public function share_validation()
 {
     $this->load->library('form_validation');
     $this->load->helper('form');
     $this->form_validation->set_error_delimiters('<div class="alert alert-error"><button type="button" class="close" data-dismiss="alert">×</button>', '</div>');
     //mise en place des regles
     $this->form_validation->set_rules('keywords', 'Mots-clés', 'required|encode_php_tags|htmlspecialchars|trim|xss_clean|max_length[200]');
     $this->form_validation->set_rules('description', 'Description', 'required|encode_php_tags|htmlspecialchars|trim|xss_clean|max_length[300]');
     if ($this->form_validation->run() == FALSE) {
         //on affiche le formulaire
         $this->share();
     } else {
         // upload du fichier
         $file_up = new Upload();
         $user = unserialize($this->session->userdata('user_obj'));
         if ($file_up->upload_file($user->id, array('userfile'))) {
             // Création fichier
             $file = new File();
             $file->id_user = $user->id;
             $file->desc = $this->input->post('description');
             $file->keywords = $this->input->post('keywords');
             $file->url = $file_up->files_uploaded[0][0];
             $file->type = $file_up->files_uploaded[0][1];
             //sauvegarde du fichier
             $file->save();
             //notification
             $this->session->set_userdata('notif_ok', '<div class="alert alert-success"><button type="button" class="close" data-dismiss="alert">×</button><strong>Bravo! </strong> Votre partage a été réussi.</div>');
             //redirection sur l'actualité
             redirect('flux', 'refresh');
         } else {
             //on affiche le formulaire
             $this->share();
         }
     }
 }
Beispiel #2
0
<?php

header("Content-Type:text/html; charset=utf-8");
if ($_POST['submit']) {
    $upFile = new Upload();
    $upFile->upload_file();
}
class Upload
{
    public $name;
    public $tmp_name;
    public $final_name;
    public $target_dir;
    public $target_path;
    public $file_type;
    public $allow_file_types;
    public $file_size;
    public $file_max_size;
    /**
     * __construct
     */
    public function __construct()
    {
        $this->name = $_FILES["file"]["name"];
        $this->file_type = $_FILES["file"]["type"];
        $this->tmp_name = $_FILES["file"]["tmp_name"];
        $this->allow_file_types = array('jpeg', 'doc', 'docx', 'dll', 'rar', 'zip', 'wps');
        $this->file_size = $_FILES['file']['size'];
        $this->target_dir = './Upload';
    }
    /**
Beispiel #3
0
	function _upload_image($type = 'avatar')
	{
		global $FNS, $IN, $PREFS, $DB, $LANG, $SESS, $OUT;
		
		
		switch ($type)
		{
			case 'avatar'	:	
								$edit_image		= 'edit_avatar';
								$enable_pref	= 'allow_avatar_uploads';
								$not_enabled	= 'avatars_not_enabled';
								$remove			= 'remove_avatar';
								$removed		= 'avatar_removed';
								$updated		= 'avatar_updated';
				break;
			case 'photo'	:	
								$edit_image 	= 'edit_photo';
								$enable_pref	= 'enable_photos';
								$not_enabled	= 'photos_not_enabled';
								$remove			= 'remove_photo';
								$removed		= 'photo_removed';
								$updated		= 'photo_updated';
								
				break;
			case 'sig'		:	
								$edit_image 	= 'edit_signature';
								$enable_pref	= 'sig_allow_img_upload';
								$not_enabled	= 'sig_img_not_enabled';
								$remove			= 'remove_sig_img';
								$removed		= 'sig_img_removed';
								$updated		= 'signature_updated';
				break;		
		}
		
		
		/** ----------------------------------------
		/**  Is this a remove request?
		/** ----------------------------------------*/
		
		if ( ! isset($_POST['remove']))
		{
			//  Is image uploading enabled?
			if ($PREFS->ini($enable_pref) == 'n')
			{
				return $this->_trigger_error($not_enabled, $not_enabled);
			}
		}
		else
		{
			if ($type == 'avatar')
			{
				$query = $DB->query("SELECT avatar_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
				
				if ($query->row['avatar_filename'] == '')
				{
					return $FNS->redirect($this->_member_path($edit_image));
				}
				
