HOW TO VIEW ATTACHMENTS, NOT DOWNLOAD:
It's easy to add a "View attachment" capability! Here's how, using version 3.2.2:
1. Let's assume the
root folder for your Hesk installation is
/hesk.
2. In the folder
/hesk/admin, create a backup copy of
admin_ticket.php (e.g. admin_ticket_ORIGINAL.php) in case you want to undo these modifications.
3. In admin_ticket.php, search the code for the text "
download_attachment". There should be 6 occurrences. Go to the last occurrence, at line 1592.
4. At Line 1592, insert this code to create an HTML anchor. This is the link to view the attachment:
Code: Select all
» <a class="underline" title="View '.$att_name.'" href="../view_attachment.php?att_id='.$att_id.'&track='.$trackingID.'">
<svg class="icon icon-search" style="width: 16px; height: 16px; margin-right: 0px; vertical-align: text-bottom;">
<use xlink :href="'. HESK_PATH .'img/sprite.svg#icon-search"></use>
</svg>
</a> »
5. In the code above, remove the space after "xlink", so that xlink :href becomes
xlink:href. (I had to add the space in order to post the code on this forum, otherwise the forum prevented me from saving this post.)
6.
Save your change and
upload the modified file admin_ticket.php to your server.
7. In the root folder /hesk (same folder where download_attachment.php is located),
create a new file named
view_attachment.php. This will contain the code to output the image to a new browser window.
8.
Copy and paste the following code into your new file, view_attachment.php:
Code: Select all
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','./');
// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();
hesk_session_start();
// Are we in maintenance mode? (check customers only)
if ( empty($_SESSION['id']) )
{
hesk_check_maintenance();
}
// Knowledgebase attachments
if ( isset($_GET['kb_att']) )
{
// Attachment ID
$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is this person allowed access to this attachment?
$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
ON `t2`.`catid` = `t1`.`id`
WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
LIMIT 1");
// If no attachment found, throw an error
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (no_art)');
}
$row = hesk_dbFetchAssoc($res);
// Private or draft article or category?
if ($row['cat_type'] || $row['art_type'])
{
if ( empty($_SESSION['id']) )
{
// This is a staff-only attachment
hesk_error($hesklang['attpri']);
}
elseif ($row['art_type'] == 2)
{
// Need permission to manage KB to access draft attachments
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_checkPermission('can_man_kb');
}
}
}
// Ticket attachments
else
{
// Attachmend ID and ticket tracking ID
$att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");
// Connect to database
hesk_dbConnect();
// Get attachment info
$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
if (hesk_dbNumRows($res) != 1)
{
hesk_error($hesklang['id_not_valid'].' (att_id)');
}
$file = hesk_dbFetchAssoc($res);
// Is ticket ID valid for this attachment?
if ($file['ticket_id'] != $tic_id)
{
hesk_error($hesklang['trackID_not_found']);
}
// Verify email address match if needed
if ( empty($_SESSION['id']) )
{
hesk_verifyEmailMatch($tic_id);
// Only staff may download attachments to notes
if ($file['type'])
{
hesk_error($hesklang['perm_deny']);
}
}
}
// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
// Perhaps the file has been deleted?
if ( ! file_exists($realpath))
{
hesk_error($hesklang['attdel']);
}
// determine the mime type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $realpath);
finfo_close($finfo);
// output the file to the browser
header("Content-Type: $mime");
readfile($realpath);
exit();
?>
9.
Save your edits and
upload the new file to your server.
10.
Refresh your Tickets page, select a ticket that has an attachments, and
click the View link. The image should display in a new window.
Voila! You can now view attachments without downloading them.