Add image upload handling

addevent.php

@@ -114,7 +114,7 @@ if( $_SESSION['access'] != 1 ) {
 	</div>
         <?php include "includes/classes/select.class.php";?>
 	<br />
-        <form id="select_form" required method="post" action="includes/insert_event.php">
+        <form id="select_form" required method="post" action="includes/insert_event.php" enctype="multipart/form-data">
 		<table align="center">
 			<tr>
 				<td>
@@ -169,6 +169,7 @@ if( $_SESSION['access'] != 1 ) {
 					Issue Description:
 				</td>
 				<td>
+					<!-- <input type="text" name="description" id="description" required /> --!>
 					<textarea name="description" id="description" cols="40" rows="5" required></textarea>
 				</td>
 			</tr>
@@ -188,6 +189,14 @@ if( $_SESSION['access'] != 1 ) {
 				        <input type="text" name="end_date_time" id="end_date_time" />
 				</td>
 			</tr>
+			<tr>
+				<td>
+					Attach an Image:
+				</td>
+				<td>
+					<input type="file" name="fileToUpload" id="fileToUpload" />
+				</td>
+			</tr>
 			<tr>
 				<td colspan="2" class="ui-helper-center">
 				        <input type="submit" value="Add Event" />

editevent.php

@@ -71,7 +71,7 @@ if( $_SESSION['access'] != 1 ) {
 		}
 	include "includes/classes/select2.class.php"; ?>
 	<br />
-        <form id="select_form" required method="post" action="includes/update_event.php">
+        <form id="select_form" required method="post" action="includes/update_event.php" enctype="multipart/form-data">
 		<table align=center>
 			<tr>
 				<td>
@@ -135,7 +135,7 @@ if( $_SESSION['access'] != 1 ) {
 					Issue Description:
 				</td>
 				<td>
-					<?=$desc?>
+					<?=nl2br($desc)?>
 				</td>
 			</tr>
 			<tr>
@@ -166,6 +166,14 @@ if( $_SESSION['access'] != 1 ) {
 				        <input type="text" name="end_date_time" id="end_date_time" value="<?=$endtimedate;?>" />
 				</td>
 			</tr>
+			<tr>
+				<td>
+					Attach an image:
+				</td>
+				<td>
+                                        <input type="file" name="fileToUpload" id="fileToUpload" />
+				</td>
+			</tr>
 			<tr>
 				<td colspan=2 class="ui-helper-center">
 					<input type="submit" value="Submit"/>

includes/insert_event.php

@@ -2,6 +2,60 @@
 	include "db_config.php";
 $conn = mysqli_connect($servername, $username, $password, $db);
 
+//Allow Image Upload
+$target_dir = "../images/";
+if(empty($_FILES["fileToUpload"]["name"])) {
+        $target_file_name = "";
+        $target_file = "";
+        $image_link = "";
+} else {
+        $target_file_name = preg_replace('/[^a-zA-Z0-9s.]/', '_', basename($_FILES["fileToUpload"]["name"]));
+        $target_file = $target_dir . $target_file_name;
+        $image_link = mysqli_real_escape_string($conn, "https://DOMAIN.com/bms/images/$target_file_name");
+}
+$target_file = $target_dir . $target_file_name;
+$uploadOk = 1;
+$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
+// Check if image file is a actual image or fake image
+if(isset($_POST["submit"])) {
+    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
+    if($check !== false) {
+        echo "File is an image - " . $check["mime"] . ".";
+        $uploadOk = 1;
+    } else {
+        echo "File is not an image.";
+        $uploadOk = 0;
+    }
+}
+// Check if file already exists
+if (file_exists($target_file)) {
+    echo "Sorry, file already exists.";
+    $uploadOk = 0;
+}
+// Check file size
+if ($_FILES["fileToUpload"]["size"] > 500000) {
+    echo "Sorry, your file is too large.";
+    $uploadOk = 0;
+}
+// Allow certain file formats
+if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
+&& $imageFileType != "gif" ) {
+    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
+    $uploadOk = 0;
+}
+// Check if $uploadOk is set to 0 by an error
+if ($uploadOk == 0) {
+    echo "Sorry, your file was not uploaded.";
+// if everything is ok, try to upload file
+} else {
+    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
+        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
+    } else {
+        echo "Sorry, there was an error uploading your file.";
+    }
+}
+
+//Set variables for MySQL Insert
 $unit = mysqli_real_escape_string($conn, $_POST['unit']);
 $start_date_time = mysqli_real_escape_string($conn, $_POST['start_date_time']);
 $description = mysqli_real_escape_string($conn, $_POST['description']);
@@ -10,11 +64,11 @@ $end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']);
 $alert = mysqli_real_escape_string($conn, $_POST['alert']);
 $user = mysqli_real_escape_string($conn, $_POST['user']);
 
