zmena implementacie suborov, ukladanie na filesystem a nie do DB

config.php

@@ -7,6 +7,19 @@ if (file_exists('c:/php/includes/igor.php')) {
 require_once __DIR__.'/lib/functions.inc.php';
 require_once __DIR__.'/lib/Medoo/src/Medoo.php';
 
+$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https://" : "http://";
+$host = $_SERVER['HTTP_HOST'];
+$uri = $_SERVER['REQUEST_URI']; // obsahuje aj query string
+
+
+define('URL_PREFIX', $protocol.$host.str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']));
+
+define('UPLOAD_DIR_ATTACHMENTS', __DIR__.'/data/attachments/');
+if (!file_exists(UPLOAD_DIR_ATTACHMENTS)) {
+	mkdir(UPLOAD_DIR_ATTACHMENTS, 0777, true);
+}
+define('UPLOAD_URL_ATTACHMENTS', URL_PREFIX.'data/attachments/');
+
 global $db;
 $db = new Medoo\Medoo([
 	'type' => 'sqlite',

lib/functions.inc.php

@@ -1,9 +1,38 @@
 <?php
 
+/**
+ * String functions
+ */
+function allowedChars($str, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-')
+{
+	return preg_match('/^[' . $chars . ']+$/', $str);
+}
+
+function sanitizeFilename($filename, $allowedExtensions = [])
+{
+	// Rozdelenie názvu a prípony
+	$pathInfo = pathinfo($filename);
+	$name = $pathInfo['filename'] ?? 'file';
+	$extension = strtolower($pathInfo['extension'] ?? '');
+	// Odstránenie nebezpečných znakov z názvu
+	$name = preg_replace('/[^a-zA-Z0-9_-]/', '_', $name);
+	$name = substr($name, 0, 100); // voliteľné obmedzenie dĺžky
+	// Validácia prípony, ak je zoznam povolený
+	if (
+		$allowedExtensions
+		&& count($allowedExtensions) > 0
+		&& !in_array($extension, $allowedExtensions)
+	) {
+		$extension = 'bin'; // fallback ak prípona nie je povolená
+	}
+	return $name . '.' . $extension;
+}
+
 /**
  * Check database
  */
-function dbCheck() {
+function dbCheck()
+{
 	global $db;
 	$db_version = option('version');
 	if ($db_version === null) {
@@ -125,7 +154,8 @@ function option($key, $value = null)
 	]);
 }
 
-function tableExits($table) {
+function tableExits($table)
+{
 	global $db;
 	return $db->get('sqlite_master', 'name', [
 		'type' => 'table',
@@ -136,7 +166,8 @@ function tableExits($table) {
 /**
  * Reports
  */
-function reportAdd($title, $description, $status = 0, $group = null, $priority = 0) {
+function reportAdd($title, $description, $status = 0, $group = null, $priority = 0)
+{
 	global $db;
 	$status = intval($status);
 	$priority = intval($priority);
@@ -151,7 +182,8 @@ function reportAdd($title, $description, $status = 0, $group = null, $priority =
 	return $db->id();
 }
 
-function reportUpdate($report_id, $report_data) {
+function reportUpdate($report_id, $report_data)
+{
 	global $db;
 	$stm = $db->update('reports', $report_data, [
 		'report_id' => $report_id
@@ -159,7 +191,8 @@ function reportUpdate($report_id, $report_data) {
 	return ($stm->rowCount() > 0);
 }
 
-function reportUpdateStatus($report_id, $status) {
+function reportUpdateStatus($report_id, $status)
+{
 	global $db;
 	$stm = $db->update('reports', [
 		'report_status' => $status
@@ -169,7 +202,8 @@ function reportUpdateStatus($report_id, $status) {
 	return ($stm->rowCount() > 0);
 }
 
-function reportUpdateOrdnum($ordnums) {
+function reportUpdateOrdnum($ordnums)
+{
 	global $db;
 	$ordnums = json_decode($ordnums, true);
 	$suc = true;
@@ -184,7 +218,8 @@ function reportUpdateOrdnum($ordnums) {
 	return $suc;
 }
 
-function reportDelete($report_id) {
+function reportDelete($report_id)
+{
 	global $db;
 	$stm = $db->delete('reports', [
 		'report_id' => $report_id
@@ -192,14 +227,16 @@ function reportDelete($report_id) {
 	return ($stm->rowCount() > 0);
 }
 
-function reportGet($report_id) {
+function reportGet($report_id)
+{
 	global $db;
 	return $db->get('reports', '*', [
 		'report_id' => $report_id
 	]);
 }
 
-function reportGetAll($status = null) {
+function reportGetAll($status = null)
+{
 	global $db;
 	if ($status === null) $status = array(0, 1, 2, 3);
 	return $db->select('reports', '*', [
@@ -208,7 +245,8 @@ function reportGetAll($status = null) {
 	]);
 }
 
