SolidCharity/TimeTrex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
TimeTrex/interface/upload_file.php

642 lines
33 KiB
PHP
Raw Permalink Normal View History

TimeTrex Community Edition v16.2.0
2022-12-13 07:10:06 +01:00
<?php
/*********************************************************************************
*
* TimeTrex is a Workforce Management program developed by
* TimeTrex Software Inc. Copyright (C) 2003 - 2021 TimeTrex Software Inc.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License version 3 as published by
* the Free Software Foundation with the addition of the following permission
* added to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED
* WORK IN WHICH THE COPYRIGHT IS OWNED BY TIMETREX, TIMETREX DISCLAIMS THE
* WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
* details.
*
*
* You should have received a copy of the GNU Affero General Public License along
* with this program; if not, see http://www.gnu.org/licenses or write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*
*
* You can contact TimeTrex headquarters at Unit 22 - 2475 Dobbin Rd. Suite
* #292 West Kelowna, BC V4T 2E9, Canada or at email address info@timetrex.com.
*
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
*
* In accordance with Section 7(b) of the GNU Affero General Public License
* version 3, these Appropriate Legal Notices must retain the display of the
* "Powered by TimeTrex" logo. If the display of the logo is not reasonably
* feasible for technical reasons, the Appropriate Legal Notices must display
* the words "Powered by TimeTrex".
*
********************************************************************************/
require_once( '../includes/global.inc.php' );
$skip_message_check = true;
require_once( Environment::getBasePath() . 'includes/Interface.inc.php' );
require_once( Environment::getBasePath() . 'classes/upload/fileupload.class.php' );
//PHP must have the upload and POST max sizes set to handle the largest file upload. If these are too low
//it errors out with a non-helpful error, so set these large and restrict the size in the Upload class.
//ini_set( 'upload_max_filesize', '128M' ); //This is PER DIRECTORY and therefore can't be set this way. Must be set in the PHP.INI or .htaccess files instead.
//ini_set( 'post_max_size', '128M' ); //This has no affect as its set too late. Must be set in the PHP.INI or .htaccess files instead.
extract( FormVariables::GetVariables(
[
'action',
'object_type',
'parent_object_type_id',
'object_id',
'parent_id',
'SessionID',
] ) );
if ( $authentication->checkValidCSRFToken() == false ) { //Help prevent CSRF attacks with this, run this check during and before the user is logged in.
echo TTi18n::getText( 'Invalid CSRF token!' );
exit;
}
$object_type = trim( strtolower( $object_type ) );
Debug::Text( 'Object Type: ' . $object_type . ' ID: ' . $object_id . ' Parent ID: ' . $parent_id . ' POST SessionID: ' . $SessionID, __FILE__, __LINE__, __METHOD__, 10 );
if ( Misc::doesRequestExceedPHPMaxPostSize() == true ) { //Check PHP maximum post/upload size limit and make sure that hasn't been exceeded first.
$error = TTi18n::gettext( 'ERROR: File size is too large, must be less than %1 bytes.', Misc::getPHPMaxUploadSize() );
} else {
$upload = new fileupload();
switch ( $object_type ) {
case 'invoice_config':
$max_upload_file_size = 5000000;
if ( $permission->Check( 'invoice_config', 'add' ) || $permission->Check( 'invoice_config', 'edit' ) || $permission->Check( 'invoice_config', 'edit_child' ) || $permission->Check( 'invoice_config', 'edit_own' ) ) {
if ( isset( $_POST['file_data'] ) ) {
Debug::Text( 'HTML5 Base64 encoded upload...', __FILE__, __LINE__, __METHOD__, 10 );
$allowed_upload_content_types = [ false, 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png' ];
$icf = TTnew( 'InvoiceConfigFactory' ); /** @var InvoiceConfigFactory $icf */
$icf->cleanStoragePath( $current_company->getId() );
$dir = $icf->getStoragePath( $current_company->getId() );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 )
