itflow-org · wrongecho · Feb 17, 2025 · Feb 3, 2025 · Feb 3, 2025 · Feb 3, 2025
diff --git a/database_updates.php b/database_updates.php
@@ -2490,10 +2490,20 @@ function processFile($file_path, $file_name, $mysqli) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.2'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.8.2') {
-    //     // Insert queries here required to update to DB version 1.8.3
+     if (CURRENT_DATABASE_VERSION == '1.8.2') {
+        mysqli_query($mysqli, "CREATE TABLE `quote_files` (
+            `quote_id` INT(11) NOT NULL,
+            `file_id` INT(11) NOT NULL,
+            PRIMARY KEY (`quote_id`, `file_id`)
+        )");
+
+         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.3'");
+     }
+
+    // if (CURRENT_DATABASE_VERSION == '1.8.3') {
+    //     // Insert queries here required to update to DB version 1.8.4
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.3'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.8.4'");
     // }
 
 } else {

diff --git a/db.sql b/db.sql
@@ -1308,6 +1308,20 @@ CREATE TABLE `quotes` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
+--
+-- Table structure for table `quote_files`
+--
+
+DROP TABLE IF EXISTS `quote_files`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `quote_files` (
+   `quote_id` int(11) NOT NULL,
+   `file_id` int(11) NOT NULL,
+   PRIMARY KEY (`quote_id`,`file_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
 --
 -- Table structure for table `rack_units`
 --

diff --git a/guest/guest_post.php b/guest/guest_post.php
@@ -50,13 +50,13 @@
             $subject = "Quote Accepted - $client_name - Quote $quote_prefix$quote_number";
             $body = "Hello, <br><br>This is a notification that a quote has been accepted in ITFlow. <br><br>Client: $client_name<br>Quote: <a href=\'https://$config_base_url/quote.php?quote_id=$quote_id\'>$quote_prefix$quote_number</a><br><br>~<br>$company_name - Billing<br>$config_quote_from_email";
 
-                $data[] = [
-                    'from' => $config_quote_from_email,
-                    'from_name' => $config_quote_from_name,
-                    'recipient' => $config_quote_notification_email,
-                    'subject' => $subject,
-                    'body' => $body,
-                ];
+            $data[] = [
+                'from' => $config_quote_from_email,
+                'from_name' => $config_quote_from_name,
+                'recipient' => $config_quote_notification_email,
+                'subject' => $subject,
+                'body' => $body,
+            ];
 
