From f604880d9c36d18ffed3d757ef63cb5a2e44dac9 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Thu, 28 Mar 2019 12:18:24 -0600
Subject: [PATCH] Contacts: Add Contact Attachments

---
 app/contacts/app_config.php                |  88 +++++++-
 app/contacts/app_languages.php             | 180 ++++++++++++++++
 app/contacts/contact_attachment.php        |  81 ++++++++
 app/contacts/contact_attachment_delete.php |  63 ++++++
 app/contacts/contact_attachment_edit.php   | 228 +++++++++++++++++++++
 app/contacts/contact_attachments.php       | 129 ++++++++++++
 app/contacts/contact_edit.php              |   3 +-
 7 files changed, 770 insertions(+), 2 deletions(-)
 create mode 100644 app/contacts/contact_attachment.php
 create mode 100644 app/contacts/contact_attachment_delete.php
 create mode 100644 app/contacts/contact_attachment_edit.php
 create mode 100644 app/contacts/contact_attachments.php

diff --git a/app/contacts/app_config.php b/app/contacts/app_config.php
index 8c0a5a4bb3..e8a4b4cb7d 100644
--- a/app/contacts/app_config.php
+++ b/app/contacts/app_config.php
@@ -211,6 +211,21 @@
 		$apps[$x]['permissions'][$y]['name'] = "contact_time_delete";
 		//$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
 		$y++;
+		$apps[$x]['permissions'][$y]['name'] = "contact_attachment_view";
+		$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
+		$apps[$x]['permissions'][$y]['groups'][] = "admin";
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = "contact_attachment_add";
+		$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
+		$apps[$x]['permissions'][$y]['groups'][] = "admin";
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = "contact_attachment_edit";
+		$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
+		$apps[$x]['permissions'][$y]['groups'][] = "admin";
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = "contact_attachment_delete";
+		$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
+		$apps[$x]['permissions'][$y]['groups'][] = "admin";
 
 	//schema details
 		$y=0;
@@ -839,4 +854,75 @@
 		$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
 		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "Description";
 
-?>
+		$y++;
+		$apps[$x]['db'][$y]['table']['name'] = "v_contact_attachments";
+		$apps[$x]['db'][$y]['table']['parent'] = "v_contacts";
+		$z=0;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "contact_attachment_uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['pgsql'] = "uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['sqlite'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = "char(36)";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['type'] = "primary";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "domain_uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['pgsql'] = "uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['sqlite'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = "char(36)";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['type'] = "foreign";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['table'] = "v_domains";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['field'] = "domain_uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "contact_uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['pgsql'] = "uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['sqlite'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = "char(36)";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['type'] = "foreign";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['table'] = "v_contacts";
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['field'] = "contact_uuid";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "attachment_primary";
+		$apps[$x]['db'][$y]['fields'][$z]['type'] = "numeric";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "Primary attachments are used as the Contact photo and sent with Messages.";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "attachment_filename";
+		$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "The attachment filename.";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "attachment_content";
+		$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "The attachment content.";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = "attachment_description";