				$DB->query("UPDATE exp_members SET avatar_filename = '', avatar_width='', avatar_height='' WHERE member_id = '".$SESS->userdata('member_id')."' ");
			
				if (ereg('/', $query->row['avatar_filename']))
				{
					@unlink($PREFS->ini('avatar_path', TRUE).$query->row['avatar_filename']);
				}
			}
			elseif ($type == 'photo')
			{
				$query = $DB->query("SELECT photo_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
				
				if ($query->row['photo_filename'] == '')
				{
					return $FNS->redirect($this->_member_path($edit_image));
				}
				
				$DB->query("UPDATE exp_members SET photo_filename = '', photo_width='', photo_height='' WHERE member_id = '".$SESS->userdata('member_id')."' ");
			
				@unlink($PREFS->ini('photo_path', TRUE).$query->row['photo_filename']);
			}
			else
			{
				$query = $DB->query("SELECT sig_img_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
				
				if ($query->row['sig_img_filename'] == '')
				{
					return $FNS->redirect($this->_member_path($edit_image));
				}
				
				$DB->query("UPDATE exp_members SET sig_img_filename = '', sig_img_width='', sig_img_height='' WHERE member_id = '".$SESS->userdata('member_id')."' ");
			
				@unlink($PREFS->ini('sig_img_path', TRUE).$query->row['sig_img_filename']);			
			}
			
			
			return $this->_var_swap($this->_load_element('success'),
									array(
											'lang:heading'	=>	$LANG->line($remove),
											'lang:message'	=>	$LANG->line($removed)
										 )
									);
		}
		
				
		/** ----------------------------------------
		/**  Do the have the GD library?
		/** ----------------------------------------*/

		if ( ! function_exists('getimagesize')) 
		{
			return $this->_trigger_error($edit_image, 'gd_required');		
		}
										
		/** ----------------------------------------
		/**  Is there $_FILES data?
		/** ----------------------------------------*/
				
		if ( ! isset($_FILES['userfile']))
		{
			return $FNS->redirect($this->_member_path($edit_image));
		}

		/** ----------------------------------------
		/**  Check the image size
		/** ----------------------------------------*/
		
		$size = ceil(($_FILES['userfile']['size']/1024));
		
		if ($type == 'avatar')
		{
			$max_size = ($PREFS->ini('avatar_max_kb') == '' OR $PREFS->ini('avatar_max_kb') == 0) ? 50 : $PREFS->ini('avatar_max_kb');
		}
		elseif ($type == 'photo')
		{
			$max_size = ($PREFS->ini('photo_max_kb') == '' OR $PREFS->ini('photo_max_kb') == 0) ? 50 : $PREFS->ini('photo_max_kb');
		}
		else
		{
			$max_size = ($PREFS->ini('sig_img_max_kb') == '' OR $PREFS->ini('sig_img_max_kb') == 0) ? 50 : $PREFS->ini('sig_img_max_kb');
		}

		
		$max_size = preg_replace("/(\D+)/", "", $max_size);

		if ($size > $max_size)
		{
			return $OUT->show_user_error('submission', str_replace('%s', $max_size, $LANG->line('image_max_size_exceeded')));
		}
		
		/** ----------------------------------------
		/**  Is the upload path valid and writable?
		/** ----------------------------------------*/
		
		if ($type == 'avatar')
		{
			$upload_path = $PREFS->ini('avatar_path', TRUE).'uploads/';
		}
		elseif ($type == 'photo')
		{
			$upload_path = $PREFS->ini('photo_path', TRUE);
		}
		else
		{
			$upload_path = $PREFS->ini('sig_img_path', TRUE);
		}

		if ( ! @is_dir($upload_path) OR ! is_writable($upload_path))
		{
			return $this->_trigger_error($edit_image, 'image_assignment_error');
		}

		/** -------------------------------------
		/**  Set some defaults
		/** -------------------------------------*/
		
