2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
13 $page_security = 'SA_ATTACHDOCUMENT';
15 include_once($path_to_root . "/includes/session.inc");
17 include_once($path_to_root . "/includes/date_functions.inc");
18 include_once($path_to_root . "/includes/ui.inc");
19 include_once($path_to_root . "/includes/data_checks.inc");
21 if (isset($_GET['vw']))
22 $view_id = $_GET['vw'];
24 $view_id = find_submit('view');
27 $row = get_attachment($view_id);
28 if ($row['filename'] != "")
31 $Ajax->popup($_SERVER['PHP_SELF'].'?vw='.$view_id);
33 $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream';
34 header("Content-type: ".$type);
35 header('Content-Length: '.$row['filesize']);
36 if ($type == 'application/octet-stream')
37 header('Content-Disposition: attachment; filename='.$row['filename']);
39 header("Content-Disposition: inline");
40 echo file_get_contents($comp_path."/".user_company(). "/attachments/".$row['unique_name']);
45 if (isset($_GET['dl']))
46 $download_id = $_GET['dl'];
48 $download_id = find_submit('download');
50 if ($download_id != -1)
52 $row = get_attachment($download_id);
53 if ($row['filename'] != "")
56 $Ajax->redirect($_SERVER['PHP_SELF'].'?dl='.$download_id);
58 $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream';
59 header("Content-type: ".$type);
60 header('Content-Length: '.$row['filesize']);
61 header('Content-Disposition: attachment; filename='.$row['filename']);
62 echo file_get_contents($comp_path."/".user_company(). "/attachments/".$row['unique_name']);
69 if ($use_popup_windows)
70 $js .= get_js_open_window(800, 500);
71 page(_($help_context = "Attach Documents"), false, false, "", $js);
73 simple_page_mode(true);
74 //----------------------------------------------------------------------------------------
75 if (isset($_GET['filterType'])) // catch up external links
76 $_POST['filterType'] = $_GET['filterType'];
77 if (isset($_GET['trans_no']))
78 $_POST['trans_no'] = $_GET['trans_no'];
80 if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
82 if (isset($_FILES['filename']) && $_FILES['filename']['size'] > 0)
84 //$content = base64_encode(file_get_contents($_FILES['filename']['tmp_name']));
85 $tmpname = $_FILES['filename']['tmp_name'];
87 $dir = $comp_path."/".user_company(). "/attachments";
88 if (!file_exists($dir))
91 $index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
92 $fp = fopen($dir."/index.php", "w");
93 fwrite($fp, $index_file);
96 if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$_POST['unique_name']))
97 unlink($dir."/".$_POST['unique_name']);
99 $unique_name = uniqid('');
100 move_uploaded_file($tmpname, $dir."/".$unique_name);
102 $filename = $_FILES['filename']['name'];
103 $filesize = $_FILES['filename']['size'];
104 $filetype = $_FILES['filename']['type'];
108 $unique_name = $filename = $filetype = "";
111 $date = date2sql(Today());
112 if ($Mode == 'ADD_ITEM')
114 $sql = "INSERT INTO ".TB_PREF."attachments (type_no, trans_no, description, filename, unique_name,
115 filesize, filetype, tran_date) VALUES (".db_escape($_POST['filterType']).","
116 .db_escape($_POST['trans_no']).",".db_escape($_POST['description']).", "
117 .db_escape($filename).", ".db_escape($unique_name).", ".db_escape($filesize)
118 .", ".db_escape($filetype).", '$date')";
119 db_query($sql, "Attachment could not be inserted");
120 display_notification(_("Attachment has been inserted."));
124 $sql = "UPDATE ".TB_PREF."attachments SET
125 type_no=".db_escape($_POST['filterType']).",
126 trans_no=".db_escape($_POST['trans_no']).",
127 description=".db_escape($_POST['description']).", ";
130 $sql .= "filename=".db_escape($filename).",
131 unique_name=".db_escape($unique_name).",
132 filesize=".db_escape($filesize).",
133 filetype=".db_escape($filetype);
135 $sql .= "tran_date='$date' WHERE id=".db_escape($selected_id);
136 db_query($sql, "Attachment could not be updated");
137 display_notification(_("Attachment has been updated."));
142 if ($Mode == 'Delete')
144 $row = get_attachment($selected_id);
145 $dir = $comp_path."/".user_company(). "/attachments";
146 if (file_exists($dir."/".$row['unique_name']))
147 unlink($dir."/".$row['unique_name']);
148 $sql = "DELETE FROM ".TB_PREF."attachments WHERE id = ".db_escape($selected_id);
149 db_query($sql, "Could not delete attachment");
150 display_notification(_("Attachment has been deleted."));
154 if ($Mode == 'RESET')
156 unset($_POST['trans_no']);
157 unset($_POST['description']);
161 function viewing_controls()
165 start_table("class='tablestyle_noborder'");
167 systypes_list_row(_("Type:"), 'filterType', null, true);
174 //----------------------------------------------------------------------------------------
176 function get_attached_documents($type)
178 $sql = "SELECT * FROM ".TB_PREF."attachments WHERE type_no=".db_escape($type)
179 ." ORDER BY trans_no";
180 return db_query($sql, "Could not retrieve attachments");
183 function get_attachment($id)
185 $sql = "SELECT * FROM ".TB_PREF."attachments WHERE id=".db_escape($id);
186 $result = db_query($sql, "Could not retrieve attachments");
187 return db_fetch($result);
190 function display_rows($type)
194 $rows = get_attached_documents($type);
195 $th = array(_("#"), _("Description"), _("Filename"), _("Size"), _("Filetype"), _("Date Uploaded"), "", "", "", "");
197 div_start('transactions');
199 start_table($table_style);
202 while ($row = db_fetch($rows))
204 alt_table_row_color($k);
206 label_cell(get_trans_view_str($type, $row['trans_no']));
207 label_cell($row['description']);
208 label_cell($row['filename']);
209 label_cell($row['filesize']);
210 label_cell($row['filetype']);
211 label_cell(sql2date($row['tran_date']));
212 edit_button_cell("Edit".$row['id'], _("Edit"));
213 button_cell("view".$row['id'], _("View"), false, ICON_VIEW);
214 button_cell("download".$row['id'], _("Download"), false, ICON_DOWN);
215 delete_button_cell("Delete".$row['id'], _("Delete"));
219 hidden('filterType', $type);
224 //----------------------------------------------------------------------------------------
228 if (isset($_POST['filterType']))
229 display_rows($_POST['filterType']);
233 start_table($table_style2);
235 if ($selected_id != -1)
239 $row = get_attachment($selected_id);
240 $_POST['trans_no'] = $row["trans_no"];
241 $_POST['description'] = $row["description"];
242 hidden('trans_no', $row['trans_no']);
243 hidden('unique_name', $row['unique_name']);
244 label_row(_("Transaction #"), $row['trans_no']);
246 hidden('selected_id', $selected_id);
249 text_row_ex(_("Transaction #").':', 'trans_no', 10);
250 text_row_ex(_("Description").':', 'description', 40);
252 label_cells(_("Attached File") . ":", "<input type='file' id='filename' name='filename'>");
256 if (isset($_POST['filterType']))
257 hidden('filterType', $_POST['filterType']);
259 submit_add_or_update_center($selected_id == -1, '', 'both');