+		$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "Enter the description.";
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = 'attachment_uploaded_date';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['pgsql'] = 'timestamp';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['sqlite'] = 'date';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = 'timestamp';
+		$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = 'The date the attachment was uploaded.';
+		$z++;
+		$apps[$x]['db'][$y]['fields'][$z]['name'] = 'attachment_uploaded_user_uuid';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['pgsql'] = 'uuid';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['sqlite'] = 'text';
+		$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = 'char(36)';
+		$apps[$x]['db'][$y]['fields'][$z]['key']['type'] = 'foreign';
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['table'] = 'v_users';
+		$apps[$x]['db'][$y]['fields'][$z]['key']['reference']['field'] = 'user_uuid';
+
+
+	//default settings
+		$y=0;
+		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "38a67445-577d-483d-a176-09549cfdaa69";
+		$apps[$x]['default_settings'][$y]['default_setting_category'] = "contact";
+		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "allowed_attachment_types";
+		$apps[$x]['default_settings'][$y]['default_setting_name'] = "text";
+		$apps[$x]['default_settings'][$y]['default_setting_value'] = '{"jpg":"image\/jpg","jpeg":"image\/jpg","gif":"image\/gif","png":"image\/png","pdf":"application\/pdf","doc":"application\/vnd.ms-word","docx":"application\/vnd.openxmlformats-officedocument.wordprocessingml.document","xls":"application\/vnd.ms-excel","xlsx":"application\/vnd.openxmlformats-officedocument.spreadsheetml.sheet","zip":"application\/zip","rar":"application\/x-rar-compressed","7z":"application\/x-7z-compressed","txt":"text\/plain","pcap":"application\/vnd.tcpdump.pcap"}';
+		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "true";
+		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Define the allowed file attachment extensions and their mime types in a JSON array.";
+		$y++;
+
+?>
\ No newline at end of file
diff --git a/app/contacts/app_languages.php b/app/contacts/app_languages.php
index 6656275725..93819fb83b 100644
--- a/app/contacts/app_languages.php
+++ b/app/contacts/app_languages.php
@@ -281,6 +281,46 @@ $text['title-contact_addresses-add']['ru-ru'] = "Добавить Адрес д
 $text['title-contact_addresses-add']['sv-se'] = "Lägg Till Kontakt Adress";
 $text['title-contact_addresses-add']['uk-ua'] = "";
 
+$text['title-contact_attachment-edit']['en-us'] = "Contact Attachment Edit";
+$text['title-contact_attachment-edit']['ar-eg'] = "";
+$text['title-contact_attachment-edit']['de-at'] = "";
+$text['title-contact_attachment-edit']['de-ch'] = "";
+$text['title-contact_attachment-edit']['de-de'] = "";
+$text['title-contact_attachment-edit']['es-cl'] = "";
+$text['title-contact_attachment-edit']['es-mx'] = "";
+$text['title-contact_attachment-edit']['fr-ca'] = "";
+$text['title-contact_attachment-edit']['fr-fr'] = "";
+$text['title-contact_attachment-edit']['he-il'] = "";
+$text['title-contact_attachment-edit']['it-it'] = "";
+$text['title-contact_attachment-edit']['nl-nl'] = "";
+$text['title-contact_attachment-edit']['pl-pl'] = "";
+$text['title-contact_attachment-edit']['pt-br'] = "";
+$text['title-contact_attachment-edit']['pt-pt'] = "";
+$text['title-contact_attachment-edit']['ro-ro'] = "";
+$text['title-contact_attachment-edit']['ru-ru'] = "";
+$text['title-contact_attachment-edit']['sv-se'] = "";
+$text['title-contact_attachment-edit']['uk-ua'] = "";
+
+$text['title-contact_attachment-add']['en-us'] = "Contact Attachment Add";
+$text['title-contact_attachment-add']['ar-eg'] = "";
+$text['title-contact_attachment-add']['de-at'] = "";
+$text['title-contact_attachment-add']['de-ch'] = "";
+$text['title-contact_attachment-add']['de-de'] = "";
+$text['title-contact_attachment-add']['es-cl'] = "";
+$text['title-contact_attachment-add']['es-mx'] = "";
+$text['title-contact_attachment-add']['fr-ca'] = "";
+$text['title-contact_attachment-add']['fr-fr'] = "";
+$text['title-contact_attachment-add']['he-il'] = "";