		$filename = $_FILES['userfile']['name'];
		
		if ($type == 'avatar')
		{
			$max_width	= ($PREFS->ini('avatar_max_width') == '' OR $PREFS->ini('avatar_max_width') == 0) ? 100 : $PREFS->ini('avatar_max_width');
			$max_height	= ($PREFS->ini('avatar_max_height') == '' OR $PREFS->ini('avatar_max_height') == 0) ? 100 : $PREFS->ini('avatar_max_height');	
			$max_kb		= ($PREFS->ini('avatar_max_kb') == '' OR $PREFS->ini('avatar_max_kb') == 0) ? 50 : $PREFS->ini('avatar_max_kb');	
		}
		elseif ($type == 'photo')
		{
			$max_width	= ($PREFS->ini('photo_max_width') == '' OR $PREFS->ini('photo_max_width') == 0) ? 100 : $PREFS->ini('photo_max_width');
			$max_height	= ($PREFS->ini('photo_max_height') == '' OR $PREFS->ini('photo_max_height') == 0) ? 100 : $PREFS->ini('photo_max_height');	
			$max_kb		= ($PREFS->ini('photo_max_kb') == '' OR $PREFS->ini('photo_max_kb') == 0) ? 50 : $PREFS->ini('photo_max_kb');
		}
		else
		{
			$max_width	= ($PREFS->ini('sig_img_max_width') == '' OR $PREFS->ini('sig_img_max_width') == 0) ? 100 : $PREFS->ini('sig_img_max_width');
			$max_height	= ($PREFS->ini('sig_img_max_height') == '' OR $PREFS->ini('sig_img_max_height') == 0) ? 100 : $PREFS->ini('sig_img_max_height');	
			$max_kb		= ($PREFS->ini('sig_img_max_kb') == '' OR $PREFS->ini('sig_img_max_kb') == 0) ? 50 : $PREFS->ini('sig_img_max_kb');
		}

		/** ----------------------------------------
		/**  Does the image have a file extension?
		/** ----------------------------------------*/
		
		if ( ! ereg('\.', $filename))
		{
			return $OUT->show_user_error('submission', $LANG->line('invalid_image_type'));
		}
		
		/** ----------------------------------------
		/**  Is it an allowed image type?
		/** ----------------------------------------*/
		
		$xy = explode('.', $filename);
		$extension = '.'.end($xy);
		
		// We'll do a simple extension check now.
		// The file upload class will do a more thorough check later
		
		$types = array('.jpg', '.jpeg', '.gif', '.png');
		
		if ( ! in_array(strtolower($extension), $types))
		{
			return $OUT->show_user_error('submission', $LANG->line('invalid_image_type'));
		}

		/** -------------------------------------
		/**  Assign the name of the image
		/** -------------------------------------*/
		
		$new_filename = $type.'_'.$SESS->userdata('member_id').strtolower($extension);
		
		/** -------------------------------------
		/**  Do they currently have an avatar or photo?
		/** -------------------------------------*/
		
		if ($type == 'avatar')
		{
			$query = $DB->query("SELECT avatar_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
			$old_filename = ($query->row['avatar_filename'] == '') ? '' : $query->row['avatar_filename'];
			
			if (ereg('/', $old_filename))
			{
				$xy = explode('/', $old_filename);
				$old_filename =  end($xy);
			}
		}
		elseif ($type == 'photo')
		{
			$query = $DB->query("SELECT photo_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
			$old_filename = ($query->row['photo_filename'] == '') ? '' : $query->row['photo_filename'];
		}
		else
		{
			$query = $DB->query("SELECT sig_img_filename FROM exp_members WHERE member_id = '".$SESS->userdata('member_id')."'");
			$old_filename = ($query->row['sig_img_filename'] == '') ? '' : $query->row['sig_img_filename'];
		}
		
		/** -------------------------------------
		/**  Upload the image
		/** -------------------------------------*/

        require PATH_CORE.'core.upload'.EXT;
  
        $UP = new Upload();
       
        $UP->new_name = $new_filename;
        
		$UP->set_upload_path($upload_path);
        $UP->set_allowed_types('img');
   
        if ( ! $UP->upload_file())
        {
			@unlink($UP->new_name);
			
			$info = ($UP->error_msg == 'invalid_filetype') ? "<div class='itempadbig'>".$LANG->line('invalid_image_type')."</div>" : '';
			return $OUT->show_user_error('submission', $LANG->line($UP->error_msg).$info);
        }
		