&& isset( $_POST['mime_type'] )
&& in_array( strtolower( trim( $_POST['mime_type'] ) ), $allowed_upload_content_types ) ) {
$file_name = $dir . DIRECTORY_SEPARATOR . 'logo.img';
$file_data = base64_decode( $_POST['file_data'] );
$file_size = strlen( $file_data );
if ( in_array( Misc::getMimeType( $file_data, true ), $allowed_upload_content_types ) ) {
if ( $file_size <= $max_upload_file_size ) {
$success = file_put_contents( $file_name, $file_data );
if ( $success == false ) {
Debug::Text( 'bUpload Failed! Unable to write data to: ' . $file_name, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Unable to upload photo' );
}
} else {
Debug::Text( 'cUpload Failed! File too large: ' . $file_size, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File size is too large, must be less than %1 bytes', $max_upload_file_size );
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (b)';
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (a)';
}
}
unset( $uf, $ulf );
}
}
break;
case 'document_revision':
Debug::Text( 'Document...', __FILE__, __LINE__, __METHOD__, 10 );
$max_upload_file_size = 128000000;
if ( isset( $parent_object_type_id ) && $parent_object_type_id == 400 ) {
$section = 'user_expense';
} else {
$section = 'document';
}
if ( DEMO_MODE == false && ( $permission->Check( $section, 'add' ) || $permission->Check( $section, 'edit' ) || $permission->Check( $section, 'edit_child' ) || $permission->Check( $section, 'edit_own' ) ) ) {
$permission_children_ids = $permission->getPermissionHierarchyChildren( $current_company->getId(), $current_user->getId() );
$drlf = TTnew( 'DocumentRevisionListFactory' ); /** @var DocumentRevisionListFactory $drlf */
$drlf->getByIdAndCompanyId( $object_id, $current_user->getCompany() );
if ( $drlf->getRecordCount() == 1 ) {
if ( $permission->Check( $section, 'edit' )
|| ( $permission->Check( $section, 'edit_own' ) && $permission->isOwner( $drlf->getCurrent()->getCreatedBy(), $drlf->getCurrent()->getID() ) === true )
|| ( $permission->Check( $section, 'edit_child' ) && $permission->isChild( $drlf->getCurrent()->getId(), $permission_children_ids ) === true ) ) {
$df = TTnew( 'DocumentFactory' ); /** @var DocumentFactory $df */
$drf = TTnew( 'DocumentRevisionFactory' ); /** @var DocumentRevisionFactory $drf */
//Debug::setVerbosity(11);
$upload->set_max_filesize( $max_upload_file_size ); //128mb or less, though I'm not 100% sure this is even working.
$upload->set_overwrite_mode( 3 ); //Do nothing
$dr_obj = $drlf->getCurrent();
$dr_obj->setLocalFileName();
$dir = $dr_obj->getStoragePath( $current_company->getId() );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 ) ) {
$upload_result = $upload->upload( 'filedata', $dir ); //'filedata' is case sensitive
//Debug::Arr($_FILES, 'FILES Vars: ', __FILE__, __LINE__, __METHOD__, 10);
if ( $upload_result ) {
Debug::Text( 'Upload Success: ' . $upload_result, __FILE__, __LINE__, __METHOD__, 10 );
$success = $upload_result . ' ' . TTi18n::gettext( 'Successfully Uploaded' );
$upload_file_arr = $upload->get_file();
} else {
Debug::Text( 'Upload Failed!: ' . $upload->get_error(), __FILE__, __LINE__, __METHOD__, 10 );
$error = $upload->get_error();
}
} else {
Debug::Text( 'Upload Failed!: Not enough disk space available...', __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'ERROR: File is too large to be uploaded at this time. Please try again later.' );
}
}
if ( isset( $success ) ) {
//Document Revision
Debug::Text( 'Upload File Name: ' . $upload_file_arr['name'] . ' Mime Type: ' . $upload_file_arr['type'], __FILE__, __LINE__, __METHOD__, 10 );
if ( $drlf->getRecordCount() == 1 ) {
$dr_obj->setRemoteFileName( $upload_file_arr['name'] );
$dr_obj->setMimeType( $dr_obj->detectMimeType( $upload_file_arr['name'], $upload_file_arr['type'] ) );
$dr_obj->setEnableFileUpload( true );
if ( $dr_obj->isValid() ) {
$dr_obj->Save( false );
$dr_obj->renameLocalFile(); //Rename after save as finished successfully, otherwise a validation error will occur because the src file is gone.
