126 lines
4.5 KiB
PHP
126 lines
4.5 KiB
PHP
<?php
|
|
include "db_config.php";
|
|
$conn = mysqli_connect($servername, $username, $password, $db);
|
|
|
|
//Allow Image Upload
|
|
$target_dir = "../images/";
|
|
if(empty($_FILES["fileToUpload"]["name"])) {
|
|
$target_file_name = "";
|
|
$target_file = "";
|
|
$image_link = "";
|
|
} else {
|
|
$target_file_name = preg_replace('/[^a-zA-Z0-9s.]/', '_', basename($_FILES["fileToUpload"]["name"]));
|
|
$target_file = $target_dir . $target_file_name;
|
|
$image_link = mysqli_real_escape_string($conn, "https://DOMAIN.com/bms/images/$target_file_name");
|
|
}
|
|
$target_file = $target_dir . $target_file_name;
|
|
$uploadOk = 1;
|
|
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
|
|
// Check if image file is a actual image or fake image
|
|
if(isset($_POST["submit"])) {
|
|
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
|
|
if($check !== false) {
|
|
echo "File is an image - " . $check["mime"] . ".";
|
|
$uploadOk = 1;
|
|
} else {
|
|
echo "File is not an image.";
|
|
$uploadOk = 0;
|
|
}
|
|
}
|
|
// Check if file already exists
|
|
if (file_exists($target_file)) {
|
|
echo "Sorry, file already exists.";
|
|
$uploadOk = 0;
|
|
}
|
|
// Check file size
|
|
if ($_FILES["fileToUpload"]["size"] > 500000) {
|
|
echo "Sorry, your file is too large.";
|
|
$uploadOk = 0;
|
|
}
|
|
// Allow certain file formats
|
|
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
|
|
&& $imageFileType != "gif" ) {
|
|
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
|
|
$uploadOk = 0;
|
|
}
|
|
// Check if $uploadOk is set to 0 by an error
|
|
if ($uploadOk == 0) {
|
|
echo "Sorry, your file was not uploaded.";
|
|
// if everything is ok, try to upload file
|
|
} else {
|
|
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
|
|
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
|
|
} else {
|
|
echo "Sorry, there was an error uploading your file.";
|
|
}
|
|
}
|
|
|
|
//Set variables for MySQL Insert
|
|
$unit = mysqli_real_escape_string($conn, $_POST['unit']);
|
|
$start_date_time = mysqli_real_escape_string($conn, $_POST['start_date_time']);
|
|
$description = mysqli_real_escape_string($conn, $_POST['description']);
|
|
$is_ongoing = mysqli_real_escape_string($conn, $_POST['is_ongoing']);
|
|
$end_date_time = mysqli_real_escape_string($conn, $_POST['end_date_time']);
|
|
$alert = mysqli_real_escape_string($conn, $_POST['alert']);
|
|
$user = mysqli_real_escape_string($conn, $_POST['user']);
|
|
|
|
//Insert event to events table
|
|
$event = "INSERT INTO events (unit_id, date_time_start, description, is_ongoing, date_time_end, alert_id, user, event_image) VALUES ('$unit','$start_date_time', '$description', '$is_ongoing', '$end_date_time', '$alert', '$user', '$image_link')";
|
|
|
|
//Set variables for email
|
|
//MySQL queries to get Unit Name and Alert
|
|
$unitname_query = "SELECT unit_name FROM units WHERE unit_id=".$_POST['unit']."";
|
|
$unitname_query_run = mysqli_query($conn, $unitname_query);
|
|
$unitname_array = mysqli_fetch_assoc($unitname_query_run);
|
|
$unitname = $unitname_array['unit_name'];
|
|
$alertname_query = "SELECT alert_name FROM alerts WHERE alert_id=".$_POST['alert']."";
|
|
$alertname_query_run = mysqli_query($conn, $alertname_query);
|
|
$alertname_array = mysqli_fetch_assoc($alertname_query_run);
|
|
$alertname = $alertname_array['alert_name'];
|
|
$description_for_email = nl2br($_POST['description']);
|
|
|
|
//If successful, redirect back to index.php and send email, else tell user that it failed.
|
|
$result = mysqli_query($conn, $event);
|
|
if($result){
|
|
echo("Event added, redirecting...");
|
|
sleep (2);
|
|
header('Location: ../index.php');
|
|
//Get inserted Event ID
|
|
$event_id = $conn->insert_id;
|
|
$to = "TOEMAIL@DOMAIN>COM";
|
|
$subject = "New BMS Alert: ".$unitname." ".$alertname."";
|
|
$headers = "MIME-Version: 1.0" . "\r\n";
|
|
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
|
|
$headers .= "From: FROMEMAIL@.com";
|
|
$message = "
|
|
<html>
|
|
<body>
|
|
BMS Unit: ".$unitname."
|
|
<br />
|
|
Type of Alert: ".$alertname."
|
|
<br />
|
|
Start Date / Time: ".$start_date_time."
|
|
<br />
|
|
End Date / Time: ".$end_date_time."
|
|
<br />
|
|
Description: ".$description_for_email."
|
|
<br />
|
|
Created by: ".$user."
|
|
<br />
|
|
Image: ".$image_link."
|
|
<br />
|
|
Event Link: https://DOMAIN.com/bms/viewevent.php?eventid=$event_id
|
|
<br /><br />
|
|
This message generated by https://DOMAIN.com/bms
|
|
</body>
|
|
</html>";
|
|
//WordWrap the message
|
|
$message_wrapped = wordwrap($message, 70, "\n", true);
|
|
//Send the email
|
|
mail($to,$subject,$message_wrapped,$headers);
|
|
} else{
|
|
echo('Error! Please <a href="javascript:history.back()">go back</a> and try again');
|
|
}
|
|
$conn->close();
|
|
?>
|