Process base64 Images for document creation and editing for the API and Client Portal

api/v1/documents/create.php

@@ -13,12 +13,25 @@ $insert_id = false;
 if (!empty($name) && !(empty($content))) {
 
     // Create document
-    $insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '', document_content_raw = '$content_raw', document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
 
     // Check insert & get insert ID
     if ($insert_sql) {
         $insert_id = mysqli_insert_id($mysqli);
 
+        $processed_content = mysqli_escape_string(
+            $mysqli,
+            saveBase64Images(
+                $content,
+                $_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/",
+                "uploads/documents/",
+                $insert_id
+            )
+        );
+
+        // Document update content
+        mysqli_query($mysqli,"UPDATE documents SET document_content = '$processed_content' WHERE document_id = $insert_id");
+
         // Logging
         logAction("Document", "Create", "$name via API ($api_key_name)", $client_id, $insert_id);
         logAction("API", "Success", "Created document $name via API ($api_key_name)", $client_id);

api/v1/documents/update.php

@@ -17,7 +17,17 @@ if (!empty($document_id)) {
     // Variable assignment from POST - assigning the current database value if a value is not provided
     require_once 'document_model.php';
 
-    $update_insert_sql = mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = 0, document_client_id = $client_id");
+    $processed_content = mysqli_escape_string(
+        $mysqli,
+        saveBase64Images(
+            $content,
+            $_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/",
+            "uploads/documents/",
+            $document_id
+        )
+    );
+
+    $update_insert_sql = mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$processed_content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = 0, document_client_id = $client_id");
 
     // Logging
     logAction("Document", "Edit", "$name via API ($api_key_name)", $client_id, $document_id);

client/post.php

@@ -1075,14 +1075,13 @@ if (isset($_POST['client_add_document'])) {
 
     $document_name = sanitizeInput($_POST['document_name']);
     $document_description = sanitizeInput($_POST['document_description']);
-    $document_content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
     $document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content']));
 
     // Create document
     mysqli_query($mysqli, "INSERT INTO documents SET 
         document_name = '$document_name', 
         document_description = '$document_description', 
-        document_content = '$document_content', 
+        document_content = '', 
         document_content_raw = '$document_content_raw', 
         document_client_visible = 1, 
         document_client_id = $session_client_id, 
@@ -1090,6 +1089,19 @@ if (isset($_POST['client_add_document'])) {
 
     $document_id = mysqli_insert_id($mysqli);
 
+    $processed_content = mysqli_escape_string(
+        $mysqli,
+        saveBase64Images(
+            $_POST['document_content'],
+            $_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/",
+            "uploads/documents/",
+            $document_id
+        )
+    );
+
+    // Document update content
+    mysqli_query($mysqli,"UPDATE documents SET document_content = '$processed_content' WHERE document_id = $document_id");
+
     logAction("Document", "Create", "Client contact $session_contact_name created document $document_name", $session_client_id, $document_id);
 
     flash_alert("Document <strong>$document_name</strong> created successfully");