0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; } if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php"; if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php"; if (!$res && file_exists("../main.inc.php")) $res = @include "../main.inc.php"; if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php"; if (!$res) die("Include of main fails"); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; require_once __DIR__.'/class/bericht.class.php'; require_once __DIR__.'/class/upload_token.class.php'; $token = (string) ($_REQUEST['token'] ?? ''); $tok = BerichtUploadToken::fetchValid($db, $token); // POST = Datei-Upload if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_FILES['file']['tmp_name'])) { header('Content-Type: application/json; charset=utf-8'); if (!$tok) { http_response_code(403); echo json_encode(array('success' => false, 'error' => 'Token ungültig oder abgelaufen')); exit; } $bericht = new Bericht($db); if ($bericht->fetch($tok->fk_bericht) <= 0) { http_response_code(404); echo json_encode(array('success' => false, 'error' => 'Bericht nicht gefunden')); exit; } $orig = dol_sanitizeFileName($_FILES['file']['name']); $ext = strtolower(pathinfo($orig, PATHINFO_EXTENSION)); $allowed = array('jpg', 'jpeg', 'png'); if (!in_array($ext, $allowed)) { echo json_encode(array('success' => false, 'error' => 'Nur JPG/PNG erlaubt')); exit; } $workdir = DOL_DATA_ROOT.'/bericht/work/'.$tok->fk_bericht; if (!is_dir($workdir)) dol_mkdir($workdir); $target = $workdir.'/mobile_'.dol_print_date(dol_now(), '%Y%m%d_%H%M%S').'_'.uniqid().'.'.$ext; if (!move_uploaded_file($_FILES['file']['tmp_name'], $target)) { echo json_encode(array('success' => false, 'error' => 'Upload fehlgeschlagen')); exit; } $relpath = str_replace(DOL_DATA_ROOT.'/', '', $target); // Als neue Bericht-Page einfügen $res = $db->query("SELECT COALESCE(MAX(page_order),0) AS m FROM ".$db->prefix()."bericht_page WHERE fk_bericht = ".((int) $tok->fk_bericht)); $next_order = ($res && ($o = $db->fetch_object($res))) ? ((int) $o->m) + 1 : 1; $page = new BerichtPage($db); $page->fk_bericht = $tok->fk_bericht; $page->page_order = $next_order; $page->source_type = 'upload'; $page->source_path = $relpath; if ($page->create() <= 0) { echo json_encode(array('success' => false, 'error' => 'DB-Insert fehlgeschlagen')); exit; } $tok->incrementCount(); echo json_encode(array('success' => true, 'pageid' => $page->id, 'filename' => basename($target))); exit; } // GET = Mobile-Upload-Seite anzeigen if (!$tok) { http_response_code(403); ?> Bericht — Token ungültig

⚠️ Token ungültig

Dieser Upload-Link ist abgelaufen oder ungültig.

Bitte im Bericht-Editor einen neuen QR-Code generieren.

fetch($tok->fk_bericht); $auftragsnr = $bericht->auftragsnummer ?: $bericht->ref; $valid_min = max(1, round(($tok->expires_at - dol_now()) / 60)); ?> Bericht Upload — <?php print htmlspecialchars($auftragsnr); ?>

📷 Bericht Upload

Token gültig noch Min · max_uploads - $tok->uploads_count; ?> Uploads übrig

Hochgeladen (0)