CMXX - Media

2025-01-16 17:13:42 +01:00
parent 05b0c2bdb1
commit 2dc2100269
12 changed files with 668 additions and 12 deletions
--- a/api/v2/get/media.php
+++ b/api/v2/get/media.php
@@ -0,0 +1,118 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//NEW ARRAY
+$criterias = [];   
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){    
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);     
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1]; 
+    
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }  
+        elseif ($v[0] == 'search') {
+        //build up search
+        $clause .= ' AND title like :'.$v[0]; 
+        }
+        else {//create clause
+        $clause .= ' AND '.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+} 
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals'] ==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM media '.$whereclause.'';
+} 
+else {
+    //SQL for Paging 
+    $sql = 'SELECT * FROM media '.$whereclause.' LIMIT :page,:num_products';
+}
+
+$stmt = $pdo->prepare($sql);
+
+//Bind to query
+if (str_contains($whereclause, ':condition')){
+    $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
+}
+
+if (!empty($criterias)){
+    foreach ($criterias as $key => $value){
+        $key_condition = ':'.$key;
+        if (str_contains($whereclause, $key_condition)){
+            if ($key == 'search'){
+                $search_value = '%'.$value.'%';
+                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+            } 
+            else {
+                $stmt->bindValue($key, $value, PDO::PARAM_STR);
+            }
+        }
+    }
+}
+
+//Add paging details
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+} 
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $stmt->bindValue('page', ($current_page - 1) * $page_rows_media, PDO::PARAM_INT);
+    $stmt->bindValue('num_products', $page_rows_media, PDO::PARAM_INT);
+
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>
--- a/api/v2/get/products_attributes_items.php
+++ b/api/v2/get/products_attributes_items.php
@@ -41,7 +41,7 @@ if(isset($get_content) && $get_content!=''){
        //INCLUDE VARIABLES IN ARRAY
        $criterias[$v[0]] = $v[1]; 
    
-        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='media'|| $v[0] =='success_msg'){
        //do nothing
        } 
        elseif ($v[0] == 'search') {
@@ -62,7 +62,9 @@ if(isset($get_content) && $get_content!=''){
 if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
    $sql = 'SELECT count(*) as count FROM products_attributes_items '.$whereclause.'';
-} 
+} elseif ($criterias['media'] && $criterias['media'] =='all'){
+    $sql = 'SELECT pat.*, m.full_path FROM products_attributes_items pat LEFT JOIN media m ON pat.item_media = m.rowID '.$whereclause;
+}
 else {
    //SQL for Paging 
    $sql = 'SELECT * FROM products_attributes_items '.$whereclause.' LIMIT :page,:num_products';
@@ -96,6 +98,12 @@ if(isset($criterias['totals']) && $criterias['totals']==''){
    $messages = $stmt->fetch();
    $messages = $messages[0];
 }
+elseif($criterias['media'] && $criterias['media'] =='all'){
+      //Excute Query
+      $stmt->execute();
+      //Get results
+      $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
 else {
    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
    $stmt->bindValue('page', ($current_page - 1) * $page_rows_products_attributes, PDO::PARAM_INT);
--- a/api/v2/post/media.php
+++ b/api/v2/post/media.php
@@ -0,0 +1,120 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['rowID'] ?? ''; //check for rowID
+$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//BUILD UP PARTNERHIERARCHY FROM USER
+$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updatedby'] = $username ;
+
+}
+elseif ($command == 'insert'){
+    $post_content['createdby'] = $username;
+    $post_content['accounthierarchy'] = $partner_product;
+}
+else {
+    //do nothing
+}
+
+//CREAT NEW ARRAY AND MAP TO CLAUSE
+if(isset($post_content) && $post_content!=''){   
+    foreach ($post_content as $key => $var){
+        if ($key == 'submit' || $key == 'rowID'){
+            //do nothing
+        }
+        else {
+            $criterias[$key] = $var;
+            $clause .= ' , '.$key.' = ?';
+            $clause_insert .= ' , '.$key.'';
+            $input_insert .= ', ?'; // ? for each insert item
+            $execute_input[]= $var; // Build array for input
+        }
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 2); //Clean clause - remove first comma
