AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

New File upload logic complete Breaking changes New db dump

This commit is contained in:
johnnyq 2021-09-21 22:22:55 -04:00
parent 1d3cf6fd96
commit a939588cf2
18 changed files with 549 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
client_files.php
View File

@ -32,6 +32,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while($row = mysqli_fetch_array($sql_files_images)){ while($row = mysqli_fetch_array($sql_files_images)){
$file_id = $row['file_id']; $file_id = $row['file_id'];
$file_name = $row['file_name']; $file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext']; $file_ext = $row['file_ext'];
?> ?>
@ -39,12 +40,12 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3"> <div class="col-xl-3 col-lg-3 col-md-6 col-sm-6 mb-3">
<div class="card"> <div class="card">
<a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>"> <a href="#" data-toggle="modal" data-target="#viewFileModal<?php echo $file_id; ?>">
<img class="img-fluid" src="<?php echo $file_name; ?>"> <img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>">
</a> </a>
<div class="card-footer bg-dark text-white p-1"> <div class="card-footer bg-dark text-white p-1">
<center> <center>
<a href="<?php echo $file_name; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a> <a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<small><?php echo basename($file_name); ?></small> <small><?php echo $file_name; ?></small>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-white float-right mr-1"><i class="fa fa-times"></i></a> <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-white float-right mr-1"><i class="fa fa-times"></i></a>
</center> </center>
@ -66,6 +67,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
while($row = mysqli_fetch_array($sql_files_other)){ while($row = mysqli_fetch_array($sql_files_other)){
$file_id = $row['file_id']; $file_id = $row['file_id'];
$file_name = $row['file_name']; $file_name = $row['file_name'];
$file_reference_name = $row['file_reference_name'];
$file_ext = $row['file_ext']; $file_ext = $row['file_ext'];
if($file_ext == 'pdf'){ if($file_ext == 'pdf'){
$file_icon = "file-pdf"; $file_icon = "file-pdf";
@ -87,7 +89,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
<tr> <tr>
<td><a href="<?php echo $file_name; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td> <td><a href="<?php echo $file_name; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
<td> <td>
<a href="<?php echo $file_name; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a> <a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
<a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a> <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
</td> </td>
</tr> </tr>

2
companies.php
View File

@ -103,7 +103,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<td class="text-center"> <td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>"> <a class="text-dark" href="#" data-toggle="modal" data-target="#editCompanyModal<?php echo $company_id; ?>">
<?php if(!empty($company_logo)){ ?> <?php if(!empty($company_logo)){ ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo $company_logo; ?>"> <img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
<?php }else{ ?> <?php }else{ ?>
<span class="fa-stack fa-2x"> <span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
db.sql
View File

@ -404,7 +404,7 @@ DROP TABLE IF EXISTS `files`;
/*!40101 SET character_set_client = utf8 */; /*!40101 SET character_set_client = utf8 */;
CREATE TABLE `files` ( CREATE TABLE `files` (
`file_id` int(11) NOT NULL AUTO_INCREMENT, `file_id` int(11) NOT NULL AUTO_INCREMENT,
`reference_file_name` varchar(200) DEFAULT NULL, `file_reference_name` varchar(200) DEFAULT NULL,
`file_name` varchar(200) NOT NULL, `file_name` varchar(200) NOT NULL,
`file_ext` varchar(200) DEFAULT NULL, `file_ext` varchar(200) DEFAULT NULL,
`file_created_at` datetime NOT NULL, `file_created_at` datetime NOT NULL,
@ -1064,4 +1064,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2021-09-09 23:14:42 -- Dump completed on 2021-09-21 22:22:21

4
edit_company_modal.php
View File

@ -9,7 +9,7 @@
</div> </div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="company_id" value="<?php echo $company_id; ?>"> <input type="hidden" name="company_id" value="<?php echo $company_id; ?>">
<input type="hidden" name="current_file_path" value="<?php echo $company_logo; ?>"> <input type="hidden" name="existing_file_name" value="<?php echo $company_logo; ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<div class="form-group"> <div class="form-group">
@ -134,7 +134,7 @@
<div class="card col-md-2"> <div class="card col-md-2">
<div class="card-body"> <div class="card-body">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
</div> </div>