             $mail = addToMailQueue($data);
         }
@@ -200,4 +200,95 @@
         echo "Invalid!!";
     }
 }
+
+if (isset($_POST['guest_quote_upload_file'])) {
+    $quote_id = intval($_POST['quote_id']);
+    $url_key = sanitizeInput($_POST['url_key']);
+
+    // Select only the necessary fields
+    $sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
+
+    if (mysqli_num_rows($sql) == 1) {
+        $row = mysqli_fetch_array($sql);
+        $quote_prefix = sanitizeInput($row['quote_prefix']);
+        $quote_number = intval($row['quote_number']);
+        $client_id = intval($row['client_id']);
+
+        // Define & create directories, as required
+        $upload_file_dir = "../uploads/clients/$client_id/";
+        mkdirMissing($upload_file_dir);
+
+        // Store attached any file
+        if (!empty($_FILES)) {
+
+            for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
+                // Extract file details for this iteration
+                $single_file = [
+                    'name' => $_FILES['file']['name'][$i],
+                    'type' => $_FILES['file']['type'][$i],
+                    'tmp_name' => $_FILES['file']['tmp_name'][$i],
+                    'error' => $_FILES['file']['error'][$i],
+                    'size' => $_FILES['file']['size'][$i]
+                ];
+
+                if ($file_reference_name = checkFileUpload($single_file, array('pdf'))) {
+
+                    $file_tmp_path = $_FILES['file']['tmp_name'][$i];
+
+                    $file_name = sanitizeInput($_FILES['file']['name'][$i]);
+                    $extarr = explode('.', $_FILES['file']['name'][$i]);
+                    $file_extension = sanitizeInput(strtolower(end($extarr)));
+
+                    // Extract the file mime type and size
+                    $file_mime_type = sanitizeInput($single_file['type']);
+                    $file_size = intval($single_file['size']);
+
+                    // Define destination file path
+                    $dest_path = $upload_file_dir . $file_reference_name;
+
+                    // Get/Create a top-level folder called Client Uploads
+                    $folder_sql = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_name = 'Client Uploads' AND parent_folder = 0 AND folder_client_id = $client_id LIMIT 1");
+                    if (mysqli_num_rows($folder_sql) == 1) {
+                        // Get
+                        $row = mysqli_fetch_array($folder_sql);
+                        $folder_id = $row['folder_id'];
+                    } else {
+                        // Create
+                        mysqli_query($mysqli,"INSERT INTO folders SET folder_name = 'Client Uploads', parent_folder = 0, folder_location = 1, folder_client_id = $client_id");
+                        $folder_id = mysqli_insert_id($mysqli);
+                        logAction("Folder", "Create", "Automatically created folder Client Uploads", $client_id, $folder_id);
+                    }
+
+                    // Do move/upload
+                    move_uploaded_file($file_tmp_path, $dest_path);
+
+                    // Create reference in files
+                    mysqli_query($mysqli,"INSERT INTO files SET file_reference_name = '$file_reference_name', file_name = '$file_name', file_description = 'Uploaded via $quote_prefix$quote_number', file_ext = '$file_extension', file_mime_type = '$file_mime_type', file_size = $file_size, file_folder_id = $folder_id, file_client_id = $client_id");
+                    $file_id = mysqli_insert_id($mysqli);
+
+                    // Associate file with quote
+                    mysqli_query($mysqli, "INSERT INTO quote_files SET quote_id = $quote_id, file_id = $file_id");
+
+                    // Logging & feedback
+                    $_SESSION['alert_message'] = 'File uploaded!';
+                    appNotify("Quote File", "$file_name was uploaded to quote $quote_prefix$quote_number", "quote.php?quote_id=$quote_id", $client_id);
+                    mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Upload', history_description = 'Client uploaded file $file_name', history_quote_id = $quote_id");
+                    logAction("File", "Upload", "Guest uploaded file $file_name to quote $quote_prefix$quote_number", $client_id);
+
+                } else {
+                    $_SESSION['alert_type'] = 'error';
+                    $_SESSION['alert_message'] = 'Something went wrong uploading the file - please let the support team know.';
+                    logApp("Guest", "error", "Error uploading file to invoice");
+                }
+
+            }
+        }
+
+        header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+    } else {
+        echo "Invalid!!";
+    }
+}
+
 ?>
diff --git a/guest/guest_quote_upload_file_modal.php b/guest/guest_quote_upload_file_modal.php
@@ -0,0 +1,27 @@
+<div class="modal" id="uploadFileModal" tabindex="-1">
+    <div class="modal-dialog">
+        <div class="modal-content bg-dark">
+            <div class="modal-header">
+                <h5 class="modal-title"><i class="fa fa-fw fa-cloud-upload-alt mr-2"></i>Upload File</h5>
+                <button type="button" class="close text-white" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <form action="guest_post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <input type="hidden" name="quote_id" value="<?php echo $quote_id; ?>">
+                <input type="hidden" name="url_key" value="<?php echo $url_key; ?>">
+                <div class="modal-body bg-white">
+
+                    <div class="form-group">
+                        <input type="file" class="form-control-file" name="file[]" id="fileInput" accept=".pdf">
+                    </div>
+
+                </div>
+                <div class="modal-footer bg-white">
+                    <button type="submit" name="guest_quote_upload_file" class="btn btn-primary text-bold"><i class="fa fa-upload mr-2"></i>Upload</button>
+                    <button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
diff --git a/guest/guest_view_quote.php b/guest/guest_view_quote.php
@@ -270,15 +270,19 @@
             <div class="text-center"><?php echo nl2br($config_quote_footer); ?></div>
             <div class="">
                 <?php
-                    if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) {
-                        ?>
+                    if ($quote_status == "Sent" || $quote_status == "Viewed" && strtotime($quote_expire) > strtotime("now")) { ?>
                         <a class="btn btn-success confirm-link" href="guest_post.php?accept_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
                             <i class="fas fa-fw fa-thumbs-up mr-2"></i>Accept
                         </a>
                         <a class="btn btn-danger confirm-link" href="guest_post.php?decline_quote=<?php echo $quote_id; ?>&url_key=<?php echo $url_key; ?>">
                             <i class="fas fa-fw fa-thumbs-down mr-2"></i>Decline
                         </a>
                     <?php } ?>
+                    <?php if ($quote_status == "Accepted") { ?>
+                        <button type="button" class="btn btn-success" data-toggle="modal" data-target="#uploadFileModal">
+                            <i class="fas fa-fw fa-cloud-upload-alt mr-2"></i>Upload File
+                        </button>
+                    <?php } ?>
             </div>
 
