diff --git a/ajax/create_upload_token.php b/ajax/create_upload_token.php new file mode 100644 index 0000000..1291a6a --- /dev/null +++ b/ajax/create_upload_token.php @@ -0,0 +1,30 @@ +hasRight('bericht', 'write')) bericht_ajax_fail('Permission denied', 403); + +$berichtid = (int) ($_POST['berichtid'] ?? 0); +if (!$berichtid) bericht_ajax_fail('berichtid fehlt'); + +$bericht = new Bericht($db); +if ($bericht->fetch($berichtid) <= 0) bericht_ajax_fail('Bericht nicht gefunden', 404); + +$tok = new BerichtUploadToken($db); +$hex = $tok->create($berichtid, $user->id); +if (!$hex) bericht_ajax_fail('Token-Erstellung fehlgeschlagen'); + +$base = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https://' : 'http://').$_SERVER['HTTP_HOST']; +$url = $base.dol_buildpath('/bericht/mobile_upload.php', 1).'?token='.$hex; + +bericht_ajax_ok(array( + 'token' => $hex, + 'expires_at' => $tok->expires_at, + 'expires_in_min' => round(($tok->expires_at - dol_now()) / 60), + 'url' => $url, +)); diff --git a/ajax/list_pages.php b/ajax/list_pages.php new file mode 100644 index 0000000..b0d994c --- /dev/null +++ b/ajax/list_pages.php @@ -0,0 +1,23 @@ +hasRight('bericht', 'read')) bericht_ajax_fail('Permission denied', 403); + +$berichtid = (int) (GETPOSTINT('berichtid')); +if (!$berichtid) bericht_ajax_fail('berichtid fehlt'); + +$pages = BerichtPage::fetchAllForBericht($db, $berichtid); +$out = array(); +foreach ($pages as $p) { + $out[] = array( + 'id' => (int) $p->id, + 'page_order' => (int) $p->page_order, + 'source_type'=> $p->source_type, + 'layout' => $p->layout, + ); +} +bericht_ajax_ok(array('pages' => $out, 'count' => count($out))); diff --git a/bericht_card.php b/bericht_card.php index a09edb6..a310bf9 100644 --- a/bericht_card.php +++ b/bericht_card.php @@ -265,6 +265,8 @@ if (!$bericht) { 'save_page_options'=> dol_buildpath('/bericht/ajax/save_page_options.php', 1), 'create_grid_page' => dol_buildpath('/bericht/ajax/create_grid_page.php', 1), 'set_slot_image' => dol_buildpath('/bericht/ajax/set_slot_image.php', 1), + 'create_upload_token' => dol_buildpath('/bericht/ajax/create_upload_token.php', 1), + 'list_pages' => dol_buildpath('/bericht/ajax/list_pages.php', 1), ), 'lang' => array( 'undo' => $langs->trans("BerichtUndo"), @@ -364,8 +366,9 @@ if (!$bericht) { } print '
'; print '
'; - print ''; + print ''; print ''; + print ''; print '
'; print ''; @@ -496,10 +499,31 @@ if (!$bericht) { print ' '; print ''; + // QR-Code-Modal für Mobile-Upload + print ''; + // PDF.js + Fabric.js (lokal) print ''; print ''; print ''; + print ''; print ''; print ''; } diff --git a/class/upload_token.class.php b/class/upload_token.class.php new file mode 100644 index 0000000..61977a5 --- /dev/null +++ b/class/upload_token.class.php @@ -0,0 +1,98 @@ +db = $db; + } + + /** + * Erstellt einen neuen Token für einen Bericht. + * @return string|false Hex-Token bei Erfolg + */ + public function create($fk_bericht, $fk_user, $lifetime = null, $max_uploads = null) + { + $this->token = bin2hex(random_bytes(32)); + $this->fk_bericht = (int) $fk_bericht; + $this->fk_user_creat = (int) $fk_user; + $this->datec = dol_now(); + $this->expires_at = $this->datec + ($lifetime ?: self::DEFAULT_LIFETIME); + $this->max_uploads = $max_uploads ?: self::DEFAULT_MAX_UPLOADS; + $this->uploads_count = 0; + + $sql = "INSERT INTO ".$this->db->prefix()."bericht_upload_token " + ."