		/** -------------------------------------
		/**  Do we need to resize?
		/** -------------------------------------*/
		
		$vals	= @getimagesize($UP->new_name);		
		$width	= $vals['0'];
		$height	= $vals['1'];
		
		if ($width > $max_width OR $height > $max_height)
		{
			/** -------------------------------------
			/**  Was resizing successful?
			/** -------------------------------------*/
			
			// If not, we'll delete the uploaded image and
			// issue an error saying the file is to big
		
			if ( ! $this->_image_resize($new_filename, $type))
			{
				@unlink($UP->new_name);

				$max_size = str_replace('%x', $max_width, $LANG->line('max_image_size'));
				$max_size = str_replace('%y', $max_height, $max_size);
				$max_size .= ' - '.$max_kb.'KB';

				return $OUT->show_user_error('submission', $max_size);
			}
		}
		
		/** -------------------------------------
		/**  Check the width/height one last time
		/** -------------------------------------*/
	
		// Since our image resizing class will only reproportion
		// based on one axis, we'll check the size again, just to 
		// be safe.  We need to make absolutely sure that if someone
		// submits a very short/wide image it'll contrain properly
	
		$vals	= @getimagesize($UP->new_name);		
		$width	= $vals['0'];
		$height	= $vals['1'];
		
		if ($width > $max_width OR $height > $max_height)
		{
			$this->_image_resize($new_filename, $type, 'height');
			$vals	= @getimagesize($UP->new_name);		
			$width	= $vals['0'];
			$height	= $vals['1'];
		}
		
		/** -------------------------------------
		/**  Delete the old file if necessary
		/** -------------------------------------*/
		
		if ($old_filename != $new_filename)
		{
			@unlink($upload_path.$old_filename);
		}
		
		/** ----------------------------------------
		/**  Update DB
		/** ----------------------------------------*/

		if ($type == 'avatar')
		{
			$avatar = 'uploads/'.$new_filename;
			$DB->query("UPDATE exp_members SET avatar_filename = '{$avatar}', avatar_width='{$width}', avatar_height='{$height}' WHERE member_id = '".$SESS->userdata('member_id')."' ");
		}
		elseif ($type == 'photo')
		{
			$DB->query("UPDATE exp_members SET photo_filename = '{$new_filename}', photo_width='{$width}', photo_height='{$height}' WHERE member_id = '".$SESS->userdata('member_id')."' ");
		}
		else
		{
			$DB->query("UPDATE exp_members SET sig_img_filename = '{$new_filename}', sig_img_width='{$width}', sig_img_height='{$height}' WHERE member_id = '".$SESS->userdata('member_id')."' ");
		}
        
        /** -------------------------------------
        /**  Success message
        /** -------------------------------------*/
	