+$text['title-contact_attachment-add']['it-it'] = "";
+$text['title-contact_attachment-add']['nl-nl'] = "";
+$text['title-contact_attachment-add']['pl-pl'] = "";
+$text['title-contact_attachment-add']['pt-br'] = "";
+$text['title-contact_attachment-add']['pt-pt'] = "";
+$text['title-contact_attachment-add']['ro-ro'] = "";
+$text['title-contact_attachment-add']['ru-ru'] = "";
+$text['title-contact_attachment-add']['sv-se'] = "";
+$text['title-contact_attachment-add']['uk-ua'] = "";
+
 $text['title-contact-edit']['en-us'] = "Contact";
 $text['title-contact-edit']['ar-eg'] = "";
 $text['title-contact-edit']['de-at'] = "Kontakt"; //copied from de-de
@@ -3181,6 +3221,106 @@ $text['label-address_address']['ru-ru'] = "Адрес";
 $text['label-address_address']['sv-se'] = "Adress";
 $text['label-address_address']['uk-ua'] = "Адреси";
 
+$text['label-attachments']['en-us'] = "Attachments";
+$text['label-attachments']['ar-eg'] = "";
+$text['label-attachments']['de-at'] = "";
+$text['label-attachments']['de-ch'] = "";
+$text['label-attachments']['de-de'] = "";
+$text['label-attachments']['es-cl'] = "";
+$text['label-attachments']['es-mx'] = "";
+$text['label-attachments']['fr-ca'] = "";
+$text['label-attachments']['fr-fr'] = "";
+$text['label-attachments']['he-il'] = "";
+$text['label-attachments']['it-it'] = "";
+$text['label-attachments']['nl-nl'] = "";
+$text['label-attachments']['pl-pl'] = "";
+$text['label-attachments']['pt-br'] = "";
+$text['label-attachments']['pt-pt'] = "";
+$text['label-attachments']['ro-ro'] = "";
+$text['label-attachments']['ru-ru'] = "";
+$text['label-attachments']['sv-se'] = "";
+$text['label-attachments']['uk-ua'] = "";
+
+$text['label-attachment_filename']['en-us'] = "Filename";
+$text['label-attachment_filename']['ar-eg'] = "";
+$text['label-attachment_filename']['de-at'] = "";
+$text['label-attachment_filename']['de-ch'] = "";
+$text['label-attachment_filename']['de-de'] = "";
+$text['label-attachment_filename']['es-cl'] = "";
+$text['label-attachment_filename']['es-mx'] = "";
+$text['label-attachment_filename']['fr-ca'] = "";
+$text['label-attachment_filename']['fr-fr'] = "";
+$text['label-attachment_filename']['he-il'] = "";
+$text['label-attachment_filename']['it-it'] = "";
+$text['label-attachment_filename']['nl-nl'] = "";
+$text['label-attachment_filename']['pl-pl'] = "";
+$text['label-attachment_filename']['pt-br'] = "";
+$text['label-attachment_filename']['pt-pt'] = "";
+$text['label-attachment_filename']['ro-ro'] = "";
+$text['label-attachment_filename']['ru-ru'] = "";
+$text['label-attachment_filename']['sv-se'] = "";
+$text['label-attachment_filename']['uk-ua'] = "";
+
+$text['label-attachment']['en-us'] = "Attachment";
+$text['label-attachment']['ar-eg'] = "";
+$text['label-attachment']['de-at'] = "";
+$text['label-attachment']['de-ch'] = "";
+$text['label-attachment']['de-de'] = "";
+$text['label-attachment']['es-cl'] = "";
+$text['label-attachment']['es-mx'] = "";
+$text['label-attachment']['fr-ca'] = "";
+$text['label-attachment']['fr-fr'] = "";
+$text['label-attachment']['he-il'] = "";
+$text['label-attachment']['it-it'] = "";
+$text['label-attachment']['nl-nl'] = "";
+$text['label-attachment']['pl-pl'] = "";
+$text['label-attachment']['pt-br'] = "";
+$text['label-attachment']['pt-pt'] = "";
+$text['label-attachment']['ro-ro'] = "";
+$text['label-attachment']['ru-ru'] = "";
+$text['label-attachment']['sv-se'] = "";
+$text['label-attachment']['uk-ua'] = "";
+
+$text['label-attachment_size']['en-us'] = "Size";
+$text['label-attachment_size']['ar-eg'] = "";
+$text['label-attachment_size']['de-at'] = "";
+$text['label-attachment_size']['de-ch'] = "";
+$text['label-attachment_size']['de-de'] = "";
+$text['label-attachment_size']['es-cl'] = "";
+$text['label-attachment_size']['es-mx'] = "";
+$text['label-attachment_size']['fr-ca'] = "";
+$text['label-attachment_size']['fr-fr'] = "";
+$text['label-attachment_size']['he-il'] = "";
+$text['label-attachment_size']['it-it'] = "";
+$text['label-attachment_size']['nl-nl'] = "";
+$text['label-attachment_size']['pl-pl'] = "";
+$text['label-attachment_size']['pt-br'] = "";
+$text['label-attachment_size']['pt-pt'] = "";
+$text['label-attachment_size']['ro-ro'] = "";
+$text['label-attachment_size']['ru-ru'] = "";