2
edit_expense_modal.php
View File

@ -10,7 +10,7 @@
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<input type="hidden" name="expense_id" value="<?php echo $expense_id; ?>"> <input type="hidden" name="expense_id" value="<?php echo $expense_id; ?>">
<input type="hidden" name="expense_receipt" value="<?php echo $expense_receipt; ?>"> <input type="hidden" name="existing_file_name" value="<?php echo $existing_file_name; ?>">
<div class="form-row"> <div class="form-row">

4
edit_user_modal.php
View File

@ -9,12 +9,12 @@
</div> </div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>"> <input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<input type="hidden" name="current_avatar_path" value="<?php echo $user_avatar; ?>"> <input type="hidden" name="existing_file_name" value="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<center class="mb-3"> <center class="mb-3">
<?php if(!empty($user_avatar)){ ?> <?php if(!empty($user_avatar)){ ?>
<img class="img-fluid rounded-circle" src="<?php echo $user_avatar; ?>" height="128" width="128"> <img class="img-fluid rounded-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>" height="128" width="128">
<?php }else{ ?> <?php }else{ ?>
<span class="fa-stack fa-4x"> <span class="fa-stack fa-4x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
expenses.php
View File

@ -173,7 +173,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
if(empty($expense_receipt)){ if(empty($expense_receipt)){
$receipt_attached = ""; $receipt_attached = "";
}else{ }else{
$receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='$expense_receipt'><i class='fa fa-file-pdf'></i></a>"; $receipt_attached = "<a class='text-secondary mr-2' target='_blank' href='uploads/expenses/$session_company_id/$expense_receipt'><i class='fa fa-file-pdf'></i></a>";
} }
?> ?>
@ -193,7 +193,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<?php <?php
if(!empty($expense_receipt)){ if(!empty($expense_receipt)){
?> ?>
<a class="dropdown-item" href="<?php echo $expense_receipt; ?>" target="_blank">Reciept</a> <a class="dropdown-item" href="<?php echo "uploads/expenses/$session_company_id/$expense_receipt"; ?>" download="<?php echo "$expense_date-$vendor_name-$category_name.pdf"; ?>">Download</a>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<?php <?php
} }

6
guest_view_invoice.php
View File

@ -57,8 +57,8 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
$company_email = $row['company_email']; $company_email = $row['company_email'];
$company_logo = $row['company_logo']; $company_logo = $row['company_logo'];
if(!empty($company_logo)){ if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo'])); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$config_invoice_footer = $row['config_invoice_footer']; $config_invoice_footer = $row['config_invoice_footer'];
$config_stripe_enable = $row['config_stripe_enable']; $config_stripe_enable = $row['config_stripe_enable'];
$config_stripe_publishable = $row['config_stripe_publishable']; $config_stripe_publishable = $row['config_stripe_publishable'];
@ -129,7 +129,7 @@ if(isset($_GET['invoice_id'], $_GET['url_key'])){
<div class="card-body"> <div class="card-body">
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<?php if($invoice_status == "Paid"){ ?> <?php if($invoice_status == "Paid"){ ?>

6
guest_view_quote.php
View File

@ -56,8 +56,8 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
$company_email = $row['company_email']; $company_email = $row['company_email'];
$company_logo = $row['company_logo']; $company_logo = $row['company_logo'];
if(!empty($company_logo)){ if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo'])); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$quote_footer = $row['quote_footer']; $quote_footer = $row['quote_footer'];
$ip = get_ip(); $ip = get_ip();
@ -98,7 +98,7 @@ if(isset($_GET['quote_id'], $_GET['url_key'])){
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3> <h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

