pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18469fe9583bdfffa5a5f7c51027964fb945316a
assetmgt/marketing.php
“VeLiTi” 18469fe958 Refactor authorization checks to use 'permissions' instead of 'profile' in multiple files 
- Updated authorization checks in product management, product attributes, configurations, software, and user management files to use 'permissions' for consistency.
- Ensured that all relevant pages correctly check user permissions for read, update, delete, and create actions.
- Adjusted session variable references to align with the new permissions structure across various modules.
2026-01-20 15:00:00 +01:00

494 lines
18 KiB
PHP
Raw Blame History

<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
$page = 'marketing';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page,$_SESSION['authorization']['permissions'],$_SESSION['authorization']['permission'],'C');
//GET PARAMETERS:
$current_folder = $_GET['folder'] ?? '';
$view_mode = $_GET['view'] ?? 'grid';
$search_term = $_GET['search'] ?? '';
$tag_filter = $_GET['tag'] ?? '';
// Handle AJAX API requests
if (isset($_GET['action'])) {
$action = $_GET['action'];
// Suppress errors for API responses to avoid HTML output breaking JSON
error_reporting(0);
ini_set('display_errors', 0);
try {
// Marketing folders
if ($action === 'marketing_folders') {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Pass through all POST data for create/update/delete
$payload = [];
// Always include id if present (for update/delete)
if (isset($_POST['id'])) {
$payload['id'] = $_POST['id'];
}
// Include delete flag if present
if (isset($_POST['delete'])) {
$payload['delete'] = $_POST['delete'];
}
// Only include other fields if they were sent
if (isset($_POST['folder_name'])) {
$payload['folder_name'] = $_POST['folder_name'];
}
if (isset($_POST['parent_id'])) {
$payload['parent_id'] = $_POST['parent_id'];
}
if (isset($_POST['description'])) {
$payload['description'] = $_POST['description'];
}
$response = ioServer('/v2/marketing_folders', json_encode($payload));
} else {
// Get folders
$get_values = urlGETdetails($_GET) ?? '';
$response = ioServer('/v2/marketing_folders/' . $get_values, '');
}
header('Content-Type: application/json');
echo $response;
exit;
}
// Marketing files
if ($action === 'marketing_files') {
// Filter out 'page', 'action', and cache busting timestamp from GET parameters
$filtered_params = $_GET;
unset($filtered_params['page']);
unset($filtered_params['action']);
unset($filtered_params['_t']);
$get_values = urlGETdetails($filtered_params) ?? '';
// API expects path segments, not query string: /v2/marketing_files/params
$api_url = '/v2/marketing_files/' . $get_values;
$response = ioServer($api_url, '');
header('Content-Type: application/json');
echo $response;
exit;
}
// Marketing tags
if ($action === 'marketing_tags') {
// Filter out 'page' and 'action' from GET parameters
$get_values = urlGETdetails($_GET) ?? '';
$response = ioServer('/v2/marketing_tags?' . $get_values, '');
header('Content-Type: application/json');
echo $response;
exit;
}
// Marketing upload
if ($action === 'marketing_upload' && $_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_FILES['file']) && $_FILES['file']['error'] === UPLOAD_ERR_OK && $_FILES['file']['size'] > 0) {
// Use the uploaded file's temp path directly
$temp_path = $_FILES['file']['tmp_name'];
// Get actual MIME type from file content (more secure than trusting browser)
$actual_mime_type = mime_content_type($temp_path);
// Sanitize filename - remove path info and dangerous characters
$safe_filename = basename($_FILES['file']['name']);
$safe_filename = preg_replace('/[^a-zA-Z0-9._-]/', '_', $safe_filename);
$fileData = [
'file' => new CURLFile($temp_path, $actual_mime_type, $safe_filename)
];
$additionalData = $_POST; // Include any additional POST data
$token = createCommunicationToken($_SESSION['authorization']['userkey']);
$response = ioAPIv2_FileUpload('/v2/marketing_upload/', $fileData, $additionalData, $token);
// No need to unlink since we didn't move the file
} else {
$response = json_encode(['error' => 'No file uploaded or upload error']);
}
header('Content-Type: application/json');
echo $response;
exit;
}
// Marketing delete
if ($action === 'marketing_delete' && $_SERVER['REQUEST_METHOD'] === 'POST') {
$payload = ['file_id' => $_POST['file_id'] ?? ''];
$response = ioServer('/v2/marketing_delete', json_encode($payload));
header('Content-Type: application/json');
echo $response;
exit;
}
// Marketing update
if ($action === 'marketing_update' && $_SERVER['REQUEST_METHOD'] === 'POST') {