		return $this->_var_swap($this->_load_element('success'),
								array(
										'lang:heading'	=>	$LANG->line($edit_image),
										'lang:message'	=>	$LANG->line($updated)
									 )
								);
	}
Beispiel #4
0
 if (!empty($additional_image_fields)) {
     foreach ($additional_image_fields as $key => $val) {
         if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
             $error = 1;
             $field_error = preg_replace("/" . $site_template->start . "field_name" . $site_template->end . "/siU", str_replace(":", "", $val[0]), $lang['field_required']);
             $msg .= ($msg != "" ? "<br />" : "") . $field_error;
         }
     }
 }
 if (!$error) {
     // Start Upload
     include ROOT_PATH . 'includes/upload.php';
     $site_upload = new Upload();
     // Upload Media file
     if (!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") {
         $new_name = $site_upload->upload_file("media_file", "media", $upload_cat);
         if (!$new_name) {
             $msg .= ($msg != "" ? "<br />" : "") . "<b>" . $lang['file_upload_error'] . ": " . $new_name . "</b><br />" . $site_upload->get_upload_errors();
             $uploaderror = 1;
         }
     } else {
         $new_name = $remote_media_file;
     }
     // Upload thumb file
     $new_thumb_name = "";
     if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) {
         $new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, get_basefile($new_name));
         if (!$new_thumb_name) {
             $msg .= ($msg != "" ? "<br />" : "") . "<b>" . $lang['thumb_upload_error'] . ": " . $new_thumb_name . "</b><br />" . $site_upload->get_upload_errors();
             @unlink(MEDIA_TEMP_PATH . "/" . $new_name);
             $uploaderror = 1;
Beispiel #5
0
 /** ----------------------------------
     /**  Upload File
     /** ----------------------------------*/
 function upload_file()
 {
     global $IN, $DSP, $DB, $LANG, $SESS;
     $id = $IN->GBL('destination');
     $field_group = $IN->GBL('field_group');
     $query = $DB->query("SELECT * FROM exp_upload_prefs WHERE id = '" . $DB->escape_str($id) . "'");
     if ($query->num_rows == 0) {
         return;
     }
     if ($SESS->userdata['group_id'] != 1) {
         $safety = $DB->query("SELECT count(*) AS count FROM exp_upload_no_access WHERE upload_id = '" . $query->row['id'] . "' AND upload_loc = 'cp' AND member_group = '" . $SESS->userdata['group_id'] . "'");
         if ($safety->row['count'] != 0) {
             exit('no access');
             return $DSP->no_access_message();
         }
     }
     require PATH_CORE . 'core.upload' . EXT;
     $UP = new Upload();
     if ($UP->set_upload_path($query->row['server_path']) !== TRUE) {
         return $UP->show_error();
     }
     $UP->set_max_width($query->row['max_width']);
     $UP->set_max_height($query->row['max_height']);
     $UP->set_max_filesize($query->row['max_size']);
     $UP->set_allowed_types($SESS->userdata['group_id'] == 1 ? 'all' : $query->row['allowed_types']);
     if (!$UP->upload_file()) {
         return $UP->show_error();
     }
     global $UL;
     $UL = $UP;
     if ($UL->file_exists == TRUE) {
         return $this->file_exists_warning();
     }
     $this->finalize_uploaded_file(array('id' => $id, 'field_group' => $field_group, 'file_name' => $UP->file_name, 'is_image' => $UP->is_image, 'step' => 1));
 }
Beispiel #6
0
     $error['remote_file'] = 1;
 }
