/home/smartonegroup/public_html/system/system/controllers/documents.php

<?php

/*
|--------------------------------------------------------------------------
| Controller
|--------------------------------------------------------------------------
|
*/

_auth();
$ui->assign('selected_navigation', 'documents');
$ui->assign('_title', $_L['Documents'] . '- ' . $config['CompanyName']);
$action = route(1);

if ($action == '') {
    $action = 'list';
}
$user = authenticate_admin();

Event::trigger('documents');

if (!has_access($user->roleid, 'documents', 'view')) {
    permissionDenied();
}

switch ($action) {
    case 'list':
        $upload_max_size = ini_get('upload_max_filesize');
        $post_max_size = ini_get('post_max_size');

        $ui->assign('upload_max_size', $upload_max_size);
        $ui->assign('post_max_size', $post_max_size);

        $files = Document::orderBy('id', 'desc');

        if (!has_access($user->roleid, 'documents', 'all_data')) {
            $files = $files->where('aid', $user->id);
        }

        $files = $files->limit(1500)->get();

        view('documents', [
            'files' => $files,
        ]);

        break;

    case 'upload':
        if (APP_STAGE == 'Demo') {
            exit();
        }

        if (!has_access($user->roleid, 'documents', 'edit')) {
            permissionDenied();
        }

        $uploader = new Uploader();
        $uploader->setDir('storage/docs/');
        $uploader->sameName(false);
        $uploader->allowAllFormats();
        if ($uploader->uploadFile('file')) {
            $uploaded = $uploader->getUploadName(); //get uploaded file name, renames on upload//

            $file = $uploaded;
            $msg = $_L['Uploaded Successfully'];
            $success = 'Yes';
        } else {
            //upload failed
            $file = '';
            $msg = $uploader->getMessage();
            $success = 'No';
        }

        $a = [
            'success' => $success,
            'msg' => $msg,
            'file' => $file,
        ];

        header('Content-Type: application/json');

        echo json_encode($a);

        break;

    case 'post':
        if (!has_access($user->roleid, 'documents', 'edit')) {
            permissionDenied();
        }

        $title = _post('title');
        $file_link = _post('file_link');
        $is_global = _post('is_global');
        $rid = _post('rid');
        $rtype = _post('rtype');

        $did = Documents::assign($file_link, $title, $is_global, $rid, $rtype, [
            'admin_id' => $user->id,
        ]);

        if ($did) {
            echo $did;
        } else {
            ib_die($_L['All Fields are Required']);
        }

        break;

    case 'view':
        $id = route(2);



        $doc = ORM::for_table('sys_documents')->find($id);

        if ($doc) {
            $ext = pathinfo($doc->file_path, PATHINFO_EXTENSION);

            $ui->assign('ext', $ext);

            $ui->assign('doc', $doc);

            view('documents_view');
        } else {
            i_close('Not Found');
        }

        break;

    case 'download':
        $id = route(2);

        $doc = ORM::for_table('sys_documents')->find($id);

        if ($doc) {
            $file = 'storage/docs/' . $doc->file_path;

            $c_type = mime_content_type($file);

            if (file_exists($file)) {
                $basename = basename($file);

                // $mime = ($mime = getimagesize($file)) ? $mime['mime'] : $mime;
                $mime = mime_content_type($file);
                $size = filesize($file);
                $fp = fopen($file, "rb");
                if (!($mime && $size && $fp)) {
                    // Error.
                    return;
                }

                header("Content-type: " . $mime);
                header("Content-Length: " . $size);
                header(
                    "Content-Disposition: attachment; filename=" . $basename
                );
                header('Content-Transfer-Encoding: binary');
                header(
                    'Cache-Control: must-revalidate, post-check=0, pre-check=0'
                );
                fpassthru($fp);
            }
        } else {
            i_close('Not Found');
        }

        break;

    case 'set_global':
        $did = _post('did');

        $val = _post('val');

        if ($val != '1') {
            $val = '0';
        }

        $doc = ORM::for_table('sys_documents')->find($did);

        if ($doc) {
            $doc->is_global = $val;
            $doc->save();
        }

        echo $val;

        break;

    default:
        echo 'action not defined';
}

[D] default
[F] accounts.php
[F] admin.php
[F] ai.php
[F] ajax.date-summary.php
[F] ajax.expense-calendar.php
[F] ajax.income-calendar.php
[F] api.php
[F] app_store.php
[F] appearance.php
[F] assets.php
[F] autologin.php
[F] calendar.php
[F] cart.php
[F] client.php
[F] clientapi.php
[F] cms.php
[F] contacts.php
[F] contracts.php
[F] cp.php
[F] customers.php
[F] dashboard-alt.php
[F] dashboard.php
[F] default.php
[F] delete.php
[F] documents.php
[F] editor.php
[F] end_users.php
[F] export.php
[F] files.php
[F] form.php
[F] generate.php
[F] handler.php
[F] help.php
[F] hrm.php
[F] index.html
[F] inventory.php
[F] invoices.php
[F] item.php
[F] items.php
[F] iview.php
[F] json.php
[F] kb.php
[F] leads.php
[F] login.php
[F] logout.php
[F] media.php
[F] orders.php
[F] password_manager.php
[F] plugins.php
[F] print.php
[F] profile.php
[F] projects.php
[F] ps.php
[F] purchases.php
[F] quotes.php
[F] reorder.php
[F] reports.php
[F] sales.php
[F] schema-updates.php
[F] search.php
[F] settings.php
[F] sms.php
[F] subscriptions.php
[F] supplier.php
[F] suppliers.php
[F] sys_imgcrop.php
[F] tags.php
[F] tasks.php
[F] tax.php
[F] tickets.php
[F] transactions.php
[F] updating.php
[F] util.php
[F] webhook.php