+$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('media',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE media SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+} 
+elseif ($command == 'insert' && isAllowed('media',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO media('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+    // Return ID            
+    echo json_encode(array('rowID'=> $pdo->lastInsertId()));
+}
+elseif ($command == 'delete' && isAllowed('media',$profile,$permission,'D') === 1){
+
+    //GET FILENAME AND REMOVE FROM SERVER
+    $sql = 'SELECT * FROM media WHERE rowID = ? '.$whereclause.'';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([$id]);
+    //Get results
+    $files = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    foreach ($files as $file){
+        $media_file = dirname(__FILE__,4).$file['full_path'];
+        $media_file_check = glob($media_file, GLOB_BRACE); 
+        if (!empty($media_file_check)){ 
+            unlink($media_file); 
+        }
+    }
+    $stmt = $pdo->prepare('DELETE FROM media WHERE rowID = ? '.$whereclause.'');
+    $stmt->execute([ $id ]); 
+
+    //Add deletion to changelog
+    changelog($dbname,'media',$id,'Delete','Delete',$username);
+} else
+{
+    //do nothing
+}
+
+?>
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -2952,8 +2952,8 @@ function generateLanguageFile($language_key,$token){
  if ($language_key != ''){
      generateFile($language_key,$token);
  } else {
-      include_once dirname(__FILE__,2).'/settings/settingsmenu.php';
-      
+      include dirname(__FILE__,2).'/settings/settingsmenu.php';
+
      foreach ($supportedLanguages as $language){
        generateFile($language,$token);
    }
--- a/maintenance.php
+++ b/maintenance.php
@@ -107,6 +107,7 @@ if ($update_allowed === 1){
        <div class="form responsive-width-100">
            <label for="">'.$User_language.'</label>
            <select id="language" name="language">';
+                $view .='<option value=""></option>';
            foreach ($supportedLanguages as $language){
                $view .='<option value="'.$language.'">'.$language.'</option>';
            }   
--- a/media.php
+++ b/media.php
@@ -0,0 +1,169 @@
+<?php
+defined(page_security_key) or exit;
+
+if (debug && debug_id == $_SESSION['id']){
+    ini_set('display_errors', '1');
+    ini_set('display_startup_errors', '1');
+    error_reporting(E_ALL);  
+}
+include_once './assets/functions.php';
+include_once './settings/settings.php';
+
+$page = 'media';
+//Check if allowed
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
+    header('location: index.php');
+    exit;
+}
+//PAGE Security
+$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
+$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
+$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
+
+
+//GET PARAMETERS
+$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
+$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
+
+// Determine the URL
+$url = 'index.php?page='.$page.$search;
+//GET Details from URL
+$GET_VALUES = urlGETdetails($_GET) ?? '';
+//CALL TO API
+$api_url = '/v2/media/'.$GET_VALUES;
+$responses = ioServer($api_url,'');
+
+//Decode Payload
+if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
+
+//Return QueryTotal from API
+$api_url = '/v2/media/'.$GET_VALUES.'&totals=';
+$query_total = ioServer($api_url,'');
+//Decode Payload
+if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
+// Handle success messages
+if (isset($_GET['success_msg'])) {
+    if ($_GET['success_msg'] == 1) {
+        $success_msg = $message_media_1 ?? 'Created';
+    }
+    if ($_GET['success_msg'] == 2) {
+        $success_msg = $message_media_2 ?? 'Updated';
+    }
+    if ($_GET['success_msg'] == 3) {
+        $success_msg = $message_media_3 ?? 'Deleted';
+    }
+}
+
+if (isset($_FILES['fileToUpload']) && $create_allowed === 1) {
+    //UPLOAD ALL PICTURES
+    $target_dir = dirname(__FILE__)."/assets/images/media/";
+
+    foreach ($_FILES["fileToUpload"]['name'] as $key => $value){
+
+        //ONLY UPDATE PICTURES IF SOMETHING IS RETURNED
+        if($value !='' || !empty($value)){
+            $title = $_FILES["fileToUpload"]['name'][$key];
+            $full_path = $target_dir . $title;
+            
+            move_uploaded_file($_FILES["fileToUpload"]["tmp_name"][$key], $full_path);
+            
+            //GET ALL POST DATA
+            $payload = [
+                'title' => $title,
+                'full_path' => "/assets/images/media/$title"
