Viewing file:  posting_attachments.php (50.51 KB) -rw-rw-rw-
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/***************************************************************************
* posting_attachments.php
* -------------------
* begin : Monday, Jul 15, 2002
* copyright : (C) 2002 Meik Sievertsen
* email : acyd.burn@gmx.de
*
* $Id: posting_attachments.php,v 1.69 2005/05/09 16:19:31 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
//
// Base Class for Attaching
//
class attach_parent
{
var $post_attach = FALSE;
var $attach_filename = '';
var $filename = '';
var $type = '';
var $extension = '';
var $file_comment = '';
var $num_attachments = 0; // number of attachments in message
var $filesize = 0;
var $filetime = 0;
var $thumbnail = 0;
var $page = 0; // On which page we are on ? This should be filled by child classes.
// Switches
var $add_attachment_body = 0;
var $posted_attachments_body = 0;
//
// Constructor
//
function attach_parent()
{
global $HTTP_POST_VARS, $HTTP_POST_FILES;
if (!empty($HTTP_POST_VARS['add_attachment_body']))
{
$this->add_attachment_body = intval($HTTP_POST_VARS['add_attachment_body']);
}
if (!empty($HTTP_POST_VARS['posted_attachments_body']))
{
$this->posted_attachments_body = intval($HTTP_POST_VARS['posted_attachments_body']);
}
$this->file_comment = ( isset($HTTP_POST_VARS['filecomment']) ) ? trim( strip_tags($HTTP_POST_VARS['filecomment'])) : '';
$this->filename = ($HTTP_POST_FILES['fileupload']['name'] != 'none') ? trim( $HTTP_POST_FILES['fileupload']['name'] ) : '';
$this->attachment_list = ( isset($HTTP_POST_VARS['attachment_list']) ) ? $HTTP_POST_VARS['attachment_list'] : array();
$this->attachment_comment_list = ( isset($HTTP_POST_VARS['comment_list']) ) ? $HTTP_POST_VARS['comment_list'] : array();
$this->attachment_filename_list = ( isset($HTTP_POST_VARS['filename_list']) ) ? $HTTP_POST_VARS['filename_list'] : array();
$this->attachment_extension_list = ( isset($HTTP_POST_VARS['extension_list']) ) ? $HTTP_POST_VARS['extension_list'] : array();
$this->attachment_mimetype_list = ( isset($HTTP_POST_VARS['mimetype_list']) ) ? $HTTP_POST_VARS['mimetype_list'] : array();
$this->attachment_filesize_list = ( isset($HTTP_POST_VARS['filesize_list']) ) ? $HTTP_POST_VARS['filesize_list'] : array();
$this->attachment_filetime_list = ( isset($HTTP_POST_VARS['filetime_list']) ) ? $HTTP_POST_VARS['filetime_list'] : array();
$this->attachment_id_list = ( isset($HTTP_POST_VARS['attach_id_list']) ) ? $HTTP_POST_VARS['attach_id_list'] : array();
$this->attachment_thumbnail_list = ( isset($HTTP_POST_VARS['attach_thumbnail_list']) ) ? $HTTP_POST_VARS['attach_thumbnail_list'] : array();
}
//
// Get Quota Limits
//
function get_quota_limits($userdata_quota, $user_id = 0)
{
global $attach_config, $db;
//
// Define Filesize Limits (Prepare Quota Settings)
// Priority: User, Group, Management
//
// This method is somewhat query intensive, but i think because this one is only executed while attaching a file,
// it does not make much sense to come up with an new db-entry.
// Maybe i will change this in a future version, where you are able to disable the User Quota Feature at all (using
// Default Limits for all Users/Groups)
//
// Change this to 'group;user' if you want to have first priority on group quota settings.
// $priority = 'group;user';
$priority = 'user;group';
if ( $userdata_quota['user_level'] == ADMIN )
{
$attach_config['pm_filesize_limit'] = 0; // Unlimited
$attach_config['upload_filesize_limit'] = 0; // Unlimited
return;
}
if ($this->page == PAGE_PRIVMSGS)
{
$quota_type = QUOTA_PM_LIMIT;
$limit_type = 'pm_filesize_limit';
$default = 'max_filesize_pm';
}
else
{
$quota_type = QUOTA_UPLOAD_LIMIT;
$limit_type = 'upload_filesize_limit';
$default = 'attachment_quota';
}
if (!$user_id)
{
$user_id = intval($userdata_quota['user_id']);
}
$priority = explode(';', $priority);
$found = FALSE;
for ($i = 0; $i < count($priority); $i++)
{
if (($priority[$i] == 'group') && (!$found))
{
//
// Get Group Quota, if we find one, we have our quota
//
$sql = "SELECT u.group_id FROM " . USER_GROUP_TABLE . " u, " . GROUPS_TABLE . " g
WHERE (g.group_single_user = 0) AND (u.group_id = g.group_id) AND (u.user_id = " . $user_id . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get User Group', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) > 0)
{
$rows = $db->sql_fetchrowset($result);
$group_id = array();
for ($j = 0; $j < count($rows); $j++)
{
$group_id[] = $rows[$j]['group_id'];
}
$sql = "SELECT l.quota_limit FROM " . QUOTA_TABLE . " q, " . QUOTA_LIMITS_TABLE . " l
WHERE (q.group_id IN (" . implode(',', $group_id) . ")) AND (q.group_id <> 0) AND (q.quota_type = " . $quota_type . ")
AND (q.quota_limit_id = l.quota_limit_id) ORDER BY l.quota_limit DESC LIMIT 1";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get Group Quota', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) > 0)
{
$row = $db->sql_fetchrow($result);
$attach_config[$limit_type] = $row['quota_limit'];
$found = TRUE;
}
}
}
if (($priority[$i] == 'user') && (!$found))
{
//
// Get User Quota, if the user is not in a group or the group has no quotas
//
$sql = "SELECT l.quota_limit FROM " . QUOTA_TABLE . " q, " . QUOTA_LIMITS_TABLE . " l
WHERE (q.user_id = " . $user_id . ") AND (q.user_id <> 0) AND (q.quota_type = " . $quota_type . ")
AND (q.quota_limit_id = l.quota_limit_id) LIMIT 1";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get User Quota', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) > 0)
{
$row = $db->sql_fetchrow($result);
