AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

New File upload logic complete Breaking changes New db dump

This commit is contained in:
johnnyq 2021-09-21 22:22:55 -04:00
parent 1d3cf6fd96
commit a939588cf2
18 changed files with 549 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
client_files.php
View File

@ -32,6 +32,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while($row = mysqli_fetch_array($sql_files_images)){
$file_id = $row['file_id'];
$file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext'];
?>
@ -39,12 +40,12 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3">
<div class="card">
<a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>">
<img class="img-fluid" src="<?php echo $file_name; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>">
</a>
<div class="card-footer bg-dark text-white p-1">
<center>
<a href="<?php echo $file_name; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<small><?php echo basename($file_name); ?></small>
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<small><?php echo $file_name; ?></small>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-white float-right mr-1"><i class="fa fa-times"></i></a>
</center>
@ -66,6 +67,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while($row = mysqli_fetch_array($sql_files_other)){
$file_id = $row['file_id'];
$file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext'];
if($file_ext == 'pdf'){
$file_icon = "file-pdf";
@ -87,7 +89,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<tr>
<td><a href="<?php echo $file_name; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
<td>
<a href="<?php echo $file_name; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
</td>
</tr>

2
companies.php
View File

@ -103,7 +103,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<?php if(!empty($company_logo)){ ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo $company_logo; ?>">
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<?php }else{ ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
db.sql
View File

@ -404,7 +404,7 @@ DROP TABLE IF EXISTS `files`;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `files` (
`file_id` int(11) NOT NULL AUTO_INCREMENT,
`reference_file_name` varchar(200) DEFAULT NULL,
`file_reference_name` varchar(200) DEFAULT NULL,
`file_name` varchar(200) NOT NULL,
`file_ext` varchar(200) DEFAULT NULL,
`file_created_at` datetime NOT NULL,
@ -1064,4 +1064,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2021-09-09 23:14:42
-- Dump completed on 2021-09-21 22:22:21

4
edit_company_modal.php
View File

@ -9,7 +9,7 @@
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="company_id" value="<?php echo $company_id; ?>">
<input type="hidden" name="current_file_path" value="<?php echo $company_logo; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $company_logo; ?>">
<div class="modal-body bg-white">
<div class="form-group">
@ -134,7 +134,7 @@
<div class="card col-md-2">
<div class="card-body">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
</div>

2
edit_expense_modal.php
View File

@ -10,7 +10,7 @@
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<div class="modal-body bg-white">
<input type="hidden" name="expense_id" value="<?php echo $expense_id; ?>">
<input type="hidden" name="expense_receipt" value="<?php echo $expense_receipt; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $existing_file_name; ?>">
<div class="form-row">

4
edit_user_modal.php
View File

@ -9,12 +9,12 @@
</div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<input type="hidden" name="current_avatar_path" value="<?php echo $user_avatar; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
<div class="modal-body bg-white">
<center class="mb-3">
<?php if(!empty($user_avatar)){ ?>
<img class="img-fluid rounded-circle" src="<?php echo $user_avatar; ?>" height="128" width="128">
<img class="img-fluid rounded-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>" height="128" width="128">
<?php }else{ ?>
<span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
expenses.php
View File

@ -173,7 +173,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
if(empty($expense_receipt)){
$receipt_attached = "";
}else{
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='$expense_receipt'><i class='fa fa-file-pdf'></i></a>";
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$session_company_id/$expense_receipt'><i class='fa fa-file-pdf'></i></a>";
}
?>
@ -193,7 +193,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<?php
if(!empty($expense_receipt)){
?>
<a class="dropdown-item" href="<?php echo $expense_receipt; ?>" target="_blank">Reciept</a>
<a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name.pdf"; ?>">Download</a>
<div class="dropdown-divider"></div>
<?php
}

6
guest_view_invoice.php
View File

@ -57,8 +57,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
$company_email = $row['company_email'];
$company_logo = $row['company_logo'];
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo']));
}
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$config_invoice_footer = $row['config_invoice_footer'];
$config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable'];
@ -129,7 +129,7 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
<div class="card-body">
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<?php if($invoice_status == "Paid"){ ?>

6
guest_view_quote.php
View File

@ -56,8 +56,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
$company_email = $row['company_email'];
$company_logo = $row['company_logo'];
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo']));
}
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$quote_footer = $row['quote_footer'];
$ip = get_ip();
@ -98,7 +98,7 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

5
invoice.php
View File

@ -49,6 +49,7 @@ if(isset($_GET['invoice_id'])){
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
@ -60,7 +61,7 @@ if(isset($_GET['invoice_id'])){
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo']));
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC");
@ -170,7 +171,7 @@ if(isset($_GET['invoice_id'])){
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<div class="ribbon-wrapper">