unset( $dr_obj );
break;
} else {
$error = TTi18n::gettext( 'ERROR: File is invalid, unable to save' );
}
} else {
Debug::Text( 'Object does not exist!', __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Invalid Object ID' );
}
} else {
Debug::Text( 'bUpload Failed!: ' . $upload->get_error(), __FILE__, __LINE__, __METHOD__, 10 );
}
} else {
$error = TTi18n::gettext( 'Permission Denied' );
}
} else {
$error = TTi18n::gettext( 'Invalid Object ID' );
}
}
break;
case 'company_logo':
Debug::Text( 'Company Logo...', __FILE__, __LINE__, __METHOD__, 10 );
$max_upload_file_size = 5000000;
if ( DEMO_MODE == false && ( $permission->Check( 'company', 'add' ) || $permission->Check( 'company', 'edit' ) || $permission->Check( 'company', 'edit_child' ) || $permission->Check( 'company', 'edit_own' ) ) ) {
if ( isset( $_POST['file_data'] ) ) { //Only required for images due the image wizard.
Debug::Text( 'HTML5 Base64 encoded upload...', __FILE__, __LINE__, __METHOD__, 10 );
$allowed_upload_content_types = [ false, 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png' ];
$cf = TTnew( 'CompanyFactory' ); /** @var CompanyFactory $cf */
$cf->cleanStoragePath( $current_company->getId() );
$dir = $cf->getStoragePath( $current_company->getId() );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 )
&& isset( $_POST['mime_type'] )
&& in_array( strtolower( trim( $_POST['mime_type'] ) ), $allowed_upload_content_types ) ) {
$file_name = $dir . DIRECTORY_SEPARATOR . 'logo.img';
$file_data = base64_decode( $_POST['file_data'] );
$file_size = strlen( $file_data );
if ( in_array( Misc::getMimeType( $file_data, true ), $allowed_upload_content_types ) ) {
if ( $file_size <= $max_upload_file_size ) {
$success = file_put_contents( $file_name, $file_data );
if ( $success == false ) {
Debug::Text( 'bUpload Failed! Unable to write data to: ' . $file_name, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Unable to upload photo' );
} else {
TTLog::addEntry( $current_company->getId(), 10, TTi18n::getText( 'Logo - Source: Web' ), null, $cf->getTable() );
}
} else {
Debug::Text( 'cUpload Failed! File too large: ' . $file_size, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File size is too large, must be less than %1 bytes', $max_upload_file_size );
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (b)';
}
} else {
if ( isset( $_POST['mime_type'] ) ) {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
} else {
Debug::Text( 'eUpload Failed! Mime_type not specified...', __FILE__, __LINE__, __METHOD__, 10 );
}
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (a)';
}
}
unset( $cf );
}
}
break;
case 'legal_entity_logo':
Debug::Text( 'Legal Entity Logo...', __FILE__, __LINE__, __METHOD__, 10 );
$max_upload_file_size = 5000000;
if ( DEMO_MODE == false && ( $permission->Check( 'legal_entity', 'add' ) || $permission->Check( 'legal_entity', 'edit' ) || $permission->Check( 'legal_entity', 'edit_child' ) || $permission->Check( 'legal_entity', 'edit_own' ) ) ) {
if ( isset( $_POST['file_data'] ) && TTUUID::isUUID( $object_id ) ) { //Only required for images due the image wizard.