$attach_config[$limit_type] = $row['quota_limit'];
$found = TRUE;
}
}
}
if (!$found)
{
// Set Default Quota Limit
$quota_id = ($quota_type == QUOTA_UPLOAD_LIMIT) ? $attach_config['default_upload_quota'] : $attach_config['default_pm_quota'];
if ($quota_id == 0)
{
$attach_config[$limit_type] = $attach_config[$default];
}
else
{
$sql = "SELECT quota_limit FROM " . QUOTA_LIMITS_TABLE . "
WHERE quota_limit_id = " . $quota_id . " LIMIT 1";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get Default Quota Limit', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) > 0)
{
$row = $db->sql_fetchrow($result);
$attach_config[$limit_type] = $row['quota_limit'];
}
else
{
$attach_config[$limit_type] = $attach_config[$default];
}
}
}
// Never exceed the complete Attachment Upload Quota
if ($quota_type == QUOTA_UPLOAD_LIMIT)
{
if ($attach_config[$limit_type] > $attach_config[$default])
{
$attach_config[$limit_type] = $attach_config[$default];
}
}
}
//
// Handle all modes... (intern)
//
function handle_attachments($mode)
{
global $is_auth, $attach_config, $refresh, $HTTP_POST_VARS, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db;
//
// ok, what shall we do ;)
//
//
// Some adjustments for PM's
//
if ($this->page == PAGE_PRIVMSGS)
{
global $privmsg_id;
$post_id = $privmsg_id;
if ($mode == 'post')
{
$mode = 'newtopic';
}
else if ($mode == 'edit')
{
$mode = 'editpost';
}
if ( $userdata['user_level'] == ADMIN )
{
$is_auth['auth_attachments'] = '1';
$max_attachments = ADMIN_MAX_ATTACHMENTS;
}
else
{
$is_auth['auth_attachments'] = intval($attach_config['allow_pm_attach']);
$max_attachments = intval($attach_config['max_attachments_pm']);
}
}
else
{
if ( $userdata['user_level'] == ADMIN )
{
$max_attachments = ADMIN_MAX_ATTACHMENTS;
}
else
{
$max_attachments = intval($attach_config['max_attachments']);
}
}
//
// nothing, if the user is not authorized or attachment mod disabled
//
if ( intval($attach_config['disable_mod']) || !$is_auth['auth_attachments'])
{
return false;
}
//
// Init Vars
//
$attachments = array();
if (!$refresh)
{
$add = ( isset($HTTP_POST_VARS['add_attachment']) ) ? TRUE : FALSE;
$delete = ( isset($HTTP_POST_VARS['del_attachment']) ) ? TRUE : FALSE;
$edit = ( isset($HTTP_POST_VARS['edit_comment']) ) ? TRUE : FALSE;
$update_attachment = ( isset($HTTP_POST_VARS['update_attachment']) ) ? TRUE : FALSE;
$del_thumbnail = ( isset($HTTP_POST_VARS['del_thumbnail']) ) ? TRUE : FALSE;
$add_attachment_box = ( !empty($HTTP_POST_VARS['add_attachment_box']) ) ? TRUE : FALSE;
$posted_attachments_box = ( !empty($HTTP_POST_VARS['posted_attachments_box']) ) ? TRUE : FALSE;
$refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box || $posted_attachment_box;
}
//
// Get Attachments
//
if ($this->page == PAGE_PRIVMSGS)
{
$attachments = get_attachments_from_pm($post_id);
}
else
{
$attachments = get_attachments_from_post($post_id);
}
if ($this->page == PAGE_PRIVMSGS)
{
if ( $userdata['user_level'] == ADMIN )
{
$auth = TRUE;
}
else
{
$auth = ( intval($attach_config['allow_pm_attach']) ) ? TRUE : FALSE;
}
if (count($attachments) == 1)
{
$template->assign_block_vars('switch_attachments',array());
$template->assign_vars(array(
'L_DELETE_ATTACHMENTS' => $lang['Delete_attachment'])
);
}
else if (count($attachments) > 0)
{
$template->assign_block_vars('switch_attachments',array());
$template->assign_vars(array(
'L_DELETE_ATTACHMENTS' => $lang['Delete_attachments'])
);
}
}
else
{
$auth = ( $is_auth['auth_edit'] || $is_auth['auth_mod'] ) ? TRUE : FALSE;
}
if ( (!$submit) && ($mode == 'editpost') && ( $auth ))
{
if ( (!$refresh) && (!$preview) && (!$error) && (!isset($HTTP_POST_VARS['del_poll_option'])) )
{
for ($i = 0; $i < count($attachments); $i++)
{
$this->attachment_list[] = $attachments[$i]['physical_filename'];
$this->attachment_comment_list[] = $attachments[$i]['comment'];
$this->attachment_filename_list[] = $attachments[$i]['real_filename'];
$this->attachment_extension_list[] = $attachments[$i]['extension'];
$this->attachment_mimetype_list[] = $attachments[$i]['mimetype'];
$this->attachment_filesize_list[] = $attachments[$i]['filesize'];
$this->attachment_filetime_list[] = $attachments[$i]['filetime'];
$this->attachment_id_list[] = $attachments[$i]['attach_id'];
$this->attachment_thumbnail_list[] = $attachments[$i]['thumbnail'];
}
}
}
$this->num_attachments = count($this->attachment_list);
if( ($submit) && ($mode != 'vote') )
{
if ( $mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost' )
{
if ( $this->filename != '' )
{
if ( $this->num_attachments < intval($max_attachments) )
{
$this->upload_attachment($this->page);
if ( (!$error) && ($this->post_attach) )
{
array_unshift($this->attachment_list, $this->attach_filename);
array_unshift($this->attachment_comment_list, $this->file_comment);
array_unshift($this->attachment_filename_list, $this->filename);
array_unshift($this->attachment_extension_list, $this->extension);
array_unshift($this->attachment_mimetype_list, $this->type);
array_unshift($this->attachment_filesize_list, $this->filesize);
array_unshift($this->attachment_filetime_list, $this->filetime);
array_unshift($this->attachment_id_list, '0');
array_unshift($this->attachment_thumbnail_list, $this->thumbnail);
$this->file_comment = '';
// This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the
// Database in two modes, one if the id_list is 0 and the second one if post_attach is true
// Since post_attach is automatically switched to true if an Attachment got added to the filesystem,
// but we are assigning an id of 0 here, we have to reset the post_attach variable to FALSE.
