Portions created by the Initial Developer are Copyright (C) 2008-2018 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane Luis Daniel Lucio Quiroz */ //includes require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; //check permissions if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //action add or update $contact_attachment_uuid = $_REQUEST['id']; $contact_uuid = $_REQUEST['contact_uuid']; if (is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) { $action = 'update'; } else if (is_uuid($contact_uuid)) { $action = 'add'; } else { exit; } //get http post variables and set them to php variables if (is_array($_POST) && sizeof($_POST) != 0) { $attachment = $_FILES['attachment']; $attachment_primary = check_str($_POST['attachment_primary']); $attachment_description = check_str($_POST['attachment_description']); if (!is_array($attachment) || sizeof($attachment) == 0) { $attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION)); } else { $attachment_type = strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)); } //unflag others as primary if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) { $sql = "update v_contact_attachments set attachment_primary = 0 "; $sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "and contact_uuid = '".$contact_uuid."' "; $db->exec(check_sql($sql)); unset($sql); } //format array $allowed_extensions = array_keys(json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true)); $array['contact_attachments'][$index]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid(); $array['contact_attachments'][$index]['domain_uuid'] = $_SESSION['domain_uuid']; $array['contact_attachments'][$index]['contact_uuid'] = $contact_uuid; $array['contact_attachments'][$index]['attachment_primary'] = $attachment_primary == '1' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') ? 1 : 0; if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) { $array['contact_attachments'][$index]['attachment_filename'] = $attachment['name']; $array['contact_attachments'][$index]['attachment_content'] = base64_encode(file_get_contents($attachment['tmp_name'])); } $array['contact_attachments'][$index]['attachment_description'] = $attachment_description; if ($action == 'add') { $array['contact_attachments'][$index]['attachment_uploaded_date'] = 'now()'; $array['contact_attachments'][$index]['attachment_uploaded_user_uuid'] = $_SESSION['user_uuid']; } //save data $database = new database; $database->app_name = 'contacts'; $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; $database->uuid($contact_attachment_uuid); $database->save($array); //redirect message::add($text['message-message_'.($action == 'update' ? 'updated' : 'added')]); header('Location: contact_edit.php?id='.$contact_uuid); exit; } //get form data if (is_array($_GET) && sizeof($_GET) != 0) { $sql = "select * from v_contact_attachments "; $sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "and contact_attachment_uuid = :contact_attachment_uuid "; $bind[':contact_attachment_uuid'] = $contact_attachment_uuid; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(is_array($bind) ? $bind : null); $row = $prep_statement->fetch(PDO::FETCH_NAMED); $attachment_primary = $row["attachment_primary"]; $attachment_filename = $row["attachment_filename"]; $attachment_content = $row["attachment_content"]; $attachment_description = $row["attachment_description"]; unset($sql, $bind, $prep_statement, $row); } //show the header require_once "resources/header.php"; if ($action == "update") { $document['title'] = $text['title-contact_attachment-edit']; } else if ($action == "add") { $document['title'] = $text['title-contact_attachment-add']; } //show the content echo "
\n"; echo "\n"; if ($action == "update") { echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
"; if ($action == "update") { echo $text['header-contact_attachment-edit']; } else if ($action == "add") { echo $text['header-contact_attachment-add']; } echo ""; echo " "; echo " \n"; echo "
\n"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if ($action == 'update' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) { echo "\n"; echo "\n"; echo "\n"; echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo " \n"; echo " \n"; echo " "; echo "
\n"; echo " ".$text['label-attachment']."\n"; echo "\n"; $attachment_type = strtolower(pathinfo($attachment_filename, PATHINFO_EXTENSION)); if ($action == 'update') { echo "\n"; if ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') { echo ""; } else { echo "".$attachment_filename.""; } } else { $allowed_attachment_types = json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true); echo " \n"; echo " ".strtoupper(implode(', ', array_keys($allowed_attachment_types))).""; } echo "
\n"; echo " ".$text['label-attachment_filename']."\n"; echo "\n"; echo " ".$attachment_filename.""; echo "
\n"; echo " ".$text['label-primary']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo " ".$text['label-attachment_description']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo "
\n"; echo " \n"; echo "
"; echo "

"; echo "
"; //include the footer require_once "resources/footer.php"; ?>