+$text['label-attachment_size']['sv-se'] = "";
+$text['label-attachment_size']['uk-ua'] = "";
+
+$text['label-attachment_description']['en-us'] = "Description";
+$text['label-attachment_description']['ar-eg'] = "";
+$text['label-attachment_description']['de-at'] = "";
+$text['label-attachment_description']['de-ch'] = "";
+$text['label-attachment_description']['de-de'] = "";
+$text['label-attachment_description']['es-cl'] = "";
+$text['label-attachment_description']['es-mx'] = "";
+$text['label-attachment_description']['fr-ca'] = "";
+$text['label-attachment_description']['fr-fr'] = "";
+$text['label-attachment_description']['he-il'] = "";
+$text['label-attachment_description']['it-it'] = "";
+$text['label-attachment_description']['nl-nl'] = "";
+$text['label-attachment_description']['pl-pl'] = "";
+$text['label-attachment_description']['pt-br'] = "";
+$text['label-attachment_description']['pt-pt'] = "";
+$text['label-attachment_description']['ro-ro'] = "";
+$text['label-attachment_description']['ru-ru'] = "";
+$text['label-attachment_description']['sv-se'] = "";
+$text['label-attachment_description']['uk-ua'] = "";
+
 $text['header_contact_times']['en-us'] = "Times";
 $text['header_contact_times']['ar-eg'] = "";
 $text['header_contact_times']['de-at'] = "Zeiten"; //copied from de-de
@@ -3581,6 +3721,46 @@ $text['header-contact_addresses-add']['ru-ru'] = "Добавить контак
 $text['header-contact_addresses-add']['sv-se'] = "Lägg Till Kontakt Adress";
 $text['header-contact_addresses-add']['uk-ua'] = "";
 
+$text['header-contact_attachment-edit']['en-us'] = "Contact Attachment Edit";
+$text['header-contact_attachment-edit']['ar-eg'] = "";
+$text['header-contact_attachment-edit']['de-at'] = "";
+$text['header-contact_attachment-edit']['de-ch'] = "";
+$text['header-contact_attachment-edit']['de-de'] = "";
+$text['header-contact_attachment-edit']['es-cl'] = "";
+$text['header-contact_attachment-edit']['es-mx'] = "";
+$text['header-contact_attachment-edit']['fr-ca'] = "";
+$text['header-contact_attachment-edit']['fr-fr'] = "";
+$text['header-contact_attachment-edit']['he-il'] = "";
+$text['header-contact_attachment-edit']['it-it'] = "";
+$text['header-contact_attachment-edit']['nl-nl'] = "";
+$text['header-contact_attachment-edit']['pl-pl'] = "";
+$text['header-contact_attachment-edit']['pt-br'] = "";
+$text['header-contact_attachment-edit']['pt-pt'] = "";
+$text['header-contact_attachment-edit']['ro-ro'] = "";
+$text['header-contact_attachment-edit']['ru-ru'] = "";
+$text['header-contact_attachment-edit']['sv-se'] = "";
+$text['header-contact_attachment-edit']['uk-ua'] = "";
+
+$text['header-contact_attachment-add']['en-us'] = "Contact Attachment Add";
+$text['header-contact_attachment-add']['ar-eg'] = "";
+$text['header-contact_attachment-add']['de-at'] = "";
+$text['header-contact_attachment-add']['de-ch'] = "";
+$text['header-contact_attachment-add']['de-de'] = "";
+$text['header-contact_attachment-add']['es-cl'] = "";
+$text['header-contact_attachment-add']['es-mx'] = "";
+$text['header-contact_attachment-add']['fr-ca'] = "";
+$text['header-contact_attachment-add']['fr-fr'] = "";
+$text['header-contact_attachment-add']['he-il'] = "";
+$text['header-contact_attachment-add']['it-it'] = "";
+$text['header-contact_attachment-add']['nl-nl'] = "";
+$text['header-contact_attachment-add']['pl-pl'] = "";
+$text['header-contact_attachment-add']['pt-br'] = "";
+$text['header-contact_attachment-add']['pt-pt'] = "";
+$text['header-contact_attachment-add']['ro-ro'] = "";
+$text['header-contact_attachment-add']['ru-ru'] = "";
+$text['header-contact_attachment-add']['sv-se'] = "";
+$text['header-contact_attachment-add']['uk-ua'] = "";
+
 $text['header-contact-edit']['en-us'] = "Contact";
 $text['header-contact-edit']['ar-eg'] = "";
 $text['header-contact-edit']['de-at'] = "Kontakt"; //copied from de-de
diff --git a/app/contacts/contact_attachment.php b/app/contacts/contact_attachment.php
new file mode 100644
index 0000000000..739f0a2086
--- /dev/null
+++ b/app/contacts/contact_attachment.php
@@ -0,0 +1,81 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2016-2018
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+
+//add multi-lingual support
+	$language = new text;
+	$text = $language->get();
