From 22d3564f04963edbb3f7c257abbc37f4df777e94 Mon Sep 17 00:00:00 2001 From: johnnyq Date: Mon, 20 Sep 2021 22:10:57 -0400 Subject: [PATCH] BREAKING CHANGE New file upload method for contacts to not specify full path in database to reduce the db load and size as well as give better error control --- client_contacts.php | 2 +- edit_contact_modal.php | 4 +- header.php | 4 +- post.php | 97 +++++++++++++++++++++++++++++++++--------- 4 files changed, 83 insertions(+), 24 deletions(-) diff --git a/client_contacts.php b/client_contacts.php index cd3d2217..2d33c3ba 100644 --- a/client_contacts.php +++ b/client_contacts.php @@ -136,7 +136,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); - + "> diff --git a/edit_contact_modal.php b/edit_contact_modal.php index 41d142e7..ce55c9e6 100644 --- a/edit_contact_modal.php +++ b/edit_contact_modal.php @@ -10,7 +10,7 @@
- +
    @@ -99,7 +99,7 @@
    - + " height="256" width="256"> diff --git a/header.php b/header.php index ffd90487..e1dddeee 100644 --- a/header.php +++ b/header.php @@ -70,8 +70,8 @@ scratch. This page gets rid of all links and provides the needed markup only.
0){ mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id"); } + //Check to see if a file is attached + if($_FILES['file']['tmp_name'] != ''){ + + // get details of the uploaded file + $file_tmp_path = $_FILES['file']['tmp_name']; + $file_name = $_FILES['file']['name']; + $file_size = $_FILES['file']['size']; + $file_type = $_FILES['file']['type']; + $file_name_cmps = explode(".", $file_name); + $file_extension = strtolower(end($file_name_cmps)); + + // sanitize file-name + $new_file_name = md5(time() . $file_name) . '.' . $file_extension; + + // check if file has one of the following extensions + $allowed_file_extensions = array('jpg', 'gif', 'png'); + + if(in_array($file_extension, $allowed_file_extensions)){ + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/clients/$session_company_id/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; + + if(move_uploaded_file($file_tmp_path, $dest_path)){ + mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id"); + + //Delete old file + unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name"); + + $_SESSION['alert_message'] = 'File successfully uploaded.'; + }else{ + $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.'; + } + }else{ + $_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions); + $_SESSION['alert_type'] = 'danger'; + } + } + //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modified', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id"); - $_SESSION['alert_message'] = "Contact updated"; + $_SESSION['alert_message'] .= "Contact updated"; header("Location: " . $_SERVER["HTTP_REFERER"]);