AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- Enhanced the document retrieval process by including the document description in the SQL query. 

- Implemented file upload capabilities, allowing users to attach files to documents with support for various formats (PDF, Word, text).
- Created modals for adding new documents and uploading files, improving user experience.
- Added functions for formatting file sizes and retrieving appropriate icons based on file extensions.
- Updated the document display logic to handle attached files, providing inline previews for PDFs and images.
This commit is contained in:
Mads Iversen 2025-06-30 14:41:12 +02:00
parent 6df04390bb
commit 396a67b198
4 changed files with 431 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
client/document.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET['id']) && !intval($_GET['id'])) {
$document_id = intval($_GET['id']);
$sql_document = mysqli_query($mysqli,
"SELECT document_id, document_name, document_content
"SELECT document_id, document_name, document_content, document_description
FROM documents
WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL
LIMIT 1"
@ -41,11 +41,21 @@ if ($row) {
$document_id = intval($row['document_id']);
$document_name = nullable_htmlentities($row['document_name']);
$document_content = $purifier->purify($row['document_content']);
$document_description = nullable_htmlentities($row['document_description']);
} else {
header("Location: post.php?logout");
exit();
}
// Check for associated files
$sql_files = mysqli_query($mysqli,
"SELECT f.file_id, f.file_name, f.file_reference_name, f.file_ext, f.file_size, f.file_mime_type
FROM files f
INNER JOIN document_files df ON f.file_id = df.file_id
WHERE df.document_id = $document_id AND f.file_client_id = $session_client_id
ORDER BY f.file_name ASC"
);
?>
<ol class="breadcrumb d-print-none">
@ -60,12 +70,134 @@ if ($row) {
</li>
</ol>
<?php
// Check if this document has attached files and handle accordingly
if (mysqli_num_rows($sql_files) > 0) {
$file_row = mysqli_fetch_array($sql_files);
$file_id = intval($file_row['file_id']);
$file_name = nullable_htmlentities($file_row['file_name']);
$file_reference_name = nullable_htmlentities($file_row['file_reference_name']);
$file_ext = strtolower($file_row['file_ext']);
$file_size = intval($file_row['file_size']);
$file_mime_type = nullable_htmlentities($file_row['file_mime_type']);
$file_size_formatted = formatBytes($file_size);
$file_path = "../uploads/clients/$session_client_id/$file_reference_name";
// For PDF files, display them inline
if ($file_ext == 'pdf') {
?>
<div class="card">
<div class="card-header">
<div class="row align-items-center">
<div class="col">
<h3 class="mb-0"><i class="fas fa-file-pdf text-danger mr-2"></i><?php echo $document_name; ?></h3>
<?php if (!empty($document_description)) { ?>
<small class="text-muted"><?php echo $document_description; ?></small>
<?php } ?>
</div>
<div class="col-auto">
<a href="<?php echo $file_path; ?>" target="_blank" class="btn btn-primary">
<i class="fas fa-external-link-alt mr-2"></i>Open in New Tab
</a>
<a href="<?php echo $file_path; ?>" download="<?php echo $file_name; ?>" class="btn btn-secondary">
<i class="fas fa-download mr-2"></i>Download
</a>
</div>
</div>
</div>
<div class="card-body p-0">
<embed src="<?php echo $file_path; ?>" type="application/pdf" width="100%" height="800px" />
</div>
</div>
<?php
}
// For images, display them inline
elseif (in_array($file_ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
?>
<div class="card">
<div class="card-header">
<div class="row align-items-center">
<div class="col">
<h3 class="mb-0"><i class="fas fa-image text-primary mr-2"></i><?php echo $document_name; ?></h3>
<?php if (!empty($document_description)) { ?>
<small class="text-muted"><?php echo $document_description; ?></small>
<?php } ?>
</div>
<div class="col-auto">
<a href="<?php echo $file_path; ?>" target="_blank" class="btn btn-primary">
<i class="fas fa-external-link-alt mr-2"></i>View Full Size
</a>
<a href="<?php echo $file_path; ?>" download="<?php echo $file_name; ?>" class="btn btn-secondary">
<i class="fas fa-download mr-2"></i>Download
</a>
</div>
</div>
</div>
<div class="card-body text-center">
<img src="<?php echo $file_path; ?>" alt="<?php echo $file_name; ?>" class="img-fluid" style="max-height: 600px;">
</div>
</div>
<?php
}
// For other file types, show download option with preview of content
else {
$file_icon = getFileIcon($file_ext);
?>
<div class="card">
<div class="card-header">
<div class="row align-items-center">
<div class="col">
<h3 class="mb-0"><i class="fas fa-<?php echo $file_icon; ?> mr-2"></i><?php echo $document_name; ?></h3>
<?php if (!empty($document_description)) { ?>
<small class="text-muted"><?php echo $document_description; ?></small>
<?php } ?>
</div>
<div class="col-auto">
<a href="<?php echo $file_path; ?>" target="_blank" class="btn btn-primary">
<i class="fas fa-external-link-alt mr-2"></i>Open File
</a>
<a href="<?php echo $file_path; ?>" download="<?php echo $file_name; ?>" class="btn btn-secondary">
<i class="fas fa-download mr-2"></i>Download
</a>
</div>
</div>
</div>
<div class="card-body">
<div class="row align-items-center">
<div class="col-auto">
<i class="fas fa-<?php echo $file_icon; ?> fa-3x text-secondary"></i>
</div>
<div class="col">
<h5><?php echo $file_name; ?></h5>
<p class="text-muted mb-2">
<strong>Type:</strong> <?php echo strtoupper($file_ext); ?> File<br>
<strong>Size:</strong> <?php echo $file_size_formatted; ?>
</p>
<?php if (!empty($document_content) && $document_content != "<p>Uploaded file: <strong>$file_name</strong></p><p>$document_description</p>") { ?>
<div class="mt-3">
<?php echo $document_content; ?>
</div>
<?php } ?>
</div>
</div>
</div>
</div>
<?php
}
} else {
// Regular text-based document (no files attached)
?>
<div class="card">
<div class="card-body prettyContent">
<h3><?php echo $document_name; ?></h3>
<?php echo $document_content; ?>
</div>
</div>
<?php
}
?>
<?php
require_once "includes/footer.php";