+
+//get attachment uuid
+	$contact_attachment_uuid = $_GET['id'];
+	$action = $_GET['action'];
+
+//get media
+	if (is_uuid($contact_attachment_uuid)) {
+
+		$sql = "select attachment_filename, attachment_content from v_contact_attachments ";
+		$sql .= "where contact_attachment_uuid = '".$contact_attachment_uuid."' ";
+		$sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
+		$prep_statement = $db->prepare(check_sql($sql));
+		$prep_statement->execute();
+		$attachment = $prep_statement->fetch(PDO::FETCH_NAMED);
+		unset ($prep_statement, $sql);
+
+		$attachment_type = strtolower(pathinfo($attachment['attachment_filename'], PATHINFO_EXTENSION));
+
+		//determine mime type
+		$content_type = 'application/octet-stream'; //set default
+		$allowed_attachment_types = json_decode($_SESSION['contacts']['allowed_attachment_types']['text'], true);
+		if (is_array($allowed_attachment_types) && sizeof($allowed_attachment_types) != 0) {
+			if ($allowed_attachment_types[$attachment_type] != '') {
+				$content_type = $allowed_attachment_types[$attachment_type];
+			}
+		}
+
+		switch ($action) {
+			case 'download':
+				header("Content-type: ".$content_type."; charset=utf-8");
+				header("Content-Disposition: attachment; filename=\"".$attachment['attachment_filename']."\"");
+				header("Content-Length: ".strlen(base64_decode($attachment['attachment_content'])));
+				echo base64_decode($attachment['attachment_content']);
+				break;
+			case 'display':
+				echo "	<table cellpadding='0' cellspacing='0' border='0' width='100%' height='100%'>\n";
+				echo "		<tr>\n";
+				echo "			<td align='center' valign='middle'>\n";
+				echo "				<img src=\"data:".$content_type.";base64,".$attachment['attachment_content']."\" style='width: auto; max-width: 95%; height: auto; max-height: 800px; box-shadow: 0px 1px 20px #888; background-color: #fff; cursor: pointer;' onclick=\"$('#contact_attachment_layer').fadeOut(200);\" oncontextmenu=\"window.open('contact_attachment.php?id=".$contact_attachment_uuid."&action=download'); return false;\" title=\"".$text['message-click_close_save']."\">\n";
+				echo "			</td>\n";
+				echo "		</tr>\n";
+				echo "	</table>\n";
+				break;
+		}
+
+	}
+
+?>
\ No newline at end of file
diff --git a/app/contacts/contact_attachment_delete.php b/app/contacts/contact_attachment_delete.php
new file mode 100644
index 0000000000..eae65c5550
--- /dev/null
+++ b/app/contacts/contact_attachment_delete.php
@@ -0,0 +1,63 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2012
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+	require_once "resources/check_auth.php";
+
+//check permissions
+	if (!permission_exists('contact_attachment_delete')) {
+		echo "access denied"; exit;
+	}
+
+//add multi-lingual support
+	$language = new text;
+	$text = $language->get();
+
+//get the http values and set as variables
+	if (count($_GET) > 0) {
+		$id = check_str($_GET["id"]);
+		$contact_uuid = check_str($_GET["contact_uuid"]);
+	}
+
+//delete the record
+	if (is_uuid($id)) {
+		$sql = "delete from v_contact_attachments ";
+		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
+		$bind[':contact_attachment_uuid'] = $id;
+		$prep_statement = $db->prepare(check_sql($sql));
+		$prep_statement->execute(is_array($bind) ? $bind : null);
+		unset($sql);
+	}
+
+//redirect the browser
+	message::add($text['message-delete']);
+	header("Location: contact_edit.php?id=".$contact_uuid);
+	return;
+
+?>
\ No newline at end of file
diff --git a/app/contacts/contact_attachment_edit.php b/app/contacts/contact_attachment_edit.php
new file mode 100644
index 0000000000..1c57963412
--- /dev/null
+++ b/app/contacts/contact_attachment_edit.php
@@ -0,0 +1,228 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2018
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
+*/
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+	require_once "resources/check_auth.php";
+
+//check permissions
+	if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) {
+		echo "access denied"; exit;
+	}
+
+//add multi-lingual support
+	$language = new text;
+	$text = $language->get();
+
+//action add or update
+	$contact_attachment_uuid = $_REQUEST['id'];
+	$contact_uuid = $_REQUEST['contact_uuid'];
+
