function processAttachments()
{
global $context, $modSettings, $smcFunc, $txt, $user_info;
// Make sure we're uploading to the right place.
if (!empty($modSettings['automanage_attachments'])) {
automanage_attachments_check_directory();
}
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
$context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
// Is the attachments folder actualy there?
if (!empty($context['dir_creation_error'])) {
$initial_error = $context['dir_creation_error'];
} elseif (!is_dir($context['attach_dir'])) {
$initial_error = 'attach_folder_warning';
log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
}
if (!isset($initial_error) && !isset($context['attachments'])) {
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_msg = {int:id_msg}
AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0));
list($context['attachments']['quantity'], $context['attachments']['total_size']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
} else {
$context['attachments'] = array('quantity' => 0, 'total_size' => 0);
}
}
// Hmm. There are still files in session.
$ignore_temp = false;
if (!empty($_SESSION['temp_attachments']['post']['files']) && count($_SESSION['temp_attachments']) > 1) {
// Let's try to keep them. But...
$ignore_temp = true;
// If new files are being added. We can't ignore those
foreach ($_FILES['attachment']['tmp_name'] as $dummy) {
if (!empty($dummy)) {
$ignore_temp = false;
break;
}
}
// Need to make space for the new files. So, bye bye.
if (!$ignore_temp) {
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) {
unlink($attachment['tmp_name']);
}
}
$context['we_are_history'] = $txt['error_temp_attachments_flushed'];
$_SESSION['temp_attachments'] = array();
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
if (!isset($_SESSION['temp_attachments'])) {
$_SESSION['temp_attachments'] = array();
}
// Remember where we are at. If it's anywhere at all.
if (!$ignore_temp) {
$_SESSION['temp_attachments']['post'] = array('msg' => !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0, 'topic' => !empty($topic) ? $topic : 0, 'board' => !empty($board) ? $board : 0);
}
// If we have an itital error, lets just display it.
if (!empty($initial_error)) {
$_SESSION['temp_attachments']['initial_error'] = $initial_error;
// And delete the files 'cos they ain't going nowhere.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
$_FILES['attachment']['tmp_name'] = array();
}
// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// First, let's first check for PHP upload errors.
$errors = array();
if (!empty($_FILES['attachment']['error'][$n])) {
if ($_FILES['attachment']['error'][$n] == 2) {
$errors[] = array('file_too_big', array($modSettings['attachmentSizeLimit']));
} elseif ($_FILES['attachment']['error'][$n] == 6) {
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_6'], 'critical');
} else {
log_error($_FILES['attachment']['name'][$n] . ': ' . $txt['php_upload_error_' . $_FILES['attachment']['error'][$n]]);
}
if (empty($errors)) {
$errors[] = 'attach_php_error';
}
}
// Try to move and rename the file before doing any more checks on it.
$attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
$destName = $context['attach_dir'] . '/' . $attachID;
if (empty($errors)) {
$_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])), 'tmp_name' => $destName, 'size' => $_FILES['attachment']['size'][$n], 'type' => $_FILES['attachment']['type'][$n], 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array());
// Move the file to the attachments folder with a temp name for now.
if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
@chmod($destName, 0644);
} else {
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
} else {
$_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])), 'tmp_name' => $destName, 'errors' => $errors);
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
// If there's no errors to this pont. We still do need to apply some addtional checks before we are finished.
if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
attachmentChecks($attachID);
}
}
// Mod authors, finally a hook to hang an alternate attachment upload system upon
// Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
// Populate $_SESSION['temp_attachments'][$attachID] with the following:
// name => The file name
// tmp_name => Path to the temp file ($context['attach_dir'] . '/' . $attachID).
// size => File size (required).
// type => MIME type (optional if not available on upload).
// id_folder => $modSettings['currentAttachmentUploadDir']
// errors => An array of errors (use the index of the $txt variable for that error).
// Template changes can be done using "integrate_upload_template".
call_integration_hook('integrate_attachment_upload', array());
}
/**
* Handles the actual saving of attachments to a directory.
*
* What it does:
* - Loops through $_FILES['attachment'] array and saves each file to the current attachments folder.
* - Validates the save location actually exists.
*
* @package Attachments
* @param int|null $id_msg = null or id of the message with attachments, if any.
