Portions created by the Initial Developer are Copyright (C) 2008-2024 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane Luis Daniel Lucio Quiroz */ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; //check permissions if (!permission_exists('contact_attachment_edit') && !permission_exists('contact_attachment_add')) { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //action add or update $contact_attachment_uuid = $_REQUEST['id'] ?? ''; $contact_uuid = $_REQUEST['contact_uuid'] ?? ''; if (!empty($contact_attachment_uuid) && !empty($contact_uuid) && is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) { $action = 'update'; } else if (!empty($contact_uuid) && is_uuid($contact_uuid)) { $action = 'add'; } else { exit; } //get http post variables and set them to php variables if (!empty($_POST)) { //set the variables $attachment = $_FILES['attachment']; $attachment_primary = $_POST['attachment_primary']; $attachment_description = $_POST['attachment_description']; //validate the token $token = new token; if (!$token->validate($_SERVER['PHP_SELF'])) { message::add($text['message-invalid_token'],'negative'); header('Location: contacts.php'); exit; } //get the attachment type if (empty($attachment) || sizeof($attachment) == 0) { $attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION)); } else { $attachment_type = strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)); } //unflag others as primary $allowed_primary_attachment = false; if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) { $sql = "update v_contact_attachments set attachment_primary = 0 "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and contact_uuid = :contact_uuid "; $parameters['domain_uuid'] = $domain_uuid; $parameters['contact_uuid'] = $contact_uuid; $database = new database; $database->execute($sql, $parameters ?? null); unset($sql, $parameters); $allowed_primary_attachment = true; } //get the allowed extensions $allowed_extensions = array_keys(json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true)); //get the attachment extension $attachment_extension = strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)); //check the allowed extensions if ($attachment['error'] == '0' && in_array($attachment_extension, $allowed_extensions)) { //get the attachment content $attachment_content = file_get_contents($attachment['tmp_name']); //list of image extensions $image_extensions = array('png','jpg','jpeg','gif','bmp', 'webp'); //read the image from the string then output the image without meta data if (in_array($attachment_extension, $image_extensions)) { //create the image object from the content string $image = imagecreatefromstring($attachment_content); //start output buffering to capture the image data ob_start(); //output the image without the EXIF data imagepng($image); //get the image from the buffer $attachment_content = ob_get_contents(); //end the buffering ob_end_clean(); //free up the memory imagedestroy($image); } } //prepare the array $array['contact_attachments'][0]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid(); $array['contact_attachments'][0]['domain_uuid'] = $_SESSION['domain_uuid'] ?? ''; $array['contact_attachments'][0]['contact_uuid'] = $contact_uuid; $array['contact_attachments'][0]['attachment_primary'] = $allowed_primary_attachment ? 1 : 0; if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) { $array['contact_attachments'][0]['attachment_filename'] = $attachment['name']; $array['contact_attachments'][0]['attachment_content'] = base64_encode($attachment_content); } $array['contact_attachments'][0]['attachment_description'] = $attachment_description; if ($action == 'add') { $array['contact_attachments'][0]['attachment_uploaded_date'] = 'now()'; $array['contact_attachments'][0]['attachment_uploaded_user_uuid'] = $_SESSION['user_uuid']; } //save data $database = new database; $database->app_name = 'contacts'; $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; $database->save($array); unset($array); //redirect message::add($text['message-'.($action == 'update' ? 'update' : 'uploaded')]); header('Location: contact_edit.php?id='.$contact_uuid); exit; } //get form data if (!empty($_GET)) { $sql = "select * from v_contact_attachments "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and contact_attachment_uuid = :contact_attachment_uuid "; $parameters['domain_uuid'] = $domain_uuid; $parameters['contact_attachment_uuid'] = $contact_attachment_uuid; $database = new database; $row = $database->select($sql, $parameters, 'row'); if (!empty($row)) { $attachment_primary = $row["attachment_primary"]; $attachment_filename = $row["attachment_filename"]; $attachment_content = $row["attachment_content"]; $attachment_description = $row["attachment_description"]; } unset($sql, $parameters, $row); } //create token $object = new token; $token = $object->create($_SERVER['PHP_SELF']); //show the header if ($action == "update") { $document['title'] = $text['title-contact_attachment-edit']; } else if ($action == "add") { $document['title'] = $text['title-contact_attachment-add']; } require_once "resources/header.php"; //show the content echo "
\n"; echo "
\n"; echo "
"; if ($action == "update") { echo "".$text['header-contact_attachment-edit'].""; } else if ($action == "add") { echo "".$text['header-contact_attachment-add'].""; } echo "
\n"; echo "
\n"; echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'contact_edit.php?id='.urlencode($contact_uuid)]); echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save']); echo "
\n"; echo "
\n"; echo "
\n"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if ($action == 'update' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) { echo "\n"; echo "\n"; echo "\n"; echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo " ".$text['label-attachment']."\n"; echo "\n"; $attachment_type = strtolower(pathinfo($attachment_filename ?? '', PATHINFO_EXTENSION)); if ($action == 'update') { echo "\n"; if ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') { echo ""; } else { echo "".$attachment_filename.""; } } else { $allowed_attachment_types = json_decode($_SESSION['contact']['allowed_attachment_types']['text'], true); echo " \n"; echo " ".strtoupper(implode(', ', array_keys($allowed_attachment_types))).""; } echo "
\n"; echo " ".$text['label-attachment_filename']."\n"; echo "\n"; echo " ".$attachment_filename.""; echo "
\n"; echo " ".$text['label-primary']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo " ".$text['label-attachment_description']."\n"; echo "\n"; echo " \n"; echo "
"; echo "
\n"; echo "

"; echo "\n"; if ($action == "update") { echo "\n"; } echo "\n"; echo "
"; //include the footer require_once "resources/footer.php"; ?>