-$description_for_email = nl2br($_POST['description']);
 //Insert event to events table
-$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user')";
+$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user, event_image) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user', '$image_link')";
 
-//MySQL queries to get Unit Name and Alert Name for the Email
+//Set variables for email
+//MySQL queries to get Unit Name and Alert
 $unitname_query = "SELECT unit_name FROM units WHERE unit_id=".$_POST['unit']."";
 $unitname_query_run = mysqli_query($conn, $unitname_query);
 $unitname_array = mysqli_fetch_assoc($unitname_query_run);
@@ -23,47 +77,49 @@ $alertname_query = "SELECT alert_name FROM alerts WHERE alert_id=".$_POST['alert
 $alertname_query_run = mysqli_query($conn, $alertname_query);
 $alertname_array = mysqli_fetch_assoc($alertname_query_run);
 $alertname = $alertname_array['alert_name'];
+$description_for_email = nl2br($_POST['description']);
 
 //If successful, redirect back to index.php and send email, else tell user that it failed.
 $result = mysqli_query($conn, $event);
 if($result){
-        echo("Event added, redirecting...");
+	echo("Event added, redirecting...");
-        sleep (2);
+	sleep (2);
-        header('Location: ../index.php');
+	header('Location: ../index.php');
-        //Get inserted Event ID
+	//Get inserted Event ID
-        $event_id = $conn->insert_id;
+	$event_id = $conn->insert_id;
-				//Set Email Info
+	$to = "TOEMAIL@DOMAIN>COM";
-        $to = "TO-EMAIL@DOMAIN.COM";
+	$subject = "New BMS Alert: ".$unitname." ".$alertname."";
-        $subject = "New BMS Alert: ".$unitname." ".$alertname."";
+	$headers = "MIME-Version: 1.0" . "\r\n";
-				$headers = "MIME-Version: 1.0" . "\r\n";
+	$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
-				$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
+        $headers .= "From: FROMEMAIL@.com";
-				$headers .= "From: FROM-EMAIL@DOMAIN.COM";
+	$message = "
-				$message = "
+		<html>
-					<html>
+		<body>
-					<body>
+		BMS Unit: ".$unitname."
-					BMS Unit: ".$unitname."
+		<br />
-					<br />
+		Type of Alert: ".$alertname."
-					Type of Alert: ".$alertname."
+		<br />
-					<br />
+		Start Date / Time: ".$start_date_time."
-					Start Date / Time: ".$start_date_time."
+		<br />
-					<br />
+		End Date / Time: ".$end_date_time."
-					End Date / Time: ".$end_date_time."
+		<br />
-					<br />
+		Description: ".$description_for_email."
-					Description: ".$description_for_email."
+		<br />
-					<br />
+		Created by: ".$user."
-					Created by: ".$user."
+		<br />
-					<br />
+		Image: ".$image_link."
-					Event Link: https://DOMAIN.COM/bms/viewevent.php?eventid=$event_id
+		<br />
-					<br /><br />
+		Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id
-					This message generated by https://DOMAIN.COM/bms
+		<br /><br />
-					</body>
+		This message generated by https://DOMAIN.com/bms
-					</html>";
+		</body>
-				//WordWrap the message
+		</html>";
-				$message_wrapped = wordwrap($message, 70, "\n", true);
+	//WordWrap the message
-        //Send the email
+	$message_wrapped = wordwrap($message, 70, "\n", true);
-        mail($to,$subject,$message_wrapped,$headers);
+	//Send the email
+	mail($to,$subject,$message_wrapped,$headers);
 } else{
-        echo('Error! Please <a href="javascript:history.back()">go back</a> and try again');
+	echo('Error! Please <a href="javascript:history.back()">go back</a> and try again');
 }
-        $conn->close();
+	$conn->close();
 ?>

includes/update_event.php

@@ -2,20 +2,71 @@
 	include "db_config.php";
 $conn = mysqli_connect($servername, $username, $password, $db);
 