(token, fk_bericht, fk_user_creat, expires_at, uploads_count, max_uploads, datec) VALUES (" + ."'".$this->db->escape($this->token)."'," + .$this->fk_bericht."," + .$this->fk_user_creat."," + ."'".$this->db->idate($this->expires_at)."'," + ."0," + .$this->max_uploads."," + ."'".$this->db->idate($this->datec)."'" + .")"; + if (!$this->db->query($sql)) return false; + $this->id = $this->db->last_insert_id($this->db->prefix()."bericht_upload_token"); + return $this->token; + } + + /** + * Lädt einen Token und prüft Gültigkeit. + * @return BerichtUploadToken|null + */ + public static function fetchValid(DoliDB $db, $token) + { + if (!preg_match('/^[a-f0-9]{64}$/', $token)) return null; + $sql = "SELECT rowid, token, fk_bericht, fk_user_creat, expires_at, uploads_count, max_uploads, datec" + ." FROM ".$db->prefix()."bericht_upload_token" + ." WHERE token = '".$db->escape($token)."'" + ." AND expires_at > '".$db->idate(dol_now())."'" + ." AND uploads_count < max_uploads"; + $res = $db->query($sql); + if (!$res || $db->num_rows($res) === 0) return null; + $obj = $db->fetch_object($res); + $t = new self($db); + $t->id = (int) $obj->rowid; + $t->token = $obj->token; + $t->fk_bericht = (int) $obj->fk_bericht; + $t->fk_user_creat = (int) $obj->fk_user_creat; + $t->expires_at = $db->jdate($obj->expires_at); + $t->uploads_count = (int) $obj->uploads_count; + $t->max_uploads = (int) $obj->max_uploads; + $t->datec = $db->jdate($obj->datec); + return $t; + } + + public function incrementCount() + { + $this->uploads_count++; + return $this->db->query("UPDATE ".$this->db->prefix()."bericht_upload_token" + ." SET uploads_count = uploads_count + 1" + ." WHERE rowid = ".((int) $this->id)); + } + + /** + * Räumt expired Tokens auf. + */ + public static function cleanupExpired(DoliDB $db) + { + $db->query("DELETE FROM ".$db->prefix()."bericht_upload_token" + ." WHERE expires_at < '".$db->idate(dol_now())."'"); + } +} diff --git a/core/modules/modBericht.class.php b/core/modules/modBericht.class.php index b01abea..6efd216 100644 --- a/core/modules/modBericht.class.php +++ b/core/modules/modBericht.class.php @@ -89,7 +89,23 @@ class modBericht extends DolibarrModules $this->dictionaries = array(); $this->boxes = array(); - $this->cronjobs = array(); + // Cleanup expired Mobile-Upload-Tokens (täglich um 03:30) + $this->cronjobs = array( + 0 => array( + 'label' => 'Bericht: Expired Upload-Tokens bereinigen', + 'jobtype' => 'method', + 'class' => '/bericht/class/upload_token.class.php', + 'objectname' => 'BerichtUploadToken', + 'method' => 'cleanupExpired', + 'parameters' => '', + 'comment' => 'Löscht abgelaufene Mobile-Upload-Tokens aus llx_bericht_upload_token', + 'frequency' => 1, + 'unitfrequency' => 86400, + 'status' => 1, + 'test' => 'isModEnabled("bericht")', + 'priority' => 50, + ), + ); // Rechte — wie Stundenzettel: [4]=perms, [5]=subperms (leer) $this->rights = array(); diff --git a/css/bericht.css b/css/bericht.css index c774549..a2cc07f 100644 --- a/css/bericht.css +++ b/css/bericht.css @@ -364,3 +364,22 @@ border: none; background: #444; } + +.qr-modal { + top: 10vh; left: 50%; right: auto; bottom: auto; + transform: translateX(-50%); + width: 380px; max-width: 90vw; + height: auto; max-height: 80vh; +} +.qr-modal-body { padding: 20px; text-align: center; } +#qr-code-container { + display: inline-block; + background: #fff; + padding: 12px; + border-radius: 8px; + margin-bottom: 16px; +} +.qr-info p { margin: 