552
post.php
View File

@ -46,14 +46,48 @@ if(isset($_POST['add_user'])){
mkdir("uploads/users/$user_id");
}
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/users/$user_id/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$path' WHERE user_id = $user_id");
//Create Permissions
mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id");
@ -75,19 +109,58 @@ if(isset($_POST['edit_user'])){
$new_password = trim($_POST['new_password']);
$company = intval($_POST['company']);
$level = intval($_POST['level']);
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path'])));
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') {
//delete old avatar file
unlink($path);
//Update with new path
$path = "uploads/users/$user_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
if(!file_exists("uploads/users/$user_id/")) {
mkdir("uploads/users/$user_id");
}
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/users/$user_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_password = '$password', user_avatar = '$path', user_updated_at = NOW() WHERE user_id = $user_id");
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_password = '$password', user_updated_at = NOW() WHERE user_id = $user_id");
if(!empty($new_password)){
$new_password = md5($new_password);
@ -112,19 +185,54 @@ if(isset($_POST['edit_profile'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$new_password = trim($_POST['new_password']);
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path'])));
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') {
//delete old avatar file
unlink($path);
//Update with new path
$path = "uploads/users/$user_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/users/$user_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_avatar = '$path', user_updated_at = NOW() WHERE user_id = $user_id");
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_updated_at = NOW() WHERE user_id = $user_id");
if(!empty($new_password)){
$new_password = md5($new_password);
@ -236,14 +344,46 @@ if(isset($_POST['add_company'])){
mkdir("uploads/settings/$company_id");
mkdir("uploads/tmp/$company_id");
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/settings/$company_id/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$path' WHERE company_id = $company_id");
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_default_country = '$country', config_default_currency = '$currency_code', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1, config_base_url = '$config_base_url'");
@ -270,20 +410,58 @@ if(isset($_POST['edit_company'])){
$website = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['website'])));
$currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['currency_code'])));
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_file_path']));
$existing_file_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']));
if(!file_exists("uploads/settings/$company_id/")) {
mkdir("uploads/settings/$company_id");
}
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/settings/$company_id/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/settings/$company_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_logo = '$path', company_updated_at = NOW() WHERE company_id = $company_id");
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_updated_at = NOW() WHERE company_id = $company_id");
mysqli_query($mysqli,"UPDATE settings SET config_default_currency = '$currency_code', config_default_country = '$country' WHERE company_id = $company_id");
@ -1654,14 +1832,51 @@ if(isset($_POST['add_expense'])){
$description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
$reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/expenses/$session_company_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = '$amount', expense_currency_code = '$config_default_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_created_at = NOW(), company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = '$amount', expense_currency_code = '$config_default_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_receipt = '$path', expense_created_at = NOW(), company_id = $session_company_id");
$expense_id = mysqli_insert_id($mysqli);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 9097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Created', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@ -1682,18 +1897,54 @@ if(isset($_POST['edit_expense'])){
$category = intval($_POST['category']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
$reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expense_receipt'])));
$existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') {
//remove old receipt
unlink($path);
$path = "uploads/expenses/$session_company_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 9097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/expenses/$session_company_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_receipt = '$path', expense_updated_at = NOW() WHERE expense_id = $expense_id AND company_id = $session_company_id");
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_updated_at = NOW() WHERE expense_id = $expense_id AND company_id = $session_company_id");
$_SESSION['alert_message'] = "Expense modified";
@ -1711,7 +1962,7 @@ if(isset($_GET['delete_expense'])){
$row = mysqli_fetch_array($sql);
$expense_receipt = $row['expense_receipt'];
unlink($expense_receipt);
unlink("uploads/expenses/$session_company_id/$expense_receipt");
mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id AND company_id = $session_company_id");
@ -3169,12 +3420,12 @@ if(isset($_POST['add_contact'])){
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name);
$file_extension = strtolower(end($file_name_cmps));
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3182,21 +3433,28 @@ if(isset($_POST['add_contact'])){
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger';
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -3237,14 +3495,14 @@ if(isset($_POST['edit_contact'])){
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name);
$file_extension = strtolower(end($file_name_cmps));
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3252,24 +3510,31 @@ if(isset($_POST['edit_contact'])){
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
//Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger';
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -3383,12 +3648,12 @@ if(isset($_POST['add_location'])){
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name);
$file_extension = strtolower(end($file_name_cmps));
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3396,21 +3661,28 @@ if(isset($_POST['add_location'])){
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger';
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -3454,14 +3726,14 @@ if(isset($_POST['edit_location'])){
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name);
$file_extension = strtolower(end($file_name_cmps));
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3469,24 +3741,31 @@ if(isset($_POST['edit_location'])){
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
//Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger';
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
@ -4401,18 +4680,48 @@ if(isset($_POST['add_file'])){
mkdir("uploads/clients/$session_company_id/$client_id");
}
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/clients/$session_company_id/$client_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
$ext = pathinfo($path);
$ext = $ext['extension'];
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$file_reference_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'zip', 'tar', 'gz');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $file_reference_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"INSERT INTO files SET file_reference_name = '$file_reference_name', file_name = '$file_name', file_ext = '$file_extension', file_created_at = NOW(), file_client_id = $client_id, company_id = $session_company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
mysqli_query($mysqli,"INSERT INTO files SET file_name = '$path', file_ext = '$ext', file_created_at = NOW(), file_client_id = $client_id, company_id = $session_company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Uploaded', log_description = '$path', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@ -4427,9 +4736,10 @@ if(isset($_GET['delete_file'])){
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_file);
$file_name = $row['file_name'];
$client_id = $row['file_client_id'];
$file_reference_name = $row['file_reference_name'];
unlink($file_name);
unlink("uploads/clients/$session_company_id/$client_id/$file_reference_name");
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id AND company_id = $session_company_id");