* If null, this is an upload in progress for a new post.
*/
function processAttachments($id_msg = null)
{
global $context, $modSettings, $txt, $user_info, $ignore_temp, $topic, $board;
$attach_errors = Attachment_Error_Context::context();
// Make sure we're uploading to the right place.
if (!empty($modSettings['automanage_attachments'])) {
automanage_attachments_check_directory();
}
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
$context['attach_dir'] = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
// Is the attachments folder actualy there?
if (!empty($context['dir_creation_error'])) {
$initial_error = $context['dir_creation_error'];
} elseif (!is_dir($context['attach_dir'])) {
$initial_error = 'attach_folder_warning';
log_error(sprintf($txt['attach_folder_admin_warning'], $context['attach_dir']), 'critical');
}
if (!isset($initial_error) && !isset($context['attachments']['quantity'])) {
// If this isn't a new post, check the current attachments.
if (!empty($id_msg)) {
list($context['attachments']['quantity'], $context['attachments']['total_size']) = attachmentsSizeForMessage($id_msg);
} else {
$context['attachments']['quantity'] = 0;
$context['attachments']['total_size'] = 0;
}
}
// Hmm. There are still files in session.
$ignore_temp = false;
if (!empty($_SESSION['temp_attachments']['post']['files']) && count($_SESSION['temp_attachments']) > 1) {
// Let's try to keep them. But...
$ignore_temp = true;
// If new files are being added. We can't ignore those
foreach ($_FILES['attachment']['tmp_name'] as $dummy) {
if (!empty($dummy)) {
$ignore_temp = false;
break;
}
}
// Need to make space for the new files. So, bye bye.
if (!$ignore_temp) {
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) {
@unlink($attachment['tmp_name']);
}
}
$attach_errors->activate()->addError('temp_attachments_flushed');
$_SESSION['temp_attachments'] = array();
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
if (!isset($_SESSION['temp_attachments'])) {
$_SESSION['temp_attachments'] = array();
}
// Remember where we are at. If it's anywhere at all.
if (!$ignore_temp) {
$_SESSION['temp_attachments']['post'] = array('msg' => !empty($id_msg) ? $id_msg : 0, 'last_msg' => !empty($_REQUEST['last_msg']) ? $_REQUEST['last_msg'] : 0, 'topic' => !empty($topic) ? $topic : 0, 'board' => !empty($board) ? $board : 0);
}
// If we have an initial error, lets just display it.
if (!empty($initial_error)) {
$_SESSION['temp_attachments']['initial_error'] = $initial_error;
// This is a generic error
$attach_errors->activate();
$attach_errors->addError('attach_no_upload');
$attach_errors->addError(is_array($attachment) ? array($attachment[0], $attachment[1]) : $attachment);
// And delete the files 'cos they ain't going nowhere.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
$_FILES['attachment']['tmp_name'] = array();
}
// Loop through $_FILES['attachment'] array and move each file to the current attachments folder.
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// First, let's first check for PHP upload errors.
$errors = attachmentUploadChecks($n);
// Set the names and destination for this file
$attachID = 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand());
$destName = $context['attach_dir'] . '/' . $attachID;
// If we are error free, Try to move and rename the file before doing more checks on it.
if (empty($errors)) {
$_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n]), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'attachid' => $attachID, 'size' => $_FILES['attachment']['size'][$n], 'type' => $_FILES['attachment']['type'][$n], 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array());
// Move the file to the attachments folder with a temp name for now.
if (@move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) {
@chmod($destName, 0644);
} else {
$_SESSION['temp_attachments'][$attachID]['errors'][] = 'attach_timeout';
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
} else {
$_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n]), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'errors' => $errors);
if (file_exists($_FILES['attachment']['tmp_name'][$n])) {
unlink($_FILES['attachment']['tmp_name'][$n]);
}
}
// If there were no errors to this pont, we apply some addtional checks
if (empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
attachmentChecks($attachID);
}
// Sort out the errors for display and delete any associated files.