+            ];
+            
+            $payload = json_encode($payload, JSON_UNESCAPED_UNICODE);
+            //API call
+            $responses = ioServer('/v2/media', $payload);
+        }
+    }   
+    header('Location: index.php?page=media&success_msg=1');
+    exit;
+}
+
+template_header('Media', 'media' ,'view');
+$view = '
+<div class="content-title">
+    <div class="title">
+        <i class="fa-solid fa-photo-film"></i>
+        <div class="txt">
+            <h2>'.($media_h2 ?? 'Media').' ('.$query_total.')</h2>
+            <p>'.($media_p ?? 'View, manage, and search media details.').'</p>
+        </div>
+    </div>
+</div>';
+
+if (isset($success_msg)){
+$view .= ' <div class="msg success">
+                <i class="fas fa-check-circle"></i>
+                <p>'.$success_msg.'</p>
+                <i class="fas fa-times"></i>
+            </div>';
+}
+$view .= '
+<div class="content-header responsive-flex-column pad-top-5">';
+if ($create_allowed ===1){
+    $view .= '
+    
+    <form action="" method="post" enctype="multipart/form-data">
+        <input type="file" onchange="this.form.submit()" name="fileToUpload[]" id="fileToUpload" accept=".png, .PNG, .jpg,.JPG,.jpeg,.JPEG" style="width: 30%;padding: 50px 0 0 0;height: 10px;" multiple>         
+    </form>';    
+}
+
+$view .= '    
+    <form action="" method="get">
+        <input type="hidden" name="page" value="media">
+            <div class="filters">
+                <a href="#"><i class="fa-solid fa-filter"></i>'.$general_filters.'</a>
+                <div class="list">
+                <select name="status">
+                    <option value="" disabled selected>Active</option>
+                    <option value="0">'.$disabled.'</option>
+                    <option value="1">'.$enabled.'</option>    
+                </select>
+                <button type="submit">'.$button_apply.'</button>
+            </div>
+        </div>';     
+$view .= '<div class="search">
+            <label for="search">
+                <input id="search" type="text" name="search" placeholder="'.($media_search  ?? 'Search media...').'" value="" class="responsive-width-100">
+                <i class="fas fa-search"></i>
+            </label>
+        </div>
+    </form>
+</div>
+';
+
+$view .= '
+<div class="content-block">
+    <div style="display: grid; grid-template-columns: repeat(5, 1fr); gap: 10px; margin: 20px 0;">';
+    
+    foreach ($responses as $response){   
+        $view .= '<a href="index.php?page=media_manage&rowID='.$response['rowID'].'">
+                    <img src="'.$response['full_path'].'" style="width: 100%; cursor: pointer; border: 2px solid transparent;" onmouseover="this.style.border=\'2px solid #4CAF50\'" onmouseout="this.style.border=\'2px solid transparent\'">
+                </a>';
+        }        
+$view .= '</div>
+</div>
+';
+
+$view.='<div class="pagination">';
+if ($pagination_page > 1) {
+    $page = $pagination_page-1;
+    $view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
+    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
+}
+$totals = ceil($query_total / $page_rows_media) == 0 ? 1 : ceil($query_total / $page_rows_media);
+$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
+if ($pagination_page * $page_rows_media < $query_total){
+    $page = $pagination_page+1;
+    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
+    $view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
+}
+$view .= '</div>';
+//OUTPUT
+echo $view;
+
+template_footer();
+?>
--- a/media_manage.php
+++ b/media_manage.php
@@ -0,0 +1,161 @@
+<?php
+defined(page_security_key) or exit;
+
+$page = 'media_manage';
+//Check if allowed
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
+    header('location: index.php');
+    exit;
+}
+
+
+//PAGE Security
+$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
+$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
+$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
+
+// Default input product values
+$media = [
+    'rowID' => '',
+    'title' => '',
+    'full_path' => '',
+    'created' => '',
+    'createdby' => '',
+    'updated' => '',
+    'updatedby' => '',
+    'accounthierarchy' => ''
+];
+
+if (isset($_GET['rowID'])) {
+    //CALL TO API
+    $api_url = '/v2/media/rowID='.$_GET['rowID'];
+    $responses = ioServer($api_url,'');
+    //Decode Payload
+    if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
+    
+    $media = json_decode(json_encode($responses[0]), true);
+