$payload = ['file_id' => $_POST['file_id'] ?? ''];
// Only include fields that were actually sent
if (isset($_POST['title'])) {
$payload['title'] = $_POST['title'];
}
if (isset($_POST['folder_id'])) {
$payload['folder_id'] = $_POST['folder_id'];
}
if (isset($_POST['tags'])) {
$payload['tags'] = $_POST['tags'];
}
$response = ioServer('/v2/marketing_update', json_encode($payload));
header('Content-Type: application/json');
echo $response;
exit;
}
} catch (Exception $e) {
header('Content-Type: application/json');
http_response_code(500);
echo json_encode(['error' => $e->getMessage()]);
exit;
}
}
template_header('Marketing', 'marketing');
?>
<link rel="stylesheet" href="./style/marketing.css">
<div class="content-title">
<div class="title">
<i class="fa-solid fa-rectangle-ad"></i>
<div class="txt">
<h2><?php echo $marketing_h2; ?></h2>
<p><?php echo $marketing_p; ?></p>
</div>
</div>
</div>
<!-- Marketing File Management Interface -->
<div class="marketing-container">
<!-- Toolbar -->
<div class="marketing-toolbar">
<div class="toolbar-left">
<?php if ($create_allowed === 1): ?>
<button id="uploadBtn" class="btn btn-primary">
<i class="fa fa-upload"></i>
</button>
<button id="createFolderBtn" class="btn btn-secondary">
<i class="fa fa-folder-plus"></i>
</button>
<?php endif; ?>
</div>
<div class="toolbar-right">
<!-- Search and Filters -->
<div class="search-container">
<input type="text" id="searchInput" class="search-input" placeholder="Search files..." value="<?php echo htmlspecialchars($search_term); ?>">
<i class="fa fa-search search-icon"></i>
</div>
<select id="tagFilter" class="filter-select">
<option value="">All Tags</option>
</select>
<div class="view-toggle">
<button id="gridViewBtn" class="view-btn <?php echo $view_mode === 'grid' ? 'active' : ''; ?>">
<i class="fa fa-th-large"></i>
</button>
<button id="listViewBtn" class="view-btn <?php echo $view_mode === 'list' ? 'active' : ''; ?>">
<i class="fa fa-list"></i>
</button>
</div>
</div>
</div>
<!-- Content Area -->
<div class="marketing-content">
<!-- Sidebar -->
<div class="marketing-sidebar">
<div class="sidebar-section">
<h3>Folders</h3>
<div id="folderTree" class="folder-tree">
<!-- Folder tree will be loaded here -->
</div>
</div>
<div class="sidebar-section">
<h3>File Types</h3>
<div class="file-type-filters">
<div class="filter-item">
<input type="checkbox" id="filterImages" value="jpg,jpeg,png,gif,webp">
<label for="filterImages">
<i class="fa fa-image"></i> Images
</label>
</div>
<div class="filter-item">
<input type="checkbox" id="filterDocuments" value="pdf,doc,docx">
<label for="filterDocuments">
<i class="fa fa-file-text"></i> Documents
</label>
</div>
<div class="filter-item">
<input type="checkbox" id="filterSpreadsheets" value="xls,xlsx">
<label for="filterSpreadsheets">
<i class="fa fa-file-excel"></i> Spreadsheets
</label>
</div>
<div class="filter-item">
<input type="checkbox" id="filterVideos" value="mp4,mov,avi">
<label for="filterVideos">
<i class="fa fa-file-video"></i> Videos
</label>
</div>
</div>
</div>
</div>
<!-- Main Content -->
<div class="marketing-main">
<!-- Files Grid -->
<div id="filesContainer" class="files-container <?php echo $view_mode; ?>-view">
<!-- Files will be loaded here -->
</div>
<!-- Loading Indicator -->
<div id="loadingIndicator" class="loading-indicator">
<i class="fa fa-spinner fa-spin"></i>
<span>Loading files...</span>
</div>
<!-- Empty State -->
<div id="emptyState" class="empty-state" style="display: none;">
<i class="fa fa-folder-open"></i>
<h3>No files found</h3>
<p>Upload your first file to get started</p>
</div>
</div>
</div>
</div>
<!-- Upload Modal -->
<?php if ($create_allowed === 1): ?>
<div id="uploadModal" class="modal">
<div class="modal-content">
<div class="modal-header">
<h3>Upload Files</h3>
<button class="modal-close">&times;</button>
</div>
<div class="modal-body">
<div class="upload-area" id="uploadArea">
<div class="upload-icon">
<i class="fa fa-cloud-upload"></i>
</div>
<h4>Drag & Drop Files Here</h4>
<p>or <button class="browse-btn" id="browseBtn">Browse Files</button></p>
<input type="file" id="fileInput" multiple accept="image/*,.pdf,.doc,.docx,.xls,.xlsx,.mp4,.mov,.avi">
</div>
<div id="uploadQueue" class="upload-queue">
<!-- Upload queue items will appear here -->
</div>
<div class="upload-options">
<div class="form-group">
<label for="uploadFolder">Upload to Folder:</label>
<select id="uploadFolder" class="form-control">
<option value="">Root Folder</option>
</select>
</div>
<div class="form-group">
