From 2a43d526f93570b4aebc325aae96a484943b0c39 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sat, 30 Mar 2019 20:19:48 +0000
Subject: [PATCH] Work in progress on attachment download.

---
 WEB-INF/lib/ttFileHelper.class.php  |  77 ++++++++++++++++++++-
 WEB-INF/templates/footer.tpl        |   2 +-
 WEB-INF/templates/project_files.tpl |   2 +-
 file_download.php                   | 102 ++++++++++++++++++++++++++++
 4 files changed, 180 insertions(+), 3 deletions(-)
 create mode 100644 file_download.php

diff --git a/WEB-INF/lib/ttFileHelper.class.php b/WEB-INF/lib/ttFileHelper.class.php
index ce24cd79..f3c36e56 100644
--- a/WEB-INF/lib/ttFileHelper.class.php
+++ b/WEB-INF/lib/ttFileHelper.class.php
@@ -35,6 +35,7 @@ class ttFileHelper {
   var $getfile_uri = null;  // URI to get file from file storage.
   var $site_id = null;      // Site id for file storage.
   var $site_key = null;     // Site key for file storage.
+  var $file_data = null;     // Downloaded file data.
 
   // Constructor.
   function __construct(&$errors) {
@@ -136,7 +137,7 @@ class ttFileHelper {
       'user_key' => urlencode($fields['user_key']), // May be null.
       'file_name' => urlencode($fields['file_name']),
       'description' => urlencode($fields['description']),
-      'content' => urlencode(file_get_contents($_FILES['newfile']['tmp_name']))
+      'content' => urlencode(base64_encode(file_get_contents($_FILES['newfile']['tmp_name'])))
     );
 