5
invoice.php
View File

@ -49,6 +49,7 @@ if(isset($_GET['invoice_id'])){
if($client_net_terms == 0){ if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
} }
$company_id = $row['company_id'];
$company_name = $row['company_name']; $company_name = $row['company_name'];
$company_country = $row['company_country']; $company_country = $row['company_country'];
$company_address = $row['company_address']; $company_address = $row['company_address'];
@ -60,7 +61,7 @@ if(isset($_GET['invoice_id'])){
$company_website = $row['company_website']; $company_website = $row['company_website'];
$company_logo = $row['company_logo']; $company_logo = $row['company_logo'];
if(!empty($company_logo)){ if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo'])); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC"); $sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_invoice_id = $invoice_id ORDER BY history_id DESC");
@ -170,7 +171,7 @@ if(isset($_GET['invoice_id'])){
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<div class="ribbon-wrapper"> <div class="ribbon-wrapper">

552
post.php
View File

@ -46,14 +46,48 @@ if(isset($_POST['add_user'])){
mkdir("uploads/users/$user_id"); mkdir("uploads/users/$user_id");
} }
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/users/$user_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$path' WHERE user_id = $user_id");
//Create Permissions //Create Permissions
mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id"); mysqli_query($mysqli,"INSERT INTO permissions SET permission_level = $level, permission_default_company = $company, permission_companies = $company, user_id = $user_id");
@ -75,19 +109,58 @@ if(isset($_POST['edit_user'])){
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
$company = intval($_POST['company']); $company = intval($_POST['company']);
$level = intval($_POST['level']); $level = intval($_POST['level']);
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']))); $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') { if(!file_exists("uploads/users/$user_id/")) {
//delete old avatar file mkdir("uploads/users/$user_id");
unlink($path); }
//Update with new path
$path = "uploads/users/$user_id/"; //Check to see if a file is attached
$path = $path . basename( $_FILES['file']['name']); if($_FILES['file']['tmp_name'] != ''){
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path); // get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/users/$user_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_password = '$password', user_avatar = '$path', user_updated_at = NOW() WHERE user_id = $user_id"); mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_password = '$password', user_updated_at = NOW() WHERE user_id = $user_id");
if(!empty($new_password)){ if(!empty($new_password)){
$new_password = md5($new_password); $new_password = md5($new_password);
@ -112,19 +185,54 @@ if(isset($_POST['edit_profile'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']))); $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$new_password = trim($_POST['new_password']); $new_password = trim($_POST['new_password']);
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_avatar_path']))); $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
//delete old avatar file if($_FILES['file']['tmp_name'] != ''){
unlink($path);
//Update with new path // get details of the uploaded file
$path = "uploads/users/$user_id/"; $file_error = 0;
$path = $path . basename( $_FILES['file']['name']); $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = basename($path); $file_name = $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/users/$user_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_avatar = '$path', user_updated_at = NOW() WHERE user_id = $user_id"); mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email', user_updated_at = NOW() WHERE user_id = $user_id");
if(!empty($new_password)){ if(!empty($new_password)){
$new_password = md5($new_password); $new_password = md5($new_password);
@ -236,14 +344,46 @@ if(isset($_POST['add_company'])){
mkdir("uploads/settings/$company_id"); mkdir("uploads/settings/$company_id");
mkdir("uploads/tmp/$company_id"); mkdir("uploads/tmp/$company_id");
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/settings/$company_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$path' WHERE company_id = $company_id"); $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_default_country = '$country', config_default_currency = '$currency_code', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1, config_base_url = '$config_base_url'"); mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_default_country = '$country', config_default_currency = '$currency_code', config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 0, config_enable_cron = 0, config_ticket_next_number = 1, config_base_url = '$config_base_url'");
@ -270,20 +410,58 @@ if(isset($_POST['edit_company'])){
$website = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['website']))); $website = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['website'])));
$currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['currency_code']))); $currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['currency_code'])));
$path = strip_tags(mysqli_real_escape_string($mysqli,$_POST['current_file_path'])); $existing_file_name = strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name']));
if(!file_exists("uploads/settings/$company_id/")) { if(!file_exists("uploads/settings/$company_id/")) {
mkdir("uploads/settings/$company_id"); mkdir("uploads/settings/$company_id");
} }
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/settings/$company_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/settings/$company_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_logo = '$path', company_updated_at = NOW() WHERE company_id = $company_id"); mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_updated_at = NOW() WHERE company_id = $company_id");