 if ((empty($HTTP_POST_FILES['thumb_file']['tmp_name']) || $HTTP_POST_FILES['thumb_file']['tmp_name'] == "none") && $remote_thumb_file != "" && !check_remote_thumb($remote_thumb_file) && !check_local_thumb($remote_thumb_file)) {
     $error['remote_thumb_file'] = 1;
 }
 if (!empty($additional_image_fields)) {
     foreach ($additional_image_fields as $key => $val) {
         if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
             $error[$key] = 1;
         }
     }
 }
 if (!empty($HTTP_POST_FILES['file']['tmp_name']) && $HTTP_POST_FILES['file']['tmp_name'] != "none" && !$error) {
     unset($HTTP_POST_VARS['remote_file']);
     @rename(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name, MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name . ".bak");
     $new_name = $site_upload->upload_file("file", "media", $cat_id);
     if (!$new_name) {
         $error_msg .= $lang['file_upload_error'] . ": <b>" . $HTTP_POST_FILES['file']['name'] . "</b><br />" . $site_upload->get_upload_errors();
         @rename(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name . ".bak", MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name);
         $error = 1;
     } else {
         unlink(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name . ".bak");
         $log[] = $lang['file_upload_success'] . ": <b>{$new_name}</b>";
     }
 } elseif ((empty($HTTP_POST_FILES['file']['tmp_name']) || $HTTP_POST_FILES['file']['tmp_name'] == "none") && $remote_file != "" && (check_remote_media($remote_file) || check_local_media($remote_file))) {
     $new_name = $remote_file;
     if (file_exists(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name) && is_file(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name)) {
         unlink(MEDIA_PATH . "/" . $old_cat_id . "/" . $old_file_name);
     }
 } else {
     if ($cat_id != $old_cat_id && !empty($old_file_name)) {
Beispiel #7
0
     $error['remote_file'] = 1;
 }
 if ((empty($HTTP_POST_FILES['thumb_file']['tmp_name']) || $HTTP_POST_FILES['thumb_file']['tmp_name'] == "none") && $remote_thumb_file != "" && !check_remote_thumb($remote_thumb_file) && !check_local_thumb($remote_thumb_file)) {
     $error['remote_thumb_file'] = 1;
 }
 if (!empty($additional_image_fields)) {
     foreach ($additional_image_fields as $key => $val) {
         if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
             $error[$key] = 1;
         }
     }
 }
 if (!empty($HTTP_POST_FILES['file']['tmp_name']) && $HTTP_POST_FILES['file']['tmp_name'] != "none" && !$error) {
     unset($HTTP_POST_VARS['remote_file']);
     @rename(MEDIA_TEMP_PATH . "/" . $old_file_name, MEDIA_TEMP_PATH . "/" . $old_file_name . ".bak");
     $new_name = $site_upload->upload_file("file", "media", 0);
     if (!$new_name) {
         $error_msg .= $lang['file_upload_error'] . ": <b>" . $HTTP_POST_FILES['file']['name'] . "</b><br />" . $site_upload->get_upload_errors();
         @rename(MEDIA_TEMP_PATH . "/" . $old_file_name . ".bak", MEDIA_TEMP_PATH . "/" . $old_file_name);
         $error = 1;
     } else {
         $log[] = $lang['file_upload_success'] . ": <b>" . $new_name . "</b>";
     }
 } elseif ((empty($HTTP_POST_FILES['file']['tmp_name']) || $HTTP_POST_FILES['file']['tmp_name'] == "none") && $remote_file != "" && check_remote_media($remote_file)) {
     $new_name = $remote_file;
     if (file_exists(MEDIA_TEMP_PATH . "/" . $old_file_name)) {
         unlink(MEDIA_TEMP_PATH . "/" . $old_file_name);
     }
 } else {
     $new_name = $old_file_name;
 }
<?php