<label for="uploadTags">Tags (comma separated):</label>
<input type="text" id="uploadTags" class="form-control" placeholder="marketing, brochure, product">
</div>
</div>
</div>
<div class="modal-footer">
<button id="startUpload" class="btn btn-primary" disabled>
<i class="fa fa-upload"></i>
</button>
<button class="modal-cancel btn btn-secondary">X</button>
</div>
</div>
</div>
<?php endif; ?>
<!-- Create Folder Modal -->
<?php if ($create_allowed === 1): ?>
<div id="folderModal" class="modal">
<div class="modal-content">
<div class="modal-header">
<h3>Create New Folder</h3>
<button class="modal-close">&times;</button>
</div>
<div class="modal-body">
<div class="form-group">
<label for="folderName">Folder Name:</label>
<input type="text" id="folderName" class="form-control" placeholder="Enter folder name">
</div>
<div class="form-group">
<label for="parentFolder">Parent Folder:</label>
<select id="parentFolder" class="form-control">
<option value="">Root Folder</option>
</select>
</div>
<div class="form-group">
<label for="folderDescription">Description:</label>
<textarea id="folderDescription" class="form-control" rows="3" placeholder="Optional description"></textarea>
</div>
</div>
<div class="modal-footer">
<button id="createFolder" class="btn btn-primary">
<i class="fa fa-folder-plus"></i>
</button>
<button class="modal-cancel btn btn-secondary">X</button>
</div>
</div>
</div>
<?php endif; ?>
<!-- File Preview Modal -->
<div id="previewModal" class="modal preview-modal">
<div class="modal-content">
<div class="modal-header">
<h3 id="previewTitle">File Preview</h3>
<button class="modal-close">&times;</button>
</div>
<div class="modal-body">
<div id="previewContent" class="preview-content">
<!-- Preview content will be loaded here -->
</div>
</div>
<div class="modal-footer">
<button id="downloadFile" class="btn btn-primary">
<i class="fa fa-download"></i>
</button>
<?php if ($delete_allowed === 1): ?>
<button id="deleteFile" class="btn btn-danger">
<i class="fa fa-trash"></i>
</button>
<?php endif; ?>
</div>
</div>
</div>
<!-- Edit File Modal -->
<?php if ($update_allowed === 1): ?>
<div id="editModal" class="modal">
<div class="modal-content">
<div class="modal-header">
<h3>Edit File</h3>
<button class="modal-close">&times;</button>
</div>
<div class="modal-body">
<div class="form-group">
<label for="editTitle">Title:</label>
<input type="text" id="editTitle" class="form-control" placeholder="Enter file title">
</div>
<div class="form-group">
<label for="editFolder">Folder:</label>
<select id="editFolder" class="form-control">
<option value="">Root Folder</option>
</select>
</div>
<div class="form-group">
<label for="editTags">Tags (comma separated):</label>
<input type="text" id="editTags" class="form-control" placeholder="marketing, brochure, product">
</div>
</div>
<div class="modal-footer">
<button id="saveEdit" class="btn btn-primary">
<i class="fa fa-save"></i>
</button>
<button class="modal-cancel btn btn-secondary">X</button>
</div>
</div>
</div>
<?php endif; ?>
<!-- Edit Folder Modal -->
<?php if ($update_allowed === 1): ?>
<div id="editFolderModal" class="modal">
<div class="modal-content">
<div class="modal-header">
<h3>Edit Folder</h3>
<button class="modal-close">&times;</button>
</div>
<div class="modal-body">
<div class="form-group">
<label for="editFolderName">Folder Name:</label>
<input type="text" id="editFolderName" class="form-control" placeholder="Enter folder name">
</div>
<div class="form-group">
<label for="editParentFolder">Parent Folder:</label>
<select id="editParentFolder" class="form-control">
<option value="">Root Folder</option>
</select>
</div>
<div class="form-group">
<label for="editFolderDescription">Description:</label>
<textarea id="editFolderDescription" class="form-control" rows="3" placeholder="Optional description"></textarea>
</div>
</div>
<div class="modal-footer">
<button id="saveEditFolder" class="btn btn-primary">
<i class="fa fa-save"></i>
</button>
<?php if ($delete_allowed === 1): ?>
<button id="deleteFolder" class="btn btn-danger">
<i class="fa fa-trash"></i>
</button>
<?php endif; ?>
<button class="modal-cancel btn btn-secondary">X</button>
</div>
</div>
</div>
<?php endif; ?>
<script src="./assets/marketing.js"></script>
<script>
// Pass PHP permissions to JavaScript
window.marketingPermissions = {
canCreate: <?php echo $create_allowed; ?>,
canUpdate: <?php echo $update_allowed; ?>,
canDelete: <?php echo $delete_allowed; ?>
};
</script>
<?php
template_footer();
?>
Reference in New Issue View Git Blame Copy Permalink