+    if ($update_allowed === 1){
+        if (isset($_POST['submit'])) {
+           
+            //GET ALL POST DATA
+            $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
+            //API call
+            $responses = ioServer('/v2/media', $payload);
+
+            if ($responses === 'NOK'){
+
+            } else {
+            header('Location: index.php?page=media&success_msg=2');
+            exit;
+            }
+        }
+
+    }
+    
+    if ($delete_allowed === 1){
+        if (isset($_POST['delete'])) {
+            //GET ALL POST DATA
+            $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
+            //API call
+            $responses = ioServer('/v2/media', $payload);
+            // Redirect and delete product
+            if ($responses === 'NOK'){
+
+            } else {
+                header('Location: index.php?page=media&success_msg=3');
+                exit;
+            }
+        }
+    }
+   
+} else {
+    // Create a new variable
+    if (isset($_POST['submit']) && $create_allowed === 1) {
+        //GET ALL POST DATA
+        $payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
+          //API call
+        $responses = ioServer('/v2/media', $payload);
+  
+        if ($responses === 'NOK'){
+
+        } else {
+            header('Location: index.php?page=media&success_msg=1');
+            exit;
+        }
+    }
+}
+//EMPTY VIEW
+$view = '';
+
+// Handle success messages
+if (isset($_GET['success_msg'])) {
+    if ($_GET['success_msg'] == 0) {
+        $success_msg = $error_msg_0;
+    }
+}
+
+template_header('Media', 'media', 'manage');
+
+if (isset($success_msg)){
+    $view .= ' <div class="msg error">
+                    <i class="fas fa-check-circle"></i>
+                    <p>'.$success_msg.'</p>
+                    <i class="fas fa-times"></i>
+                </div>';
+}
+
+$view .='
+<form action="" method="post">
+    <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
+        <h2 class="responsive-width-100">'.($media_h2 ?? 'Media').'</h2>
+        <a href="index.php?page=translations" class="btn alt mar-right-2">'.$button_cancel.'</a>
+';
+
+if ($delete_allowed === 1){
+    $view .= '<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this media?\')">';
+}
+if ($update_allowed === 1){
+    $view .= '<input type="submit" name="submit" value="Save" class="btn">';
+}
+   
+$view .= '</div>';
+
+$view .= '<div class="tabs">
+            <a href="#" class="active">'.$tab1 .'</a>
+            <a href="#">'.$tab3.'</a>
+        </div>
+    ';
+
+//Define Service and User enabled
+$view .= '<div class="content-block tab-content active">
+            <div class="form responsive-width-100">
+            <label for="title">'.($media_title ?? 'Title').'</label>
+            <input id="title" type="text" name="title" placeholder="'.($media_title ?? '').'" value="'.$media['title'].'">
+            <label for="title">'.($media_full_path ?? 'Path').'</label>
+            <input id="title" type="text" name="" placeholder="'.($media_full_path ?? '').'" value="'.$media['full_path'].'" readonly>
+            <input type="hidden" name="rowID" value="'.$media['rowID'].'" readonly>
+            <img id="" src="'.$media['full_path'].'" alt="'.$media['title'].'" style="display: block; max-width: 200px;">  
+        ';
+
+$view .= '</div>
+        </div>';
+
+$view .= '<div class="content-block tab-content">
+        <div class="form responsive-width-100">
+            <label for="">'.$general_created.'</label>
+            <input id="name" type="text" name="" placeholder="'.$general_created.'" value="'.getRelativeTime($media['created']).'" readonly>
+            <label for="">'.$general_createdby.'</label>
+            <input id="name" type="text" name="" placeholder="'.$general_createdby.'" value="'.$media['createdby'].'" readonly>
+            <label for="productcode">'.$general_updated.'</label>
+            <input id="name" type="text" name="" placeholder="'.$general_updated.'" value="'.getRelativeTime($media['updated']).'" readonly>
+            <label for="productcode">'.$general_updatedby.'</label>
+            <input id="name" type="text" name="" placeholder="'.$general_updatedby.'" value="'.$media['updatedby'].'" readonly>
+        </div>
+    </div>';
+$view .= '</form>';
+
+//Output
+echo $view;
+template_footer()
+?>
--- a/product.php
+++ b/product.php
@@ -152,7 +152,7 @@ $view .= '<div class="content-block">
                <i class="fa-solid fa-bars fa-sm"></i>'.$product_description.'