Debug::Text( 'HTML5 Base64 encoded upload...', __FILE__, __LINE__, __METHOD__, 10 );
$allowed_upload_content_types = [ false, 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png' ];
$lef = TTnew( 'LegalEntityFactory' ); /** @var LegalEntityFactory $lef */
$lef->cleanStoragePath( $object_id );
$dir = $lef->getStoragePath( $object_id );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 )
&& isset( $_POST['mime_type'] )
&& in_array( strtolower( trim( $_POST['mime_type'] ) ), $allowed_upload_content_types ) ) {
$file_name = $dir . DIRECTORY_SEPARATOR . 'logo.img';
$file_data = base64_decode( $_POST['file_data'] );
$file_size = strlen( $file_data );
if ( in_array( Misc::getMimeType( $file_data, true ), $allowed_upload_content_types ) ) {
if ( $file_size <= $max_upload_file_size ) {
$success = file_put_contents( $file_name, $file_data );
if ( $success == false ) {
Debug::Text( 'bUpload Failed! Unable to write data to: ' . $file_name, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Unable to upload photo' );
} else {
TTLog::addEntry( $object_id, 10, TTi18n::getText( 'Logo - Source: Web' ), null, $lef->getTable() );
}
} else {
Debug::Text( 'cUpload Failed! File too large: ' . $file_size, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File size is too large, must be less than %1 bytes', $max_upload_file_size );
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (b)';
}
} else {
if ( isset( $_POST['mime_type'] ) ) {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
} else {
Debug::Text( 'eUpload Failed! Mime_type not specified...', __FILE__, __LINE__, __METHOD__, 10 );
}
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (a)';
}
}
unset( $lef );
}
}
break;
case 'user_photo':
Debug::Text( 'User Photo...', __FILE__, __LINE__, __METHOD__, 10 );
$max_upload_file_size = 25000000;
if ( DEMO_MODE == false && ( $permission->Check( 'user', 'add' ) || $permission->Check( 'user', 'edit' ) || $permission->Check( 'user', 'edit_child' ) || $permission->Check( 'user', 'edit_own' ) ) ) {
$permission_children_ids = $permission->getPermissionHierarchyChildren( $current_company->getId(), $current_user->getId() );
$ulf = TTnew( 'UserListFactory' ); /** @var UserListFactory $ulf */
$ulf->getByIdAndCompanyId( $object_id, $current_company->getId() );
if ( $ulf->getRecordCount() == 1
&&
( $permission->Check( 'user', 'edit' )
|| ( $permission->Check( 'user', 'edit_own' ) && $permission->isOwner( $ulf->getCurrent()->getCreatedBy(), $ulf->getCurrent()->getID() ) === true )
|| ( $permission->Check( 'user', 'edit_child' ) && $permission->isChild( $ulf->getCurrent()->getId(), $permission_children_ids ) === true ) ) ) {
if ( isset( $_POST['file_data'] ) ) { //Only required for images due the image wizard.
Debug::Text( 'HTML5 Base64 encoded upload...', __FILE__, __LINE__, __METHOD__, 10 );
$allowed_upload_content_types = [ false, 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png' ];
if ( $ulf->getRecordCount() == 1 ) {
$uf = TTnew( 'UserFactory' ); /** @var UserFactory $uf */
$uf->cleanStoragePath( $current_company->getId(), $object_id );
$dir = $uf->getStoragePath( $current_company->getId() );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 )
&& isset( $_POST['mime_type'] )
&& in_array( strtolower( trim( $_POST['mime_type'] ) ), $allowed_upload_content_types ) ) {
$file_name = $dir . DIRECTORY_SEPARATOR . TTUUID::castUUID( $object_id ) . '.img';
$file_data = base64_decode( $_POST['file_data'] );
$file_size = strlen( $file_data );
if ( in_array( Misc::getMimeType( $file_data, true ), $allowed_upload_content_types ) ) {
if ( $file_size <= $max_upload_file_size ) {
$success = file_put_contents( $file_name, $file_data );
if ( $success == false ) {
Debug::Text( 'bUpload Failed! Unable to write data to: ' . $file_name, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Unable to upload photo' );
} else {
TTLog::addEntry( $object_id, 10, TTi18n::getText( 'Photo - Source: Web' ), null, $uf->getTable() );
}
} else {
Debug::Text( 'cUpload Failed! File too large: ' . $file_size, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File size is too large, must be less than %1 bytes', $max_upload_file_size );
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (b)';
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (a)';
}
}
} else {
$error = TTi18n::gettext( 'Invalid Object ID' );
}
unset( $uf, $ulf );
}
} else {
$error = TTi18n::gettext( 'Invalid Object ID' );
}
}
break;
case 'remittance_source_account':
Debug::Text( 'Remittance Source Account Signature...', __FILE__, __LINE__, __METHOD__, 10 );
$max_upload_file_size = 25000000;
if ( DEMO_MODE == false && ( $permission->Check( 'remittance_source_account', 'add' ) || $permission->Check( 'remittance_source_account', 'edit' ) || $permission->Check( 'remittance_source_account', 'edit_child' ) || $permission->Check( 'remittance_source_account', 'edit_own' ) ) ) {
$permission_children_ids = $permission->getPermissionHierarchyChildren( $current_company->getId(), $current_user->getId() );
$rsalf = TTnew( 'RemittanceSourceAccountListFactory' ); /** @var RemittanceSourceAccountListFactory $rsalf */
$rsalf->getByIdAndCompanyId( $object_id, $current_company->getId() );
if ( $rsalf->getRecordCount() == 1
&&
( $permission->Check( 'remittance_source_account', 'edit' )
|| ( $permission->Check( 'remittance_source_account', 'edit_own' ) && $permission->isOwner( $rsalf->getCurrent()->getCreatedBy(), $rsalf->getCurrent()->getID() ) === true )
|| ( $permission->Check( 'remittance_source_account', 'edit_child' ) && $permission->isChild( $rsalf->getCurrent()->getId(), $permission_children_ids ) === true ) ) ) {
if ( isset( $_POST['file_data'] ) ) { //Only required for images due the image wizard.