//
// This is very relevant, because it could happen that the post got not submitted, but we do not
// know this circumstance here. We could be at the posting page or we could be redirected to the entered
// post. :)
$this->post_attach = FALSE;
}
}
else
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
if ($preview || $refresh || $error)
{
$delete_attachment = ( isset($HTTP_POST_VARS['del_attachment']) ) ? TRUE : FALSE;
$delete_thumbnail = ( isset($HTTP_POST_VARS['del_thumbnail']) ) ? TRUE : FALSE;
$add_attachment = ( isset($HTTP_POST_VARS['add_attachment']) ) ? TRUE : FALSE;
$edit_attachment = ( isset($HTTP_POST_VARS['edit_comment']) ) ? TRUE : FALSE;
$update_attachment = ( isset($HTTP_POST_VARS['update_attachment']) ) ? TRUE : FALSE;
//
// Perform actions on temporary attachments
//
if ( ( $delete_attachment ) || ( $delete_thumbnail ) )
{
// store old values
$actual_list = ( isset($HTTP_POST_VARS['attachment_list']) ) ? $HTTP_POST_VARS['attachment_list'] : array();
$actual_comment_list = ( isset($HTTP_POST_VARS['comment_list']) ) ? $HTTP_POST_VARS['comment_list'] : array();
$actual_filename_list = ( isset($HTTP_POST_VARS['filename_list']) ) ? $HTTP_POST_VARS['filename_list'] : array();
$actual_extension_list = ( isset($HTTP_POST_VARS['extension_list']) ) ? $HTTP_POST_VARS['extension_list'] : array();
$actual_mimetype_list = ( isset($HTTP_POST_VARS['mimetype_list']) ) ? $HTTP_POST_VARS['mimetype_list'] : array();
$actual_filesize_list = ( isset($HTTP_POST_VARS['filesize_list']) ) ? $HTTP_POST_VARS['filesize_list'] : array();
$actual_filetime_list = ( isset($HTTP_POST_VARS['filetime_list']) ) ? $HTTP_POST_VARS['filetime_list'] : array();
$actual_id_list = ( isset($HTTP_POST_VARS['attach_id_list']) ) ? $HTTP_POST_VARS['attach_id_list'] : array();
$actual_thumbnail_list = ( isset($HTTP_POST_VARS['attach_thumbnail_list']) ) ? $HTTP_POST_VARS['attach_thumbnail_list'] : array();
// clean values
$this->attachment_list = array();
$this->attachment_comment_list = array();
$this->attachment_filename_list = array();
$this->attachment_extension_list = array();
$this->attachment_mimetype_list = array();
$this->attachment_filesize_list = array();
$this->attachment_filetime_list = array();
$this->attachment_id_list = array();
$this->attachment_thumbnail_list = array();
// restore values :)
if( isset($HTTP_POST_VARS['attachment_list']) )
{
for ($i = 0; $i < count($actual_list); $i++)
{
$restore = FALSE;
$del_thumb = FALSE;
if ( $delete_thumbnail )
{
if ( !isset($HTTP_POST_VARS['del_thumbnail'][$actual_list[$i]]) )
{
$restore = TRUE;
}
else
{
$del_thumb = TRUE;
}
}
if ( $delete_attachment )
{
if ( !isset($HTTP_POST_VARS['del_attachment'][$actual_list[$i]]) )
{
$restore = TRUE;
}
}
if ( $restore )
{
$this->attachment_list[] = $actual_list[$i];
$this->attachment_comment_list[] = $actual_comment_list[$i];
$this->attachment_filename_list[] = $actual_filename_list[$i];
$this->attachment_extension_list[] = $actual_extension_list[$i];
$this->attachment_mimetype_list[] = $actual_mimetype_list[$i];
$this->attachment_filesize_list[] = $actual_filesize_list[$i];
$this->attachment_filetime_list[] = $actual_filetime_list[$i];
$this->attachment_id_list[] = $actual_id_list[$i];
$this->attachment_thumbnail_list[] = $actual_thumbnail_list[$i];
}
else if (!$del_thumb)
{
//
// delete selected attachment
//
if ($actual_id_list[$i] == '0' )
{
unlink_attach($actual_list[$i]);
if ($actual_thumbnail_list[$i] == 1)
{
unlink_attach($actual_list[$i], MODE_THUMBNAIL);
}
}
else
{
delete_attachment($post_id, $actual_id_list[$i], $this->page);
}
}
else if ($del_thumb)
{
//
// delete selected thumbnail
//
$this->attachment_list[] = $actual_list[$i];
$this->attachment_comment_list[] = $actual_comment_list[$i];
$this->attachment_filename_list[] = $actual_filename_list[$i];
$this->attachment_extension_list[] = $actual_extension_list[$i];
$this->attachment_mimetype_list[] = $actual_mimetype_list[$i];
$this->attachment_filesize_list[] = $actual_filesize_list[$i];
$this->attachment_filetime_list[] = $actual_filetime_list[$i];
$this->attachment_id_list[] = $actual_id_list[$i];
$this->attachment_thumbnail_list[] = 0;
if ( $actual_id_list[$i] == '0' )
{
unlink_attach($actual_list[$i], MODE_THUMBNAIL);
}
else
{
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "
SET thumbnail = 0
WHERE attach_id = " . $actual_id_list[$i];
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to update ' . ATTACHMENTS_DESC_TABLE . ' Table.', '', __LINE__, __FILE__, $sql);
}
}
}
}
}
}
else if ( ($edit_attachment) || ($update_attachment) || ($add_attachment) || ($preview) )
{
if ($edit_attachment)
{
$actual_comment_list = ( isset($HTTP_POST_VARS['comment_list']) ) ? $HTTP_POST_VARS['comment_list'] : '';
$this->attachment_comment_list = array();
for ($i = 0; $i < count($this->attachment_list); $i++)
{
$this->attachment_comment_list[$i] = $actual_comment_list[$i];
}
}
if ( $update_attachment )
{
if ($this->filename == '')
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_empty_add_attachbox'];
}
$this->upload_attachment($this->page);
if (!$error)
{
