fix file downloads; add vars for allowed file size and extensions

f71d32c7 · Eric Rasmussen · 731afb59 · f71d32c7 · f71d32c7 · f71d32c7
Commit f71d32c7 authored 14 years ago by Eric Rasmussen
--- a/data/upgrade.php
+++ b/data/upgrade.php
-'ALTER TABLE `bids` CHANGE `status` `juncture` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL';
+ALTER TABLE `bids` CHANGE `status` `juncture` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL;

 ALTER TABLE `bids` CHANGE `feature` `status` VARCHAR( 20 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
 CHANGE `datedue` `date_due` DATETIME NOT NULL ,
 CHANGE `awarddate` `award_date` DATETIME NULL DEFAULT NULL ,
 CHANGE `dateedited` `date_modified` TIMESTAMP ON UPDATE CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
-CHANGE `userwhoedited` `uid_modified` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL 
+CHANGE `userwhoedited` `uid_modified` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL;
+
+
+ALTER TABLE `uploads` CHANGE `content` `data` LONGBLOB NOT NULL;




--- a/src/UNL/Procurement/Controller.php
+++ b/src/UNL/Procurement/Controller.php
@@ -44,6 +44,10 @@ class UNL_Procurement_Controller
    
    public static $db_name = 'procurement';
    
+    public static $max_upload_size = 0;
+    
+    public static $allowed_extensions = array("pdf","gif","jpeg","jpg","png");
+    
    public $actionable = array();
    
    function __construct($options = array())

--- a/src/UNL/Procurement/File.php
+++ b/src/UNL/Procurement/File.php
@@ -9,7 +9,7 @@ class UNL_Procurement_File extends UNL_Procurement_Record
    
    public $size;
    
-    public $content;
+    public $data;
    
    public $bid_id;
    
@@ -26,9 +26,6 @@ class UNL_Procurement_File extends UNL_Procurement_Record
    {
        if ($record = self::getRecordByValue('uploads', $id)) {
            $class = __CLASS__;
-            if (strstr($record['type'], 'image/')) {
-                $class = 'UNL_Procurement_File_Image';
-            }
            $object = new $class;
            UNL_Procurement_Controller::setObjectFromArray($object, $record);
            return $object;
@@ -41,18 +38,6 @@ class UNL_Procurement_File extends UNL_Procurement_Record
        return 'uploads';
    }
    
-    /**
-     * Check if type is valid/supported
-     * 
-     * @param string $type
-     * 
-     * @return bool
-     */
-    public static function validFileType($type)
-    {
-        return true;
-    }
-    
    /**
     * Checks if the filename is supported.
     * 
@@ -62,7 +47,7 @@ class UNL_Procurement_File extends UNL_Procurement_Record
     */
    public static function validFileName($filename)
    {
-        $allowedExtensions = array("gif","jpeg","jpg","png");
+        $allowedExtensions = UNL_Procurement_Controller::$allowed_extensions;
        return in_array(end(explode(".", strtolower($filename))), $allowedExtensions);
    }
 }
\ No newline at end of file
--- a/src/UNL/Procurement/Submission.php
+++ b/src/UNL/Procurement/Submission.php
@@ -43,9 +43,7 @@ class UNL_Procurement_Submission extends UNL_Procurement_LoginRequired
                
                UNL_Procurement_Controller::redirect('?view=thanks&_type='.$_POST['_type']);
            case 'fileadd':
-                //echo '<pre>';var_dump($_FILES);exit();
                foreach ($_FILES["upFiles"]["error"] as $key => $error) {
-                    //var_dump($file_data);exit();
                    if ($error != UPLOAD_ERR_OK) {
                        throw new Exception("Error Uploading File!");
                    }
@@ -63,7 +61,7 @@ class UNL_Procurement_Submission extends UNL_Procurement_LoginRequired
                    $file_data['name'] = $_FILES['upFiles']['name'][$key];
                    $file_data['size'] = $_FILES['upFiles']['size'][$key];
                    $file_data['type'] = $_FILES['upFiles']['type'][$key];
-                    $file_data['content'] = file_get_contents($_FILES['upFiles']['tmp_name'][$key]);
+                    $file_data['data'] = file_get_contents($_FILES['upFiles']['tmp_name'][$key]);
                    $file_data['bid_id'] = $bid->id;
                    
                    UNL_Procurement_Controller::setObjectFromArray($file, $file_data);

--- a/www/config.sample.php
+++ b/www/config.sample.php
@@ -19,4 +19,8 @@ UNL_Procurement_Controller::$url = 'http://localhost/workspace/UNL_Procurement/w
 //Database username/password
 UNL_Procurement_Controller::$db_user = 'DBUSER';
 UNL_Procurement_Controller::$db_pass = 'PASS';
-UNL_Procurement_Controller::$db_name = 'procurement';
\ No newline at end of file
+UNL_Procurement_Controller::$db_name = 'procurement';
+
+//Max File Upload Size 32MB = 33554432
+UNL_Procurement_Controller::$max_upload_size = 33554432;
+UNL_Procurement_Controller::$allowed_extensions = array("pdf","jpg","png");
\ No newline at end of file
--- a/www/templates/default/Procurement/File.tpl.php
+++ b/www/templates/default/Procurement/File.tpl.php
+<?php
+header('Content-type: '.$context->type);
+header('Content-Disposition:filename="'.$context->name.'"');
+echo $context->getRaw('data');
\ No newline at end of file
--- a/www/templates/default/Procurement/Submission.tpl.php
+++ b/www/templates/default/Procurement/Submission.tpl.php
@@ -109,12 +109,12 @@ function getValue($object, $field)
    </div>
    
    
-    <div class="clear"></div>
+    <div class="clear"><br /></div>
    
    
    <form class="zenform neutral" method="post" name="procurementFileAdd" action="?view=edit&id=<?php echo getValue($context, 'id'); ?>" enctype="multipart/form-data">
        <input type="hidden" name="_type" value="fileadd" />
-        <input type="hidden" name="MAX_FILE_SIZE" value="3000000000" />
+        <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo UNL_Procurement_Controller::$max_upload_size; ?>" />
        <input type="hidden" id="bid_id" name="bid_id" value="<?php echo getValue($context, 'id'); ?>" />
        <fieldset>
            <legend>Upload File(s)</legend>
@@ -141,7 +141,7 @@ function getValue($object, $field)
            <?php foreach (UNL_Procurement_Bid::getByID(getValue($context, 'id'))->getFiles() as $file) : ?>
            <li>
                <input type="checkbox" id="file[<?php echo $file->id; ?>]" name="file[<?php echo $file->id; ?>]" />
-                <label for="file[<?php echo $file->id; ?>]"><?php echo $file->name; ?></label>
+                <label for="file[<?php echo $file->id; ?>]"><a href="<?php echo UNL_Procurement_Controller::getURL(); ?>?view=file&id=<?php echo $file->id; ?>" class="<?php echo str_replace('/','-',$file->type); ?>"><?php echo $file->name; ?></a></label>
            </li>
            <?php endforeach ?>
            <?php endif ?>