From 1ba94a412be2ea85bf2295f3efbad9f481d2d479 Mon Sep 17 00:00:00 2001
From: Olusesan Ameye <ses66181@gmail.com>
Date: Sat, 6 Aug 2022 22:46:32 -0400
Subject: [PATCH] Upload file size limit configuration & handling

---
 wrenchboard/etc/wrenchboard_api.conf          |  1 +
 www/application/controllers/Proj.php          | 19 ++++++++++++++++++-
 .../views/jobs/uploads/upload_files.php       |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/wrenchboard/etc/wrenchboard_api.conf b/wrenchboard/etc/wrenchboard_api.conf
index 5b19e0b1..ca7ec72a 100644
--- a/wrenchboard/etc/wrenchboard_api.conf
+++ b/wrenchboard/etc/wrenchboard_api.conf
@@ -12,6 +12,7 @@ system:
 	profile_picture_size = "51200";
 	site_apple_app = "https://itunes.apple.com/us/app/wrenchboard/id1435718367?ls=1&mt=8";
 	site_andriod_app = "https://play.google.com/store/apps/details?id=com.wrenchboard.users";
+	upload_size_limit = "3145728";
 };
 
 	
diff --git a/www/application/controllers/Proj.php b/www/application/controllers/Proj.php
index f1d4c424..73024b56 100644
--- a/www/application/controllers/Proj.php
+++ b/www/application/controllers/Proj.php
@@ -304,6 +304,7 @@ class Proj extends Users_Controller {
 
             $this->load->model('backend_model');
 
+
             if ($_POST && !isset($_POST['uploadForm'])) {
                 $msgArray = array();
                 $msgArray['message'] = trim($this->input->post('jobmessage'));
@@ -325,6 +326,8 @@ class Proj extends Users_Controller {
 
             $data = $this->load_files($data, $jobID);
 
+            $data["sizeLimit"] = $this->backend_model->cfgReadChar("system.upload_size_limit");
+
             $this->load->model('dash_model');
             $out = $this->dash_model->getDashData($data);
             $data['active_task'] = $out['active_task'];
@@ -415,6 +418,8 @@ class Proj extends Users_Controller {
             $data = $this->load_files($data, $jobID);
             //$this->load_files($data, $jobID);
 
+            $data["sizeLimit"] = $this->backend_model->cfgReadChar("system.upload_size_limit");
+
             $this->load->model('dash_model');
             $out = $this->dash_model->getDashData($data);
             $data['active_task'] = $out['active_task'];
@@ -490,6 +495,8 @@ class Proj extends Users_Controller {
 
             $data = $this->load_files($data, $jobID);
 
+            $data["sizeLimit"] = $this->backend_model->cfgReadChar("system.upload_size_limit");
+
             if ($_POST && !isset($_POST['uploadForm'])) {
                 $msgArray = array();
                 $msgArray['message'] = trim($this->input->post('jobmessage'));
@@ -579,6 +586,8 @@ class Proj extends Users_Controller {
 
             $data = $this->load_files($data, $jobID);
 
+            $data["sizeLimit"] = $this->backend_model->cfgReadChar("system.upload_size_limit");
+
             if ($_POST && !isset($_POST['uploadForm'])) {
                 $msgArray = array();
                 $msgArray['message'] = trim($this->input->post('jobmessage'));
@@ -1051,6 +1060,7 @@ class Proj extends Users_Controller {
         $result = "";
         $d_txt = "";
         $is_live = $this->backend_model->cfgReadChar("system.live");
+        $sizeLimit = $this->backend_model->cfgReadChar("system.upload_size_limit");
         if ($this->input->post('contractId') == "" || (int) $_SESSION['member_id'] < 1) {
             $result = "Invalid contract or member ID";
         } else if (is_array($files)) {
@@ -1062,7 +1072,8 @@ class Proj extends Users_Controller {
             foreach ($files["name"] as $key => $name) {
                 if ($files["error"][$key] == 0) {
                     $target_file = $target_dir . "/" . $name;
-                    if (move_uploaded_file($files["tmp_name"][$key], $target_file)) {
+                    if ($files["size"][$key] <= $sizeLimit 
+                    && move_uploaded_file($files["tmp_name"][$key], $target_file)) {
                         $msgArray['action'] = WRENCHBOARD_CONTRACT_MESSAGE;
                         $msgArray['message'] = $name;
                         $msgArray['contract'] = $this->input->post('contractId');
@@ -1096,6 +1107,10 @@ class Proj extends Users_Controller {
         $jobID = $this->input->post('jobID');
         $contractId = $this->input->post('contractId');
 
+        $this->load->model('backend_model');
+
+        $sizeLimit = $this->backend_model->cfgReadChar("system.upload_size_limit");
+
         $files = array(
             "name" => array($_FILES["fileToUpload"]["name"]),
             "error" => array($_FILES["fileToUpload"]["error"]),
@@ -1104,6 +1119,8 @@ class Proj extends Users_Controller {
             "type" => array($_FILES["fileToUpload"]["type"])
         );
 
+        $is_live = $this->backend_model->cfgReadChar("system.live");
+
         list ($message, $uploaded) = $this->process_files($files);
 
         if ($uploaded) {
diff --git a/www/application/views/jobs/uploads/upload_files.php b/www/application/views/jobs/uploads/upload_files.php
index a6c786fa..6ef1e2fb 100644
--- a/www/application/views/jobs/uploads/upload_files.php
+++ b/www/application/views/jobs/uploads/upload_files.php
@@ -119,7 +119,7 @@
 
 <script type="text/javascript">
 <!--
-const sizeLimit = <?php echo '3145728'; ?>;
+const sizeLimit = <?php echo (isset($sizeLimit) && $sizeLimit > 0) ? $sizeLimit : '100000'; ?>;
 function fileToUploadChanged(e) {
     var fileList = $('#fileToUpload').prop("files"); // e.files; 
     $('#fileToUploadList').html('');