         </div>
@@ -712,5 +716,6 @@
     </script>
 
 <?php
+require_once "guest_quote_upload_file_modal.php";
 require_once "guest_footer.php";
 
diff --git a/includes/database_version.php b/includes/database_version.php
@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.8.2");
+DEFINE("LATEST_DATABASE_VERSION", "1.8.3");
diff --git a/post/user/file.php b/post/user/file.php
@@ -284,6 +284,8 @@
 
     mysqli_query($mysqli,"DELETE FROM files WHERE file_id = $file_id");
 
+    mysqli_query($mysqli,"DELETE FROM quote_files WHERE file_id = $file_id");
+
     //Logging
     logAction("File", "Delete", "$session_name deleted file $file_name", $client_id);
 

diff --git a/quote.php b/quote.php
@@ -108,6 +108,12 @@
         $json_products = json_encode($products);
     }
 
+    // Quote File Attachments
+    $sql_quote_files = mysqli_query(
+        $mysqli,
+        "SELECT file_reference_name, file_name, file_created_at FROM quote_files LEFT JOIN files ON quote_files.file_id = files.file_id WHERE quote_id = $quote_id"
+    );
+
 ?>
 
     <ol class="breadcrumb d-print-none">
@@ -491,6 +497,54 @@
         </div>
     </div>
 
+    <?php if (mysqli_num_rows($sql_quote_files) > 0) { ?>
+        <div class="row mb-3">
+        <div class="col-sm d-print-none">
+            <div class="card">
+                <div class="card-header text-bold">
+                    <i class="fa fa-paperclip mr-2"></i>Attachments
+                    <div class="card-tools">
+                        <button type="button" class="btn btn-tool" data-card-widget="collapse">
+                            <i class="fas fa-minus"></i>
+                        </button>
+                        <button type="button" class="btn btn-tool" data-card-widget="remove">
+                            <i class="fas fa-times"></i>
+                        </button>
+                    </div>
+                </div>
+                <div class="card-body">
+                    <table class="table">
+                        <thead>
+                        <tr>
+                            <th>File Name</th>
+                            <th>Upload date</th>
+                        </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+
+                        while ($quote_file = mysqli_fetch_array($sql_quote_files)) {
+                            $name = nullable_htmlentities($quote_file['file_name']);
+                            $ref_name = nullable_htmlentities($quote_file['file_reference_name']);
+                            $created = nullable_htmlentities($quote_file['file_created_at']);
+
+                            ?>
+                            <tr>
+                                <td><a target="_blank" href="/uploads/clients/<?php echo $client_id ?>/<?php echo $ref_name ?>"><?php echo $name; ?></a></td>
+                                <td><?php echo $created; ?></td>
+                            </tr>
+                            <?php
+                        }
+                        ?>
+
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <?php } ?>
+
     <div class="row mb-3">
         <div class="col-sm d-print-none">
             <div class="card">