$actual_list = ( isset($HTTP_POST_VARS['attachment_list']) ) ? $HTTP_POST_VARS['attachment_list'] : array();
$actual_id_list = ( isset($HTTP_POST_VARS['attach_id_list']) ) ? $HTTP_POST_VARS['attach_id_list'] : array();
$attachment_id = 0;
$actual_element = 0;
for ($i = 0; $i < count($actual_id_list); $i++)
{
if (isset($HTTP_POST_VARS['update_attachment'][$actual_id_list[$i]]))
{
$attachment_id = intval($actual_id_list[$i]);
$actual_element = $i;
}
}
// Get current informations to delete the Old Attachment
$sql = "SELECT physical_filename, comment, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . "
WHERE attach_id = " . $attachment_id;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to select old Attachment Entry.', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) != 1)
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_missing_old_entry'];
}
$row = $db->sql_fetchrow($result);
$comment = ( trim($this->file_comment) == '' ) ? trim($row['comment']) : trim($this->file_comment);
$comment = addslashes($comment);
// Update Entry
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "
SET physical_filename = '" . str_replace("'", "''", basename($this->attach_filename)) . "', real_filename = '" . str_replace("'", "''", basename($this->filename)) . "', comment = '" . str_replace("'", "''", $comment) . "', extension = '" . str_replace("'", "''", $this->extension) . "', mimetype = '" . str_replace("'", "''", $this->type) . "', filesize = " . $this->filesize . ", filetime = " . $this->filetime . ", thumbnail = " . $this->thumbnail . "
WHERE attach_id = " . (int) $attachment_id;
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to update the Attachment.', '', __LINE__, __FILE__, $sql);
}
// Delete the Old Attachment
unlink_attach($row['physical_filename']);
if (intval($row['thumbnail']) == 1)
{
unlink_attach($row['physical_filename'], MODE_THUMBNAIL);
}
//
// Make sure it is displayed
//
$this->attachment_list[$actual_element] = $this->attach_filename;
$this->attachment_comment_list[$actual_element] = $comment;
$this->attachment_filename_list[$actual_element] = $this->filename;
$this->attachment_extension_list[$actual_element] = $this->extension;
$this->attachment_mimetype_list[$actual_element] = $this->type;
$this->attachment_filesize_list[$actual_element] = $this->filesize;
$this->attachment_filetime_list[$actual_element] = $this->filetime;
$this->attachment_id_list[$actual_element] = $actual_id_list[$actual_element];
$this->attachment_thumbnail_list[$actual_element] = $this->thumbnail;
$this->file_comment = '';
}
}
if (( ($add_attachment) || ($preview) ) && ($this->filename != '') )
{
if( $this->num_attachments < intval($max_attachments) )
{
$this->upload_attachment($this->page);
if (!$error)
{
array_unshift($this->attachment_list, $this->attach_filename);
array_unshift($this->attachment_comment_list, $this->file_comment);
array_unshift($this->attachment_filename_list, $this->filename);
array_unshift($this->attachment_extension_list, $this->extension);
array_unshift($this->attachment_mimetype_list, $this->type);
array_unshift($this->attachment_filesize_list, $this->filesize);
array_unshift($this->attachment_filetime_list, $this->filetime);
array_unshift($this->attachment_id_list, '0');
array_unshift($this->attachment_thumbnail_list, $this->thumbnail);
$this->file_comment = '';
}
}
else
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
return (TRUE);
}
//
// Basic Insert Attachment Handling for all Message Types
//
function do_insert_attachment($mode, $message_type, $message_id)
{
global $db, $upload_dir;
if (intval($message_id) < 0)
{
return (FALSE);
}
if ($message_type == 'pm')
{
global $userdata, $to_userdata;
$post_id = 0;
$privmsgs_id = $message_id;
$user_id_1 = $userdata['user_id'];
$user_id_2 = $to_userdata['user_id'];
}
else if ($message_type = 'post')
{
global $post_info, $userdata;
$post_id = $message_id;
$privmsgs_id = 0;
$user_id_1 = (isset($post_info['poster_id'])) ? $post_info['poster_id'] : 0;
$user_id_2 = 0;
if (!$user_id_1)
{
$user_id_1 = $userdata['user_id'];
}
}
if ($mode == 'attach_list')
{
for ($i = 0; $i < count($this->attachment_list); $i++)
{
if ($this->attachment_id_list[$i])
{
//
// update entry in db if attachment already stored in db and filespace
//
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "
SET comment = '" . trim($this->attachment_comment_list[$i]) . "'
WHERE attach_id = " . $this->attachment_id_list[$i];
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to update the File Comment.', '', __LINE__, __FILE__, $sql);
}
}
else
{
//
// insert attachment into db
//
$sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail)
VALUES ( '" . str_replace("'", "''", basename($this->attachment_list[$i])) . "', '" . str_replace("'", "''", basename($this->attachment_filename_list[$i])) . "', '" . trim($this->attachment_comment_list[$i]) . "', '" . $this->attachment_extension_list[$i] . "', '" . $this->attachment_mimetype_list[$i] . "', " . $this->attachment_filesize_list[$i] . ", " . $this->attachment_filetime_list[$i] . ", " . $this->attachment_thumbnail_list[$i] . ")";
