From b925d8205a170116a354a836e7510c337c4cb64e Mon Sep 17 00:00:00 2001 From: Russ Date: Thu, 7 May 2015 23:31:00 -0400 Subject: [PATCH] Add image upload handling --- addevent.php | 11 ++- editevent.php | 12 +++- includes/insert_event.php | 136 +++++++++++++++++++++++++++----------- includes/update_event.php | 69 +++++++++++++++++-- index.php | 42 ++++++++++-- 5 files changed, 214 insertions(+), 56 deletions(-) diff --git a/addevent.php b/addevent.php index 14e3c7d..7136d6d 100644 --- a/addevent.php +++ b/addevent.php @@ -114,7 +114,7 @@ if( $_SESSION['access'] != 1 ) {
-
+ @@ -188,6 +189,14 @@ if( $_SESSION['access'] != 1 ) { + + + +
@@ -169,6 +169,7 @@ if( $_SESSION['access'] != 1 ) { Issue Description: +
+ Attach an Image: + + +
diff --git a/editevent.php b/editevent.php index d42bf20..76de173 100644 --- a/editevent.php +++ b/editevent.php @@ -71,7 +71,7 @@ if( $_SESSION['access'] != 1 ) { } include "includes/classes/select2.class.php"; ?>
- + @@ -166,6 +166,14 @@ if( $_SESSION['access'] != 1 ) { + + + + "; + if(empty($update_row['update_image'])) { + echo "
@@ -135,7 +135,7 @@ if( $_SESSION['access'] != 1 ) { Issue Description: - +
+ Attach an image: + + +
diff --git a/includes/insert_event.php b/includes/insert_event.php index 8b5b022..d38a593 100644 --- a/includes/insert_event.php +++ b/includes/insert_event.php @@ -2,6 +2,60 @@ include "db_config.php"; $conn = mysqli_connect($servername, $username, $password, $db); +//Allow Image Upload +$target_dir = "../images/"; +if(empty($_FILES["fileToUpload"]["name"])) { + $target_file_name = ""; + $target_file = ""; + $image_link = ""; +} else { + $target_file_name = preg_replace('/[^a-zA-Z0-9s.]/', '_', basename($_FILES["fileToUpload"]["name"])); + $target_file = $target_dir . $target_file_name; + $image_link = mysqli_real_escape_string($conn, "https://DOMAIN.com/bms/images/$target_file_name"); +} +$target_file = $target_dir . $target_file_name; +$uploadOk = 1; +$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); +// Check if image file is a actual image or fake image +if(isset($_POST["submit"])) { + $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); + if($check !== false) { + echo "File is an image - " . $check["mime"] . "."; + $uploadOk = 1; + } else { + echo "File is not an image."; + $uploadOk = 0; + } +} +// Check if file already exists +if (file_exists($target_file)) { + echo "Sorry, file already exists."; + $uploadOk = 0; +} +// Check file size +if ($_FILES["fileToUpload"]["size"] > 500000) { + echo "Sorry, your file is too large."; + $uploadOk = 0; +} +// Allow certain file formats +if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" +&& $imageFileType != "gif" ) { + echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; + $uploadOk = 0; +} +// Check if $uploadOk is set to 0 by an error +if ($uploadOk == 0) { + echo "Sorry, your file was not uploaded."; +// if everything is ok, try to upload file +} else { + if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { + echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; + } else { + echo "Sorry, there was an error uploading your file."; + } +} + +//Set variables for MySQL Insert $unit = mysqli_real_escape_string($conn, $_POST['unit']); $start_date_time = mysqli_real_escape_string($conn, $_POST['start_date_time']); $description = mysqli_real_escape_string($conn, $_POST['description']); @@ -10,11 +64,11 @@ $end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']); $alert = mysqli_real_escape_string($conn, $_POST['alert']); $user = mysqli_real_escape_string($conn, $_POST['user']); -$description_for_email = nl2br($_POST['description']); //Insert event to events table -$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user')"; +$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user, event_image) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user', '$image_link')"; -//MySQL queries to get Unit Name and Alert Name for the Email +//Set variables for email +//MySQL queries to get Unit Name and Alert $unitname_query = "SELECT unit_name FROM units WHERE unit_id=".$_POST['unit'].""; $unitname_query_run = mysqli_query($conn, $unitname_query); $unitname_array = mysqli_fetch_assoc($unitname_query_run); @@ -23,47 +77,49 @@ $alertname_query = "SELECT alert_name FROM alerts WHERE alert_id=".$_POST['alert $alertname_query_run = mysqli_query($conn, $alertname_query); $alertname_array = mysqli_fetch_assoc($alertname_query_run); $alertname = $alertname_array['alert_name']; +$description_for_email = nl2br($_POST['description']); //If successful, redirect back to index.php and send email, else tell user that it failed. $result = mysqli_query($conn, $event); if($result){ - echo("Event added, redirecting..."); - sleep (2); - header('Location: ../index.php'); - //Get inserted Event ID - $event_id = $conn->insert_id; - //Set Email Info - $to = "TO-EMAIL@DOMAIN.COM"; - $subject = "New BMS Alert: ".$unitname." ".$alertname.""; - $headers = "MIME-Version: 1.0" . "\r\n"; - $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; - $headers .= "From: FROM-EMAIL@DOMAIN.COM"; - $message = " - - - BMS Unit: ".$unitname." -
- Type of Alert: ".$alertname." -
- Start Date / Time: ".$start_date_time." -
- End Date / Time: ".$end_date_time." -
- Description: ".$description_for_email." -
- Created by: ".$user." -
- Event Link: https://DOMAIN.COM/bms/viewevent.php?eventid=$event_id -