6px 0; font-size: 13px; color: var(--colortext, #ddd); } +.qr-url-display { word-break: break-all; } +.qr-url-display a { color: var(--colortextlink, #7aa2f7); } +.qr-status { padding: 8px; background: var(--colorbackbody, #1a1a1f); border-radius: 4px; margin-top: 12px; } diff --git a/js/editor.js b/js/editor.js index 648a50a..cff96b6 100644 --- a/js/editor.js +++ b/js/editor.js @@ -751,18 +751,85 @@ function bindExtraUpload() { const inp = document.getElementById('bericht-extra-upload'); - if (!inp) return; - inp.addEventListener('change', async () => { - if (!inp.files.length) return; - const fd = new FormData(); - fd.append('token', cfg.token); - fd.append('berichtid', cfg.berichtid); - fd.append('file', inp.files[0]); - const r = await fetch(cfg.urls.upload_extra, { method: 'POST', body: fd }); - const data = await r.json(); - if (data.success) location.reload(); - else alert('Upload fehlgeschlagen: ' + (data.error || '')); - }); + if (inp) { + inp.addEventListener('change', async () => { + if (!inp.files.length) return; + const fd = new FormData(); + fd.append('token', cfg.token); + fd.append('berichtid', cfg.berichtid); + fd.append('file', inp.files[0]); + const r = await fetch(cfg.urls.upload_extra, { method: 'POST', body: fd }); + const data = await r.json(); + if (data.success) location.reload(); + else alert('Upload fehlgeschlagen: ' + (data.error || '')); + }); + } + + // QR-Modal für Mobile-Upload + const qrBtn = document.getElementById('btn-show-qr'); + if (qrBtn) qrBtn.addEventListener('click', openQrModal); + const qrClose = document.getElementById('bericht-qr-close'); + if (qrClose) qrClose.addEventListener('click', closeQrModal); + document.querySelector('#bericht-qr-modal .bericht-modal-backdrop') + ?.addEventListener('click', closeQrModal); + } + + let qrPollInterval = null; + let qrLastPageCount = null; + + async function openQrModal() { + const fd = new FormData(); + fd.append('token', cfg.token); + fd.append('berichtid', cfg.berichtid); + const r = await fetch(cfg.urls.create_upload_token, { method: 'POST', body: fd }); + const data = await r.json(); + if (!data.success) { + alert('Token-Erstellung fehlgeschlagen: ' + (data.error || '')); + return; + } + const url = data.url; + const qrContainer = document.getElementById('qr-code-container'); + qrContainer.innerHTML = ''; + if (typeof QRCode !== 'undefined') { + new QRCode(qrContainer, { + text: url, + width: 280, + height: 280, + colorDark: '#000', + colorLight: '#fff', + correctLevel: QRCode.CorrectLevel.M, + }); + } else { + qrContainer.textContent = url; + } + document.getElementById('qr-validity').textContent = data.expires_in_min; + const linkEl = document.getElementById('qr-url-link'); + linkEl.href = url; + linkEl.textContent = url.length > 60 ? url.substring(0, 57) + '...' : url; + + document.getElementById('bericht-qr-modal').style.display = 'block'; + + // Polling alle 5 Sek nach neuen Pages + qrLastPageCount = document.querySelectorAll('.page-thumb').length; + if (qrPollInterval) clearInterval(qrPollInterval); + qrPollInterval = setInterval(async () => { + try { + const r = await fetch(cfg.urls.list_pages + '?berichtid=' + cfg.berichtid); + const d = await r.json(); + if (d.success && d.count !