-function reportGetAllGrouped($status = null) {
+function reportGetAllGrouped($status = null)
+{
 	$all = reportGetAll($status);
 	$groups = [];
 	foreach ($all as $report) {
@@ -220,8 +258,26 @@ function reportGetAllGrouped($status = null) {
 /**
  * Attachments
  */
-function attachmentAdd($report_id, $attachment_type, $attachment_content) {
+function attachmentGet($attachment_id)
+{
 	global $db;
+	return $db->get('attachments', '*', [
+		'attachment_id' => $attachment_id
+	]);
+}
+function attachmentAdd($report_id, $attachment_type, $attachment_content)
+{
+	global $db;
+	if ($attachment_type == 'file') {
+		$data = json_decode($attachment_content, true);
+		if (!is_array($data)) return false;
+		$base64 = preg_replace('/^data:.*?;base64,/', '', $data['base64']);
+		$base64_data = base64_decode($base64);
+		$filename = 'report_' . $report_id . '_' . time() . '_' . sanitizeFilename($data['filename']);
+		file_put_contents(UPLOAD_DIR_ATTACHMENTS . $filename, $base64_data);
+		$attachment_content = $filename;
+	}
+
 	$stm = $db->insert('attachments', [
 		'report_id' => $report_id,
 		'attachment_type' => $attachment_type,
@@ -231,7 +287,8 @@ function attachmentAdd($report_id, $attachment_type, $attachment_content) {
 	return ($stm->rowCount() > 0);
 }
 
-function attachmentUpdate($attachment_id, $attachment_content) {
+function attachmentUpdate($attachment_id, $attachment_content)
+{
 	global $db;
 	if (strlen(trim($attachment_content)) <= 0) return attachmentDelete($attachment_id);
 	$stm = $db->update('attachments', [
@@ -243,20 +300,32 @@ function attachmentUpdate($attachment_id, $attachment_content) {
 	return ($stm->rowCount() > 0);
 }
 
-function attachmentDelete($attachment_id) {
+function attachmentDelete($attachment_id)
+{
 	global $db;
+	$attachment = attachmentGet($attachment_id);
+	if ($attachment['attachment_type'] == 'file'
+		&& file_exists(UPLOAD_DIR_ATTACHMENTS . $attachment['attachment_content']))
+	{
+		unlink(UPLOAD_DIR_ATTACHMENTS . $attachment['attachment_content']);
+	}
 	$stm = $db->delete('attachments', [
 		'attachment_id' => $attachment_id
 	]);
 	return ($stm->rowCount() > 0);
 }
 
-function attachmentGetAll($report_id) {
+function attachmentGetAll($report_id)
+{
 	global $db;
-	return $db->select('attachments', '*', [
+	$all = $db->select('attachments', '*', [
 		'ORDER' => ['created_dt' => 'ASC'],
 		'report_id' => $report_id
 	]);
+	if (is_array($all)) foreach ($all as $key => $row) {
+		if ($all[$key]['attachment_type'] == 'file') {
+			$all[$key]['attachment_content'] = UPLOAD_URL_ATTACHMENTS . $all[$key]['attachment_content'];
+		}
+	}
+	return $all;
 }
-
-?>

webapp/src/views/Report.vue

@@ -84,7 +84,9 @@
 					v-else-if="attachment.attachment_type == 'file'"
 					class="attachment-file"
 				>
-					<img :src="attachment.attachment_content" />
+					<a :href="attachment.attachment_content" target="_blank">Stiahnut {{ attachment.attachment_content.split('/').pop().split('?')[0].split('#')[0] }}</a>
+					<br>
+					<img :src="attachment.attachment_content" v-if="isImageUrl(attachment.attachment_content)" />
 				</div>
 				<div v-else class="attachment-content">
 					Neznamy typ prilohy: <strong>{{ attachment.attachment_type }}</strong>
@@ -222,7 +224,10 @@ export default {
 				this.loading = true;
 				for (let i = 0; i < this.selectedFiles.length; i++) {
 					backend
-						.attachmentAdd(this.report_id, "file", this.selectedFilesContent[i])
+						.attachmentAdd(this.report_id, "file", {
+							'filename': this.selectedFiles[i].name,
+							'base64': this.selectedFilesContent[i]
+						})
 						.then(() => {
 							for_upload--;
 							if (for_upload == 0) {
@@ -279,6 +284,9 @@ export default {
 				return (size / (1024 * 1024)).toFixed(2) + " MB";
 			}
 		},
+		isImageUrl(url) {
+			return /\.(jpg|jpeg|png|gif|svg|webp)$/.test(url);
+		}
 	},
 };
 </script>