+	if (is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) {
+		$action = 'update';
+	}
+	else if (is_uuid($contact_uuid)) {
+		$action = 'add';
+	}
+	else {
+		exit;
+	}
+
+//get http post variables and set them to php variables
+	if (is_array($_POST) && sizeof($_POST) != 0) {
+
+		$attachment = $_FILES['attachment'];
+		$attachment_primary = check_str($_POST['attachment_primary']);
+		$attachment_description = check_str($_POST['attachment_description']);
+
+		if (!is_array($attachment) || sizeof($attachment) == 0) {
+			$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
+		}
+		else {
+			$attachment_type = strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION));
+		}
+
+		//unflag others as primary
+			if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) {
+				$sql = "update v_contact_attachments set attachment_primary = 0 ";
+				$sql .= "where domain_uuid = '".$domain_uuid."' ";
+				$sql .= "and contact_uuid = '".$contact_uuid."' ";
+				$db->exec(check_sql($sql));
+				unset($sql);
+			}
+
+		//format array
+			$allowed_extensions = array_keys(json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true));
+			$array['contact_attachments'][$index]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid();
+			$array['contact_attachments'][$index]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['contact_attachments'][$index]['contact_uuid'] = $contact_uuid;
+			$array['contact_attachments'][$index]['attachment_primary'] = $attachment_primary == '1' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') ? 1 : 0;
+			if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) {
+				$array['contact_attachments'][$index]['attachment_filename'] = $attachment['name'];
+				$array['contact_attachments'][$index]['attachment_content'] = base64_encode(file_get_contents($attachment['tmp_name']));
+			}
+			$array['contact_attachments'][$index]['attachment_description'] = $attachment_description;
+			if ($action == 'add') {
+				$array['contact_attachments'][$index]['attachment_uploaded_date'] = 'now()';
+				$array['contact_attachments'][$index]['attachment_uploaded_user_uuid'] = $_SESSION['user_uuid'];
+			}
+
+		//save data
+			$database = new database;
+			$database->app_name = 'contacts';
+			$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+			$database->uuid($contact_attachment_uuid);
+			$database->save($array);
+
+		//redirect
+			message::add($text['message-message_'.($action == 'update' ? 'updated' : 'added')]);
+			header('Location: contact_edit.php?id='.$contact_uuid);
+			exit;
+
+	}
+
+//get form data
+	if (is_array($_GET) && sizeof($_GET) != 0) {
+		$sql = "select * from v_contact_attachments ";
+		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
+		$bind[':contact_attachment_uuid'] = $contact_attachment_uuid;
+		$prep_statement = $db->prepare(check_sql($sql));
+		$prep_statement->execute(is_array($bind) ? $bind : null);
+		$row = $prep_statement->fetch(PDO::FETCH_NAMED);
+		$attachment_primary = $row["attachment_primary"];
+		$attachment_filename = $row["attachment_filename"];
+		$attachment_content = $row["attachment_content"];
+		$attachment_description = $row["attachment_description"];
+		unset($sql, $bind, $prep_statement, $row);
+	}
+
+//show the header
+	require_once "resources/header.php";
+	if ($action == "update") {
+		$document['title'] = $text['title-contact_attachment-edit'];
+	}
+	else if ($action == "add") {
+		$document['title'] = $text['title-contact_attachment-add'];
+	}
+
+//show the content
+	echo "<form method='post' name='frm' enctype='multipart/form-data' action=''>\n";
+	echo "<input type='hidden' name='contact_uuid' value='".escape($contact_uuid)."'>\n";
+	if ($action == "update") {
+		echo "<input type='hidden' name='contact_attachment_uuid' value='".escape($contact_attachment_uuid)."'>\n";
+	}
+	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+	echo "<tr>\n";
+	echo "<td align='left' valign='top' nowrap='nowrap'><b>";
+	if ($action == "update") {
+		echo $text['header-contact_attachment-edit'];
+	}
+	else if ($action == "add") {
+		echo $text['header-contact_attachment-add'];
+	}
+	echo "</b></td>\n";
+	echo "<td align='right' valign='top'>";
+	echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='contact_edit.php?id=$contact_uuid'\" value='".$text['button-back']."'>";
