PHPJunkyard support forum

Posted: **Mon Dec 13, 2021 7:52 am**

HOW TO VIEW ATTACHMENTS, NOT DOWNLOAD:

It's easy to add a "View attachment" capability! Here's how, using version 3.2.2:

1. Let's assume the root folder for your Hesk installation is /hesk.

2. In the folder /hesk/admin, create a backup copy of admin_ticket.php (e.g. admin_ticket_ORIGINAL.php) in case you want to undo these modifications.

3. In admin_ticket.php, search the code for the text "download_attachment". There should be 6 occurrences. Go to the last occurrence, at line 1592.

4. At Line 1592, insert this code to create an HTML anchor. This is the link to view the attachment:

Code: Select all

  &raquo; <a class="underline" title="View '.$att_name.'" href="../view_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">
<svg class="icon icon-search" style="width: 16px; height: 16px; margin-right: 0px; vertical-align: text-bottom;">
                <use xlink :href="'. HESK_PATH .'img/sprite.svg#icon-search"></use>
            </svg>
    </a> &raquo;

5. In the code above, remove the space after "xlink", so that xlink :href becomes xlink:href. (I had to add the space in order to post the code on this forum, otherwise the forum prevented me from saving this post.)

6. Save your change and upload the modified file admin_ticket.php to your server.

7. In the root folder /hesk (same folder where download_attachment.php is located), create a new file named view_attachment.php. This will contain the code to output the image to a new browser window.

8. Copy and paste the following code into your new file, view_attachment.php:

Code: Select all

<?php
/**
 *
 * This file is part of HESK - PHP Help Desk Software.
 *
 * (c) Copyright Klemen Stirn. All rights reserved.
 * https://www.hesk.com
 *
 * For the full copyright and license agreement information visit
 * https://www.hesk.com/eula.php
 *
 */

define('IN_SCRIPT',1);
define('HESK_PATH','./');

// Get all the required files and functions
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
hesk_load_database_functions();

hesk_session_start();

// Are we in maintenance mode? (check customers only)
if ( empty($_SESSION['id']) )
{
	hesk_check_maintenance();
}

// Knowledgebase attachments
if ( isset($_GET['kb_att']) )
{
	// Attachment ID
	$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);

	// Connect to database
	hesk_dbConnect();

	// Get attachment info
	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (att_id)');
	}
	$file = hesk_dbFetchAssoc($res);

    // Is this person allowed access to this attachment?
	$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
						FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
                        JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
                        ON `t2`.`catid` = `t1`.`id`
                        WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
                        LIMIT 1");

    // If no attachment found, throw an error
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (no_art)');
	}
	$row = hesk_dbFetchAssoc($res);

    // Private or draft article or category?
    if ($row['cat_type'] || $row['art_type'])
    {
		if ( empty($_SESSION['id']) )
		{
			// This is a staff-only attachment
			hesk_error($hesklang['attpri']);
		}
		elseif ($row['art_type'] == 2)
		{
			// Need permission to manage KB to access draft attachments
			require(HESK_PATH . 'inc/admin_functions.inc.php');
			hesk_checkPermission('can_man_kb');
		}
    }
}

// Ticket attachments
else
{
	// Attachmend ID and ticket tracking ID
    $att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
	$tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");

	// Connect to database
	hesk_dbConnect();

	// Get attachment info
	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
	if (hesk_dbNumRows($res) != 1)
	{
		hesk_error($hesklang['id_not_valid'].' (att_id)');
	}
	$file = hesk_dbFetchAssoc($res);

	// Is ticket ID valid for this attachment?
	if ($file['ticket_id'] != $tic_id)
	{
	    hesk_error($hesklang['trackID_not_found']);
	}

	// Verify email address match if needed
	if ( empty($_SESSION['id']) )
    {
    	hesk_verifyEmailMatch($tic_id);

		// Only staff may download attachments to notes
		if ($file['type'])
		{
        	hesk_error($hesklang['perm_deny']);
		}
    }
}

// Path of the file on the server
$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];

// Perhaps the file has been deleted?
if ( ! file_exists($realpath))
{
	hesk_error($hesklang['attdel']);
}
        // determine the mime type
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $mime = finfo_file($finfo, $realpath);
        finfo_close($finfo);
        // output the file to the browser
        header("Content-Type: $mime");
        readfile($realpath);
exit();
?>

9. Save your edits and upload the new file to your server.

10. Refresh your Tickets page, select a ticket that has an attachments, and click the View link. The image should display in a new window.

Voila! You can now view attachments without downloading them.

Posted: **Tue Dec 14, 2021 2:43 pm**

Thanks for sharing!

Posted: **Wed Dec 15, 2021 12:02 am**

Klemen, you're welcome. view_attachment.php is identical to download_attachment.php, except for the last few lines.

Posted: **Wed Oct 12, 2022 7:08 am**

Hi!

I have added a check to the code for the link to open the attachment that tests if it is an image.

Code: Select all

if (in_array(mb_substr($att_name, -4), ['.png', '.gif', '.jpg']) === true) {
  // View link
}

Dirk

Posted: **Mon Oct 17, 2022 12:35 pm**

Hi,
I did a little update for 3.4.1: Updated srumberg's and Dirk's code (Fixed language strings, added PDF to filter, fixed tooltips, changed icons, modified behavior...), use srumberg's view_attachment.php and this admin_ticket.php (save and rename to php). Modification starts at line 1712:

Posted: **Tue Oct 18, 2022 6:46 am**

Cool, thanks for sharing!

Posted: **Fri Dec 23, 2022 12:01 am**

Thanks for this effort.

However, I'm getting blank pages when trying to view attachments using the above modifications in 3.4.1.

Suggestions?

Update - Resolved. A required PHP function fileinfo was not active after a recent PHP version update.

Posted: **Tue Dec 03, 2024 9:47 pm**

I would love to see this as an actual feature now.

Anyone have a working update for this?

Posted: **Thu Dec 19, 2024 11:10 pm**

cwshubby wrote: Tue Dec 03, 2024 9:47 pm I would love to see this as an actual feature now.

Anyone have a working update for this?

Same works in the new version

Posted: **Fri Apr 04, 2025 3:09 pm**

Hello.
EXTREMELY new to Hesk.

...and PHP. LOL.

I was able to get Hesk running and it's great for my needs in a very small environment.

I tried following all of the instructions for getting the attachments to open and not down load but had no success.

I am running version 3.5.0 and am trying to do it with PDFS.

Could that be the issue?

I noticed in the guide it references 3.2.2 and images.
Any, kind yet patient, (hahaha. like i said i'm pretty new to Hesk) assistance would be greatly appreciated.

Thank you!

PHPJunkyard support forum

How to View Attachments: Step-by-step guide

How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide

Re: How to View Attachments: Step-by-step guide