diff --git a/client/document.php b/client/document.php index e3b9de77..5a56e2c4 100644 --- a/client/document.php +++ b/client/document.php @@ -29,7 +29,7 @@ if (!isset($_GET['id']) && !intval($_GET['id'])) { $document_id = intval($_GET['id']); $sql_document = mysqli_query($mysqli, - "SELECT document_id, document_name, document_content + "SELECT document_id, document_name, document_content, document_description FROM documents WHERE document_id = $document_id AND document_client_visible = 1 AND document_client_id = $session_client_id AND document_archived_at IS NULL LIMIT 1" @@ -41,11 +41,21 @@ if ($row) { $document_id = intval($row['document_id']); $document_name = nullable_htmlentities($row['document_name']); $document_content = $purifier->purify($row['document_content']); + $document_description = nullable_htmlentities($row['document_description']); } else { header("Location: post.php?logout"); exit(); } +// Check for associated files +$sql_files = mysqli_query($mysqli, + "SELECT f.file_id, f.file_name, f.file_reference_name, f.file_ext, f.file_size, f.file_mime_type + FROM files f + INNER JOIN document_files df ON f.file_id = df.file_id + WHERE df.document_id = $document_id AND f.file_client_id = $session_client_id + ORDER BY f.file_name ASC" +); + ?>
    @@ -60,12 +70,134 @@ if ($row) {
-
-
-

- + 0) { + $file_row = mysqli_fetch_array($sql_files); + $file_id = intval($file_row['file_id']); + $file_name = nullable_htmlentities($file_row['file_name']); + $file_reference_name = nullable_htmlentities($file_row['file_reference_name']); + $file_ext = strtolower($file_row['file_ext']); + $file_size = intval($file_row['file_size']); + $file_mime_type = nullable_htmlentities($file_row['file_mime_type']); + $file_size_formatted = formatBytes($file_size); + + $file_path = "../uploads/clients/$session_client_id/$file_reference_name"; + + // For PDF files, display them inline + if ($file_ext == 'pdf') { + ?> +
+
+
+
+

+ + + +
+
+ + Open in New Tab + + + Download + +
+
+
+
+ +
+
+ +
+
+
+
+

+ + + +
+
+ + View Full Size + + + Download + +
+
+
+
+ <?php echo $file_name; ?> +
+
+ +
+
+
+
+

+ + + +
+
+ + Open File + + + Download + +
+
+
+
+
+
+ +
+
+
+

+ Type: File
+ Size: +

+ Uploaded file: $file_name

$document_description

") { ?> +
+ +
+ +
+
+
+
+ +
+
+

+ +
-
+ -

Documents

+
+

Documents

+
+
+
+ + +
+
+
-
- - +
+
+
+ @@ -40,7 +54,9 @@ $documents_sql = mysqli_query($mysqli, "SELECT document_id, document_name, docum ?> - - + +
Name CreatedActions
+ + + + + + +
-
+
+ + + + + 1024 && $i < count($units) - 1; $i++) { + $bytes /= 1024; + } + + return round($bytes, $precision) . ' ' . $units[$i]; +} diff --git a/client/post.php b/client/post.php index 59381157..e8b5b8ed 100644 --- a/client/post.php +++ b/client/post.php @@ -630,7 +630,7 @@ if (isset($_GET['stripe_save_card'])) { if (!empty($config_smtp_host)) { $subject = "Payment method saved"; - $body = "Hello $session_contact_name,

We’re writing to confirm that your payment details have been securely stored with Stripe, our trusted payment processor.

By agreeing to save your payment information, you have authorized us to automatically bill your card ($stripe_pm_details) for any future invoices. The payment details you’ve provided are securely stored with Stripe and will be used solely for invoices. We do not have access to your full card details.

You may update or remove your payment information at any time using the portal.

Thank you for your business!

--
$company_name - Billing Department
$config_invoice_from_email
$company_phone"; + $body = "Hello $session_contact_name,

We're writing to confirm that your payment details have been securely stored with Stripe, our trusted payment processor.

By agreeing to save your payment information, you have authorized us to automatically bill your card ($stripe_pm_details) for any future invoices. The payment details you've provided are securely stored with Stripe and will be used solely for invoices. We do not have access to your full card details.

You may update or remove your payment information at any time using the portal.

Thank you for your business!

