From 0bdd5784eecf1a1ec2b74a567a83eec2875f5f9c Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sun, 23 Nov 2025 13:35:45 -0500
Subject: [PATCH] use saveBase64Image function for edit document as well and
 when document is deleted, delete the corresponding folder
 uploads/documents/document_id

---
 agent/post/document.php | 116 +++++++++++++++++++++++-----------------
 1 file changed, 68 insertions(+), 48 deletions(-)

diff --git a/agent/post/document.php b/agent/post/document.php
index fe4819b7..2c08bb52 100644
--- a/agent/post/document.php
+++ b/agent/post/document.php
@@ -49,61 +49,31 @@ if (isset($_POST['add_document'])) {
 
 }
 
-if (isset($_POST['add_document_from_template'])) {
-
-    // ROLE Check
-    enforceUserPermission('module_support', 2);
-
-    // GET POST Data
-    $client_id = intval($_POST['client_id']);
-    $document_name = sanitizeInput($_POST['name']);
-    $document_description = sanitizeInput($_POST['description']);
-    $document_template_id = intval($_POST['document_template_id']);
-    $folder = intval($_POST['folder']);
-
-    // GET Document Template Info
-    $sql_document = mysqli_query($mysqli,"SELECT * FROM document_templates WHERE document_template_id = $document_template_id");
-
-    $row = mysqli_fetch_array($sql_document);
-
-    $document_template_name = sanitizeInput($row['document_template_name']);
-    $content = mysqli_real_escape_string($mysqli,$row['document_template_content']);
-    $content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $row['document_content']));
-
-    // Document add query
-    mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$document_name', document_description = '$document_description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_created_by = $session_user_id, document_client_id = $client_id");
-
-    $document_id = mysqli_insert_id($mysqli);
-
-    logAction("Document", "Create", "$session_name created document $name from template $document_template_name", $client_id, $document_id);
-
-    flash_alert("Document <strong>$document_name</strong> created from template");
-
-    redirect("document_details.php?client_id=$client_id&document_id=$document_id");
-
-}
-
 if (isset($_POST['edit_document'])) {
 
     enforceUserPermission('module_support', 2);
 
     require_once 'document_model.php';
+
     $document_id = intval($_POST['document_id']);
 
-    // Save Original Document as a Version
-    $sql_original_document = mysqli_query($mysqli, "SELECT * FROM documents 
-        WHERE document_client_id = $client_id AND document_id = $document_id"
+    // 1) Load the current document to create a version
+    $sql_original_document = mysqli_query(
+        $mysqli,
+        "SELECT * FROM documents
+         WHERE document_client_id = $client_id
+           AND document_id = $document_id"
     );
 
     $row = mysqli_fetch_array($sql_original_document);
 
-    $original_document_name = sanitizeInput($row['document_name']);
+    $original_document_name        = sanitizeInput($row['document_name']);
     $original_document_description = sanitizeInput($row['document_description']);
-    $original_document_content = mysqli_escape_string($mysqli, $row['document_content']);
-    $original_document_created_by = intval($row['document_created_by']);
-    $original_document_updated_by = intval($row['document_updated_by']);
-    $original_document_created_at = sanitizeInput($row['document_created_at']);
-    $original_document_updated_at = sanitizeInput($row['document_updated_at']);
+    $original_document_content     = mysqli_real_escape_string($mysqli, $row['document_content']);
+    $original_document_created_by  = intval($row['document_created_by']);
+    $original_document_updated_by  = intval($row['document_updated_by']);
+    $original_document_created_at  = sanitizeInput($row['document_created_at']);
+    $original_document_updated_at  = sanitizeInput($row['document_updated_at']);
 
     if ($original_document_updated_at) {
         $document_version_created_at = $original_document_updated_at;
@@ -117,19 +87,66 @@ if (isset($_POST['edit_document'])) {
         $document_version_created_by = $original_document_created_by;
     }
 
-    // Document add query
-    mysqli_query($mysqli,"INSERT INTO document_versions SET document_version_name = '$original_document_name', document_version_description = '$original_document_description', document_version_content = '$original_document_content', document_version_created_by = $document_version_created_by, document_version_created_at = '$document_version_created_at', document_version_document_id = $document_id");
+    // 2) Save the current version into document_versions
+    mysqli_query(
+        $mysqli,
+        "INSERT INTO document_versions SET
+            document_version_name        = '$original_document_name',
+            document_version_description = '$original_document_description',
+            document_version_content     = '$original_document_content',
+            document_version_created_by  = $document_version_created_by,
+            document_version_created_at  = '$document_version_created_at',
+            document_version_document_id = $document_id"
+    );
 
     $document_version_id = mysqli_insert_id($mysqli);
 
-    // Update Document
-    mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = $session_user_id WHERE document_id = $document_id");
+    // 3) Process the NEW content from the form:
+    //    - convert base64 <img> tags to files under /uploads/documents/<document_id>/
+    //    - rewrite <img src> to file URLs
+    $raw_post_content = $_POST['content'];
 
-    logAction("Document", "Edit", "$session_name edited document $name, previous version kept", $client_id, $document_version_id);
+    $processed_html = saveBase64Images(
+        $raw_post_content,
+        $_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/",
+        "uploads/documents/",
+        $document_id
+    );
+
+    // Escape for DB
+    $content = mysqli_real_escape_string($mysqli, $processed_html);
+
+    // Rebuild content_raw for full-text search
+    $content_raw = sanitizeInput(
+        $name . " " . str_replace("<", " <", $processed_html)
+    );
+    $content_raw = mysqli_real_escape_string($mysqli, $content_raw);
+
+    // 4) Update the document with the new content + metadata
+    mysqli_query(
+        $mysqli,
+        "UPDATE documents SET
+            document_name        = '$name',
+            document_description = '$description',
+            document_content     = '$content',
+            document_content_raw = '$content_raw',
+            document_folder_id   = $folder,
+            document_updated_by  = $session_user_id
+         WHERE document_id = $document_id"
+    );
+
+    logAction(
+        "Document",
+        "Edit",
+        "$session_name edited document $name, previous version kept",
+        $client_id,
+        $document_version_id
+    );
 
     flash_alert("Document <strong>$name</strong> edited, previous version kept");
 
     redirect("document_details.php?client_id=$client_id&document_id=$document_id");
+
 }
 
 if (isset($_POST['move_document'])) {
@@ -642,6 +659,9 @@ if (isset($_GET['delete_document'])) {
     // Delete all versions associated with the master document
     mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
 
+    // Delete uploads/document/$document_id if exists
+    removeDirectory($_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/" . $document_id);
+
     logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
 
     flash_alert("Document <strong>$document_name</strong> deleted and all versions", 'error');