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Couldn\'t store Attachment.<br />Your ' . $message_type . ' has been stored.', '', __LINE__, __FILE__, $sql);
}
$attach_id = $db->sql_nextid();
$sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2) VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')';
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Couldn\'t store Attachment.<br />Your ' . $message_type . ' has been stored.', '', __LINE__, __FILE__, $sql);
}
}
}
return (TRUE);
}
if ($mode == 'last_attachment')
{
if ( ($this->post_attach) && (!isset($HTTP_POST_VARS['update_attachment'])) )
{
//
// insert attachment into db, here the user submited it directly
//
$sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail)
VALUES ( '" . str_replace("'", "''", basename($this->attach_filename)) . "', '" . str_replace("'", "''", stripslashes(basename($this->filename))) . "', '" . trim($this->file_comment) . "', '" . $this->extension . "', '" . $this->type . "', " . $this->filesize . ", " . $this->filetime . ", " . $this->thumbnail . ")";
//
// Inform the user that his post has been created, but nothing is attached
//
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Couldn\'t store Attachment.<br />Your ' . $message_type . ' has been stored.', '', __LINE__, __FILE__, $sql);
}
$attach_id = $db->sql_nextid();
$sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2)
VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')';
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Couldn\'t store Attachment.<br />Your ' . $message_type . ' has been stored.', '', __LINE__, __FILE__, $sql);
}
}
}
}
//
// Attachment Mod entry switch/output (intern)
//
function display_attachment_bodies()
{
global $attach_config, $db, $is_auth, $lang, $mode, $phpEx, $template, $upload_dir, $userdata, $HTTP_POST_VARS, $forum_id;
global $phpbb_root_path;
//
// Choose what to display
//
$value_add = $value_posted = 0;
if (intval($attach_config['show_apcp']))
{
if ( !empty($HTTP_POST_VARS['add_attachment_box']) )
{
$value_add = ( $this->add_attachment_body == 0 ) ? '1' : '0';
$this->add_attachment_body = intval($value_add);
}
else
{
$value_add = ( $this->add_attachment_body == 0 ) ? '0' : '1';
}
if ( !empty($HTTP_POST_VARS['posted_attachments_box']) )
{
$value_posted = ( $this->posted_attachments_body == 0 ) ? '1' : '0';
$this->posted_attachments_body = intval($value_posted);
}
else
{
$value_posted = ( $this->posted_attachments_body == 0 ) ? '0' : '1';
}
$template->assign_block_vars('show_apcp', array());
}
else
{
$this->add_attachment_body = 1;
$this->posted_attachments_body = 1;
}
$template->set_filenames(array(
'attachbody' => 'posting_attach_body.tpl')
);
display_compile_cache_clear($template->files['attachbody'], 'attachbody');
$s_hidden = '<input type="hidden" name="add_attachment_body" value="' . $value_add . '">';
$s_hidden .= '<input type="hidden" name="posted_attachments_body" value="' . $value_posted . '">';
if ($this->page == PAGE_PRIVMSGS)
{
$u_rules_id = 0;
}
else
{
$u_rules_id = $forum_id;
}
$template->assign_vars(array(
'L_ATTACH_POSTING_CP' => $lang['Attach_posting_cp'],
'L_ATTACH_POSTING_CP_EXPLAIN' => $lang['Attach_posting_cp_explain'],
'L_OPTIONS' => $lang['Options'],
'L_ADD_ATTACHMENT_TITLE' => $lang['Add_attachment_title'],
'L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'],
'L_FILE_NAME' => $lang['File_name'],
'L_FILE_COMMENT' => $lang['File_comment'],
'RULES' => '<a href="' . append_sid($phpbb_root_path . "attach_rules.$phpEx?f=$u_rules_id") . '" target="_blank">' . $lang['Allowed_extensions_and_sizes'] . '</a>',
'S_HIDDEN' => $s_hidden)
);
$attachments = array();
if ( count($this->attachment_list) > 0 )
{
if (intval($attach_config['show_apcp']))
{
$template->assign_block_vars('switch_posted_attachments', array());
}
for ($i = 0; $i < count($this->attachment_list); $i++)
{
$this->attachment_filename_list[$i] = stripslashes($this->attachment_filename_list[$i]);
$hidden = '<input type="hidden" name="attachment_list[]" value="' . $this->attachment_list[$i] . '" />';
$hidden .= '<input type="hidden" name="filename_list[]" value="' . $this->attachment_filename_list[$i] . '" />';
$hidden .= '<input type="hidden" name="extension_list[]" value="' . $this->attachment_extension_list[$i] . '" />';
$hidden .= '<input type="hidden" name="mimetype_list[]" value="' . $this->attachment_mimetype_list[$i] . '" />';
$hidden .= '<input type="hidden" name="filesize_list[]" value="' . $this->attachment_filesize_list[$i] . '" />';
$hidden .= '<input type="hidden" name="filetime_list[]" value="' . $this->attachment_filetime_list[$i] . '" />';
$hidden .= '<input type="hidden" name="attach_id_list[]" value="' . $this->attachment_id_list[$i] . '" />';
$hidden .= '<input type="hidden" name="attach_thumbnail_list[]" value="' . $this->attachment_thumbnail_list[$i] . '" />';
if ((!$this->posted_attachments_body) || ( count($this->attachment_list) == 0 ) )
{
$hidden .= '<input type="hidden" name="comment_list[]" value="' . stripslashes(htmlspecialchars($this->attachment_comment_list[$i])) . '" />';
}
$template->assign_block_vars('hidden_row', array(
'S_HIDDEN' => $hidden)
);
}
}
if ($this->add_attachment_body)
{
