archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Implement file download function

Browse Source 
Signed-off-by: Luke Tainton <luke@tainton.uk>
This commit is contained in:
Luke Tainton
2020-08-09 20:16:13 +01:00
parent c39a07b2d3
commit 0a57a61e17
5 changed files with 192 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
app/includes/app_functions.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
function get_user_name($db, $user_uuid) {
try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $user_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
}
function get_my_requests($db) {
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db) {
$requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
array_push($requests, $result[0]);
}
return $requests;
}
function get_request($db, $uuid) {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
return $request;
}
function get_updates($db, $request) {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_files($db, $request) {
$stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $request['uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
return $result;
}
function get_single_file($db, $file) {
$stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileid', $file['id']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$file = $result[0];
return $file;
}
function get_subscribers($db, $request) {
$subs = array();
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
foreach ($users_result as $u) {
array_push($subs, $u['user_uuid']);
}
return $subs;
}
function isAuthorised($user, $authorised_users, $request) {
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

103
app/includes/prereqs.php
View File

@@ -37,6 +37,9 @@ if ($_ENV['OIDC_DISABLE_SSL'] == "true") {
// Custom functions
require_once __DIR__ . "/app_functions.php";
function oidc_set_vars($sub, $uid, $fname, $lname, $email) {
$_SESSION['uuid'] = $sub;
$_SESSION['username'] = $uid;
@@ -53,103 +56,3 @@ function is_signed_in() {
return false;
}
}
function create_alert($type, $msg) {
$thisAlert = array($type, $msg);
array_push($_SESSION['alerts'], $thisAlert);
}
function get_user_name($db, $user_uuid) {
try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $user_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
}
function get_my_requests($db) {
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db) {
$requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
array_push($requests, $result[0]);
}
return $requests;
}
function get_request($db, $uuid) {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
return $request;
}
function get_updates($db, $request) {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_files($db, $request) {
$updates_stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_subscribers($db, $request) {
$subs = array();
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
foreach ($users_result as $u) {
array_push($subs, $u['user_uuid']);
}
return $subs;
}
function isAuthorised($user, $authorised_users, $request) {
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

46
app/public/actions/download.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
$PAGE_NAME = "Download file";
require_once __DIR__ . "/../../includes/prereqs.php";
use Ramsey\Uuid\Uuid;
$file = get_single_file($db, $_GET['file']);
$request = get_request($db, $file['ticket']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
$local_filename = $_ENV['ATTACHMENTS_PATH']."/".$file['id'];
$remote_filename = $file['filename'];
if ($is_authorised == true) {
if (file_exists($local_filename)) {
//Get file type and set it as Content Type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
header('Content-Type: ' . finfo_file($finfo, $local_filename));
finfo_close($finfo);
//Use Content-Disposition: attachment to specify the filename
header('Content-Disposition: attachment; filename='.$remote_filename);
//No cache
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
//Define file size
header('Content-Length: ' . filesize($local_filename));
ob_clean();
flush();
readfile($local_filename);
$alert = array("success", "File download started.");
} else {
$alert = array("danger", "The requested file does not exist.");
}
} else {
$alert = array("danger", "You are not authorised to download that file.");
}
$newURL = "/view?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
?>

2
app/public/actions/upload.php
View File

@@ -17,7 +17,7 @@
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
move_uploaded_file($file_tmp,$_ENV['ATTACHMENTS_PATH']."/".$file_uuid);
$stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileuuid', $file_uuid);

67
app/public/view.php
View File

@@ -58,17 +58,17 @@
</div>
</section>
<section>
<div class="container">
<div class="container-fluid">
<div class="row">
<div class="col-4">
<div class="card mx-auto" style="margin-bottom:50px;">
<div class="col-3">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
<ul class="list-group list-group-flush">
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b>Status:</b></span>
<span style="display: inline; margin-left: 1%;">New</span>
<span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
</div>
</div>
</li>
@@ -76,7 +76,7 @@
<div class="container">
<div class="row">
<span style="display: inline;"><b>Created by:</b></span>
<span style="display: inline; margin-left: 1%;">Luke Tainton</span>
<span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
</div>
</div>
</li>
@@ -84,14 +84,15 @@
<div class="container">
<div class="row">
<span style="display: inline;"><b>Assigned to:</b></span>
<span class="text-muted" style="display: inline; margin-left: 1%;">None</span> </div>
<span class="text-muted" style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['status']) || "None"); ?></span>
</div>
</div>
</li>
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b>Created:</b></span>
<span style="display: inline; margin-left: 1%;">2020-08-04 13:26:22</span>
<span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
</div>
</div>
</li>
@@ -99,36 +100,40 @@
<div class="container">
<div class="row">
<span style="display: inline;"><b>Last updated:</b></span>
<span style="display: inline; margin-left: 1%;">2020-08-04 13:26:22</span>
<span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
</div>
</div>
</li>
</ul>
</div>
<div class="card mx-auto" style="margin-bottom:25px;">
<div class="card-header"><span class="mdi mdi-file-document-outline"></span> Uploaded files</div>
<ul class="list-group list-group-flush">
<?php
if (count($files) == 0) {
echo("<center><b>No files uploaded</b></center>");
} else {
foreach($files as $file) {
?>
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b><?php echo(get_user_name($db, $file['user'])); ?></b></span><span class="text-muted"><i> <?php echo(" " . $file['created']); ?></i></span>
</div>
<div class="row">
<span><?php echo($file['path']); ?></span>
</div>
</div>
</li>
<?php } } ?>
</ul>
</div></div>
</div>
<div class="col-8">
<div class="col-3">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-file-document-outline"></span> Files</div>
<ul class="list-group list-group-flush">
<?php
if (count($files) == 0) {
echo("<center><b>No files uploaded</b></center>");
} else {
foreach($files as $file) {
?>
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b><?php echo(get_user_name($db, $file['user'])); ?></b></span><span class="text-muted"><i> <?php echo(" " . $file['created']); ?></i></span>
</div>
<div class="row">
<a target="_blank" href="<?php echo('/actions/download?file=' . $file['id']); ?>"><span><?php echo($file['path']); ?></span></a>
</div>
</div>
</li>
<?php } } ?>
</ul>
</div>
</div>
<div class="col-6">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">