+//Allow Image Upload
+$target_dir = "../images/";
+if(empty($_FILES["fileToUpload"]["name"])) {
+        $target_file_name = "";
+	$target_file = "";
+	$image_link = "";
+} else {
+	$target_file_name = preg_replace('/[^a-zA-Z0-9s.]/', '_', basename($_FILES["fileToUpload"]["name"]));
+	$target_file = $target_dir . $target_file_name;
+	$image_link = mysqli_real_escape_string($conn, "https://DOMAIN.com/bms/images/$target_file_name");
+}
+$uploadOk = 1;
+$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
+// Check if image file is a actual image or fake image
+if(isset($_POST["submit"])) {
+    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
+    if($check !== false) {
+        echo "File is an image - " . $check["mime"] . ".";
+        $uploadOk = 1;
+    } else {
+        echo "File is not an image.";
+        $uploadOk = 0;
+    }
+}
+// Check if file already exists
+if (file_exists($target_file)) {
+    echo "Sorry, file already exists.";
+    $uploadOk = 0;
+}
+// Check file size
+if ($_FILES["fileToUpload"]["size"] > 500000) {
+    echo "Sorry, your file is too large.";
+    $uploadOk = 0;
+}
+// Allow certain file formats
+if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
+&& $imageFileType != "gif" ) {
+    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
+    $uploadOk = 0;
+}
+// Check if $uploadOk is set to 0 by an error
+if ($uploadOk == 0) {
+    echo "Sorry, your file was not uploaded.";
+// if everything is ok, try to upload file
+} else {
+    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
+        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
+    } else {
+        echo "Sorry, there was an error uploading your file.";
+    }
+}
+
+//Set Variables
 $event_id = mysqli_real_escape_string($conn, $_POST['event']);
 $description = mysqli_real_escape_string($conn, $_POST['description']);
 $is_ongoing = mysqli_real_escape_string($conn, $_POST['is_ongoing']);
 $end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']);
 $user = mysqli_real_escape_string($conn, $_POST['user']);
 
-$description_for_email = nl2br($_POST['description']);
-
 //Get timestamp
 $timestamp = new DateTime();
 $update_date_time = date_format($timestamp, 'Y/m/d H:i');
 
 //Insert event update into event updates table
-$update = "INSERT INTO event_updates (update_desc, update_date_time, update_is_ongoing, end_date_time, event_id, update_user) VALUES ('$description', '$update_date_time', '$is_ongoing', '$end_date_time', '$event_id', '$user')";
+$update_query = "INSERT INTO event_updates (update_desc, update_date_time, update_is_ongoing, end_date_time, event_id, update_user, update_image) VALUES ('$description', '$update_date_time', '$is_ongoing', '$end_date_time', '$event_id', '$user', '$image_link')";
 
 //Update value of is_ongoing in main events table
 $is_ongoing_endtime_query = "UPDATE events SET is_ongoing='$is_ongoing', date_time_end='$end_date_time' WHERE event_id='$event_id'";
@@ -36,19 +87,21 @@ $start_date_time_query = "SELECT date_time_start FROM events WHERE event_id=".$_
 $start_date_time_query_run = mysqli_query($conn, $start_date_time_query);
 $start_date_time_array = mysqli_fetch_assoc($start_date_time_query_run);
 $start_date_time = $start_date_time_array['date_time_start'];
+
+$description_for_email = nl2br($_POST['description']);
 //If successful, redirect back to index.php and send email, else tell user that it failed.
 $event_update = mysqli_query($conn, $is_ongoing_endtime_query);
-$result = mysqli_query($conn, $update);
+$result = mysqli_query($conn, $update_query);
 if($result){
         echo("Event added, redirecting...");
         sleep (2);
         header('Location: ../index.php');
         //Set Email Info
-        $to = "TO.ADDRES@DOMAIN.com";
+        $to = "TOEMAIL@DOMAIN.com";
-        $subject = "TEST Updated BMS Alert: ".$unitname." ".$alertname."";
+        $subject = "Updated BMS Alert: ".$unitname." ".$alertname."";
 	$headers = "MIME-Version: 1.0" . "\r\n";
 	$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
-	$headers .= "From: FROM.ADDRESS@DOMAIN.com";
+	$headers .= "From: FROMEMAIL@DOMAIN.com";
 	$message = "
 		<html>
 		<body>
@@ -64,6 +117,8 @@ if($result){
 		<br />
 		Updated by: ".$user."
 		<br />
+		Image Link (if any): ".$image_link."
+		<br />
 		Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id
 		<br /><br />
 		This message generated by https://DOMAIN.com/bms