- This message generated by https://DOMAIN.COM/bms - - "; - //WordWrap the message - $message_wrapped = wordwrap($message, 70, "\n", true); - //Send the email - mail($to,$subject,$message_wrapped,$headers); + echo("Event added, redirecting..."); + sleep (2); + header('Location: ../index.php'); + //Get inserted Event ID + $event_id = $conn->insert_id; + $to = "TOEMAIL@DOMAIN>COM"; + $subject = "New BMS Alert: ".$unitname." ".$alertname.""; + $headers = "MIME-Version: 1.0" . "\r\n"; + $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; + $headers .= "From: FROMEMAIL@.com"; + $message = " + + + BMS Unit: ".$unitname." +
+ Type of Alert: ".$alertname." +
+ Start Date / Time: ".$start_date_time." +
+ End Date / Time: ".$end_date_time." +
+ Description: ".$description_for_email." +
+ Created by: ".$user." +
+ Image: ".$image_link." +
+ Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id +

+ This message generated by https://DOMAIN.com/bms + + "; + //WordWrap the message + $message_wrapped = wordwrap($message, 70, "\n", true); + //Send the email + mail($to,$subject,$message_wrapped,$headers); } else{ - echo('Error! Please go back and try again'); + echo('Error! Please go back and try again'); } - $conn->close(); + $conn->close(); ?> diff --git a/includes/update_event.php b/includes/update_event.php index 63c94d6..ec3c5f3 100644 --- a/includes/update_event.php +++ b/includes/update_event.php @@ -2,20 +2,71 @@ include "db_config.php"; $conn = mysqli_connect($servername, $username, $password, $db); +//Allow Image Upload +$target_dir = "../images/"; +if(empty($_FILES["fileToUpload"]["name"])) { + $target_file_name = ""; + $target_file = ""; + $image_link = ""; +} else { + $target_file_name = preg_replace('/[^a-zA-Z0-9s.]/', '_', basename($_FILES["fileToUpload"]["name"])); + $target_file = $target_dir . $target_file_name; + $image_link = mysqli_real_escape_string($conn, "https://DOMAIN.com/bms/images/$target_file_name"); +} +$uploadOk = 1; +$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); +// Check if image file is a actual image or fake image +if(isset($_POST["submit"])) { + $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); + if($check !== false) { + echo "File is an image - " . $check["mime"] . "."; + $uploadOk = 1; + } else { + echo "File is not an image."; + $uploadOk = 0; + } +} +// Check if file already exists +if (file_exists($target_file)) { + echo "Sorry, file already exists."; + $uploadOk = 0; +} +// Check file size +if ($_FILES["fileToUpload"]["size"] > 500000) { + echo "Sorry, your file is too large."; + $uploadOk = 0; +} +// Allow certain file formats +if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" +&& $imageFileType != "gif" ) { + echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; + $uploadOk = 0; +} +// Check if $uploadOk is set to 0 by an error +if ($uploadOk == 0) { + echo "Sorry, your file was not uploaded."; +// if everything is ok, try to upload file +} else { + if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { + echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; + } else { + echo "Sorry, there was an error uploading your file."; + } +} + +//Set Variables $event_id = mysqli_real_escape_string($conn, $_POST['event']); $description = mysqli_real_escape_string($conn, $_POST['description']); $is_ongoing = mysqli_real_escape_string($conn, $_POST['is_ongoing']); $end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']); $user = mysqli_real_escape_string($conn, $_POST['user']); -$description_for_email = nl2br($_POST['description']); - //Get timestamp $timestamp = new DateTime(); $update_date_time = date_format($timestamp, 'Y/m/d H:i'); //Insert event update into event updates table -$update = "INSERT INTO event_updates (update_desc, update_date_time, update_is_ongoing, end_date_time, event_id, update_user) VALUES ('$description', '$update_date_time', '$is_ongoing', '$end_date_time', '$event_id', '$user')"; +$update_query = "INSERT INTO event_updates (update_desc, update_date_time, update_is_ongoing, end_date_time, event_id, update_user, update_image) VALUES ('$description', '$update_date_time', '$is_ongoing', '$end_date_time', '$event_id', '$user', '$image_link')"; //Update value of is_ongoing in main events table $is_ongoing_endtime_query = "UPDATE events SET is_ongoing='$is_ongoing', date_time_end='$end_date_time' WHERE event_id='$event_id'"; @@ -36,19 +87,21 @@ $start_date_time_query = "SELECT date_time_start FROM events WHERE event_id=".$_ $start_date_time_query_run = mysqli_query($conn, $start_date_time_query); $start_date_time_array = mysqli_fetch_assoc($start_date_time_query_run); $start_date_time = $start_date_time_array['date_time_start']; + +$description_for_email = nl2br($_POST['description']); //If successful, redirect back to index.php and send email, else tell user that it failed. $event_update = mysqli_query($conn, $is_ongoing_endtime_query); -$result = mysqli_query($conn, $update); +$result = mysqli_query($conn, $update_query); if($result){ echo("Event added, redirecting..."); sleep (2); header('Location: ../index.php'); //Set Email Info - $to = "TO.ADDRES@DOMAIN.com"; - $subject = "TEST Updated BMS Alert: ".$unitname." ".$alertname.""; + $to = "TOEMAIL@DOMAIN.com"; + $subject = "Updated BMS Alert: ".$unitname." ".$alertname.""; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; - $headers .= "From: FROM.ADDRESS@DOMAIN.com"; + $headers .= "From: FROMEMAIL@DOMAIN.com"; $message = " @@ -64,6 +117,8 @@ if($result){
Updated by: ".$user."
+ Image Link (if any): ".$image_link." +
Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id