     // url-ify the data for the POST.
@@ -352,4 +353,78 @@ class ttFileHelper {
     $affected = $mdb2->exec($sql);
     return !is_a($affected, 'PEAR_Error');
   }
+
+
+  // getFile - downloads file from remote storage to memory.
+  function getFile($fields) {
+    global $i18n;
+    global $user;
+    $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $curl_fields = array('site_id' => urlencode($this->site_id),
+      'site_key' => urlencode($this->site_key),
+      'org_id' => urlencode($org_id),
+      'org_key' => urlencode($this->getOrgKey()),
+      'group_id' => urlencode($group_id),
+      'group_key' => urlencode($this->getGroupKey()),
+      'user_id' => urlencode($fields['user_id']),   // May be null.
+      'user_key' => urlencode($fields['user_key']), // May be null.
+      'file_id' => urlencode($fields['remote_id']),
+      'file_key' => urlencode($fields['file_key']),
+      'file_name' => urlencode($fields['file_name']));
+
+    // url-ify the data for the POST.
+    foreach($curl_fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
+    $fields_string = rtrim($fields_string, '&');
+
+    // Open connection.
+    $ch = curl_init();
+
+    // Set the url, number of POST vars, POST data.
+    curl_setopt($ch, CURLOPT_URL, $this->getfile_uri);
+    curl_setopt($ch, CURLOPT_POST, count($fields));
+    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+    // Execute a post request.
+    $result = curl_exec($ch);
+
+    $error = curl_error();
+    $result_array2 = json_decode($result, true);
+
+    // Close connection.
+    curl_close($ch);
+
+    if (!$result) {
+      $this->errors->add($i18n->get('error.file_storage'));
+      return false;
+    }
+
+    $result_array = json_decode($result, true);
+    $status = (int) $result_array['status'];
+    $error = $result_array['error'];
+
+    if ($error) {
+      // Add an error from file storage facility if we have it.
+      $this->errors->add($error);
+      return false;
+    }
+    if ($status != 1) {
+      // There is no explicit error message, but still something not right.
+      $this->errors->add($i18n->get('error.file_storage'));
+      return false;
+    }
+
+    $this->file_data = $result_array['content'];
+    return true;
+  }
+
+
+  // getFileData - returns file data from memory.
+  function getFileData() {
+    return base64_decode($this->file_data);
+  }
 }
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index b63e0692..b36f3d07 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.61.4896 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.61.4897 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/project_files.tpl b/WEB-INF/templates/project_files.tpl
index d745f557..52e14f9a 100644
--- a/WEB-INF/templates/project_files.tpl
+++ b/WEB-INF/templates/project_files.tpl
@@ -16,7 +16,7 @@
         <tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
           <td>{$file.name|escape}</td>
           <td>{$file.description|escape}</td>
-          <td><a href="file_edit.php?id={$file.id}">{$i18n.label.download}</a></td>
+          <td><a href="file_download.php?id={$file.id}">{$i18n.label.download}</a></td>
     {if $can_manage}
           <td><a href="file_edit.php?id={$file.id}">{$i18n.label.edit}</a></td>
           <td><a href="file_delete.php?id={$file.id}">{$i18n.label.delete}</a></td>
diff --git a/file_download.php b/file_download.php
new file mode 100644
index 00000000..83ff703a
--- /dev/null
+++ b/file_download.php
@@ -0,0 +1,102 @@
+<?php
+// +----------------------------------------------------------------------+
+// | Anuko Time Tracker
+// +----------------------------------------------------------------------+
+// | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
+// +----------------------------------------------------------------------+
+// | LIBERAL FREEWARE LICENSE: This source code document may be used
+// | by anyone for any purpose, and freely redistributed alone or in
+// | combination with other software, provided that the license is obeyed.
+// |
+// | There are only two ways to violate the license:
+// |
+// | 1. To redistribute this code in source form, with the copyright
+// |    notice or license removed or altered. (Distributing in compiled
+// |    forms without embedded copyright notices is permitted).
+// |
+// | 2. To redistribute modified versions of this code in *any* form
+// |    that bears insufficient indications that the modifications are
+// |    not the work of the original author(s).
+// |
+// | This license applies to this document only, not any other software
+// | that it may be combined with.
+// |
+// +----------------------------------------------------------------------+
+// | Contributors:
+// | https://www.anuko.com/time_tracker/credits.htm
+// +----------------------------------------------------------------------+
+
+require_once('initialize.php');
+import('form.Form');
+import('ttFileHelper');
+import('ttProjectHelper');
+
+// Access checks.
+$cl_file_id = (int)$request->getParameter('id');
+$file = ttFileHelper::get($cl_file_id);
+if (!$file) {
+  header('Location: access_denied.php');
+  exit();
+}
+// Entity-specific checks.
+if ($file['entity_type'] == 'project') {
+  if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
+    header('Location: access_denied.php');
+    exit();
+  }
+}
+if ($file['entity_type'] != 'project') {
+  // Currently, files are only associated with projects.
+  // Improve access checks when the feature evolves.
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
+
+$fileHelper = new ttFileHelper($err);
+
+$filename = $file['file_name'];
+$mime_type = 'image/jpeg'; // Hardcoded type for now. TODO: fix this.
+
+if ($fileHelper->getFile($file)) {
+  header('Pragma: public'); // This is needed for IE8 to download files over https.
+  header('Content-Type: '.$mime_type);
+  header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
+  header('Content-Disposition: attachment; filename="'.$filename.'"');
+  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+  header('Cache-Control: private', false);
+
+  echo $fileHelper->getFileData();
+  exit;
+} else
+  $err->add($i18n->get('error.sys'));
+
+$form = new Form('fileForm');
+$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id));
+$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'file_name','style'=>'width: 250px;','value'=>$cl_name));
+$form->getElement('file_name')->setEnabled(false);
+$form->addInput(array('type'=>'textarea','name'=>'description','style'=>'width: 250px; height: 40px;','value'=>$cl_description));
+$form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
+
+if ($request->isPost()) {
+  // Validate user input.
+  if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+
+  if ($err->no()) {
+    if ($request->getParameter('btn_save')) {
+      // Update file information.
+      $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description));
+      if ($updated && $file['entity_type'] == 'project') {
+        header('Location: project_files.php?id='.$file['entity_id']);
+        exit();
+      } else
+        $err->add($i18n->get('error.db'));
+    }
+  }
+} // isPost
+
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('onload', 'onLoad="document.fileForm.description.focus()"');
+$smarty->assign('title', $i18n->get('title.edit_file'));
+$smarty->assign('content_page_name', 'file_edit.tpl');
+$smarty->display('index.tpl');
-- 
2.20.1