Changed attachments to use unique files store instead of blobs

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 695dd346eaa1422d6f72537b7af30bca7204fcc3..985966e911f6f7a80467327d5a17532b9876424e 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,11 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+08-Jan-2009 Joe Hunt
+! Changed attachments to use unique files store instead of blobs
+$ /admin/attachments/attachments.php
+  /sql/alter2.1.sql
+  
 07-Jan-2009 Joe Hunt
 ! Changed supplier credit note to only show items for a period, default 30 days back.
 $ /purchasing/includes/db/grn_db.inc

diff --git a/admin/attachments.php b/admin/attachments.php
index fb5b5e68b1ee80c057a753079b12cdb270be5911..e623f0b9887d5639ca4482ec111f9b27f0d0a61a 100644 (file)
--- a/admin/attachments.php
+++ b/admin/attachments.php
@@ -31,7 +31,7 @@ if ($view_id != -1)
                header('Content-Disposition: attachment; filename='.$row['filename']);
        else
                        header("Content-Disposition: inline");
-       echo $row["bin_data"];
+       echo file_get_contents($comp_path."/".user_company(). "/attachments/".$row['unique_name']);
        exit();
        }       
 }
@@ -46,7 +46,7 @@ if ($download_id != -1)
        header("Content-type: ".$type);
        header('Content-Length: '.$row['filesize']);
        header('Content-Disposition: attachment; filename='.$row['filename']);
-       echo $row["bin_data"];
+       echo file_get_contents($comp_path."/".user_company(). "/attachments/".$row['unique_name']);
        exit();
        }       
 }
@@ -69,27 +69,37 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
        {
                //$content = base64_encode(file_get_contents($_FILES['filename']['tmp_name']));
                $tmpname = $_FILES['filename']['tmp_name'];
-               $fp      = fopen($tmpname, 'r');
-               $content = fread($fp, filesize($tmpname));
-               $content = addslashes($content);
-               fclose($fp);
 
-               //$content = addslashes(file_get_contents($_FILES['filename']['tmp_name']));
+               $dir =  $comp_path."/".user_company(). "/attachments";
+               if (!file_exists($dir))
+               {
+                       mkdir ($dir,0777);
+                       $index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
+                       $fp = fopen($dir."/index.php", "w");
+                       fwrite($fp, $index_file);
+                       fclose($fp);
+               }
+               if ($Mode == 'UPDATE_ITEM')
+                       unlink($dir."/".$_POST['unique_name']);
+
+               $unique_name = uniqid('');
+               move_uploaded_file($tmpname, $dir."/".$unique_name);
+               //save the file
                $filename = $_FILES['filename']['name'];
                $filesize = $_FILES['filename']['size'];
                $filetype = $_FILES['filename']['type'];
        }
        else
        {
-               $content = $filename = $filetype = "";
+               $unique_name = $filename = $filetype = "";
                $filesize = 0;
        }
        $date = date2sql(Today());
        if ($Mode == 'ADD_ITEM')
        {
-               $sql = "INSERT INTO ".TB_PREF."attachments (type_no, trans_no, description, bin_data, filename,
+               $sql = "INSERT INTO ".TB_PREF."attachments (type_no, trans_no, description, filename, unique_name,
                        filesize, filetype, tran_date) VALUES (".$_POST['filterType'].",".$_POST['trans_no'].",".
-                       db_escape($_POST['description']).",'$content', '$filename', '$filesize', '$filetype', '$date')";
+                       db_escape($_POST['description']).", '$filename', '$unique_name', '$filesize', '$filetype', '$date')";
                db_query($sql, "Attachment could not be inserted");             
                display_notification(_("Attachment has been inserted.")); 
        }
@@ -101,8 +111,8 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
                        description=".db_escape($_POST['description']).", ";
                if ($filename != "")
                {
-                       $sql .= "bin_data='$content',
-                       filename='$filename',
+                       $sql .= "filename='$filename',
+                       unique_name='$unique_name',
                        filesize='$filesize',
                        filetype='$filetype', ";
                }       
@@ -209,6 +219,7 @@ if ($selected_id != -1)
                $_POST['trans_no']  = $row["trans_no"];
                $_POST['description']  = $row["description"];
                hidden('trans_no', $row['trans_no']);
+               hidden('unique_name', $row['unique_name']);
                label_row(_("Transaction #"), $row['trans_no']);
        }       
        hidden('selected_id', $selected_id);

diff --git a/sql/alter2.1.sql b/sql/alter2.1.sql
index 3585a970d2ebdb7ba0decabf2f91fc9a06af3726..31dbd730dc931767faa43735fb34284f0d853f78 100644 (file)
--- a/sql/alter2.1.sql
+++ b/sql/alter2.1.sql
@@ -18,7 +18,7 @@ CREATE TABLE `0_attachments` (
   `description` varchar(60) NOT NULL default '',
   `type_no` int(11) NOT NULL default '0',
   `trans_no` int(11) NOT NULL default '0',
-  `bin_data` mediumblob NOT NULL,
+  `unique_name` varchar(60) NOT NULL default '',
   `tran_date` date NOT NULL default '0000-00-00',
   `filename` varchar(60) NOT NULL default '',
   `filesize` int(11) NOT NULL default '0',