This message generated by https://DOMAIN.com/bms diff --git a/index.php b/index.php index 07a2d90..22cf852 100644 --- a/index.php +++ b/index.php @@ -34,7 +34,7 @@ if( $_SESSION['access'] != 1 ) { $currently_ongoing_query = "SELECT * FROM events AS events INNER JOIN units AS units ON events.unit_id=units.unit_id INNER JOIN alerts as alerts ON events.alert_id=alerts.alert_id where is_ongoing=1;"; $currently_ongoing_result = $conn1->query($currently_ongoing_query); if ($currently_ongoing_result->num_rows >0){ - echo ""; + echo "
Event IDUnitAlertStart Date and TimeDescriptionEnd Date and TimeUserUpdatesEdit
"; while ($currently_ongoing_row = $currently_ongoing_result->fetch_assoc()) { echo "
Event IDUnitAlertStart Date and TimeDescriptionEnd Date and TimeUserUpdatesAttachmentsEdit
"; echo "".$currently_ongoing_row["event_id"].""; @@ -51,7 +51,7 @@ if( $_SESSION['access'] != 1 ) { echo ""; print_r($currently_ongoing_row["user"]); echo ""; - $update_query = "SELECT update_desc, update_date_time, update_user FROM event_updates WHERE event_updates.event_id=".$currently_ongoing_row["event_id"].";"; + $update_query = "SELECT update_desc, update_date_time, update_user, update_image FROM event_updates WHERE event_updates.event_id=".$currently_ongoing_row["event_id"].";"; $update_result = $conn1->query($update_query); if ($update_result->num_rows >0){ while ($update_row = $update_result->fetch_assoc()) { @@ -67,12 +67,27 @@ if( $_SESSION['access'] != 1 ) { echo "Time: "; echo ""; print_r($update_row['update_date_time']); - echo "
"; + echo "
"; + } else { + echo "
"; + echo "Image: "; + echo ""; + echo "Attachment"; + echo "
"; + } } } else { echo "No updates to this event"; } + echo ""; + if(empty($currently_ongoing_row["event_image"])) { + echo ""; + } else{ + echo "Attachment"; + } echo ""; echo "Edit "; } @@ -88,7 +103,7 @@ if( $_SESSION['access'] != 1 ) { if ($past_event_result->num_rows >0){ echo "

Previous 10 Events

"; echo "This does not include ongoing events."; - echo ""; + echo "
Event IDUnitAlertStart Date and TimeDescriptionEnd Date and TimeUserUpdatesEdit
"; while ($past_event_row = $past_event_result->fetch_assoc()) { echo "
Event IDUnitAlertStart Date and TimeDescriptionEnd Date and TimeUserUpdatesAttachmentsEdit
"; echo "".$past_event_row["event_id"].""; @@ -105,7 +120,7 @@ if( $_SESSION['access'] != 1 ) { echo ""; print_r($past_event_row["user"]); echo ""; - $update_query = "SELECT update_desc, update_date_time, update_user FROM event_updates WHERE event_updates.event_id=".$past_event_row["event_id"].";"; + $update_query = "SELECT update_desc, update_date_time, update_user, update_image FROM event_updates WHERE event_updates.event_id=".$past_event_row["event_id"].";"; $update_result = $conn1->query($update_query); if ($update_result->num_rows >0){ while ($update_row = $update_result->fetch_assoc()) { @@ -121,12 +136,27 @@ if( $_SESSION['access'] != 1 ) { echo "Time: "; echo ""; print_r($update_row['update_date_time']); - echo "
"; + echo ""; + if(empty($update_row['update_image'])) { + echo ""; + } else { + echo ""; + echo "Image: "; + echo ""; + echo "Attachment"; + echo ""; + } } } else { echo "No updates to this event"; } echo ""; + if(empty($past_event_row["event_image"])) { + echo ""; + } else { + echo "Attachment"; + } + echo ""; echo "Edit"; echo ""; }