Debug::Text( 'HTML5 Base64 encoded upload...', __FILE__, __LINE__, __METHOD__, 10 );
$allowed_upload_content_types = [ false, 'image/jpg', 'image/jpeg', 'image/pjpeg', 'image/png' ];
if ( $rsalf->getRecordCount() == 1 ) {
$rsaf = TTnew( 'RemittanceSourceAccountFactory' ); /** @var RemittanceSourceAccountFactory $rsaf */
$rsaf->cleanStoragePath( $current_company->getId(), $object_id );
$dir = $rsaf->getStoragePath( $current_company->getId() );
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 )
&& isset( $_POST['mime_type'] )
&& in_array( strtolower( trim( $_POST['mime_type'] ) ), $allowed_upload_content_types ) ) {
$file_name = $dir . DIRECTORY_SEPARATOR . TTUUID::castUUID( $object_id ) . '.img';
$file_data = base64_decode( $_POST['file_data'] );
$file_size = strlen( $file_data );
if ( in_array( Misc::getMimeType( $file_data, true ), $allowed_upload_content_types ) ) {
if ( $file_size <= $max_upload_file_size ) {
$success = file_put_contents( $file_name, $file_data );
if ( $success == false ) {
Debug::Text( 'bUpload Failed! Unable to write data to: ' . $file_name, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Unable to upload signature' );
}
} else {
Debug::Text( 'cUpload Failed! File too large: ' . $file_size, __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File size is too large, must be less than %1 bytes', $max_upload_file_size );
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (b)';
}
} else {
Debug::Text( 'dUpload Failed! Incorrect mime_type: ' . $_POST['mime_type'], __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'Incorrect file type, must be a JPG or PNG image' ) . ' (a)';
}
}
} else {
$error = TTi18n::gettext( 'Invalid Object ID' );
}
unset( $rsaf, $rsalf );
}
} else {
$error = TTi18n::gettext( 'Invalid Object ID' );
}
}
break;
case 'license':
//Always enable debug logging during license upload.
Debug::setEnable( true );
Debug::setBufferOutput( true );
Debug::setEnableLog( true );
Debug::setVerbosity( 10 );
$max_upload_file_size = 50000;
if ( getTTProductEdition() >= TT_PRODUCT_PROFESSIONAL ) {
if ( ( ( DEPLOYMENT_ON_DEMAND == false && $current_company->getId() == 1 ) || ( isset( $config_vars['other']['primary_company_id'] ) && $current_company->getId() == $config_vars['other']['primary_company_id'] ) ) ) {
if ( ( $permission->Check( 'company', 'add' ) || $permission->Check( 'company', 'edit' ) || $permission->Check( 'company', 'edit_own' ) || $permission->Check( 'company', 'edit_child' ) ) ) {
$upload->set_max_filesize( $max_upload_file_size ); //20K or less
$upload->set_acceptable_types( [ 'text/plain', 'plain/text', 'application/octet-stream' ] ); // comma separated string, or array
$upload->set_overwrite_mode( 1 );
$dir = Environment::getStorageBasePath() . DIRECTORY_SEPARATOR . 'license' . DIRECTORY_SEPARATOR . $current_company->getId();
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 ) ) {
$upload_result = $upload->upload( 'filedata', $dir );
//var_dump($upload ); //file data
if ( $upload_result ) {
$success = $upload_result . ' ' . TTi18n::gettext( 'Successfully Uploaded!' );
} else {
$error = $upload->get_error();
}
} else {
Debug::Text( 'Upload Failed: Not enough disk space available...', __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'File is too large to be uploaded at this time.' );
}
}
Debug::Text( 'Post Upload Operation...', __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $success ) && $success != '' ) {
$clf = new CompanyListFactory();
$clf->getById( $config_vars['other']['primary_company_id'] );
if ( $clf->getRecordCount() == 1 ) {
$ttsc = new TimeTrexSoapClient();
$ping_key = uniqid();
if ( $ttsc->Ping( $ping_key ) == $ping_key ) {
Debug::Text( 'Initial Communication to license server successful!', __FILE__, __LINE__, __METHOD__, 10 );
$file_data_arr = $upload->get_file();
$license_data = trim( file_get_contents( $dir . '/' . $upload_result ) );
$obj_class = "\124\124\114\x69\x63\x65\x6e\x73\x65"; $license = @new $obj_class;
$retval = $license->getLicenseFile( true, $license_data ); //Download updated license file if one exists.
