How to View Attachments: Step-by-step guide

[srumberg]

HOW TO VIEW ATTACHMENTS, NOT DOWNLOAD:

It's easy to add a "View attachment" capability! Here's how, using version 3.2.2:

1. Let's assume the root folder for your Hesk installation is /hesk.

2. In the folder /hesk/admin, create a backup copy of admin_ticket.php (e.g. admin_ticket_ORIGINAL.php) in case you want to undo these modifications.

3. In admin_ticket.php, search the code for the text "download_attachment". There should be 6 occurrences. Go to the last occurrence, at line 1592.

4. At Line 1592, insert this code to create an HTML anchor. This is the link to view the attachment:

Code: Select all

  &raquo; <a class="underline" title="View '.$att_name.'" href="../view_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">
<svg class="icon icon-search" style="width: 16px; height: 16px; margin-right: 0px; vertical-align: text-bottom;">
                <use xlink :href="'. HESK_PATH .'img/sprite.svg#icon-search"></use>
            </svg>
    </a> &raquo;

5. In the code above, remove the space after "xlink", so that xlink :href becomes xlink:href. (I had to add the space in order to post the code on this forum, otherwise the forum prevented me from saving this post.)

6. Save your change and upload the modified file admin_ticket.php to your server.

7. In the root folder /hesk (same folder where download_attachment.php is located), create a new file named view_attachment.php. This will contain the code to output the image to a new browser window.

8. Copy and paste the following code into your new file, view_attachment.php:

Code: Select all

<?php
/**
 *
 * This file is part of HESK - PHP Help Desk Software.
 *
 * (c) Copyright Klemen Stirn. All rights reserved.
 * https://www.hesk.com
 *
 * For the full copyright and license agreement information visit
 * https://www.hesk.com/eula.php
 *
 */

define('IN_SCRIPT',1);
define('HESK_PATH','./');

// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();

hesk_session_start();

// Are we in maintenance mode? (check customers only)
if ( empty($_SESSION['id']) )
{
	hesk_check_maintenance();
}

// Knowledgebase attachments
if ( isset($_GET['kb_att']) )
{
	// Attachment ID
	$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);

	// Connect to database
	hesk_dbConnect();

	// Get attachment info
	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (att_id)');
	}
	$file = hesk_dbFetchAssoc($res);

    // Is this person allowed access to this attachment?
	$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
						FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
                        JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
                        ON `t2`.`catid` = `t1`.`id`
                        WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
                        LIMIT 1");

    // If no attachment found, throw an error
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (no_art)');
	}
	$row = hesk_dbFetchAssoc($res);

    // Private or draft article or category?
    if ($row['cat_type'] || $row['art_type'])
    {
		if ( empty($_SESSION['id']) )
		{
			// This is a staff-only attachment
			hesk_error($hesklang['attpri']);
		}
		elseif ($row['art_type'] == 2)
		{
			// Need permission to manage KB to access draft attachments
			require(HESK_PATH . 'inc/admin_functions.inc.php');
			hesk_checkPermission('can_man_kb');
		}
    }
}

// Ticket attachments
else
{
	// Attachmend ID and ticket tracking ID
    $att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
	$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");

	// Connect to database
	hesk_dbConnect();

	// Get attachment info
	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (att_id)');
	}
	$file = hesk_dbFetchAssoc($res);

	// Is ticket ID valid for this attachment?
	if ($file['ticket_id'] != $tic_id)
	{
	    hesk_error($hesklang['trackID_not_found']);
	}

	// Verify email address match if needed
	if ( empty($_SESSION['id']) )
    {
    	hesk_verifyEmailMatch($tic_id);

		// Only staff may download attachments to notes
		if ($file['type'])
		{
        	hesk_error($hesklang['perm_deny']);
		}
    }
}

// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];

// Perhaps the file has been deleted?
if ( ! file_exists($realpath))
{
	hesk_error($hesklang['attdel']);
}
        // determine the mime type
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $mime = finfo_file($finfo, $realpath);
        finfo_close($finfo);
        // output the file to the browser
        header("Content-Type: $mime");
        readfile($realpath);
exit();
?>

9. Save your edits and upload the new file to your server.

10. Refresh your Tickets page, select a ticket that has an attachments, and click the View link. The image should display in a new window.

Voila! You can now view attachments without downloading them.

[Klemen]

Thanks for sharing!

[srumberg]

Klemen, you're welcome. view_attachment.php is identical to download_attachment.php, except for the last few lines.

[Dirk Einecke]

Hi!

I have added a check to the code for the link to open the attachment that tests if it is an image.

Code: Select all

if (in_array(mb_substr($att_name, -4), ['.png', '.gif', '.jpg']) === true) {
  // View link
}

Dirk

[xxak]

Hi,
I did a little update for 3.4.1: Updated srumberg's and Dirk's code (Fixed language strings, added PDF to filter, fixed tooltips, changed icons, modified behavior...), use srumberg's view_attachment.php and this admin_ticket.php (save and rename to php). Modification starts at line 1712:

[Klemen]

Cool, thanks for sharing!

[cwyenberg]

Thanks for this effort.

However, I'm getting blank pages when trying to view attachments using the above modifications in 3.4.1.

Suggestions?

Update - Resolved. A required PHP function fileinfo was not active after a recent PHP version update.

[cwshubby]

I would love to see this as an actual feature now.

Anyone have a working update for this?

[sduncan]

I would love to see this as an actual feature now.

Anyone have a working update for this?

Same works in the new version

[heskwhite]

Hello.
EXTREMELY new to Hesk.

...and PHP. LOL.

I was able to get Hesk running and it's great for my needs in a very small environment.

I tried following all of the instructions for getting the attachments to open and not down load but had no success.

I am running version 3.5.0 and am trying to do it with PDFS.

Could that be the issue?

I noticed in the guide it references 3.2.2 and images.
Any, kind yet patient, (hahaha. like i said i'm pretty new to Hesk) assistance would be greatly appreciated.

Thank you!