== qrLastPageCount) { + document.querySelector('.qr-status').textContent = + '✓ ' + (d.count - qrLastPageCount) + ' neue(s) Foto(s) hochgeladen — Seite wird neu geladen…'; + setTimeout(() => location.reload(), 1500); + clearInterval(qrPollInterval); + } + } catch (e) {} + }, 5000); + } + + function closeQrModal() { + const m = document.getElementById('bericht-qr-modal'); + if (m) m.style.display = 'none'; + if (qrPollInterval) { clearInterval(qrPollInterval); qrPollInterval = null; } } function bindThumbs() { diff --git a/js/lib/qrcode.min.js b/js/lib/qrcode.min.js new file mode 100644 index 0000000..993e88f --- /dev/null +++ b/js/lib/qrcode.min.js @@ -0,0 +1 @@ +var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>>>18,b[1]=128|(258048&f)>>>12,b[2]=128|(4032&f)>>>6,b[3]=128|63&f):f>2048?(b[0]=224|(61440&f)>>>12,b[1]=128|(4032&f)>>>6,b[2]=128|63&f):f>128?(b[0]=192|(1984&f)>>>6,b[1]=128|63&f):b[0]=f,this.parsedData=this.parsedData.concat(b)}this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw new Error(a.length+"/"+b);for(var c=0;c=f;f++){var h=0;switch(b){case d.L:h=l[f][0];break;case d.M:h=l[f][1];break;case d.Q:h=l[f][2];break;case d.H:h=l[f][3]}if(h>=e)break;c++}if(c>l.length)throw new Error("Too long data");return c}function s(a){var b=encodeURI(a).toString().replace(/\%[0-9a-fA-F]{2}/g,"a");return b.length+(b.length!=a?3:0)}a.prototype={getLength:function(){return this.parsedData.length},write:function(a){for(var b=0,c=this.parsedData.length;c>b;b++)a.put(this.parsedData[b],8)}},b.prototype={addData:function(b){var c=new a(b);this.dataList.push(c),this.dataCache=null},isDark:function(a,b){if(0>a||this.moduleCount<=a||0>b||this.moduleCount<=b)throw new Error(a+","+b);return this.modules[a][b]},getModuleCount:function(){return this.moduleCount},make:function(){this.makeImpl(!1,this.getBestMaskPattern())},makeImpl:function(a,c){this.moduleCount=4*this.typeNumber+17,this.modules=new Array(this.moduleCount);for(var d=0;d=7&&this.setupTypeNumber(a),null==this.dataCache&&(this.dataCache=b.createData(this.typeNumber,this.errorCorrectLevel,this.dataList)),this.mapData(this.dataCache,c)},setupPositionProbePattern:function(a,b){for(var c=-1;7>=c;c++)if(!(-1>=a+c||this.moduleCount<=a+c))for(var d=-1;7>=d;d++)-1>=b+d||this.moduleCount<=b+d||(this.modules[a+c][b+d]=c>=0&&6>=c&&(0==d||6==d)||d>=0&&6>=d&&(0==c||6==c)||c>=2&&4>=c&&d>=2&&4>=d?!0:!1)},getBestMaskPattern:function(){for(var a=0,b=0,c=0;8>c;c++){this.makeImpl(!0,c);var d=f.getLostPoint(this);(0==c||a>d)&&(a=d,b=c)}return b},createMovieClip:function(a,b,c){var d=a.createEmptyMovieClip(b,c),e=1;this.make();for(var f=0;f=g;g++)for(var h=-2;2>=h;h++)this.modules[d+g][e+h]=-2==g||2==g||-2==h||2==h||0==g&&0==h?!0:!1}},setupTypeNumber:function(a){for(var b=f.getBCHTypeNumber(this.typeNumber),c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[Math.floor(c/3)][c%3+this.moduleCount-8-3]=d}for(var c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[c%3+this.moduleCount-8-3][Math.floor(c/3)]=d}},setupTypeInfo:function(a,b){for(var c=this.errorCorrectLevel<<3|b,d=f.getBCHTypeInfo(c),e=0;15>e;e++){var g=!a&&1==(1&d>>e);6>e?this.modules[e][8]=g:8>e?this.modules[e+1][8]=g:this.modules[this.moduleCount-15+e][8]=g}for(var e=0;15>e;e++){var g=!a&&1==(1&d>>e);8>e?this.modules[8][this.moduleCount-e-1]=g:9>e?this.modules[8][15-e-1+1]=g:this.modules[8][15-e-1]=g}this.modules[this.moduleCount-8][8]=!a},mapData:function(a,b){for(var c=-1,d=this.moduleCount-1,e=7,g=0,h=this.moduleCount-1;h>0;h-=2)for(6==h&&h--;;){for(var i=0;2>i;i++)if(null==this.modules[d][h-i]){var j=!1;g>>e));var k=f.getMask(b,d,h-i);k&&(j=!j),this.modules[d][h-i]=j,e--,-1==e&&(g++,e=7)}if(d+=c,0>d||this.moduleCount<=d){d-=c,c=-c;break}}}},b.PAD0=236,b.PAD1=17,b.createData=function(a,c,d){for(var e=j.getRSBlocks(a,c),g=new k,h=0;h8*l)throw new Error("code length overflow. ("+g.getLengthInBits()+">"+8*l+")");for(g.getLengthInBits()+4<=8*l&&g.put(0,4);0!