            </div>
             <div class="table order-table">
-           '.$responses->productdescription.'
+           '.(${$responses->productdescription} ?? $responses->productdescription).'
            </div>
        </div>
    ';
--- a/products_attributes_manage.php
+++ b/products_attributes_manage.php
@@ -38,11 +38,17 @@ if (isset($_GET['rowID'])) {
    $products_attributes = json_decode(json_encode($responses[0]), true);

    //CALL TO API FOR RELATED TRANSLATIONS
-    $api_url = '/v2/products_attributes_items/group_id='.$_GET['rowID'];
+    $api_url = '/v2/products_attributes_items/media=all&group_id='.$_GET['rowID'];
    $products_attributes_items = ioServer($api_url,'');
    //Decode Payload
    if (!empty($products_attributes_items)){$products_attributes_items = json_decode($products_attributes_items,true);}else{$products_attributes_items = null;}

+    //CALL TO API
+    $api_url = '/v2/media/';
+    $media_responses = ioServer($api_url,'');
+
+    //Decode Payload
+    if (!empty($media_responses)){$media_responses = json_decode($media_responses,true);}else{$media_responses = null;}
 
    if ($update_allowed === 1){
        if (isset($_POST['submit'])) {
@@ -265,14 +271,34 @@ $view .= '
                    <td><input form="update" type="text" name="attributes['.$items['rowID'].'][item_name]" placeholder="'.($products_attributes_item_name ?? '').'" value="'.$items['item_name'].'"></td>
                    <td><input form="update" type="number" name="attributes['.$items['rowID'].'][item_quantity]" placeholder="'.($products_attributes_item_quantity ?? '').'" value="'.$items['item_quantity'].'"></td>
                    <td><input form="update" type="number" name="attributes['.$items['rowID'].'][item_position]" placeholder="'.($products_attributes_item_position ?? '').'" value="'.$items['item_position'].'"></td>
-                    <td><input form="update" type="file" name="attributes['.$items['rowID'].'][item_media]" placeholder="'.($products_attributes_item_media ?? '').'" value="'.$items['item_media'].'"></td>
+                    <td><input form="update" id="source_'.$items['rowID'].'" type="hidden" name="attributes['.$items['rowID'].'][item_media]" value="'.$items['item_media'].'">
+                        <img id="image_'.$items['rowID'].'" src="'.$items['full_path'].'" alt="" style="display: block; max-width: 75px;">    
+                    </td>
                    <td>'.getRelativeTime($items['created']).'</td>
-                    <td><input form="update" type="submit" name="update" value="&" class="btn"></td>
+                    <td>
+                        <button type="button" class="btn" id="openSelectorBtn" onclick="setSourceID(\''.$items['rowID'].'\'), openDialog(\'image_'.$items['rowID'].'\')">'.($button_assign_image ?? 'Assign Image').'</button>
+                        <input form="update" type="submit" name="update" value="&" class="btn">
+                    </td>
                    <input form="update" type="hidden" name="attributes['.$items['rowID'].'][rowID]" value="'.$items['rowID'].'" readonly>
                    <input form="update" type="hidden" name="attributes['.$items['rowID'].'][group_id]" value="'.$products_attributes['rowID'].'" readonly>
                </tr>
                </form>';
                }
+                
+                $view .= '<!-- Image Selector Dialog -->
+                <dialog id="imageSelector" style="padding: 20px; max-width: 800px;">
+                    <h3>Select an Image</h3>
+                    <div style="display: grid; grid-template-columns: repeat(5, 1fr); gap: 10px; margin: 20px 0;">';
+
+                    foreach ($media_responses as $media_response){
+                        $view .= '
+                                <img src="'.$media_response['full_path'].'" id="'.$media_response['rowID'].'" style="width: 100%; cursor: pointer; border: 2px solid transparent;" onmouseover="this.style.border=\'2px solid #4CAF50\'" onmouseout="this.style.border=\'2px solid transparent\'" onclick="selectImage(this.id,this.src)">
+                        ';
+                    }
+                $view .= '</div>
+                    <button onclick="closeImageSelector()">Close</button>
+                </dialog>
+                ';
            }
 $view .= ' 
            </tbody>
@@ -295,7 +321,11 @@ $view .= '
                    <td><input form="new" type="text" name="item_name" placeholder="'.($products_attributes_item_name ?? '').'" value=""></td>
                    <td><input form="new" type="number" name="item_quantity" placeholder="'.($products_attributes_item_quantity ?? '').'" value=""></td>