mysqli_query($mysqli,"UPDATE settings SET config_default_currency = '$currency_code', config_default_country = '$country' WHERE company_id = $company_id"); mysqli_query($mysqli,"UPDATE settings SET config_default_currency = '$currency_code', config_default_country = '$country' WHERE company_id = $company_id");
@ -1654,14 +1832,51 @@ if(isset($_POST['add_expense'])){
$description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description']))); $description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
$reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference']))); $reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
if($_FILES['file']['tmp_name']!='') { mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = '$amount', expense_currency_code = '$config_default_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_created_at = NOW(), company_id = $session_company_id");
$path = "uploads/expenses/$session_company_id/";
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path);
move_uploaded_file($_FILES['file']['tmp_name'], $path);
}
mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$date', expense_amount = '$amount', expense_currency_code = '$config_default_currency', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_receipt = '$path', expense_created_at = NOW(), company_id = $session_company_id"); $expense_id = mysqli_insert_id($mysqli);
//Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 9097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Created', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Expense', log_action = 'Created', log_description = '$description', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@ -1682,18 +1897,54 @@ if(isset($_POST['edit_expense'])){
$category = intval($_POST['category']); $category = intval($_POST['category']);
$description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description']))); $description = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['description'])));
$reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference']))); $reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference'])));
$path = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expense_receipt']))); $existing_file_name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['existing_file_name'])));
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
//remove old receipt if($_FILES['file']['tmp_name'] != ''){
unlink($path);
$path = "uploads/expenses/$session_company_id/"; // get details of the uploaded file
$path = $path . basename( $_FILES['file']['name']); $file_error = 0;
$file_name = basename($path); $file_tmp_path = $_FILES['file']['tmp_name'];
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 9097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/expenses/$session_company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Delete old file
unlink("uploads/expenses/$session_company_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_receipt = '$path', expense_updated_at = NOW() WHERE expense_id = $expense_id AND company_id = $session_company_id"); mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = '$amount', expense_account_id = $account, expense_vendor_id = $vendor, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference', expense_updated_at = NOW() WHERE expense_id = $expense_id AND company_id = $session_company_id");
$_SESSION['alert_message'] = "Expense modified"; $_SESSION['alert_message'] = "Expense modified";
@ -1711,7 +1962,7 @@ if(isset($_GET['delete_expense'])){
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$expense_receipt = $row['expense_receipt']; $expense_receipt = $row['expense_receipt'];
unlink($expense_receipt); unlink("uploads/expenses/$session_company_id/$expense_receipt");
mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id AND company_id = $session_company_id"); mysqli_query($mysqli,"DELETE FROM expenses WHERE expense_id = $expense_id AND company_id = $session_company_id");
@ -3169,12 +3420,12 @@ if(isset($_POST['add_contact'])){
if($_FILES['file']['tmp_name'] != ''){ if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file // get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name']; $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']; $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type']; $file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name); $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$file_extension = strtolower(end($file_name_cmps));
// sanitize file-name // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension; $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3182,21 +3433,28 @@ if(isset($_POST['add_contact'])){
// check if file has one of the following extensions // check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png'); $allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){ if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/"; $upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){ move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
$_SESSION['alert_message'] = 'File successfully uploaded.'; $_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}else{ }else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger'; $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
} }
} }
@ -3237,14 +3495,14 @@ if(isset($_POST['edit_contact'])){
//Check to see if a file is attached //Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){ if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file // get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name']; $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']; $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type']; $file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name); $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$file_extension = strtolower(end($file_name_cmps));
// sanitize file-name // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension; $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3252,24 +3510,31 @@ if(isset($_POST['edit_contact'])){
