From b133a3e31e690ff939bb7671f6854e28e3ba6167 Mon Sep 17 00:00:00 2001
From: Mike Koch <Mike.Koch@emerson.com>
Date: Mon, 21 Dec 2015 13:11:12 -0500
Subject: [PATCH] Can now attach files on the create ticket page via dropzone

---
 inc/attachments.inc.php                   | 43 +++++++++++++----------
 inc/view_attachment_functions.inc.php     | 19 +++++++++-
 index.php                                 |  2 +-
 install/mods-for-hesk/sql/installSql.php  |  6 ++++
 internal-api/dao/attachment_dao.php       | 11 ++++++
 internal-api/ticket/upload-attachment.php | 12 +++++--
 js/modsForHesk-javascript.js              |  4 +++
 7 files changed, 74 insertions(+), 23 deletions(-)
 create mode 100644 internal-api/dao/attachment_dao.php

diff --git a/inc/attachments.inc.php b/inc/attachments.inc.php
index 4e3e68db..761a5f16 100644
--- a/inc/attachments.inc.php
+++ b/inc/attachments.inc.php
@@ -36,17 +36,27 @@ if (!defined('IN_SCRIPT')) {
 /***************************
  * Function hesk_uploadFiles()
  ***************************/
-function hesk_uploadFile($i, $isTicket = true, $ajax = false)
+function hesk_uploadFile($i, $isTicket = true)
 {
     global $hesk_settings, $hesklang, $trackingID, $hesk_error_buffer, $modsForHesk_settings;
 
+    $single_file = $i == -1;
     /* Return if name is empty */
-    if (empty($_FILES['attachment']['name'][$i])) {
+    $name = $single_file
+        ? $_FILES['attachment']['name']
+        : $_FILES['attachment']['name'][$i];
+
+    if (empty($name)) {
         return '';
     }
 
+
     /* Parse the name */
-    $file_realname = hesk_cleanFileName($_FILES['attachment']['name'][$i]);
+    if ($single_file) {
+        $file_realname = hesk_cleanFileName($_FILES['attachment']['name']);
+    } else {
+        $file_realname = hesk_cleanFileName($_FILES['attachment']['name'][$i]);
+    }
 
     /* Check file extension */
     $ext = strtolower(strrchr($file_realname, "."));
@@ -55,10 +65,13 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
     }
 
     /* Check file size */
-    if ($_FILES['attachment']['size'][$i] > $hesk_settings['attachments']['max_size']) {
+    $size = $single_file
+        ? $_FILES['attachment']['size']
+        : $_FILES['attachment']['size'][$i];
+    if ($size > $hesk_settings['attachments']['max_size']) {
         return hesk_fileError(sprintf($hesklang['file_too_large'], $file_realname));
     } else {
-        $file_size = $_FILES['attachment']['size'][$i];
+        $file_size = $size;
     }
 
     /* Generate a random file name */
@@ -68,16 +81,8 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
         $tmp .= $useChars{mt_rand(0, 29)};
     }
 
-    if ($ajax) {
-        // Temporary attachments are, well, temporary. We can just use the real name since they'll be deleted afterwards.
-        $file_name = $file_realname;
-    } else {
-        if (defined('KB')) {
-            $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
-        } else {
-            $file_name = substr($trackingID . '_' . md5($tmp . $file_realname), 0, 200) . $ext;
-        }
-    }
+
+    $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
 
     // Does the temporary file exist? If not, probably server-side configuration limits have been reached
     // Uncomment this for debugging purposes
@@ -93,10 +98,10 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
     if (!$isTicket) {
         $directory = $modsForHesk_settings['kb_attach_dir'];
     }
-    if ($ajax) {
-        $directory = $modsForHesk_settings[''];
-    }
-    if (!move_uploaded_file($_FILES['attachment']['tmp_name'][$i], dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
+    $file_to_move = $single_file
+        ? $_FILES['attachment']['tmp_name']
+        : $_FILES['attachment']['tmp_name'][$i];
+    if (!move_uploaded_file($file_to_move, dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
         return hesk_fileError($hesklang['cannot_move_tmp']);
     }
 
diff --git a/inc/view_attachment_functions.inc.php b/inc/view_attachment_functions.inc.php
index 59747845..9dd07178 100644
--- a/inc/view_attachment_functions.inc.php
+++ b/inc/view_attachment_functions.inc.php
@@ -200,17 +200,34 @@ function output_dropzone_window() {
     </div>';
 }
 
+function output_attachment_id_holder_container() {
+    echo '<div id="attachment-holder" class="hide"></div>';
+}
+
 function display_dropzone_field($url) {
     global $hesk_settings, $hesklang;
 
     output_dropzone_window();
+    output_attachment_id_holder_container();
 