                    <td><input form="new" type="number" name="item_position" placeholder="'.($products_attributes_item_position ?? '').'" value=""></td>
-                    <td><input form="new" type="file" name="item_media" placeholder="'.($products_attributes_item_media ?? '').'" value=""></td>
+                    <td>
+                        <input form="new" type="hidden" id="selectedImage" name="item_media" value="">
+                        <img id="previewImage" src="" alt="Selected image" style="display: none; max-width: 200px;">
+                    </td>
+                    <td><button type="button" class="btn" id="openSelectorBtn" onclick="openDialog()">'.($button_assign_image ?? 'Assign Image').'</button></td>
                    <td><input form="new" type="submit" name="add" value="+" class="btn"></td>
                    <input form="new" type="hidden" name="rowID" value="" readonly>
                    <input form="new" type="hidden" name="group_id" value="'.$products_attributes['rowID'].'" readonly>
@@ -303,7 +333,47 @@ $view .= '
            
            tbody.appendChild(newRow);
            }
-            
+
+            //POPUP FOR IMAGE SELECTION
+            const dialog = document.getElementById(\'imageSelector\');
+            image_source_id = 0;
+            //const openButton = document.getElementById(\'openSelectorBtn\');
+
+            function setSourceID(sourceid){
+                image_source_id = "source_"+sourceid;
+                image_source_src = "image_"+sourceid;
+            }
+
+            function openDialog(){
+                dialog.showModal();
+            }
+
+            function selectImage(id,src) {
+
+                if (image_source_id != 0){
+                    const selectedImageInput = document.getElementById(image_source_id);   
+                    const previewImage = document.getElementById(image_source_src);
+                    
+                    selectedImageInput.value = id;
+                    previewImage.src = src;
+          
+                }
+                else {
+                    const selectedImageInput = document.getElementById(\'selectedImage\');
+                    const previewImage = document.getElementById(\'previewImage\');
+
+                    selectedImageInput.value = id;
+                    previewImage.src = src;
+                    previewImage.style.display = \'block\';
+                }         
+               
+                dialog.close();
+            }
+
+            function closeImageSelector() {
+                dialog.close();
+            }
+
        </script>
    </div>
 </div>
--- a/settings/settingsmenu.php
+++ b/settings/settingsmenu.php
@@ -14,7 +14,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi
 $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update');
 $sales_sub = array('accounts','contracts');
 $products_sub = array('products','products_attributes');
-$admin_sub = array('users','communications','partners');
+$admin_sub = array('users','communications','partners','media');
 $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage');
 $settings_sub = array('config','translations','logfile','maintenance','profiles');

@@ -110,6 +110,12 @@ $urls = array(
        "icon" => "fas fa-tachometer-alt",
        "name" => "menu_admin_communications"  
        ),
+    "media" => array(
+        "url" => "media", 
+        "selected" => "media", 
+        "icon" => "fa-solid fa-photo-film",
+        "name" => "menu_media"  
+    ),
    "partners" => array(
        "url" => "partners", 
        "selected" => "partners", 
@@ -226,6 +232,7 @@ $page_rows_changelog = 50 ;// Number of changelogs returned
 $page_rows_rma = 25; // list RMA
 $page_rows_translations = 50; //list translation variables
 $page_rows_products_attributes = 50; //list product attributes
+$page_rows_media = 25; // list media

 //------------------------------------------
 // Languages supported
--- a/settings/settingsprofiles.php
+++ b/settings/settingsprofiles.php
@@ -6,7 +6,7 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm
 /*Admin*/
 define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application');
 /*AdminPlus*/
-define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,application,maintenance,profiles,vin');
+define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin');
 /*Build*/
 define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application');
 /*Distribution*/
--- a/settings/settingsviews.php
+++ b/settings/settingsviews.php
@@ -68,6 +68,8 @@ $all_views = [
    "translations",
    "translations_details",
    "translation_manage",
+    "media",
+    "media_manage",
    "application",
    "maintenance",
    "profiles",