// check if file has one of the following extensions // check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png'); $allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){ if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/"; $upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){ move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
//Delete old file //Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name"); unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
$_SESSION['alert_message'] = 'File successfully uploaded.'; $_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}else{ }else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger'; $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
} }
} }
@ -3383,12 +3648,12 @@ if(isset($_POST['add_location'])){
if($_FILES['file']['tmp_name'] != ''){ if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file // get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name']; $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']; $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type']; $file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name); $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$file_extension = strtolower(end($file_name_cmps));
// sanitize file-name // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension; $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3396,21 +3661,28 @@ if(isset($_POST['add_location'])){
// check if file has one of the following extensions // check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png'); $allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){ if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/"; $upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){ move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
$_SESSION['alert_message'] = 'File successfully uploaded.'; $_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}else{ }else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger'; $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
} }
} }
@ -3454,14 +3726,14 @@ if(isset($_POST['edit_location'])){
//Check to see if a file is attached //Check to see if a file is attached
if($_FILES['file']['tmp_name'] != ''){ if($_FILES['file']['tmp_name'] != ''){
// get details of the uploaded file // get details of the uploaded file
$file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name']; $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name']; $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size']; $file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type']; $file_type = $_FILES['file']['type'];
$file_name_cmps = explode(".", $file_name); $file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
$file_extension = strtolower(end($file_name_cmps));
// sanitize file-name // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension; $new_file_name = md5(time() . $file_name) . '.' . $file_extension;
@ -3469,24 +3741,31 @@ if(isset($_POST['edit_location'])){
// check if file has one of the following extensions // check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png'); $allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension, $allowed_file_extensions)){ if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved // directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/"; $upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $new_file_name; $dest_path = $upload_file_dir . $new_file_name;
if(move_uploaded_file($file_tmp_path, $dest_path)){ move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
//Delete old file //Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name"); unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
$_SESSION['alert_message'] = 'File successfully uploaded.'; $_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}else{ }else{
$_SESSION['alert_message'] = 'Upload failed. Allowed file types: ' . implode(',', $allowed_file_extensions);
$_SESSION['alert_type'] = 'danger'; $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
} }
} }
@ -4401,18 +4680,48 @@ if(isset($_POST['add_file'])){
mkdir("uploads/clients/$session_company_id/$client_id"); mkdir("uploads/clients/$session_company_id/$client_id");
} }
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/clients/$session_company_id/$client_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
$ext = pathinfo($path); $file_tmp_path = $_FILES['file']['tmp_name'];
$ext = $ext['extension']; $file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
// sanitize file-name
$file_reference_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'zip', 'tar', 'gz');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/clients/$session_company_id/$client_id/";
$dest_path = $upload_file_dir . $file_reference_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"INSERT INTO files SET file_reference_name = '$file_reference_name', file_name = '$file_name', file_ext = '$file_extension', file_created_at = NOW(), file_client_id = $client_id, company_id = $session_company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
mysqli_query($mysqli,"INSERT INTO files SET file_name = '$path', file_ext = '$ext', file_created_at = NOW(), file_client_id = $client_id, company_id = $session_company_id");
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Uploaded', log_description = '$path', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'File', log_action = 'Uploaded', log_description = '$path', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id");
@ -4427,9 +4736,10 @@ if(isset($_GET['delete_file'])){
$sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id AND company_id = $session_company_id"); $sql_file = mysqli_query($mysqli,"SELECT * FROM files WHERE file_id = $file_id AND company_id = $session_company_id");
$row = mysqli_fetch_array($sql_file); $row = mysqli_fetch_array($sql_file);
$file_name = $row['file_name']; $client_id = $row['file_client_id'];
$file_reference_name = $row['file_reference_name'];
unlink($file_name); unlink("uploads/clients/$session_company_id/$client_id/$file_reference_name");
mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id AND company_id = $session_company_id"); mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id AND company_id = $session_company_id");