+	echo "	<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+	echo "</table>\n";
+	echo "<br>\n";
+
+	echo "<table width='100%'  border='0' cellpadding='0' cellspacing='0'>\n";
+
+	echo "<tr>\n";
+	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "	".$text['label-attachment']."\n";
+	echo "</td>\n";
+	echo "<td class='vtable' align='left'>\n";
+	$attachment_type = strtolower(pathinfo($attachment_filename, PATHINFO_EXTENSION));
+	if ($action == 'update') {
+		echo "<input type='hidden' name='attachment_filename' value=\"".escape($attachment_filename)."\">\n";
+		if ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') {
+			echo "<img src='data:image/".$attachment_type.";base64,".$attachment_content."' style='border: none; width: auto; max-height: 400px;' oncontextmenu=\"window.open('contact_attachment.php?id=".$contact_attachment_uuid."&action=download'); return false;\">";
+		}
+		else {
+			echo "<a href='contact_attachment.php?id=".$contact_attachment_uuid."&action=download' style='font-size: 120%;'>".$attachment_filename."</a>";
+		}
+	}
+	else {
+		$allowed_attachment_types = json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true);
+		echo "	<input type='file' class='formfld' name='attachment' id='attachment' accept='.".implode(',.',array_keys($allowed_attachment_types))."'>\n";
+		echo "	<span style='display: inline-block; margin-top: 5px; font-size: 80%;'>".strtoupper(implode(', ', array_keys($allowed_attachment_types)))."</span>";
+	}
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	if ($action == 'update' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) {
+		echo "<tr>\n";
+		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+		echo "	".$text['label-attachment_filename']."\n";
+		echo "</td>\n";
+		echo "<td class='vtable' align='left'>\n";
+		echo "	<a href='contact_attachment.php?id=".$contact_attachment_uuid."&action=download' style='font-size: 120%;'>".$attachment_filename."</a>";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+
+	echo "<tr>\n";
+	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "	".$text['label-primary']."\n";
+	echo "</td>\n";
+	echo "<td class='vtable' align='left'>\n";
+	echo "	<select class='formfld' name='attachment_primary' id='attachment_primary'>\n";
+	echo "		<option value='0'>".$text['option-false']."</option>\n";
+	echo "		<option value='1' ".(($attachment_primary) ? "selected" : null).">".$text['option-true']."</option>\n";
+	echo "	</select>\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	echo "<tr>\n";
+	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "	".$text['label-attachment_description']."\n";
+	echo "</td>\n";
+	echo "<td class='vtable' align='left'>\n";
+	echo "	<input class='formfld' type='text' name='attachment_description' maxlength='255' value=\"".escape($attachment_description)."\">\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	echo "	<tr>\n";
+	echo "		<td colspan='2' align='right'>\n";
+	echo "			<br>\n";
+	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>\n";
+	echo "		</td>\n";
+	echo "	</tr>";
+	echo "</table>";
+	echo "<br><br>";
+	echo "</form>";
+
+//include the footer
+	require_once "resources/footer.php";
+
+?>
\ No newline at end of file
diff --git a/app/contacts/contact_attachments.php b/app/contacts/contact_attachments.php
new file mode 100644
index 0000000000..3a6329732e
--- /dev/null
+++ b/app/contacts/contact_attachments.php
@@ -0,0 +1,129 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2018
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+	require_once "resources/check_auth.php";
+
+//check permissions
+	if (!permission_exists('contact_attachment_view')) {
+		echo "access denied"; exit;
+	}
+
+//get the contact attachment list
+	$sql = "select *, length(decode(attachment_content,'base64')) as attachment_size from v_contact_attachments ";
+	$sql .= "where domain_uuid = '$domain_uuid' ";
+	$sql .= "and contact_uuid = '$contact_uuid' ";
+	$sql .= "order by attachment_primary desc, attachment_filename asc ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$contact_attachments = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset ($prep_statement, $sql);
+
+//set the row style
+	$c = 0;