127
client/documents.php
View File

@ -16,16 +16,30 @@ if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
$documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, document_created_at, folder_name FROM documents LEFT JOIN folders ON document_folder_id = folder_id WHERE document_client_visible = 1 AND document_client_id = $session_client_id AND document_template = 0 AND document_archived_at IS NULL ORDER BY folder_id, document_name DESC");
?>
<h3>Documents</h3>
<div class="row">
<div class="col">
<h3><i class="fas fa-file-alt mr-2"></i>Documents</h3>
</div>
<div class="col-auto">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#uploadDocumentModal">
<i class="fas fa-plus mr-2"></i>New Document
</button>
<button type="button" class="btn btn-secondary" data-toggle="modal" data-target="#uploadFileDocumentModal">
<i class="fas fa-upload mr-2"></i>Upload File
</button>
</div>
</div>
</div>
<div class="col-md-10">
<table class="table tabled-bordered border border-dark">
<div class="row mt-3">
<div class="col-md-12">
<table class="table table-bordered border border-dark">
<thead class="thead-dark">
<tr>
<th>Name</th>
<th>Created</th>
<th class="text-center">Actions</th>
</tr>
</thead>
<tbody>
@ -40,7 +54,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
?>
<tr>
<td><a href="document.php?id=<?php echo $document_id?>">
<td>
<a href="document.php?id=<?php echo $document_id?>">
<i class="fas fa-file-alt mr-2"></i>
<?php
if (!empty($folder_name)) {
echo "$folder_name / ";
@ -49,15 +65,112 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum
?>
</a>
</td>
<td><?php echo $document_created_at; ?></td>
<td><?php echo date('M j, Y', strtotime($document_created_at)); ?></td>
<td class="text-center">
<a href="document.php?id=<?php echo $document_id?>" class="btn btn-sm btn-outline-primary">
<i class="fas fa-eye"></i>
</a>
</td>
</tr>
<?php } ?>
</tbody>
</table>
</div>
</div>
<!-- New Document Modal -->
<div class="modal" id="uploadDocumentModal" tabindex="-1">
<div class="modal-dialog modal-lg">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-file-alt mr-2"></i>Create New Document</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<div class="modal-body bg-white">
<div class="form-group">
<label>Document Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span>
</div>
<input type="text" class="form-control" name="document_name" placeholder="Enter document name" required maxlength="200">
</div>
</div>
<div class="form-group">
<label>Description</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-align-left"></i></span>
</div>
<input type="text" class="form-control" name="document_description" placeholder="Brief description (optional)" maxlength="255">
</div>
</div>
<div class="form-group">
<label>Content <strong class="text-danger">*</strong></label>
<textarea class="form-control" name="document_content" rows="8" placeholder="Enter document content..." required></textarea>
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="client_add_document" class="btn btn-primary"><i class="fa fa-check mr-2"></i>Create Document</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>
</div>
</div>
<!-- Upload File Document Modal -->
<div class="modal" id="uploadFileDocumentModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-upload mr-2"></i>Upload Document File</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<div class="modal-body bg-white">
<div class="form-group">
<label>Document Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-file-alt"></i></span>
</div>
<input type="text" class="form-control" name="document_name" placeholder="Enter document name" required maxlength="200">
</div>
</div>
<div class="form-group">
<label>Description</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-align-left"></i></span>
</div>
<input type="text" class="form-control" name="document_description" placeholder="Brief description (optional)" maxlength="255">
</div>
</div>
<div class="form-group">
<label>Upload File <strong class="text-danger">*</strong></label>
<input type="file" class="form-control-file" name="document_file" id="documentFileInput"
accept=".pdf,.doc,.docx,.txt,.md,.odt,.rtf" required>
<small class="text-secondary">Supported formats: PDF, Word documents, text files</small>
</div>
</div>
<div class="modal-footer bg-white">
<button type="submit" name="client_upload_document" class="btn btn-primary"><i class="fa fa-upload mr-2"></i>Upload Document</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
</div>
</div>
</div>
<?php