7
quote.php
View File

@ -44,6 +44,7 @@ if(isset($_GET['quote_id'])){
if($client_net_terms == 0){ if($client_net_terms == 0){
$client_net_terms = $config_default_net_terms; $client_net_terms = $config_default_net_terms;
} }
$company_id = $row['company_id'];
$company_name = $row['company_name']; $company_name = $row['company_name'];
$company_country = $row['company_country']; $company_country = $row['company_country'];
$company_address = $row['company_address']; $company_address = $row['company_address'];
@ -55,8 +56,8 @@ if(isset($_GET['quote_id'])){
$company_website = $row['company_website']; $company_website = $row['company_website'];
$company_logo = $row['company_logo']; $company_logo = $row['company_logo'];
if(!empty($company_logo)){ if(!empty($company_logo)){
$company_logo_base64 = base64_encode(file_get_contents($row['company_logo'])); $company_logo_base64 = base64_encode(file_get_contents("uploads/settings/$company_id/$company_logo"));
} }
$sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC"); $sql_history = mysqli_query($mysqli,"SELECT * FROM history WHERE history_quote_id = $quote_id ORDER BY history_id DESC");
@ -146,7 +147,7 @@ if(isset($_GET['quote_id'])){
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3> <h3 class="text-right"><strong>Quote</strong><br><small class="text-secondary"><?php echo "$quote_prefix$quote_number"; ?></small></h3>

3
recurring_invoice.php
View File

@ -53,6 +53,7 @@ if(isset($_GET['recurring_id'])){
$status = "Inactive"; $status = "Inactive";
$status_badge_color = "secondary"; $status_badge_color = "secondary";
} }
$company_id = $row['company_id'];
$company_name = $row['company_name']; $company_name = $row['company_name'];
$company_country = $row['company_country']; $company_country = $row['company_country'];
$company_address = $row['company_address']; $company_address = $row['company_address'];
@ -111,7 +112,7 @@ if(isset($_GET['recurring_id'])){
<div class="row mb-4"> <div class="row mb-4">
<div class="col-sm-2"> <div class="col-sm-2">
<img class="img-fluid" src="<?php echo $company_logo; ?>"> <img class="img-fluid" src="<?php echo "uploads/settings/$company_id/$company_logo"; ?>">
</div> </div>
<div class="col-sm-10"> <div class="col-sm-10">
<h3 class="text-right"><strong>Recurring Invoice</strong><br><small class="text-secondary"><?php echo ucwords($recurring_frequency); ?>ly</small></h3> <h3 class="text-right"><strong>Recurring Invoice</strong><br><small class="text-secondary"><?php echo ucwords($recurring_frequency); ?>ly</small></h3>

4
settings-user.php
View File

@ -22,13 +22,13 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>"> <input type="hidden" name="user_id" value="<?php echo $session_user_id; ?>">
<input type="hidden" name="current_avatar_path" value="<?php echo $session_avatar; ?>"> <input type="hidden" name="existing_file_name" value="<?php echo $session_avatar; ?>">
<center class="mb-3 p-4"> <center class="mb-3 p-4">
<?php if(empty($session_avatar)){ ?> <?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i> <i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php }else{ ?> <?php }else{ ?>
<img src="<?php echo $session_avatar; ?>" class="img-circle img-fluid"> <img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle img-fluid">
<?php } ?> <?php } ?>
<h4 class="text-secondary mt-2"><?php echo $session_permission_level_display; ?></h4> <h4 class="text-secondary mt-2"><?php echo $session_permission_level_display; ?></h4>
</center> </center>