=g.getLengthInBits()%8;)g.putBit(!1);for(;;){if(g.getLengthInBits()>=8*l)break;if(g.put(b.PAD0,8),g.getLengthInBits()>=8*l)break;g.put(b.PAD1,8)}return b.createBytes(g,e)},b.createBytes=function(a,b){for(var c=0,d=0,e=0,g=new Array(b.length),h=new Array(b.length),j=0;j=0?p.get(q):0}}for(var r=0,m=0;mm;m++)for(var j=0;jm;m++)for(var j=0;j=0;)b^=f.G15<=0;)b^=f.G18<>>=1;return b},getPatternPosition:function(a){return f.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,b,c){switch(a){case e.PATTERN000:return 0==(b+c)%2;case e.PATTERN001:return 0==b%2;case e.PATTERN010:return 0==c%3;case e.PATTERN011:return 0==(b+c)%3;case e.PATTERN100:return 0==(Math.floor(b/2)+Math.floor(c/3))%2;case e.PATTERN101:return 0==b*c%2+b*c%3;case e.PATTERN110:return 0==(b*c%2+b*c%3)%2;case e.PATTERN111:return 0==(b*c%3+(b+c)%2)%2;default:throw new Error("bad maskPattern:"+a)}},getErrorCorrectPolynomial:function(a){for(var b=new i([1],0),c=0;a>c;c++)b=b.multiply(new i([1,g.gexp(c)],0));return b},getLengthInBits:function(a,b){if(b>=1&&10>b)switch(a){case c.MODE_NUMBER:return 10;case c.MODE_ALPHA_NUM:return 9;case c.MODE_8BIT_BYTE:return 8;case c.MODE_KANJI:return 8;default:throw new Error("mode:"+a)}else if(27>b)switch(a){case c.MODE_NUMBER:return 12;case c.MODE_ALPHA_NUM:return 11;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 10;default:throw new Error("mode:"+a)}else{if(!(41>b))throw new Error("type:"+b);switch(a){case c.MODE_NUMBER:return 14;case c.MODE_ALPHA_NUM:return 13;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 12;default:throw new Error("mode:"+a)}}},getLostPoint:function(a){for(var b=a.getModuleCount(),c=0,d=0;b>d;d++)for(var e=0;b>e;e++){for(var f=0,g=a.isDark(d,e),h=-1;1>=h;h++)if(!(0>d+h||d+h>=b))for(var i=-1;1>=i;i++)0>e+i||e+i>=b||(0!=h||0!=i)&&g==a.isDark(d+h,e+i)&&f++;f>5&&(c+=3+f-5)}for(var d=0;b-1>d;d++)for(var e=0;b-1>e;e++){var j=0;a.isDark(d,e)&&j++,a.isDark(d+1,e)&&j++,a.isDark(d,e+1)&&j++,a.isDark(d+1,e+1)&&j++,(0==j||4==j)&&(c+=3)}for(var d=0;b>d;d++)for(var e=0;b-6>e;e++)a.isDark(d,e)&&!a.isDark(d,e+1)&&a.isDark(d,e+2)&&a.isDark(d,e+3)&&a.isDark(d,e+4)&&!a.isDark(d,e+5)&&a.isDark(d,e+6)&&(c+=40);for(var e=0;b>e;e++)for(var d=0;b-6>d;d++)a.isDark(d,e)&&!a.isDark(d+1,e)&&a.isDark(d+2,e)&&a.isDark(d+3,e)&&a.isDark(d+4,e)&&!a.isDark(d+5,e)&&a.isDark(d+6,e)&&(c+=40);for(var k=0,e=0;b>e;e++)for(var d=0;b>d;d++)a.isDark(d,e)&&k++;var l=Math.abs(100*k/b/b-50)/5;return c+=10*l}},g={glog:function(a){if(1>a)throw new Error("glog("+a+")");return g.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;a>=256;)a-=255;return g.EXP_TABLE[a]},EXP_TABLE:new Array(256),LOG_TABLE:new Array(256)},h=0;8>h;h++)g.EXP_TABLE[h]=1<h;h++)g.EXP_TABLE[h]=g.EXP_TABLE[h-4]^g.EXP_TABLE[h-5]^g.EXP_TABLE[h-6]^g.EXP_TABLE[h-8];for(var h=0;255>h;h++)g.LOG_TABLE[g.EXP_TABLE[h]]=h;i.