if (!empty($_SESSION['temp_attachments'][$attachID]['errors'])) {
$attach_errors->addAttach($attachID, $_SESSION['temp_attachments'][$attachID]['name']);
$log_these = array('attachments_no_create', 'attachments_no_write', 'attach_timeout', 'ran_out_of_space', 'cant_access_upload_path', 'attach_0_byte_file');
foreach ($_SESSION['temp_attachments'][$attachID]['errors'] as $error) {
if (!is_array($error)) {
$attach_errors->addError($error);
if (in_array($error, $log_these)) {
log_error($_SESSION['temp_attachments'][$attachID]['name'] . ': ' . $txt[$error], 'critical');
}
} else {
$attach_errors->addError(array($error[0], $error[1]));
}
}
}
}
// Mod authors, finally a hook to hang an alternate attachment upload system upon
// Upload to the current attachment folder with the file name $attachID or 'post_tmp_' . $user_info['id'] . '_' . md5(mt_rand())
// Populate $_SESSION['temp_attachments'][$attachID] with the following:
// name => The file name
// tmp_name => Path to the temp file ($context['attach_dir'] . '/' . $attachID).
// size => File size (required).
// type => MIME type (optional if not available on upload).
// id_folder => $modSettings['currentAttachmentUploadDir']
// errors => An array of errors (use the index of the $txt variable for that error).
// Template changes can be done using "integrate_upload_template".
call_integration_hook('integrate_attachment_upload');
}
/**
* Writes email attachments as temp names in the proper attachment directory
*
* - populates $_SESSION['temp_attachments'] with the email attachments
* - calls attachmentChecks to validate them
* - skips ones flagged with errors
* - adds valid ones to attachmentOptions
* - calls createAttachment to store them
*
* @package Maillist
* @param mixed[] $pbe
* @param Email_Parse $email_message
*/
function pbe_email_attachments($pbe, $email_message)
{
// Trying to attach a file with this post ....
global $modSettings, $context;
// Init
$attachment_count = 0;
$attachIDs = array();
// Make sure we're uploading the files to the right place.
if (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// The current directory, of course!
$current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
} else {
$current_attach_dir = $modSettings['attachmentUploadDir'];
}
// For attachmentChecks function
require_once SUBSDIR . '/Attachments.subs.php';
$context['attachments'] = array('quantity' => 0, 'total_size' => 0);
$context['attach_dir'] = $current_attach_dir;
// Create the file(s) with a temp name so we can validate its contents/type
foreach ($email_message->attachments as $name => $attachment) {
// Write the contents to an actual file
$attachID = 'post_tmp_' . $pbe['profile']['id_member'] . '_' . md5(mt_rand()) . $attachment_count;
$destName = $current_attach_dir . '/' . $attachID;
if (file_put_contents($destName, $attachment) !== false) {
@chmod($destName, 0644);
// Place them in session since that's where attachmentChecks looks
$_SESSION['temp_attachments'][$attachID] = array('name' => htmlspecialchars(basename($name), ENT_COMPAT, 'UTF-8'), 'tmp_name' => $destName, 'size' => strlen($attachment), 'id_folder' => $modSettings['currentAttachmentUploadDir'], 'errors' => array(), 'approved' => !$modSettings['postmod_active'] || in_array('post_unapproved_attachments', $pbe['user_info']['permissions']));
// Make sure its valid
attachmentChecks($attachID);
$attachment_count++;
}
}
// Get the results from attachmentChecks and see if its suitable for posting
$attachments = $_SESSION['temp_attachments'];
unset($_SESSION['temp_attachments']);
foreach ($attachments as $attachID => $attachment) {
// If there were any errors we just skip that file
if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $pbe['profile']['id_member']) === false || ($attachID == 'initial_error' || !empty($attachment['errors']))) {
@unlink($attachment['tmp_name']);
continue;
}
// Load the attachmentOptions array with the data needed to create an attachment
$attachmentOptions = array('post' => !empty($email_message->message_id) ? $email_message->message_id : 0, 'poster' => $pbe['profile']['id_member'], 'name' => $attachment['name'], 'tmp_name' => $attachment['tmp_name'], 'size' => isset($attachment['size']) ? $attachment['size'] : 0, 'mime_type' => isset($attachment['type']) ? $attachment['type'] : '', 'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : 0, 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'), 'errors' => array());
// Make it available to the forum/post
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
} elseif (file_exists($attachment['tmp_name'])) {
@unlink($attachment['tmp_name']);
}
}
return $attachIDs;
}