init_display_template('attachbody', '{ADD_ATTACHMENT_BODY}', 'add_attachment_body.tpl');
$form_enctype = 'enctype="multipart/form-data"';
$template->assign_vars(array(
'L_ADD_ATTACH_TITLE' => $lang['Add_attachment_title'],
'L_ADD_ATTACH_EXPLAIN' => $lang['Add_attachment_explain'],
'L_ADD_ATTACHMENT' => $lang['Add_attachment'],
'FILE_COMMENT' => stripslashes(htmlspecialchars($this->file_comment)),
'FILESIZE' => $attach_config['max_filesize'],
'FILENAME' => $this->filename,
'S_FORM_ENCTYPE' => $form_enctype)
);
}
if (($this->posted_attachments_body) && ( count($this->attachment_list) > 0 ) )
{
init_display_template('attachbody', '{POSTED_ATTACHMENTS_BODY}', 'posted_attachments_body.tpl');
$template->assign_vars(array(
'L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'],
'L_UPDATE_COMMENT' => $lang['Update_comment'],
'L_UPLOAD_NEW_VERSION' => $lang['Upload_new_version'],
'L_DELETE_ATTACHMENT' => $lang['Delete_attachment'],
'L_DELETE_THUMBNAIL' => $lang['Delete_thumbnail'],
'L_OPTIONS' => $lang['Options'])
);
for ($i = 0; $i < count($this->attachment_list); $i++)
{
if ( $this->attachment_id_list[$i] == '0' )
{
$download_link = $upload_dir . '/' . $this->attachment_list[$i];
}
else
{
$download_link = append_sid('download.' . $phpEx . '?id=' . $this->attachment_id_list[$i]);
}
$template->assign_block_vars('attach_row', array(
'FILE_NAME' => stripslashes(htmlspecialchars($this->attachment_filename_list[$i])),
'ATTACH_FILENAME' => $this->attachment_list[$i],
'FILE_COMMENT' => stripslashes(htmlspecialchars($this->attachment_comment_list[$i])),
'ATTACH_ID' => $this->attachment_id_list[$i],
'U_VIEW_ATTACHMENT' => $download_link)
);
//
// Thumbnail there ? And is the User Admin or Mod ? Then present the 'Delete Thumbnail' Button
//
if ( (intval($this->attachment_thumbnail_list[$i]) == 1) && ( ($is_auth['auth_mod']) || ($userdata['user_level'] == ADMIN) ) )
{
$template->assign_block_vars('attach_row.switch_thumbnail', array());
}
if ($this->attachment_id_list[$i])
{
$template->assign_block_vars('attach_row.switch_update_attachment', array());
}
}
}
$template->assign_var_from_handle('ATTACHBOX', 'attachbody');
}
//
// Upload an Attachment to Filespace (intern)
//
function upload_attachment()
{
global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = ($this->filename != '') ? TRUE : FALSE;
if ($this->post_attach)
{
$r_file = trim(basename($this->filename));
$file = $HTTP_POST_FILES['fileupload']['tmp_name'];
$this->type = $HTTP_POST_FILES['fileupload']['type'];
if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0)
{
message_die(GENERAL_ERROR, 'Tried to upload empty file');
}
// Opera add the name to the mime type
$this->type = ( strstr($this->type, '; name') ) ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
$this->extension = get_extension($this->filename);
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$sql = "SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e
WHERE (g.group_id = e.group_id) AND (e.extension = '" . $this->extension . "')
LIMIT 1";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$allowed_filesize = ($row['max_filesize']) ? $row['max_filesize'] : $attach_config['max_filesize'];
$cat_id = intval($row['cat_id']);
$auth_cache = trim($row['forum_permissions']);
//
// check Filename
//
if ( preg_match("#[\\/:*?\"<>|]#i", $this->filename) )
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
}
//
// check php upload-size
//
if (!$error && $file == 'none')
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '')
{
$error_msg .= $lang['Attachment_php_size_na'];
}
else
{
$error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
}
}
//
// Check Extension
//
if (!$error && intval($row['allow_group']) == 0)
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
}
//
// Check Forum Permissions
//
if ( (!$error) && ($this->page != PAGE_PRIVMSGS) &&($userdata['user_level'] != ADMIN) && (!is_forum_authed($auth_cache, $forum_id) && (trim($auth_cache) != '')) )
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
}
// Upload File
$this->thumbnail = 0;
if (!$error)
{
//
// Prepare Values
//
$this->filetime = time();
$this->filename = stripslashes($r_file);
$this->attach_filename = strtolower($this->filename);
// To re-add cryptic filenames, change this variable to true
$cryptic = false;
if (!$cryptic)
{
$this->attach_filename = str_replace(' ', '_', $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/%(\w{2})/", "_", $this->attach_filename);
$this->attach_filename = delete_extension($this->attach_filename);
$new_filename = trim($this->attach_filename);
if (!$new_filename)
{
$u_id = (intval($userdata['user_id']) == ANONYMOUS) ? 0 : intval($userdata['user_id']);
$new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
do
{
$this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
}
while (physical_filename_already_stored($this->attach_filename));
unset($new_filename);
}
else
{
$u_id = (intval($userdata['user_id']) == ANONYMOUS) ? 0 : intval($userdata['user_id']);
$this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
$this->filename = str_replace("'", "\'", $this->filename);
//
// Do we have to create a thumbnail ?