if ( $retval === false ) {
$error = TTi18n::gettext( 'Invalid license file or unable to activate license.' );
unset( $success );
}
} else {
$error = TTi18n::gettext( 'ERROR: Unable to communicate with license server, please check your internet connection.' );
unset( $success );
}
} else {
$error = TTi18n::gettext( 'ERROR: Invalid PRIMARY_COMPANY_ID defined in timetrex.ini.php file.' );
unset( $success );
}
}
} else {
$error = TTi18n::gettext( 'ERROR: Permission Denied!' );
}
} else {
Debug::Text( 'Current Company ID: ' . $current_company->getId(), __FILE__, __LINE__, __METHOD__, 10 );
$error = TTi18n::gettext( 'ERROR: Not logged into primary company.' );
}
} else {
$error = TTi18n::gettext( 'ERROR: Product Edition is invalid, must not be Community Edition.' );
}
break;
case 'import':
$max_upload_file_size = 128000000;
if ( ( DEMO_MODE == false || ( isset( $config_vars['other']['sandbox'] ) && $config_vars['other']['sandbox'] == true ) ) //Allow importing in sandbox mode, as its helpful to be able to test this.
&& (
$permission->Check( 'user', 'add' )
|| $permission->Check( 'user', 'edit_bank' )
|| $permission->Check( 'branch', 'add' )
|| $permission->Check( 'department', 'add' )
|| $permission->Check( 'wage', 'add' )
|| $permission->Check( 'pay_period_schedule', 'add' )
|| $permission->Check( 'schedule', 'add' )
|| $permission->Check( 'pay_stub_amendment', 'add' )
|| $permission->Check( 'accrual', 'add' )
|| $permission->Check( 'client', 'add' )
|| $permission->Check( 'job', 'add' )
|| $permission->Check( 'job_item', 'add' )
)
) {
$import = TTnew( 'Import' ); /** @var Import $import */
$import->company_id = $current_company->getId();
$import->user_id = $current_user->getId();
global $authentication;
if ( is_object( $authentication ) && $authentication->getSessionID() != '' ) {
Debug::text( 'Session ID: ' . $authentication->getSessionID(), __FILE__, __LINE__, __METHOD__, 10 );
$import->session_id = $authentication->getSessionID();
}
$import->deleteLocalFile(); //Make sure we delete the original file upon uploading, so if there is an error and the file upload is denied we don't show old files.
//Sometimes Excel uploads .CSV files as application/vnd.ms-excel
$valid_mime_types = [ 'text/plain', 'plain/text', 'text/comma-separated-values', 'text/csv', 'application/csv', 'text/anytext', 'text/x-c', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/vnd.ms-excel', 'application/vnd.oasis.opendocument.spreadsheet', 'application/octet-stream' ]; // comma separated string, or array. Should match Misc::parseCSV()
//Debug::setVerbosity(11);
$upload->set_max_filesize( $max_upload_file_size ); //128mb or less, though I'm not 100% sure this is even working.
//$upload->set_acceptable_types( $valid_mime_types ); //Ignore mime type sent by browser and use mime extension instead.
