ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use saveBase64Image function for edit document as well and when document is deleted, delete the corresponding folder uploads/documents/document_id

Browse Source
This commit is contained in:
johnnyq
2025-11-23 13:35:45 -05:00
committed by Mike Johnston
parent 37680e5f07
commit 8478a3f12f
1 changed files with 68 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
agent/post/document.php
View File

@@ -49,61 +49,31 @@ if (isset($_POST['add_document'])) {
} }
if (isset($_POST['add_document_from_template'])) {
// ROLE Check
enforceUserPermission('module_support', 2);
// GET POST Data
$client_id = intval($_POST['client_id']);
$document_name = sanitizeInput($_POST['name']);
$document_description = sanitizeInput($_POST['description']);
$document_template_id = intval($_POST['document_template_id']);
$folder = intval($_POST['folder']);
// GET Document Template Info
$sql_document = mysqli_query($mysqli,"SELECT * FROM document_templates WHERE document_template_id = $document_template_id");
$row = mysqli_fetch_array($sql_document);
$document_template_name = sanitizeInput($row['document_template_name']);
$content = mysqli_real_escape_string($mysqli,$row['document_template_content']);
$content_raw = sanitizeInput($_POST['name'] . " " . str_replace("<", " <", $row['document_content']));
// Document add query
mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$document_name', document_description = '$document_description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_created_by = $session_user_id, document_client_id = $client_id");
$document_id = mysqli_insert_id($mysqli);
logAction("Document", "Create", "$session_name created document $name from template $document_template_name", $client_id, $document_id);
flash_alert("Document <strong>$document_name</strong> created from template");
redirect("document_details.php?client_id=$client_id&document_id=$document_id");
}
if (isset($_POST['edit_document'])) { if (isset($_POST['edit_document'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
require_once 'document_model.php'; require_once 'document_model.php';
$document_id = intval($_POST['document_id']); $document_id = intval($_POST['document_id']);
// Save Original Document as a Version // 1) Load the current document to create a version
$sql_original_document = mysqli_query($mysqli, "SELECT * FROM documents $sql_original_document = mysqli_query(
WHERE document_client_id = $client_id AND document_id = $document_id" $mysqli,
"SELECT * FROM documents
WHERE document_client_id = $client_id
AND document_id = $document_id"
); );
$row = mysqli_fetch_array($sql_original_document); $row = mysqli_fetch_array($sql_original_document);
$original_document_name = sanitizeInput($row['document_name']); $original_document_name = sanitizeInput($row['document_name']);
$original_document_description = sanitizeInput($row['document_description']); $original_document_description = sanitizeInput($row['document_description']);
$original_document_content = mysqli_escape_string($mysqli, $row['document_content']); $original_document_content = mysqli_real_escape_string($mysqli, $row['document_content']);
$original_document_created_by = intval($row['document_created_by']); $original_document_created_by = intval($row['document_created_by']);
$original_document_updated_by = intval($row['document_updated_by']); $original_document_updated_by = intval($row['document_updated_by']);
$original_document_created_at = sanitizeInput($row['document_created_at']); $original_document_created_at = sanitizeInput($row['document_created_at']);
$original_document_updated_at = sanitizeInput($row['document_updated_at']); $original_document_updated_at = sanitizeInput($row['document_updated_at']);
if ($original_document_updated_at) { if ($original_document_updated_at) {
$document_version_created_at = $original_document_updated_at; $document_version_created_at = $original_document_updated_at;
@@ -117,19 +87,66 @@ if (isset($_POST['edit_document'])) {
$document_version_created_by = $original_document_created_by; $document_version_created_by = $original_document_created_by;
} }
// Document add query // 2) Save the current version into document_versions
mysqli_query($mysqli,"INSERT INTO document_versions SET document_version_name = '$original_document_name', document_version_description = '$original_document_description', document_version_content = '$original_document_content', document_version_created_by = $document_version_created_by, document_version_created_at = '$document_version_created_at', document_version_document_id = $document_id"); mysqli_query(
$mysqli,
"INSERT INTO document_versions SET
document_version_name = '$original_document_name',
document_version_description = '$original_document_description',
document_version_content = '$original_document_content',
document_version_created_by = $document_version_created_by,
document_version_created_at = '$document_version_created_at',
document_version_document_id = $document_id"
);
$document_version_id = mysqli_insert_id($mysqli); $document_version_id = mysqli_insert_id($mysqli);
// Update Document // 3) Process the NEW content from the form:
mysqli_query($mysqli,"UPDATE documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_folder_id = $folder, document_updated_by = $session_user_id WHERE document_id = $document_id"); // - convert base64 <img> tags to files under /uploads/documents/<document_id>/
// - rewrite <img src> to file URLs
$raw_post_content = $_POST['content'];
logAction("Document", "Edit", "$session_name edited document $name, previous version kept", $client_id, $document_version_id); $processed_html = saveBase64Images(
$raw_post_content,
$_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/",
"uploads/documents/",
$document_id
);
// Escape for DB
$content = mysqli_real_escape_string($mysqli, $processed_html);
// Rebuild content_raw for full-text search
$content_raw = sanitizeInput(
$name . " " . str_replace("<", " <", $processed_html)
);
$content_raw = mysqli_real_escape_string($mysqli, $content_raw);
// 4) Update the document with the new content + metadata
mysqli_query(
$mysqli,
"UPDATE documents SET
document_name = '$name',
document_description = '$description',
document_content = '$content',
document_content_raw = '$content_raw',
document_folder_id = $folder,
document_updated_by = $session_user_id
WHERE document_id = $document_id"
);
logAction(
"Document",
"Edit",
"$session_name edited document $name, previous version kept",
$client_id,
$document_version_id
);
flash_alert("Document <strong>$name</strong> edited, previous version kept"); flash_alert("Document <strong>$name</strong> edited, previous version kept");
redirect("document_details.php?client_id=$client_id&document_id=$document_id"); redirect("document_details.php?client_id=$client_id&document_id=$document_id");
} }
if (isset($_POST['move_document'])) { if (isset($_POST['move_document'])) {
@@ -642,6 +659,9 @@ if (isset($_GET['delete_document'])) {
// Delete all versions associated with the master document // Delete all versions associated with the master document
mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id"); mysqli_query($mysqli,"DELETE FROM document_versions WHERE document_version_document_id = $document_id");
// Delete uploads/document/$document_id if exists
removeDirectory($_SERVER['DOCUMENT_ROOT'] . "/uploads/documents/" . $document_id);
logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id); logAction("Document", "Delete", "$session_name deleted document $document_name and all versions", $client_id);
flash_alert("Document <strong>$document_name</strong> deleted and all versions", 'error'); flash_alert("Document <strong>$document_name</strong> deleted and all versions", 'error');