93
setup.php
View File

@ -162,14 +162,48 @@ if(isset($_POST['add_user'])){
mkdir("uploads/users/$user_id"); mkdir("uploads/users/$user_id");
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/users/$user_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
} $file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$path' WHERE user_id = $user_id"); // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
//Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
$_SESSION['alert_message'] = "User <strong>$user_name</strong> created!"; $_SESSION['alert_message'] = "User <strong>$user_name</strong> created!";
@ -205,13 +239,46 @@ if(isset($_POST['add_company_settings'])){
mkdir("uploads/settings/$company_id"); mkdir("uploads/settings/$company_id");
mkdir("uploads/tmp/$company_id"); mkdir("uploads/tmp/$company_id");
if($_FILES['file']['tmp_name']!='') { //Check to see if a file is attached
$path = "uploads/settings/$company_id/"; if($_FILES['file']['tmp_name'] != ''){
$path = $path . time() . basename( $_FILES['file']['name']);
$file_name = basename($path); // get details of the uploaded file
move_uploaded_file($_FILES['file']['tmp_name'], $path); $file_error = 0;
$file_tmp_path = $_FILES['file']['tmp_name'];
$file_name = $_FILES['file']['name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_extension = strtolower(end(explode('.',$_FILES['file']['name'])));
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$path' WHERE company_id = $company_id"); // sanitize file-name
$new_file_name = md5(time() . $file_name) . '.' . $file_extension;
// check if file has one of the following extensions
$allowed_file_extensions = array('jpg', 'gif', 'png');
if(in_array($file_extension,$allowed_file_extensions) === false){
$file_error = 1;
}
//Check File Size
if($file_size > 2097152){
$file_error = 1;
}
if($file_error == 0){
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/settings/$company_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = $company_id");
$_SESSION['alert_message'] = 'File successfully uploaded.';
}else{
$_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
} }
//Create Permissions //Create Permissions

4
top_nav.php
View File

@ -37,7 +37,7 @@
<?php if(empty($session_avatar)){ ?> <?php if(empty($session_avatar)){ ?>
<i class="fas fa-user-circle"></i> <i class="fas fa-user-circle"></i>
<?php }else{ ?> <?php }else{ ?>
<img src="<?php echo $session_avatar; ?>" class="user-image img-circle"> <img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="user-image img-circle">
<?php } ?> <?php } ?>
<span class="d-none d-md-inline"><?php echo $session_name; ?></span> <span class="d-none d-md-inline"><?php echo $session_name; ?></span>
</a> </a>
@ -48,7 +48,7 @@
<i class="fas fa-user-circle fa-6x"></i> <i class="fas fa-user-circle fa-6x"></i>
<?php }else{ ?> <?php }else{ ?>
<img src="<?php echo "$session_avatar"; ?>" class="img-circle"> <img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
<?php } ?> <?php } ?>
<p> <p>
<?php echo $session_name; ?> <?php echo $session_name; ?>

2
users.php
View File

@ -121,7 +121,7 @@
<td class="text-center"> <td class="text-center">
<a class="text-dark" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>"> <a class="text-dark" href="#" data-toggle="modal" data-target="#editUserModal<?php echo $user_id; ?>">
<?php if(!empty($user_avatar)){ ?> <?php if(!empty($user_avatar)){ ?>
<img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo $user_avatar; ?>"> <img height="48" width="48" class="img-fluid rounded-circle" src="<?php echo "uploads/users/$user_id/$user_avatar"; ?>">
<?php }else{ ?> <?php }else{ ?>
<span class="fa-stack fa-2x"> <span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>

4
view_file_modal.php
View File

@ -2,14 +2,14 @@
<div class="modal-dialog modal-xl "> <div class="modal-dialog modal-xl ">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-image"></i> <?php echo basename($file_name); ?></h5> <h5 class="modal-title"><i class="fa fa-fw fa-image"></i> <?php echo $file_name; ?></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
</div> </div>
<center> <center>
<img class="img-fluid" src="<?php echo $file_name; ?>"> <img class="img-fluid" src="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>">
</center> </center>
</div> </div>