45
client/functions.php
View File

@ -37,3 +37,48 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
return false;
}
/*
* Returns appropriate FontAwesome icon for file extension
*/
function getFileIcon($file_extension) {
$file_extension = strtolower($file_extension);
// Document icons
if (in_array($file_extension, ['pdf'])) {
return 'file-pdf';
} elseif (in_array($file_extension, ['doc', 'docx'])) {
return 'file-word';
} elseif (in_array($file_extension, ['xls', 'xlsx'])) {
return 'file-excel';
} elseif (in_array($file_extension, ['ppt', 'pptx'])) {
return 'file-powerpoint';
} elseif (in_array($file_extension, ['txt', 'md', 'rtf'])) {
return 'file-alt';
} elseif (in_array($file_extension, ['zip', 'rar', '7z', 'tar', 'gz'])) {
return 'file-archive';
} elseif (in_array($file_extension, ['jpg', 'jpeg', 'png', 'gif', 'webp', 'bmp'])) {
return 'file-image';
} elseif (in_array($file_extension, ['mp4', 'avi', 'mov', 'wmv', 'flv'])) {
return 'file-video';
} elseif (in_array($file_extension, ['mp3', 'wav', 'ogg', 'flac'])) {
return 'file-audio';
} elseif (in_array($file_extension, ['html', 'htm', 'css', 'js', 'php', 'py', 'java'])) {
return 'file-code';
} else {
return 'file';
}
}
/*
* Formats bytes into human readable file sizes
*/
function formatBytes($bytes, $precision = 2) {
$units = array('B', 'KB', 'MB', 'GB', 'TB');
for ($i = 0; $bytes > 1024 && $i < count($units) - 1; $i++) {
$bytes /= 1024;
}
return round($bytes, $precision) . ' ' . $units[$i];
}

