote_upload_file'])) {
$quote_id = intval($_POST['quote_id']);
$url_key = sanitizeInput($_POST['url_key']);
// Select only the necessary fields
$sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$client_id = intval($row['client_id']);
// Define & create directories, as required
$upload_file_dir = "../uploads/clients/$client_id/";
mkdirMissing($upload_file_dir);
// Store attached any file
if (!empty($_FILES)) {
for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
// Extract file details for this iteration
$single_file = [
'name' => $_FILES['file']['name'][$i],
'type' => $_FILES['file']['type'][$i],
'tmp_name' => $_FILES['file']['tmp_name'][$i],
'error' => $_FILES['file']['error'][$i],
'size' => $_FILES['file']['size'][$i]
];
if ($file_reference_name = checkFileUpload($single_file, array('pdf'))) {
$file_tmp_path = $_FILES['file']['tmp_name'][$i];
$file_name = sanitizeInput($_FILES['file']['name'][$i]);
$extarr = explode('.', $_FILES['file']['name'][$i]);
$file_extension = sanitizeInput(strtolower(end($extarr)));
// Extract the file mime type and size
$file_mime_type = sanitizeInput($single_file['type']);
$file_size = intval($single_file['size']);
// Define destination file path
$dest_path = $upload_file_dir . $file_reference_name;
// Get/Create a top-level folder called Client Uploads
$folder_sql = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_name = 'Client Uploads' AND parent_folder = 0 AND folder_client_id = $client_id LIMIT 1");
if (mysqli_num_rows($folder_sql) == 1) {
// Get
$row = mysqli_fetch_array($folder_sql);
$folder_id = $row['folder_id'];
} else {
// Create
mysqli_query($mysqli,"INSERT INTO folders SET folder_name = 'Client Uploads', parent_folder = 0, folder_location = 1, folder_client_id = $client_id");
$folder_id = mysqli_insert_id($mysqli);
logAction("Folder", "Create", "Automatically created folder Client Uploads", $client_id, $folder_id);
}
// Do move/upload
move_uploaded_file($file_tmp_path, $dest_path);
// Create reference in files
mysqli_query($mysqli,"INSERT INTO files SET file_reference_name = '$file_reference_name', file_name = '$file_name', file_description = 'Uploaded via $quote_prefix$quote_number', file_ext = '$file_extension', file_mime_type = '$file_mime_type', file_size = $file_size, file_folder_id = $folder_id, file_client_id = $client_id");
$file_id = mysqli_insert_id($mysqli);
// Associate file with quote
mysqli_query($mysqli, "INSERT INTO quote_files SET quote_id = $quote_id, file_id = $file_id");
// Logging & feedback
$_SESSION['alert_message'] = 'File uploaded!';
appNotify("Quote File", "$file_name was uploaded to quote $quote_prefix$quote_number", "quote.php?quote_id=$quote_id", $client_id);
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Upload', history_description = 'Client uploaded file $file_name', history_quote_id = $quote_id");
logAction("File", "Upload", "Guest uploaded file $file_name to quote $quote_prefix$quote_number", $client_id);
} else {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'Something went wrong uploading the file - please let the support team know.';
logApp("Guest", "error", "Error uploading file to invoice");
}
}
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
} else {
echo "Invalid!!";
}
}
?>

27
guest/guest_quote_upload_file_modal.php Normal file
View File

@ -0,0 +1,27 @@
<div class="modal" id="uploadFileModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-cloud-upload-alt mr-2"></i>Upload File</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="guest_post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
<input type="hidden" name="url_key" value="<?php echo $url_key; ?>">
<div class="modal-body bg-white">
<div class="form-group">
<input type="file" class="form-control-file" name="file[]" id="fileInput" accept=".pdf">
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="guest_quote_upload_file" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Upload</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>
</div>
</div>

9
guest/guest_view_quote.php
View File

@ -270,8 +270,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<div class="text-center"><?php echo nl2br($config_quote_footer); ?></div>
<div class="">
<?php
if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) {
?>
if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) { ?>
<a class="btn btn-success confirm-link" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
<i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
</a>
@ -279,6 +278,11 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
<i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
</a>
<?php } ?>
<?php if ($quote_status == "Accepted") { ?>
<button type="button" class="btn btn-success" data-toggle="modal" data-target="#uploadFileModal">
<i class="fas fa-fw fa-cloud-upload-alt mr-2"></i>Upload File
</button>
<?php } ?>
</div>
</div>
@ -712,5 +716,6 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
</script>
<?php
require_once "guest_quote_upload_file_modal.php";
require_once "guest_footer.php";

2
includes/database_version.php
View File

@ -5,4 +5,4 @@
* It is used in conjunction with database_updates.php
*/
DEFINE("LATEST_DATABASE_VERSION", "1.8.2");
DEFINE("LATEST_DATABASE_VERSION", "1.8.3");

2
post/user/file.php
View File

@ -284,6 +284,8 @@ if (isset($_POST['delete_file'])) {
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
mysqli_query($mysqli,"DELETE FROM quote_files WHERE file_id = $file_id");
//Logging
logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);

54
quote.php
View File

@ -108,6 +108,12 @@ if (isset($_GET['quote_id'])) {
$json_products = json_encode($products);
}
// Quote File Attachments
$sql_quote_files = mysqli_query(
$mysqli,
"SELECT file_reference_name, file_name, file_created_at FROM quote_files LEFT JOIN files ON quote_files.file_id = files.file_id WHERE quote_id = $quote_id"
);
?>
<ol class="breadcrumb d-print-none">
@ -491,6 +497,54 @@ if (isset($_GET['quote_id'])) {
</div>
</div>
<?php if (mysqli_num_rows($sql_quote_files) > 0) { ?>
<div class="row mb-3">
<div class="col-sm d-print-none">
<div class="card">
<div class="card-header text-bold">
<i class="fa fa-paperclip mr-2"></i>Attachments
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="collapse">
<i class="fas fa-minus"></i>
</button>
<button type="button" class="btn btn-tool" data-card-widget="remove">
<i class="fas fa-times"></i>
</button>
</div>
</div>
<div class="card-body">
<table class="table">
<thead>
<tr>
<th>File Name</th>
<th>Upload date</th>
</tr>
</thead>
<tbody>
<?php
while ($quote_file = mysqli_fetch_array($sql_quote_files)) {
$name = nullable_htmlentities($quote_file['file_name']);
$ref_name = nullable_htmlentities($quote_file['file_reference_name']);
$created = nullable_htmlentities($quote_file['file_created_at']);
?>
<tr>
<td><a target="_blank" href="/uploads/clients/<?php echo $client_id ?>/<?php echo $ref_name ?>"><?php echo $name; ?></a></td>
<td><?php echo $created; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php } ?>
<div class="row mb-3">
<div class="col-sm d-print-none">
<div class="card">