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var b=new Array(this.getLength()+a.getLength()-1),c=0;cf;f++)for(var g=c[3*f+0],h=c[3*f+1],i=c[3*f+2],k=0;g>k;k++)e.push(new j(h,i));return e},j.getRsBlockTable=function(a,b){switch(b){case d.L:return j.RS_BLOCK_TABLE[4*(a-1)+0];case d.M:return j.RS_BLOCK_TABLE[4*(a-1)+1];case d.Q:return j.RS_BLOCK_TABLE[4*(a-1)+2];case d.H:return j.RS_BLOCK_TABLE[4*(a-1)+3];default:return void 0}},k.prototype={get:function(a){var b=Math.floor(a/8);return 1==(1&this.buffer[b]>>>7-a%8)},put:function(a,b){for(var c=0;b>c;c++)this.putBit(1==(1&a>>>b-c-1))},getLengthInBits:function(){return this.length},putBit:function(a){var b=Math.floor(this.length/8);this.buffer.length<=b&&this.buffer.push(0),a&&(this.buffer[b]|=128>>>this.length%8),this.length++}};var l=[[17,14,11,7],[32,26,20,14],[53,42,32,24],[78,62,46,34],[106,84,60,44],[134,106,74,58],[154,122,86,64],[192,152,108,84],[230,180,130,98],[271,213,151,119],[321,251,177,137],[367,287,203,155],[425,331,241,177],[458,362,258,194],[520,412,292,220],[586,450,322,250],[644,504,364,280],[718,560,394,310],[792,624,442,338],[858,666,482,382],[929,711,509,403],[1003,779,565,439],[1091,857,611,461],[1171,911,661,511],[1273,997,715,535],[1367,1059,751,593],[1465,1125,805,625],[1528,1190,868,658],[1628,1264,908,698],[1732,1370,982,742],[1840,1452,1030,790],[1952,1538,1112,842],[2068,1628,1168,898],[2188,1722,1228,958],[2303,1809,1283,983],[2431,1911,1351,1051],[2563,1989,1423,1093],[2699,2099,1499,1139],[2809,2213,1579,1219],[2953,2331,1663,1273]],o=function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){function g(a,b){var c=document.createElementNS("http://www.w3.org/2000/svg",a);for(var d in b)b.hasOwnProperty(d)&&c.setAttribute(d,b[d]);return c}var b=this._htOption,c=this._el,d=a.getModuleCount();Math.floor(b.width/d),Math.floor(b.height/d),this.clear();var h=g("svg",{viewBox:"0 0 "+String(d)+" "+String(d),width:"100%",height:"100%",fill:b.colorLight});h.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"),c.appendChild(h),h.appendChild(g("rect",{fill:b.colorDark,width:"1",height:"1",id:"template"}));for(var i=0;d>i;i++)for(var j=0;d>j;j++)if(a.isDark(i,j)){var k=g("use",{x:String(i),y:String(j)});k.setAttributeNS("http://www.w3.org/1999/xlink","href","#template"),h.appendChild(k)}},a.prototype.clear=function(){for(;this._el.hasChildNodes();)this._el.removeChild(this._el.lastChild)},a}(),p="svg"===document.documentElement.tagName.toLowerCase(),q=p?o:m()?function(){function a(){this._elImage.src=this._elCanvas.toDataURL("image/png"),this._elImage.style.display="block",this._elCanvas.style.display="none"}function d(a,b){var c=this;if(c._fFail=b,c._fSuccess=a,null===c._bSupportDataURI){var d=document.createElement("img"),e=function(){c._bSupportDataURI=!1,c._fFail&&_fFail.call(c)},f=function(){c._bSupportDataURI=!0,c._fSuccess&&c._fSuccess.call(c)};return d.onabort=e,d.onerror=e,d.onload=f,d.src="data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==",void 0}c._bSupportDataURI===!0&&c._fSuccess?c._fSuccess.call(c):c._bSupportDataURI===!1&&c._fFail&&c._fFail.call(c)}if(this._android&&this._android<=2.1){var b=1/window.devicePixelRatio,c=CanvasRenderingContext2D.prototype.drawImage;CanvasRenderingContext2D.prototype.drawImage=function(a,d,e,f,g,h,i,j){if("nodeName"in a&&/img/i.test(a.nodeName))for(var l=arguments.length-1;l>=1;l--)arguments[l]=arguments[l]*b;else"undefined"==typeof j&&(arguments[1]*=b,arguments[2]*=b,arguments[3]*=b,arguments[4]*=b);c.apply(this,arguments)}}var