//
if ( ($cat_id == IMAGE_CAT) && (intval($attach_config['img_create_thumbnail'])) )
{
$this->thumbnail = 1;
}
}
if ($error)
{
$this->post_attach = FALSE;
return;
}
//
// Upload Attachment
//
if (!$error)
{
if ( !(intval($attach_config['allow_ftp_upload'])) )
{
//
// Descide the Upload method
//
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$safe_mode = @$ini_val('safe_mode');
if ( @$ini_val('open_basedir') )
{
if ( @phpversion() < '4.0.3' )
{
$upload_mode = 'copy';
}
else
{
$upload_mode = 'move';
}
}
else if ( @$ini_val('safe_mode') )
{
$upload_mode = 'move';
}
else
{
$upload_mode = 'copy';
}
}
else
{
$upload_mode = 'ftp';
}
//
// Ok, upload the Attachment
//
if (!$error)
{
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error)
{
if ($upload_mode != 'ftp' && !$this->filesize)
{
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
//
// Check Image Size, if it's an image
//
if ( (!$error) && ($userdata['user_level'] != ADMIN) && ($cat_id == IMAGE_CAT) )
{
list($width, $height) = image_getdimension($file);
if ( ($width != 0) && ($height != 0) && (intval($attach_config['img_max_width']) != 0) && (intval($attach_config['img_max_height']) != 0) )
{
if ( ($width > intval($attach_config['img_max_width'])) || ($height > intval($attach_config['img_max_height'])) )
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
//
// check Filesize
//
if ( (!$error) && ($allowed_filesize != 0) && ($this->filesize > $allowed_filesize) && ($userdata['user_level'] != ADMIN) )
{
$size_lang = ($allowed_filesize >= 1048576) ? $lang['MB'] : ( ($allowed_filesize >= 1024) ? $lang['KB'] : $lang['Bytes'] );
if ($allowed_filesize >= 1048576)
{
$allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
}
else if($allowed_filesize >= 1024)
{
$allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
}
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
}
//
// Check our complete quota
//
if ($attach_config['attachment_quota'])
{
$sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$total_filesize = $row['total'];
if (($total_filesize + $this->filesize) > $attach_config['attachment_quota'])
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_reached'];
}
}
$this->get_quota_limits($userdata);
//
// Check our user quota
//
if ($this->page != PAGE_PRIVMSGS)
{
if ($attach_config['upload_filesize_limit'])
{
$sql = "SELECT attach_id
FROM " . ATTACHMENTS_TABLE . "
WHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)
GROUP BY attach_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attach_ids = $db->sql_fetchrowset($result);
$num_attach_ids = $db->sql_numrows($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++)
{
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0)
{
//
// Now get the total filesize
//
$sql = "SELECT sum(filesize) as total
FROM " . ATTACHMENTS_DESC_TABLE . "
WHERE attach_id IN (" . implode(', ', $attach_id) . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$total_filesize = $row['total'];
}
else
{
$total_filesize = 0;
}
if (($total_filesize + $this->filesize) > $attach_config['upload_filesize_limit'])
{
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = ($upload_filesize_limit >= 1048576) ? $lang['MB'] : ( ($upload_filesize_limit >= 1024) ? $lang['KB'] : $lang['Bytes'] );
if ($upload_filesize_limit >= 1048576)
{
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
}
else if($upload_filesize_limit >= 1024)
{
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
}
}
}
//
// If we are at Private Messaging, check our PM Quota
//
if ($this->page == PAGE_PRIVMSGS)
{
$to_user = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : '';
if ($attach_config['pm_filesize_limit'])
{
$total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']);
if (($total_filesize + $this->filesize) > $attach_config['pm_filesize_limit'])
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_sender_pm_reached'];
}
}
//
// Check Receivers PM Quota
//
if (!empty($to_user) && $userdata['user_level'] != ADMIN)
{
$sql = "SELECT user_id
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("'", "''", htmlspecialchars($to_user)) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query userdata', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$user_id = intval($row['user_id']);
$u_data = get_userdata($user_id);
$this->get_quota_limits($u_data, $user_id);
if ($attach_config['pm_filesize_limit'])
{
$total_filesize = get_total_attach_pm_filesize('to_user', $user_id);
if (($total_filesize + $this->filesize) > $attach_config['pm_filesize_limit'])
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user);
}
}
}
}
if ($error)
{
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
//
// Copy the temporary attachment to the right location (copy, move_uploaded_file or ftp)
//
function move_uploaded_attachment($upload_mode, $file)
{
global $error, $error_msg, $lang, $upload_dir;
if (!is_uploaded_file($file))
{
message_die(GENERAL_ERROR, 'Unable to upload file. The given source has not been uploaded.', __LINE__, __FILE__);
