archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

View/Download uploaded files #49

Merged
luketainton merged 3 commits from feature/issue-48 into main 2020-08-09 19:22:05 +00:00
Conversation 1 Commits 3 Files Changed 5 +185 -94
5 changed files with 185 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
app/includes/app_functions.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
function get_user_name($db, $user_uuid) {
try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $user_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
}
function get_my_requests($db) {
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db) {
$requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
array_push($requests, $result[0]);
}
return $requests;
}
function get_request($db, $uuid) {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
return $request;
}
function get_updates($db, $request) {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_files($db, $request) {
$stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $request['uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
return $result;
}
function get_single_file($db, $file) {
$stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileid', $file['id']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$file = $result[0];
return $file;
}
function get_subscribers($db, $request) {
$subs = array();
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
foreach ($users_result as $u) {
array_push($subs, $u['user_uuid']);
}
return $subs;
}
function isAuthorised($user, $authorised_users, $request) {
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

93
app/includes/prereqs.php
View File

@@ -37,6 +37,9 @@ if ($_ENV['OIDC_DISABLE_SSL'] == "true") {
// Custom functions
require_once __DIR__ . "/app_functions.php";
function oidc_set_vars($sub, $uid, $fname, $lname, $email) {
$_SESSION['uuid'] = $sub;
$_SESSION['username'] = $uid;
@@ -53,93 +56,3 @@ function is_signed_in() {
return false;
}
}
function create_alert($type, $msg) {
$thisAlert = array($type, $msg);
array_push($_SESSION['alerts'], $thisAlert);
}
function get_user_name($db, $user_uuid) {
try {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $user_uuid);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
}
function get_my_requests($db) {
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db) {
$requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
$sub_tickets_sql->bindParam(':uuid', $_SESSION['uuid']);
$sub_tickets_sql->execute();
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
$sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
array_push($requests, $result[0]);
}
return $requests;
}
function get_request($db, $uuid) {
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
$request = $ticket_result[0];
return $request;
}
function get_updates($db, $request) {
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql = $db->prepare($updates_stmt);
$updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->execute();
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
$updates_result = $updates_sql->fetchAll();
return $updates_result;
}
function get_subscribers($db, $request) {
$subs = array();
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql = $db->prepare($users_stmt);
$users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->execute();
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
$users_result = $users_sql->fetchAll();
foreach ($users_result as $u) {
array_push($subs, $u['user_uuid']);
}
return $subs;
}
function isAuthorised($user, $authorised_users, $request) {
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
}

46
app/public/actions/download.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
$PAGE_NAME = "Download file";
require_once __DIR__ . "/../../includes/prereqs.php";
use Ramsey\Uuid\Uuid;
$file = get_single_file($db, $_GET['file']);
$request = get_request($db, $file['ticket']);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
$local_filename = $_ENV['ATTACHMENTS_PATH']."/".$file['id'];
$remote_filename = $file['filename'];
if ($is_authorised == true) {
if (file_exists($local_filename)) {
//Get file type and set it as Content Type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
header('Content-Type: ' . finfo_file($finfo, $local_filename));
finfo_close($finfo);
//Use Content-Disposition: attachment to specify the filename
header('Content-Disposition: attachment; filename='.$remote_filename);
//No cache
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
//Define file size
header('Content-Length: ' . filesize($local_filename));
ob_clean();
flush();
readfile($local_filename);
$alert = array("success", "File download started.");
} else {
$alert = array("danger", "The requested file does not exist.");
}
} else {
$alert = array("danger", "You are not authorised to download that file.");
}
$newURL = "/view?rid=" . $request['uuid'];
echo("<script>window.location = '$newURL'</script>");
?>

2
app/public/actions/upload.php
View File

@@ -17,7 +17,7 @@
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_tmp = $_FILES['file']['tmp_name'];
move_uploaded_file($file_tmp,"/srv/attachments/".$file_name);
move_uploaded_file($file_tmp,$_ENV['ATTACHMENTS_PATH']."/".$file_uuid);
$stmt = "INSERT INTO ticket_uploads (id, ticket, user, filename) VALUES (:fileuuid, :ticket, :user, :name)";
$sql = $db->prepare($stmt);
$sql->bindParam(':fileuuid', $file_uuid);

32
app/public/view.php
View File

@@ -4,6 +4,7 @@
$request = get_request($db, $_GET['rid']);
$updates = get_updates($db, $request);
$files = get_files($db, $request);
$authorised_users = get_subscribers($db, $request);
$is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
?>
@@ -57,9 +58,9 @@
</div>
</section>
<section>
<div class="container">
<div class="container-fluid">
<div class="row">
<div class="col-4">
<div class="col-3">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
<ul class="list-group list-group-flush">
@@ -111,7 +112,32 @@
</div>
</div>
<div class="col-8">
<div class="col-3">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-file-document-outline"></span> Files</div>
<ul class="list-group list-group-flush">
<?php
if (count($files) == 0) {
echo("<center><b>No files uploaded</b></center>");
} else {
foreach($files as $file) {
?>
<li class="list-group-item">
<div class="container">
<div class="row">
<span style="display: inline;"><b><?php echo(get_user_name($db, $file['user'])); ?></b></span><span class="text-muted"><i> <?php echo(" " . $file['created']); ?></i></span>
</div>
<div class="row">
<a target="_blank" href="<?php echo('/actions/download?file=' . $file['id']); ?>"><span><?php echo($file['path']); ?></span></a>
</div>
</div>
</li>
<?php } } ?>
</ul>
</div>
</div>
<div class="col-6">
<div class="card mx-auto">
<div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
<ul class="list-group list-group-flush">