e=function(a,b){this._bIsPainted=!1,this._android=n(),this._htOption=b,this._elCanvas=document.createElement("canvas"),this._elCanvas.width=b.width,this._elCanvas.height=b.height,a.appendChild(this._elCanvas),this._el=a,this._oContext=this._elCanvas.getContext("2d"),this._bIsPainted=!1,this._elImage=document.createElement("img"),this._elImage.style.display="none",this._el.appendChild(this._elImage),this._bSupportDataURI=null};return e.prototype.draw=function(a){var b=this._elImage,c=this._oContext,d=this._htOption,e=a.getModuleCount(),f=d.width/e,g=d.height/e,h=Math.round(f),i=Math.round(g);b.style.display="none",this.clear();for(var j=0;e>j;j++)for(var k=0;e>k;k++){var l=a.isDark(j,k),m=k*f,n=j*g;c.strokeStyle=l?d.colorDark:d.colorLight,c.lineWidth=1,c.fillStyle=l?d.colorDark:d.colorLight,c.fillRect(m,n,f,g),c.strokeRect(Math.floor(m)+.5,Math.floor(n)+.5,h,i),c.strokeRect(Math.ceil(m)-.5,Math.ceil(n)-.5,h,i)}this._bIsPainted=!0},e.prototype.makeImage=function(){this._bIsPainted&&d.call(this,a)},e.prototype.isPainted=function(){return this._bIsPainted},e.prototype.clear=function(){this._oContext.clearRect(0,0,this._elCanvas.width,this._elCanvas.height),this._bIsPainted=!1},e.prototype.round=function(a){return a?Math.floor(1e3*a)/1e3:a},e}():function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){for(var b=this._htOption,c=this._el,d=a.getModuleCount(),e=Math.floor(b.width/d),f=Math.floor(b.height/d),g=[''],h=0;d>h;h++){g.push("");for(var i=0;d>i;i++)g.push('');g.push("")}g.push("
"),c.innerHTML=g.join("");var j=c.childNodes[0],k=(b.width-j.offsetWidth)/2,l=(b.height-j.offsetHeight)/2;k>0&&l>0&&(j.style.margin=l+"px "+k+"px")},a.prototype.clear=function(){this._el.innerHTML=""},a}();QRCode=function(a,b){if(this._htOption={width:256,height:256,typeNumber:4,colorDark:"#000000",colorLight:"#ffffff",correctLevel:d.H},"string"==typeof b&&(b={text:b}),b)for(var c in b)this._htOption[c]=b[c];"string"==typeof a&&(a=document.getElementById(a)),this._android=n(),this._el=a,this._oQRCode=null,this._oDrawing=new q(this._el,this._htOption),this._htOption.text&&this.makeCode(this._htOption.text)},QRCode.prototype.makeCode=function(a){this._oQRCode=new b(r(a,this._htOption.correctLevel),this._htOption.correctLevel),this._oQRCode.addData(a),this._oQRCode.make(),this._el.title=a,this._oDrawing.draw(this._oQRCode),this.makeImage()},QRCode.prototype.makeImage=function(){"function"==typeof this._oDrawing.makeImage&&(!this._android||this._android>=3)&&this._oDrawing.makeImage()},QRCode.prototype.clear=function(){this._oDrawing.clear()},QRCode.CorrectLevel=d}(); \ No newline at end of file diff --git a/mobile_upload.php b/mobile_upload.php new file mode 100644 index 0000000..dcd2dfb --- /dev/null +++ b/mobile_upload.php @@ -0,0 +1,329 @@ + 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } +if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; +if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; +if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; +if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; +if (!$res) die("Include of main fails"); + +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; +require_once __DIR__.'/class/bericht.class.php'; +require_once __DIR__.'/class/upload_token.class.php'; + +$token = (string) ($_REQUEST['token'] ?? ''); +$tok = BerichtUploadToken::fetchValid($db, $token); + +// POST = Datei-Upload +if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_FILES['file']['tmp_name'])) { + header('Content-Type: application/json; charset=utf-8'); + if (!