}
switch ($upload_mode)
{
case 'copy':
/*
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$tmp_path = ( !@$ini_val('safe_mode') ) ? '' : $upload_dir . '/tmp';
if ($tmp_path != '')
{
$tmp_filename = tempnam($tmp_path, 't0000');
$fd = fopen($file, 'r');
$data = fread ($fd, $this->filesize);
fclose ($fd);
$fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $data, $this->filesize);
@fclose($fptr);
$file = $tmp_filename;
}
*/
if ( !@copy($file, $upload_dir . '/' . $this->attach_filename) )
{
if ( !@move_uploaded_file($file, $upload_dir . '/' . $this->attach_filename) )
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename);
return;
}
}
@chmod($upload_dir . '/' . $this->attach_filename, 0666);
/* if ($tmp_path != '')
{
unlink_attach($file);
}
*/
break;
case 'move':
/* $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$tmp_path = ( !@$ini_val('safe_mode') ) ? '' : $upload_dir . '/tmp';
if ($tmp_path != '')
{
$tmp_filename = tempnam($tmp_path, 't0000');
$fd = fopen($file, 'r');
$data = fread ($fd, $this->filesize);
fclose ($fd);
$fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $data, $this->filesize);
@fclose($fptr);
$file = $tmp_filename;
}
*/
if ( !@move_uploaded_file($file, $upload_dir . '/' . $this->attach_filename) )
{
if ( !@copy($file, $upload_dir . '/' . $this->attach_filename) )
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['General_upload_error'], './' . $upload_dir . '/' . $this->attach_filename);
return;
}
}
@chmod($upload_dir . '/' . $this->attach_filename, 0666);
/* if ($tmp_path != '')
{
unlink_attach($file);
}*/
break;
case 'ftp':
ftp_file($file, $this->attach_filename, $this->type);
break;
}
if ( (!$error) && ($this->thumbnail == 1) )
{
if ($upload_mode == 'ftp')
{
$source = $file;
$dest_file = THUMB_DIR . '/t_' . $this->attach_filename;
}
else
{
$source = $upload_dir . '/' . $this->attach_filename;
$dest_file = amod_realpath($upload_dir);
$dest_file .= '/' . THUMB_DIR . '/t_' . $this->attach_filename;
}
if (!create_thumbnail($source, $dest_file, $this->type))
{
if (!$file || !create_thumbnail($file, $dest_file, $this->type))
{
$this->thumbnail = 0;
}
}
}
}
}
class attach_posting extends attach_parent
{
//
// Constructor
//
function attach_posting()
{
$this->attach_parent();
$this->page = 0;
}
//
// Preview Attachments in Posts
//
function preview_attachments()
{
global $attach_config, $is_auth, $userdata;
if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments'])
{
return (FALSE);
}
display_attachments_preview($this->attachment_list, $this->attachment_filesize_list, $this->attachment_filename_list, $this->attachment_comment_list, $this->attachment_extension_list, $this->attachment_thumbnail_list);
}
//
// Insert an Attachment into a Post (this is the second function called from posting.php)
//
function insert_attachment($post_id)
{
global $db, $is_auth, $mode, $userdata, $error, $error_msg;
//
// Insert Attachment ?
//
if ((!empty($post_id)) && ( $mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost' ) && ($is_auth['auth_attachments']))
{
$this->do_insert_attachment('attach_list', 'post', $post_id);
$this->do_insert_attachment('last_attachment', 'post', $post_id);
if ( ( (count($this->attachment_list) > 0) || ($this->post_attach) ) && (!isset($HTTP_POST_VARS['update_attachment'])) )
{
$sql = "UPDATE " . POSTS_TABLE . "
SET post_attachment = 1
WHERE post_id = " . $post_id;
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to update Posts Table.', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT topic_id FROM " . POSTS_TABLE . "
WHERE post_id = " . $post_id;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to select Posts Table.', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$sql = "UPDATE " . TOPICS_TABLE . "
SET topic_attachment = 1
WHERE topic_id = " . $row['topic_id'];
if ( !($db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Unable to update Topics Table.', '', __LINE__, __FILE__, $sql);
}
}
}
}
//
// Handle Attachments (Add/Delete/Edit/Show) - This is the first function called from every message handler
//
function posting_attachment_mod()
{
global $mode, $confirm, $is_auth, $post_id, $delete, $refresh, $HTTP_POST_VARS;
if (!$refresh)
{
$add_attachment_box = ( !empty($HTTP_POST_VARS['add_attachment_box']) ) ? TRUE : FALSE;
$posted_attachments_box = ( !empty($HTTP_POST_VARS['posted_attachments_box']) ) ? TRUE : FALSE;
$refresh = $add_attachment_box || $posted_attachments_box;
}
//
// Choose what to display
//
$result = $this->handle_attachments($mode);
if ($result == FALSE)
{
return;
}
if ( ($confirm) && ($delete || $mode == 'delete' || $mode == 'editpost') && ($is_auth['auth_delete'] || $is_auth['auth_mod']) )
{
if (!empty($post_id))
{
delete_attachment($post_id);
}
}
$this->display_attachment_bodies();
}
}
//
// Entry Point
//
function execute_posting_attachment_handling()
{
global $attachment_mod;
$attachment_mod['posting'] = new attach_posting();
$attachment_mod['posting']->posting_attachment_mod();
}
?>
|