     $acceptedFiles = implode(',', $hesk_settings['attachments']['allowed_types']);
 
     echo "
     <script type=\"text/javascript\">
     Dropzone.options.filedrop = {
-        paramName: 'file',
+        init: function() {
+            this.on('success', function(file, response) {
+                // The response will only be the ID of the attachment in the database
+                outputAttachmentIdHolder(response);
+            });
+            this.on('removedfile', function(file) {
+                console.log(file);
+            });
+            this.on('queuecomplete', function(progress) {
+                $('#total-progress').removeClass('active');
+            });
+        },
+        paramName: 'attachment',
         url: ".json_encode($url).",
         parallelUploads: 1,
         uploadMultiple: false,
diff --git a/index.php b/index.php
index 11c29cc1..bfa8c53f 100644
--- a/index.php
+++ b/index.php
@@ -996,7 +996,7 @@ function print_add_ticket()
                         </div>
                     </div>
                     <?php
-                    display_dropzone_field('someurl');
+                    display_dropzone_field(HESK_PATH . 'internal-api/ticket/upload-attachment.php');
                 }
 
                 if ($hesk_settings['question_use'] || $hesk_settings['secimg_use'])
diff --git a/install/mods-for-hesk/sql/installSql.php b/install/mods-for-hesk/sql/installSql.php
index 73d0d42b..f2b6b1cd 100644
--- a/install/mods-for-hesk/sql/installSql.php
+++ b/install/mods-for-hesk/sql/installSql.php
@@ -713,5 +713,11 @@ function execute260Scripts()
       `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
       `user_id` INT NOT NULL,
       `token` VARCHAR(500) NOT NULL) ENGINE = MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
+    executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` (
+      `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
+      `file_name` VARCHAR(255) NOT NULL,
+      `size` INT(10) UNSIGNED NOT NULL,
+      `type` ENUM('0','1') NOT NULL,
+      `date_uploaded` TIMESTAMP NOT NULL) ENGINE = MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
     executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.6.0' WHERE `Key` = 'modsForHeskVersion'");
 }
\ No newline at end of file
diff --git a/internal-api/dao/attachment_dao.php b/internal-api/dao/attachment_dao.php
new file mode 100644
index 00000000..97703142
--- /dev/null
+++ b/internal-api/dao/attachment_dao.php
@@ -0,0 +1,11 @@
+<?php
+
+function upload_temp_attachment($i, $isTicket) {
+    global $hesk_settings;
+
+    $info = hesk_uploadFile($i, $isTicket);
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` (`file_name`,`size`, `type`, `date_uploaded`)
+        VALUES ('" . hesk_dbEscape($info['saved_name']) . "','" . hesk_dbEscape($info['size']) . "','" . hesk_dbEscape($isTicket ? 1 : 0) . "', NOW())");
+
+    return hesk_dbInsertID();
+}
\ No newline at end of file
diff --git a/internal-api/ticket/upload-attachment.php b/internal-api/ticket/upload-attachment.php
index d817cce2..e66d4c2d 100644
--- a/internal-api/ticket/upload-attachment.php
+++ b/internal-api/ticket/upload-attachment.php
@@ -1,16 +1,24 @@
 <?php
 define('IN_SCRIPT', 1);
 define('HESK_PATH', '../../');
-define('INTERNAL_API_PATH', '../../');
+define('INTERNAL_API_PATH', '../');
 require_once(HESK_PATH . 'hesk_settings.inc.php');
 require_once(HESK_PATH . 'inc/common.inc.php');
+require_once(HESK_PATH . 'inc/attachments.inc.php');
+require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
+require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();
 
-if (!empty($_FILES)) {
+$modsForHesk_settings = mfh_getSettings();
 
+if (!empty($_FILES)) {
+    // Only 1 files is ever processed through this endpoint at a time.
+    $id = upload_temp_attachment(-1, true);
+    print json_encode($id);
+    return http_response_code(200);
 }
 
 return http_response_code(400);
\ No newline at end of file
diff --git a/js/modsForHesk-javascript.js b/js/modsForHesk-javascript.js
index a70c2d46..9b9caae5 100644
--- a/js/modsForHesk-javascript.js
+++ b/js/modsForHesk-javascript.js
@@ -206,4 +206,8 @@ function getFriendlyLocation(latitude, longitude) {
     });
 }
 
+function outputAttachmentIdHolder(value) {
+    $('#attachment-holder').append('<input type="hidden" name="attachment-ids[]" value="' + value + '">');
+}
+
 jQuery(document).ready(loadJquery);