$tok) { + http_response_code(403); + echo json_encode(array('success' => false, 'error' => 'Token ungültig oder abgelaufen')); + exit; + } + + $bericht = new Bericht($db); + if ($bericht->fetch($tok->fk_bericht) <= 0) { + http_response_code(404); + echo json_encode(array('success' => false, 'error' => 'Bericht nicht gefunden')); + exit; + } + + $orig = dol_sanitizeFileName($_FILES['file']['name']); + $ext = strtolower(pathinfo($orig, PATHINFO_EXTENSION)); + $allowed = array('jpg', 'jpeg', 'png'); + if (!in_array($ext, $allowed)) { + echo json_encode(array('success' => false, 'error' => 'Nur JPG/PNG erlaubt')); + exit; + } + + $workdir = DOL_DATA_ROOT.'/bericht/work/'.$tok->fk_bericht; + if (!is_dir($workdir)) dol_mkdir($workdir); + + $target = $workdir.'/mobile_'.dol_print_date(dol_now(), '%Y%m%d_%H%M%S').'_'.uniqid().'.'.$ext; + if (!move_uploaded_file($_FILES['file']['tmp_name'], $target)) { + echo json_encode(array('success' => false, 'error' => 'Upload fehlgeschlagen')); + exit; + } + $relpath = str_replace(DOL_DATA_ROOT.'/', '', $target); + + // Als neue Bericht-Page einfügen + $res = $db->query("SELECT COALESCE(MAX(page_order),0) AS m FROM ".$db->prefix()."bericht_page WHERE fk_bericht = ".((int) $tok->fk_bericht)); + $next_order = ($res && ($o = $db->fetch_object($res))) ? ((int) $o->m) + 1 : 1; + + $page = new BerichtPage($db); + $page->fk_bericht = $tok->fk_bericht; + $page->page_order = $next_order; + $page->source_type = 'upload'; + $page->source_path = $relpath; + if ($page->create() <= 0) { + echo json_encode(array('success' => false, 'error' => 'DB-Insert fehlgeschlagen')); + exit; + } + + $tok->incrementCount(); + echo json_encode(array('success' => true, 'pageid' => $page->id, 'filename' => basename($target))); + exit; +} + +// GET = Mobile-Upload-Seite anzeigen +if (!$tok) { + http_response_code(403); + ?> + + Bericht — Token ungültig + + +

⚠️ Token ungültig

+

Dieser Upload-Link ist abgelaufen oder ungültig.

+

Bitte im Bericht-Editor einen neuen QR-Code generieren.

+ + fetch($tok->fk_bericht); +$auftragsnr = $bericht->auftragsnummer ?: $bericht->ref; +$valid_min = max(1, round(($tok->expires_at - dol_now()) / 60)); + +?> + + + + + + +Bericht Upload — <?php print htmlspecialchars($auftragsnr); ?> + + + + +
+

📷 Bericht Upload

+
+
Token gültig noch Min · max_uploads - $tok->uploads_count; ?> Uploads übrig
+
+ +
+ + + + + +
+ +
+ +
+

Hochgeladen (0)

+
+
+ + + + + diff --git a/sql/llx_bericht_upload_token.key.sql b/sql/llx_bericht_upload_token.key.sql new file mode 100644 index 0000000..748074d --- /dev/null +++ b/sql/llx_bericht_upload_token.key.sql @@ -0,0 +1,2 @@ +ALTER TABLE llx_bericht_upload_token ADD INDEX idx_but_bericht (fk_bericht); +ALTER TABLE llx_bericht_upload_token ADD INDEX idx_but_expires (expires_at); diff --git a/sql/llx_bericht_upload_token.sql b/sql/llx_bericht_upload_token.sql new file mode 100644 index 0000000..11b64ef --- /dev/null +++ b/sql/llx_bericht_upload_token.sql @@ -0,0 +1,13 @@ +-- Tokens für Mobile-Upload (Phase 2.1) +-- Ein Token autorisiert Foto-Uploads zu genau einem Bericht für eine begrenzte Zeit. +CREATE TABLE llx_bericht_upload_token ( + rowid INTEGER AUTO_INCREMENT PRIMARY KEY, + token VARCHAR(64) NOT NULL, + fk_bericht INTEGER NOT NULL, + fk_user_creat INTEGER NOT NULL, + expires_at DATETIME NOT NULL, + uploads_count INTEGER DEFAULT 0, + max_uploads INTEGER DEFAULT 100, + datec DATETIME NOT NULL, + UNIQUE KEY uniq_token (token) +) ENGINE=innodb;