--
$company_name - Billing Department
$config_invoice_from_email
$company_phone"; $data = [ [ @@ -751,3 +751,130 @@ if (isset($_POST['delete_recurring_payment'])) { header("Location: " . $_SERVER["HTTP_REFERER"]); } + +if (isset($_POST['client_add_document'])) { + + // Permission check - only primary or technical contacts can create documents + if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) { + header("Location: post.php?logout"); + exit(); + } + + $document_name = sanitizeInput($_POST['document_name']); + $document_description = sanitizeInput($_POST['document_description']); + $document_content = mysqli_real_escape_string($mysqli, $_POST['document_content']); + $document_content_raw = sanitizeInput($document_name . " " . strip_tags($_POST['document_content'])); + + // Create document + mysqli_query($mysqli, "INSERT INTO documents SET + document_name = '$document_name', + document_description = '$document_description', + document_content = '$document_content', + document_content_raw = '$document_content_raw', + document_client_visible = 1, + document_client_id = $session_client_id, + document_created_by = $session_contact_id"); + + $document_id = mysqli_insert_id($mysqli); + + // Logging + logAction("Document", "Create", "Client contact $session_contact_name created document $document_name", $session_client_id, $document_id); + + $_SESSION['alert_message'] = "Document $document_name created successfully"; + + header('Location: documents.php'); +} + +if (isset($_POST['client_upload_document'])) { + + // Permission check - only primary or technical contacts can upload documents + if ($session_contact_primary == 0 && !$session_contact_is_technical_contact) { + header("Location: post.php?logout"); + exit(); + } + + $document_name = sanitizeInput($_POST['document_name']); + $document_description = sanitizeInput($_POST['document_description']); + $client_dir = "../uploads/clients/$session_client_id"; + + // Create client directory if it doesn't exist + if (!is_dir($client_dir)) { + mkdir($client_dir, 0755, true); + } + + // Allowed file extensions for documents + $allowedExtensions = ['pdf', 'doc', 'docx', 'txt', 'md', 'odt', 'rtf']; + + // Check if file was uploaded + if (isset($_FILES['document_file']) && $_FILES['document_file']['error'] == 0) { + + // Validate and get a safe file reference name + if ($file_reference_name = checkFileUpload($_FILES['document_file'], $allowedExtensions)) { + + $file_tmp_path = $_FILES['document_file']['tmp_name']; + $file_name = sanitizeInput($_FILES['document_file']['name']); + $extParts = explode('.', $file_name); + $file_extension = strtolower(end($extParts)); + $file_mime_type = sanitizeInput($_FILES['document_file']['type']); + $file_size = intval($_FILES['document_file']['size']); + + // Define destination path and move the uploaded file + $dest_path = $client_dir . "/" . $file_reference_name; + + if (move_uploaded_file($file_tmp_path, $dest_path)) { + + // Create document entry + $document_content = "

Uploaded file: $file_name

$document_description

"; + $document_content_raw = "$document_name $file_name $document_description"; + + mysqli_query($mysqli, "INSERT INTO documents SET + document_name = '$document_name', + document_description = '$document_description', + document_content = '$document_content', + document_content_raw = '$document_content_raw', + document_client_visible = 1, + document_client_id = $session_client_id, + document_created_by = $session_contact_id"); + + $document_id = mysqli_insert_id($mysqli); + + // Create file entry + mysqli_query($mysqli, "INSERT INTO files SET + file_reference_name = '$file_reference_name', + file_name = '$file_name', + file_description = 'Attached to document: $document_name', + file_ext = '$file_extension', + file_mime_type = '$file_mime_type', + file_size = $file_size, + file_created_by = $session_contact_id, + file_client_id = $session_client_id"); + + $file_id = mysqli_insert_id($mysqli); + + // Link file to document + mysqli_query($mysqli, "INSERT INTO document_files SET document_id = $document_id, file_id = $file_id"); + + // Logging + logAction("Document", "Upload", "Client contact $session_contact_name uploaded document $document_name with file $file_name", $session_client_id, $document_id); + + $_SESSION['alert_message'] = "Document $document_name uploaded successfully"; + + } else { + $_SESSION['alert_type'] = 'error'; + $_SESSION['alert_message'] = 'Error uploading file. Please try again.'; + } + + } else { + $_SESSION['alert_type'] = 'error'; + $_SESSION['alert_message'] = 'Invalid file type. Please upload PDF, Word documents, or text files only.'; + } + + } else { + $_SESSION['alert_type'] = 'error'; + $_SESSION['alert_message'] = 'Please select a file to upload.'; + } + + header('Location: documents.php'); +} + +?>