$upload->set_overwrite_mode( 1 ); //Overwrite
$dir = $import->getStoragePath();
Debug::Text( 'Storage Path: ' . $dir, __FILE__, __LINE__, __METHOD__, 10 );
if ( isset( $dir ) ) {
@mkdir( $dir, 0700, true );
if ( @disk_free_space( $dir ) > ( $max_upload_file_size * 2 ) ) {
$upload_result = $upload->upload( 'filedata', $dir ); //'filedata' is case sensitive
//Debug::Arr($_FILES, 'FILES Vars: ', __FILE__, __LINE__, __METHOD__, 10);
//Debug::Arr($upload->get_file(), 'File Upload Data: ', __FILE__, __LINE__, __METHOD__, 10);
if ( $upload_result ) {
$upload_file_arr = $upload->get_file();
//mime_content_type might not work properly on Windows. So if its not available just accept any file type.
$mime_type = ( function_exists( 'mime_content_type' ) ) ? mime_content_type( $dir . '/' . $upload_file_arr['name'] ) : false;
if ( $mime_type === false || in_array( $mime_type, $valid_mime_types ) ) {
$file_name = $import->getStoragePath() . DIRECTORY_SEPARATOR . $upload_file_arr['name'];
if ( in_array( $mime_type, [ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/vnd.ms-excel', 'application/vnd.oasis.opendocument.spreadsheet' ] ) ) {
$convert_excel_to_csv = Misc::convertExcelToCSV( $file_name );
if ( $convert_excel_to_csv === false ) {
$error = TTi18n::gettext( 'ERROR: Unable to read uploaded spreadsheet file, try saving it as a CSV file instead.' );
}
}
if ( !isset( $error ) ) {
$max_file_line_count = 0;
if ( DEPLOYMENT_ON_DEMAND == true ) {
switch ( strtolower( $object_id ) ) {
case 'apiimportpunch':
$max_file_line_count = ( $current_company->getProductEdition() == 10 ) ? 500 : 2500; //Importing punches can be quite slow, so reduce this significantly.
break;
default:
$max_file_line_count = ( $current_company->getProductEdition() == 10 ) ? 100 : 10000;
break;
}
}
$file_line_count = Misc::countLinesInFile( $file_name );
Debug::Text( 'Upload Success: ' . $upload_result . ' Full Path: ' . $file_name . ' Line Count: ' . $file_line_count . ' Max Lines: ' . $max_file_line_count, __FILE__, __LINE__, __METHOD__, 10 );
if ( $max_file_line_count > 0 && $file_line_count > $max_file_line_count ) {
$error = TTi18n::gettext( 'Import file exceeds the maximum number of allowed lines (%1), please reduce the number of lines and try again.', $max_file_line_count );
} else {
$success = $upload_result . ' ' . TTi18n::gettext( 'Successfully Uploaded' );
}
}
} else {
$error = TTi18n::gettext( 'ERROR: Uploaded file is not a properly formatted CSV file compatible with importing. You uploaded a file of type' ) . ': ' . $mime_type;
}
unset( $mime_type );
} else {
Debug::Text( 'Upload Failed!: ' . $upload->get_error(), __FILE__, __LINE__, __METHOD__, 10 );
$error = $upload->get_error();
}
}
}
if ( isset( $success ) ) {
$import->setRemoteFileName( $upload_file_arr['name'] );
$import->renameLocalFile();
} else {
Debug::Text( 'bUpload Failed!: ' . $upload->get_error(), __FILE__, __LINE__, __METHOD__, 10 );
}
} else {
$error = TTi18n::gettext( 'Permission Denied' );
}
break;
default:
$error = TTi18n::gettext( 'Invalid object_type' );
break;
}
}
if ( isset( $success ) ) {
echo 'TRUE';
} else {
if ( isset( $error ) ) {
//In some cases the real path of the file could be included in the error message, revealing too much information.
//Try to remove the directory from the error message if it exists.
if ( isset( $dir ) && $dir != '' ) {
$error = str_replace( $dir, '', $error );
}
echo $error;
Debug::Text( 'Upload ERROR: ' . $error, __FILE__, __LINE__, __METHOD__, 10 );
} else {
if ( DEMO_MODE == true ) {
echo TTi18n::gettext( 'ERROR: Uploading files is disabled in DEMO mode.' );
} else {
echo TTi18n::gettext( 'ERROR: Unable to upload file!' );
}
}
}
?>
Reference in New Issue Copy Permalink