129
client/post.php
View File

@ -629,7 +629,7 @@ if (isset($_GET['stripe_save_card'])) {
if (!empty($config_smtp_host)) {
$subject = "Payment method saved";
$body = "Hello $session_contact_name,<br><br>Were writing to confirm that your payment details have been securely stored with Stripe, our trusted payment processor.<br><br>By agreeing to save your payment information, you have authorized us to automatically bill your card ($stripe_pm_details) for any future invoices. The payment details youve provided are securely stored with Stripe and will be used solely for invoices. We do not have access to your full card details.<br><br>You may update or remove your payment information at any time using the portal.<br><br>Thank you for your business!<br><br>--<br>$company_name - Billing Department<br>$config_invoice_from_email<br>$company_phone";
$body = "Hello $session_contact_name,<br><br>We're writing to confirm that your payment details have been securely stored with Stripe, our trusted payment processor.<br><br>By agreeing to save your payment information, you have authorized us to automatically bill your card ($stripe_pm_details) for any future invoices. The payment details you've provided are securely stored with Stripe and will be used solely for invoices. We do not have access to your full card details.<br><br>You may update or remove your payment information at any time using the portal.<br><br>Thank you for your business!<br><br>--<br>$company_name - Billing Department<br>$config_invoice_from_email<br>$company_phone";
$data = [
[
@ -750,3 +750,130 @@ if (isset($_POST['delete_recurring_payment'])) {
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['client_add_document'])) {
// Permission check - only primary or technical contacts can create documents
if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
header("Location: post.php?logout");
exit();
}
$document_name = sanitizeInput($_POST['document_name']);
$document_description = sanitizeInput($_POST['document_description']);
$document_content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
$document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content']));
// Create document
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '$document_content',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli);
// Logging
logAction("Document", "Create", "Client contact $session_contact_name created document $document_name", $session_client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> created successfully";
header('Location: documents.php');
}
if (isset($_POST['client_upload_document'])) {
// Permission check - only primary or technical contacts can upload documents
if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) {
header("Location: post.php?logout");
exit();
}
$document_name = sanitizeInput($_POST['document_name']);
$document_description = sanitizeInput($_POST['document_description']);
$client_dir = "../uploads/clients/$session_client_id";
// Create client directory if it doesn't exist
if (!is_dir($client_dir)) {
mkdir($client_dir, 0755, true);
}
// Allowed file extensions for documents
$allowedExtensions = ['pdf', 'doc', 'docx', 'txt', 'md', 'odt', 'rtf'];
// Check if file was uploaded
if (isset($_FILES['document_file']) && $_FILES['document_file']['error'] == 0) {
// Validate and get a safe file reference name
if ($file_reference_name = checkFileUpload($_FILES['document_file'], $allowedExtensions)) {
$file_tmp_path = $_FILES['document_file']['tmp_name'];
$file_name = sanitizeInput($_FILES['document_file']['name']);
$extParts = explode('.', $file_name);
$file_extension = strtolower(end($extParts));
$file_mime_type = sanitizeInput($_FILES['document_file']['type']);
$file_size = intval($_FILES['document_file']['size']);
// Define destination path and move the uploaded file
$dest_path = $client_dir . "/" . $file_reference_name;
if (move_uploaded_file($file_tmp_path, $dest_path)) {
// Create document entry
$document_content = "<p>Uploaded file: <strong>$file_name</strong></p><p>$document_description</p>";
$document_content_raw = "$document_name $file_name $document_description";
mysqli_query($mysqli, "INSERT INTO documents SET
document_name = '$document_name',
document_description = '$document_description',
document_content = '$document_content',
document_content_raw = '$document_content_raw',
document_client_visible = 1,
document_client_id = $session_client_id,
document_created_by = $session_contact_id");
$document_id = mysqli_insert_id($mysqli);
// Create file entry
mysqli_query($mysqli, "INSERT INTO files SET
file_reference_name = '$file_reference_name',
file_name = '$file_name',
file_description = 'Attached to document: $document_name',
file_ext = '$file_extension',
file_mime_type = '$file_mime_type',
file_size = $file_size,
file_created_by = $session_contact_id,
file_client_id = $session_client_id");
$file_id = mysqli_insert_id($mysqli);
// Link file to document
mysqli_query($mysqli, "INSERT INTO document_files SET document_id = $document_id, file_id = $file_id");
// Logging
logAction("Document", "Upload", "Client contact $session_contact_name uploaded document $document_name with file $file_name", $session_client_id, $document_id);
$_SESSION['alert_message'] = "Document <strong>$document_name</strong> uploaded successfully";
} else {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'Error uploading file. Please try again.';
}
} else {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'Invalid file type. Please upload PDF, Word documents, or text files only.';
}
} else {
$_SESSION['alert_type'] = 'error';
$_SESSION['alert_message'] = 'Please select a file to upload.';
}
header('Location: documents.php');
}
?>