+	$row_style["0"] = "row_style0";
+	$row_style["1"] = "row_style1";
+
+//styles
+	echo "<style>\n";
+
+	echo "	#contact_attachment_layer {\n";
+	echo "		z-index: 999999;\n";
+	echo "		position: absolute;\n";
+	echo "		left: 0px;\n";
+	echo "		top: 0px;\n";
+	echo "		right: 0px;\n";
+	echo "		bottom: 0px;\n";
+	echo "		text-align: center;\n";
+	echo "		vertical-align: middle;\n";
+	echo "	}\n";
+
+	echo "</style>\n";
+
+//ticket attachment layer
+	echo "<div id='contact_attachment_layer' style='display: none;'></div>\n";
+
+//show the content
+	echo "<b>".$text['label-attachments']."</b>\n";
+
+	echo "<table class='tr_hover' style='margin-bottom: 20px;' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+	echo "<tr>\n";
+	echo "<th>".$text['label-attachment_filename']."</th>\n";
+	echo "<th>".$text['label-attachment_size']."</th>\n";
+	echo "<th>".$text['label-attachment_description']."</th>\n";
+	echo "<td class='list_control_icons'>";
+	if (permission_exists('contact_attachment_add')) {
+		echo "<a href='contact_attachment_edit.php?contact_uuid=".escape($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
+	}
+	echo "</td>\n";
+	echo "</tr>\n";
+	if (is_array($contact_attachments)) {
+		foreach($contact_attachments as $row) {
+			if (permission_exists('contact_attachment_edit')) {
+				$tr_link = "href='contact_attachment_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."'";
+			}
+			echo "<tr ".$tr_link." ".((escape($row['attachment_primary'])) ? "style='font-weight: bold;'" : null).">\n";
+			$attachment_type = strtolower(pathinfo($row['attachment_filename'], PATHINFO_EXTENSION));
+			if ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') {
+				echo "	<td valign='top' class='".$row_style[$c]." tr_link_void' style='cursor: pointer;' onclick=\"display_attachment('".escape($row['contact_attachment_uuid'])."');\">";
+			}
+			else {
+				echo "	<td valign='top' class='".$row_style[$c]." tr_link_void' style='cursor: pointer;' onclick=\"window.location='contact_attachment.php?id=".escape($row['contact_attachment_uuid'])."&action=download';\">";
+			}
+			echo "		<a>".escape($row['attachment_filename'])."</a>\n";
+			echo "	</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".strtoupper(byte_convert($row['attachment_size']))."</td>\n";
+			echo "	<td valign='top' class='row_stylebg'>".escape($row['attachment_description'])."</td>\n";
+			echo "	<td class='list_control_icons'>";
+			if (permission_exists('contact_attachment_edit')) {
+				echo "<a href='contact_attachment_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+			}
+			if (permission_exists('contact_attachment_delete')) {
+				echo "<a href='contact_attachment_delete.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+			}
+			echo "	</td>\n";
+			echo "</tr>\n";
+			$c = $c ?: 1;
+		}
+		unset($sql, $contact_attachments);
+	}
+
+	echo "</table>";
+
+//javascript
+	echo "<script>\n";
+
+	echo "	function display_attachment(id) {\n";
+	echo "		$('#contact_attachment_layer').load('contact_attachment.php?id=' + id + '&action=display', function(){\n";
+	echo "			$('#contact_attachment_layer').fadeIn(200);\n";
+	echo "		});\n";
+	echo "	}\n";
+
+	echo "</script>\n";
+
+?>
diff --git a/app/contacts/contact_edit.php b/app/contacts/contact_edit.php
index 0cc96de44b..2526c79b0c 100644
--- a/app/contacts/contact_edit.php
+++ b/app/contacts/contact_edit.php
@@ -776,7 +776,7 @@
 
 	if ($action == "update") {
 		echo "<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>";
-		echo "<td width='60%' class='' valign='top' align='center'>\n";
+		echo "<td width='60%' valign='top'>\n";
 		//echo "	<img src='contacts_vcard.php?id=$contact_uuid&type=image' width='90%'><br /><br />\n";
 		if (permission_exists('contact_phone_view')) { require "contact_phones.php"; }
 		if (permission_exists('contact_address_view')) { require "contact_addresses.php"; }
@@ -787,6 +787,7 @@
 		if (permission_exists('contact_note_view')) { require "contact_notes.php"; }
 		if (permission_exists('contact_time_view')) { require "contact_times.php"; }
 		if (permission_exists('contact_setting_view')) { require "contact_settings.php"; }
+		if (permission_exists('contact_attachment_view')) { require "contact_attachments.php"; }
 		echo "</td>\n";
 	}