7
quote.php
View File

@ -44,6 +44,7 @@ if(isset($_GET['quote_id'])){
if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms;
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
@ -55,8 +56,8 @@ if(isset($_GET['quote_id'])){
$company_website = $row['company_website'];
$company_logo = $row['company_logo'];
if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo']));
}
$company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
}
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC");
@ -146,7 +147,7 @@ if(isset($_GET['quote_id'])){
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

3
recurring_invoice.php
View File

@ -53,6 +53,7 @@ if(isset($_GET['recurring_id'])){
$status = "Inactive";
$status_badge_color = "secondary";
}
$company_id = $row['company_id'];
$company_name = $row['company_name'];
$company_country = $row['company_country'];
$company_address = $row['company_address'];
@ -111,7 +112,7 @@ if(isset($_GET['recurring_id'])){
<div class="row mb-4">
<div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>">
<img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div>
<div class="col-sm-10">
<h3 class="text-right"><strong>Recurring Invoice</strong><br><small class="text-secondary"><?php echo ucwords($recurring_frequency); ?>ly</small></h3>

4
settings-user.php
View File

@ -22,13 +22,13 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>">
<input type="hidden" name="current_avatar_path" value="<?php echo $session_avatar; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>">
<center class="mb-3 p-4">
<?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php }else{ ?>
<img src="<?php echo $session_avatar; ?>" class="img-circle img-fluid">
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle img-fluid">
<?php } ?>
<h4 class="text-secondary mt-2"><?php echo $session_permission_level_display; ?></h4>
</center>

93
setup.php
View File

@ -162,14 +162,48 @@ if(isset($_POST['add_user'])){
mkdir("uploads/users/$user_id");
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/users/$user_id/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$path' WHERE user_id = $user_id");
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
@ -205,13 +239,46 @@ if(isset($_POST['add_company_settings'])){
mkdir("uploads/settings/$company_id");
mkdir("uploads/tmp/$company_id");
if($_FILES['file']['tmp_name']!='') {
$path = "uploads/settings/$company_id/";
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$path' WHERE company_id = $company_id");
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
//Create Permissions

4
top_nav.php
View File

@ -37,7 +37,7 @@
<?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle"></i>
<?php }else{ ?>
<img src="<?php echo $session_avatar; ?>" class="user-image img-circle">
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="user-image img-circle">
<?php } ?>
<span class="d-none d-md-inline"><?php echo $session_name; ?></span>
</a>
@ -48,7 +48,7 @@
<i class="fas fa-user-circle fa-6x"></i>
<?php }else{ ?>
<img src="<?php echo "$session_avatar"; ?>" class="img-circle">
<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
<?php } ?>
<p>
<?php echo $session_name; ?>

2
users.php
View File

@ -121,7 +121,7 @@
<td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">
<?php if(!empty($user_avatar)){ ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo $user_avatar; ?>">
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
<?php }else{ ?>
<span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
view_file_modal.php
View File

@ -2,14 +2,14 @@
<div class="modal-dialog modal-xl ">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-image"></i> <?php echo basename($file_name); ?></h5>
<h5 class="modal-title"><i class="fa fa-fw fa-image"></i> <?php echo $file_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<center>
<img class="img-fluid" src="<?php echo $file_name; ?>">
<img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>">
</center>
</div>