index.php

@@ -34,7 +34,7 @@ if( $_SESSION['access'] != 1 ) {
 		$currently_ongoing_query = "SELECT * FROM events AS events INNER JOIN units AS units ON events.unit_id=units.unit_id INNER JOIN alerts as alerts ON events.alert_id=alerts.alert_id where is_ongoing=1;";
 		$currently_ongoing_result = $conn1->query($currently_ongoing_query);
 		if ($currently_ongoing_result->num_rows >0){
-			echo "<table align='center'><tr><th>Event ID</th><th>Unit</th><th>Alert</th><th>Start Date and Time</th><th>Description</th><th>End Date and Time</th><th>User</th><th>Updates</th><th>Edit</th></tr>";
+			echo "<table align='center'><tr><th>Event ID</th><th>Unit</th><th>Alert</th><th>Start Date and Time</th><th>Description</th><th>End Date and Time</th><th>User</th><th>Updates</th><th>Attachments</th><th>Edit</th></tr>";
 			while ($currently_ongoing_row = $currently_ongoing_result->fetch_assoc()) {
 				echo "<tr><td>";
 				echo "<a href=viewevent.php?eventid=".$currently_ongoing_row["event_id"]." target=_blank>".$currently_ongoing_row["event_id"]."</a>";
@@ -51,7 +51,7 @@ if( $_SESSION['access'] != 1 ) {
 				echo "</td><td>";
 				print_r($currently_ongoing_row["user"]);
 				echo "</td><td>";
-					$update_query = "SELECT update_desc, update_date_time, update_user FROM event_updates WHERE event_updates.event_id=".$currently_ongoing_row["event_id"].";";
+					$update_query = "SELECT update_desc, update_date_time, update_user, update_image FROM event_updates WHERE event_updates.event_id=".$currently_ongoing_row["event_id"].";";
 					$update_result = $conn1->query($update_query);
 					if ($update_result->num_rows >0){
 						while ($update_row = $update_result->fetch_assoc()) {
@@ -67,12 +67,27 @@ if( $_SESSION['access'] != 1 ) {
 							echo "Time: ";
 							echo "</td><td>";
 							print_r($update_row['update_date_time']);
-							echo "</td></tr></table>";
+							echo "</td></tr>";
+                                                        if(empty($update_row['update_image'])) {
+                                                                echo "</table>";
+                                                        } else {
+                                                                echo "<tr><td>";
+                                                                echo "Image: ";
+                                                                echo "</td><td>";
+                                                                echo "<a href=".$update_row['update_image']." target=blank>Attachment</a>";
+                                                                echo "</td></tr></table>";
+                                                        }
 						}
 						} else {
 							echo "No updates to this event";
 						}
 
+                                echo "</td><td>";
+				if(empty($currently_ongoing_row["event_image"])) {
+					echo "";
+				} else{
+					echo "<a href=".$currently_ongoing_row["event_image"]." target=blank>Attachment</a>";
+				}
                                 echo "</td><td>";
 				echo "<a href=editevent.php?event_id=".$currently_ongoing_row["event_id"]." target=blank>Edit</a></td></tr> ";
 			}
@@ -88,7 +103,7 @@ if( $_SESSION['access'] != 1 ) {
 		if ($past_event_result->num_rows >0){
 			echo "<h3>Previous 10 Events</h3>";
 			echo "This does not include ongoing events.";
-			echo "<table align='center'><tr><th>Event ID</th><th>Unit</th><th>Alert</th><th>Start Date and Time</th><th>Description</th><th>End Date and Time</th><th>User</th><th>Updates</th><th>Edit</th></tr>";
+			echo "<table align='center'><tr><th>Event ID</th><th>Unit</th><th>Alert</th><th>Start Date and Time</th><th>Description</th><th>End Date and Time</th><th>User</th><th>Updates</th><th>Attachments</th><th>Edit</th></tr>";
 			while ($past_event_row = $past_event_result->fetch_assoc()) {
 			        echo "<tr><td>";
 				echo "<a href=viewevent.php?eventid=".$past_event_row["event_id"]." target=_blank>".$past_event_row["event_id"]."</a>";
@@ -105,7 +120,7 @@ if( $_SESSION['access'] != 1 ) {
 				echo "</td><td>";
 				print_r($past_event_row["user"]);
 				echo "</td><td>";
-                                        $update_query = "SELECT update_desc, update_date_time, update_user FROM event_updates WHERE event_updates.event_id=".$past_event_row["event_id"].";";
+                                        $update_query = "SELECT update_desc, update_date_time, update_user, update_image FROM event_updates WHERE event_updates.event_id=".$past_event_row["event_id"].";";
                                         $update_result = $conn1->query($update_query);
                                         if ($update_result->num_rows >0){
                                                 while ($update_row = $update_result->fetch_assoc()) {
@@ -121,12 +136,27 @@ if( $_SESSION['access'] != 1 ) {
                                                         echo "Time: ";
                                                         echo "</td><td>";
                                                         print_r($update_row['update_date_time']);
-                                                        echo "</td></tr></table>";
+                                                        echo "</td></tr>";
+							if(empty($update_row['update_image'])) {
+								echo "</table>";
+							} else {
+								echo "<tr><td>";
+								echo "Image: ";
+								echo "</td><td>";
+								echo "<a href=".$update_row['update_image']." target=blank>Attachment</a>";
+								echo "</td></tr></table>";
+							}
                                                 }
                                                 } else {
                                                         echo "No updates to this event";
                                                 }
                                 echo "</td><td>";
+				if(empty($past_event_row["event_image"])) {
+					echo "";
+				} else {
+					echo "<a href=".$past_event_row["event_image"]." target=blank>Attachment</a>";
+				}
+                                echo "</td><td>";
 				echo "<a href=editevent.php?event_id=".$past_event_row["event_id"]." target=blank>Edit</a>";
 				echo "</td></tr>";
 			}