Can now attach files on the create ticket page via dropzone

inc/attachments.inc.php

@@ -36,17 +36,27 @@ if (!defined('IN_SCRIPT')) {
 /***************************
  * Function hesk_uploadFiles()
  ***************************/
-function hesk_uploadFile($i, $isTicket = true, $ajax = false)
+function hesk_uploadFile($i, $isTicket = true)
 {
     global $hesk_settings, $hesklang, $trackingID, $hesk_error_buffer, $modsForHesk_settings;
 
+    $single_file = $i == -1;
     /* Return if name is empty */
-    if (empty($_FILES['attachment']['name'][$i])) {
+    $name = $single_file
+        ? $_FILES['attachment']['name']
+        : $_FILES['attachment']['name'][$i];
+
+    if (empty($name)) {
         return '';
     }
 
+
     /* Parse the name */
-    $file_realname = hesk_cleanFileName($_FILES['attachment']['name'][$i]);
+    if ($single_file) {
+        $file_realname = hesk_cleanFileName($_FILES['attachment']['name']);
+    } else {
+        $file_realname = hesk_cleanFileName($_FILES['attachment']['name'][$i]);
+    }
 
     /* Check file extension */
     $ext = strtolower(strrchr($file_realname, "."));
@@ -55,10 +65,13 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
     }
 
     /* Check file size */
-    if ($_FILES['attachment']['size'][$i] > $hesk_settings['attachments']['max_size']) {
+    $size = $single_file
+        ? $_FILES['attachment']['size']
+        : $_FILES['attachment']['size'][$i];
+    if ($size > $hesk_settings['attachments']['max_size']) {
         return hesk_fileError(sprintf($hesklang['file_too_large'], $file_realname));
     } else {
-        $file_size = $_FILES['attachment']['size'][$i];
+        $file_size = $size;
     }
 
     /* Generate a random file name */
@@ -68,16 +81,8 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
         $tmp .= $useChars{mt_rand(0, 29)};
     }
 
-    if ($ajax) {
+
-        // Temporary attachments are, well, temporary. We can just use the real name since they'll be deleted afterwards.
+    $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
-        $file_name = $file_realname;
-    } else {
-        if (defined('KB')) {
-            $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
-        } else {
-            $file_name = substr($trackingID . '_' . md5($tmp . $file_realname), 0, 200) . $ext;
-        }
-    }
 
     // Does the temporary file exist? If not, probably server-side configuration limits have been reached
     // Uncomment this for debugging purposes
@@ -93,10 +98,10 @@ function hesk_uploadFile($i, $isTicket = true, $ajax = false)
     if (!$isTicket) {
         $directory = $modsForHesk_settings['kb_attach_dir'];
     }
-    if ($ajax) {
+    $file_to_move = $single_file
-        $directory = $modsForHesk_settings[''];
+        ? $_FILES['attachment']['tmp_name']
-    }
+        : $_FILES['attachment']['tmp_name'][$i];
-    if (!move_uploaded_file($_FILES['attachment']['tmp_name'][$i], dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
+    if (!move_uploaded_file($file_to_move, dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
         return hesk_fileError($hesklang['cannot_move_tmp']);
     }
 

inc/view_attachment_functions.inc.php

@@ -200,17 +200,34 @@ function output_dropzone_window() {
     </div>';
 }
 
+function output_attachment_id_holder_container() {
+    echo '<div id="attachment-holder" class="hide"></div>';
+}
+
 function display_dropzone_field($url) {
     global $hesk_settings, $hesklang;
 
     output_dropzone_window();
+    output_attachment_id_holder_container();
 
     $acceptedFiles = implode(',', $hesk_settings['attachments']['allowed_types']);
 
     echo "
     <script type=\"text/javascript\">
     Dropzone.options.filedrop = {
-        paramName: 'file',
+        init: function() {
+            this.on('success', function(file, response) {
+                // The response will only be the ID of the attachment in the database
+                outputAttachmentIdHolder(response);
+            });
+            this.on('removedfile', function(file) {
+                console.log(file);
+            });
+            this.on('queuecomplete', function(progress) {
+                $('#total-progress').removeClass('active');
+            });
+        },
+        paramName: 'attachment',
         url: ".json_encode($url).",
         parallelUploads: 1,
         uploadMultiple: false,

index.php

@@ -996,7 +996,7 @@ function print_add_ticket()
                         </div>
                     </div>
                     <?php
-                    display_dropzone_field('someurl');
+                    display_dropzone_field(HESK_PATH . 'internal-api/ticket/upload-attachment.php');
                 }
 
                 if ($hesk_settings['question_use'] || $hesk_settings['secimg_use'])

install/mods-for-hesk/sql/installSql.php

@@ -713,5 +713,11 @@ function execute260Scripts()
       `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
       `user_id` INT NOT NULL,
       `token` VARCHAR(500) NOT NULL) ENGINE = MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
+    executeQuery("CREATE TABLE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` (
+      `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
+      `file_name` VARCHAR(255) NOT NULL,
+      `size` INT(10) UNSIGNED NOT NULL,
+      `type` ENUM('0','1') NOT NULL,
+      `date_uploaded` TIMESTAMP NOT NULL) ENGINE = MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci");
     executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.6.0' WHERE `Key` = 'modsForHeskVersion'");
 }

internal-api/dao/attachment_dao.php

@@ -0,0 +1,11 @@
+<?php
+
+function upload_temp_attachment($i, $isTicket) {
+    global $hesk_settings;
+
+    $info = hesk_uploadFile($i, $isTicket);
+    hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` (`file_name`,`size`, `type`, `date_uploaded`)
+        VALUES ('" . hesk_dbEscape($info['saved_name']) . "','" . hesk_dbEscape($info['size']) . "','" . hesk_dbEscape($isTicket ? 1 : 0) . "', NOW())");
+
+    return hesk_dbInsertID();
+}

internal-api/ticket/upload-attachment.php

@@ -1,16 +1,24 @@
 <?php
 define('IN_SCRIPT', 1);
 define('HESK_PATH', '../../');
-define('INTERNAL_API_PATH', '../../');
+define('INTERNAL_API_PATH', '../');
 require_once(HESK_PATH . 'hesk_settings.inc.php');
 require_once(HESK_PATH . 'inc/common.inc.php');
+require_once(HESK_PATH . 'inc/attachments.inc.php');
+require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
+require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();
 
-if (!empty($_FILES)) {
+$modsForHesk_settings = mfh_getSettings();
 
+if (!empty($_FILES)) {
+    // Only 1 files is ever processed through this endpoint at a time.
+    $id = upload_temp_attachment(-1, true);
+    print json_encode($id);
+    return http_response_code(200);
 }
 
 return http_response_code(400);

js/modsForHesk-javascript.js

@@ -206,4 +206,8 @@ function getFriendlyLocation(latitude, longitude) {
     });
 }
 
+function outputAttachmentIdHolder(value) {
+    $('#attachment-holder').append('<input type="hidden" name="attachment-ids[]" value="' + value + '">');
+}
+
 jQuery(document).ready(loadJquery);