mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 10:54:52 +00:00
BREAKING CHANGE New file upload method for contacts to not specify full path in database to reduce the db load and size as well as give better error control
This commit is contained in:
johnnyq
97
post.php
97
post.php
@@ -3156,14 +3156,7 @@ if(isset($_POST['add_contact'])){
|
||||
mkdir("uploads/clients/$session_company_id/$client_id");
|
||||
}
|
||||
|
||||
if($_FILES['file']['tmp_name']!='') {
|
||||
$path = "uploads/clients/$session_company_id/$client_id/";
|
||||
$path = $path . time() . basename( $_FILES['file']['name']);
|
||||
$file_name = basename($path);
|
||||
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_photo = '$path', contact_notes = '$notes', contact_created_at = NOW(), contact_client_id = $client_id, company_id = $session_company_id");
|
||||
mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_created_at = NOW(), contact_client_id = $client_id, company_id = $session_company_id");
|
||||
|
||||
|
||||
//Update Primay contact in clients if primary contact is checked
|
||||
@@ -3172,10 +3165,45 @@ if(isset($_POST['add_contact'])){
|
||||
mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id");
|
||||
}
|
||||
|
||||
//Check to see if a file is attached
|
||||
if($_FILES['file']['tmp_name'] != ''){
|
||||
|
||||
// get details of the uploaded file
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
$file_name = $_FILES['file']['name'];
|
||||
$file_size = $_FILES['file']['size'];
|
||||
$file_type = $_FILES['file']['type'];
|
||||
$file_name_cmps = explode(".", $file_name);
|
||||
$file_extension = strtolower(end($file_name_cmps));
|
||||
|
||||
// sanitize file-name
|
||||
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
|
||||
|
||||
// check if file has one of the following extensions
|
||||
$allowed_file_extensions = array('jpg', 'gif', 'png');
|
||||
|
||||
if(in_array($file_extension, $allowed_file_extensions)){
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
|
||||
if(move_uploaded_file($file_tmp_path, $dest_path)){
|
||||
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
|
||||
|
||||
$_SESSION['alert_message'] = 'File successfully uploaded.';
|
||||
}else{
|
||||
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
|
||||
}
|
||||
}else{
|
||||
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
|
||||
$_SESSION['alert_type'] = 'danger';
|
||||
}
|
||||
}
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Create', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Contact added";
|
||||
$_SESSION['alert_message'] .= "Contact added";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
@@ -3194,30 +3222,61 @@ if(isset($_POST['edit_contact'])){
|
||||
$primary_contact = intval($_POST['primary_contact']);
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||
|
||||
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']));
|
||||
$existing_file_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']));
|
||||
|
||||
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
|
||||
mkdir("uploads/clients/$session_company_id/$client_id");
|
||||
}
|
||||
|
||||
if($_FILES['file']['tmp_name']!='') {
|
||||
$path = "uploads/clients/$session_company_id/$client_id/";
|
||||
$path = $path . time() . basename( $_FILES['file']['name']);
|
||||
$file_name = basename($path);
|
||||
move_uploaded_file($_FILES['file']['tmp_name'], $path);
|
||||
}
|
||||
|
||||
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_photo = '$path', contact_notes = '$notes', contact_updated_at = NOW() WHERE contact_id = $contact_id AND company_id = $session_company_id");
|
||||
mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_updated_at = NOW() WHERE contact_id = $contact_id AND company_id = $session_company_id");
|
||||
|
||||
//Update Primay contact in clients if primary contact is checked
|
||||
if($primary_contact > 0){
|
||||
mysqli_query($mysqli,"UPDATE clients SET primary_contact = $contact_id WHERE client_id = $client_id");
|
||||
}
|
||||
|
||||
//Check to see if a file is attached
|
||||
if($_FILES['file']['tmp_name'] != ''){
|
||||
|
||||
// get details of the uploaded file
|
||||
$file_tmp_path = $_FILES['file']['tmp_name'];
|
||||
$file_name = $_FILES['file']['name'];
|
||||
$file_size = $_FILES['file']['size'];
|
||||
$file_type = $_FILES['file']['type'];
|
||||
$file_name_cmps = explode(".", $file_name);
|
||||
$file_extension = strtolower(end($file_name_cmps));
|
||||
|
||||
// sanitize file-name
|
||||
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
|
||||
|
||||
// check if file has one of the following extensions
|
||||
$allowed_file_extensions = array('jpg', 'gif', 'png');
|
||||
|
||||
if(in_array($file_extension, $allowed_file_extensions)){
|
||||
// directory in which the uploaded file will be moved
|
||||
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
|
||||
$dest_path = $upload_file_dir . $new_file_name;
|
||||
|
||||
if(move_uploaded_file($file_tmp_path, $dest_path)){
|
||||
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
|
||||
|
||||
//Delete old file
|
||||
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
|
||||
|
||||
$_SESSION['alert_message'] = 'File successfully uploaded.';
|
||||
}else{
|
||||
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
|
||||
}
|
||||
}else{
|
||||
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
|
||||
$_SESSION['alert_type'] = 'danger';
|
||||
}
|
||||
}
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modified', log_description = '$name', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Contact updated";
|
||||
$_SESSION['alert_message'] .= "Contact updated";
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user