header('Content-type: text/html; charset=UTF-8');
require './Upload.php';
$upload = new Upload($_FILES['arquivo']);
//$upload->set_uploads_folder(__DIR__ . '/tmp/');
//$upload->set_file_name('doctrine');
$upload->set_max_size(20);
$upload->set_overwrite(true);
$upload->set_allowed_types(array('image/jpeg', 'text/plain', 'application/pdf'));
try {
    $upload->upload_file();
} catch (Exception $ex) {
    echo $ex->getMessage();
}
echo $upload->get_file_path();
//var_dump($upload);
 /** -------------------------------------
     /**  Uploading Attachments
     /** -------------------------------------*/
 function _attach_file()
 {
     global $IN, $DB, $FNS, $PREFS, $LOC, $LANG, $SESS;
     /** -------------------------------------
     		/**  Check the paths
     		/** -------------------------------------*/
     if ($this->upload_path == '') {
         return $LANG->line('unable_to_recieve_attach');
     }
     if (!@is_dir($this->upload_path) or !@is_writable($this->upload_path)) {
         return $LANG->line('unable_to_recieve_attach');
     }
     /** -------------------------------------
     		/**  Are there previous attachments?
     		/** -------------------------------------*/
     $this->attachments = array();
     $attachments_size = 0;
     if ($IN->GBL('attach') !== FALSE && $IN->GBL('attach') != '') {
         $query = $DB->query("SELECT attachment_id, attachment_size, attachment_location\n        \t\t\t\t\t\t FROM exp_message_attachments\n        \t\t\t\t\t\t WHERE attachment_id IN ('" . str_replace('|', "','", $IN->GBL('attach')) . "')");
         if ($query->num_rows + 1 > $this->max_attachments) {
             return $LANG->line('no_more_attachments');
         } elseif ($query->num_rows > 0) {
             foreach ($query->result as $row) {
                 if (!file_exists($row['attachment_location'])) {
                     continue;
                 }
                 $this->attachments[] = $row['attachment_id'];
                 $attachments_size += $row['attachment_size'];
             }
         }
     }
     /** -------------------------------------
     		/**  Attachment too hefty?
     		/** -------------------------------------*/
     if ($this->attach_maxsize != 0 && $attachments_size + $_FILES['userfile']['size'] / 1024 > $this->attach_maxsize) {
         return $LANG->line('attach_too_large');
     }
     /** -------------------------------------
     		/**  Fetch the size of all attachments
     		/** -------------------------------------*/
     if ($this->attach_total != '0') {
         $query = $DB->query("SELECT SUM(attachment_size) AS total FROM exp_message_attachments WHERE is_temp != 'y'");
         if (!empty($query->row['total'])) {
             // Is the size of the new file (along with the previous ones) too large?
             if (ceil($query->row['total'] + $_FILES['userfile']['size'] / 1024) > $this->attach_total * 1000) {
                 return $LANG->line('too_many_attachments');
             }
         }
     }
     /** -------------------------------------
     		/**  Separate the filename form the extension
     		/** -------------------------------------*/
     if (!class_exists('Image_lib')) {
         require PATH_CORE . 'core.image_lib' . EXT;
     }
     $IM = new Image_lib();
     $split = $IM->explode_name($_FILES['userfile']['name']);
     $filename = $split['name'];
     $extension = $split['ext'];
     $filehash = $FNS->random('alpha', 20);
     /** -------------------------------------
     		/**  Upload the image
     		/** -------------------------------------*/
     if (!class_exists('Upload')) {
         require PATH_CORE . 'core.upload' . EXT;
     }
     $UP = new Upload();
     $UP->set_upload_path($this->upload_path);
     $UP->set_allowed_types('all');
     $UP->new_name = $filehash . $extension;
     if (!$UP->upload_file()) {
         @unlink($UP->new_name);
         if ($UP->error_msg == 'invalid_filetype') {
             $info = implode(', ', $UP->allowed_mimes);
             $info = "<div class='default'>" . $LANG->line($UP->error_msg) . "<div class='default'>" . $LANG->line('allowed_mimes') . '&nbsp;' . $info . "</div>";
             return $info;
         }
         return $UP->error_msg;
     }
     /** -------------------------------------
     		/**  Insert into Database
     		/** -------------------------------------*/
     $this->temp_message_id = $FNS->random('nozero', 10);
     $data = array('attachment_id' => '', 'sender_id' => $this->member_id, 'message_id' => $this->temp_message_id, 'attachment_name' => $filename . $extension, 'attachment_hash' => $filehash, 'attachment_extension' => $extension, 'attachment_location' => $UP->new_name, 'attachment_date' => $LOC->now, 'attachment_size' => ceil($UP->file_size / 1024));
     $DB->query($DB->insert_string('exp_message_attachments', $data));
     $attach_id = $DB->insert_id;
     /** -------------------------------------
     		/**  Change file name with attach ID
     		/** -------------------------------------*/
     // For convenience we use the attachment ID number as the prefix for all files.
     // That way they will be easier to manager.
     // OK, whatever you say, Rick.  -Paul
     if (file_exists($UP->new_name)) {
         $final_name = $attach_id . '_' . $filehash;
         $final_path = $UP->upload_path . $final_name . $extension;
         if (rename($UP->new_name, $final_path)) {
             chmod($final_path, 0777);
             $DB->query("UPDATE exp_message_attachments SET attachment_hash = '{$final_name}', attachment_location = '{$final_path}'  WHERE attachment_id = '{$attach_id}'");
         }
     }
     /** -------------------------------------
     		/**  Load Attachment into array
     		/** -------------------------------------*/
     $this->attachments[] = $attach_id;
     /* -------------------------------------
             /*  Delete Temp Attachments Over 48 Hours Old
     		/*
     		/*  The temp attachments are kept so long because
     		/*  of draft messages that may contain attachments
     		/*  but will not be sent until later.  I think 48
     		/*  hours is enough time.  Any longer and the attachment
     		/*  is gone but the message remains.
             /* -------------------------------------*/
     $expire = $LOC->now - 24 * 60 * 60;
     $result = $DB->query("SELECT attachment_location FROM exp_message_attachments \n\t\t\t\t\t\t\t  WHERE attachment_date < {$expire}\n\t\t\t\t\t\t\t  AND is_temp = 'y'");
     if ($result->num_rows > 0) {
         foreach ($result->result as $row) {
             @unlink($row['attachment_location']);
         }
         $DB->query("DELETE FROM exp_message_attachments WHERE attachment_date < {$expire} AND is_temp='y'");
     }
     return TRUE;
 }