function file_download($content, $filename, $extension)
{
//header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
//header("Cache-Control: public");
//for IE over SSL
header("Cache-Control: maxage=1");
//In seconds
header("Pragma: public");
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Length: " . strlen($content));
header("Content-Disposition: attachment; filename=" . format_file_name($filename, $extension));
echo $content;
db_close();
}
$nb_erreur++;
}
# if($_FILES['file']['error']!=0) { $page['erreur'][$nb_erreur]['message']=$lang['file']['E_invalid_file']; $nb_erreur++; }
if (isset($_POST['name']) and !empty($_POST['name']) and !check_file_name($_POST['name'])) {
$page['erreur'][$nb_erreur]['message'] = $lang['file']['E_invalid_name'];
$nb_erreur++;
}
# we check if the file does not exist
if ($nb_erreur == 0) {
# name of the file
if (isset($_POST['name']) and !empty($_POST['name'])) {
# we get the extension
$file_ext = substr($_FILES['file']['name'], strrpos($_FILES['file']['name'], "."));
$file_name = format_file_name($_POST['name']) . $file_ext;
} else {
$file_name = format_file_name($_FILES['file']['name']);
}
$path_file = ROOT . "/" . FILE_FOLDER . "/" . $_POST['upload_folder'] . "/" . $file_name;
# check
if (file_exists($path_file)) {
$page['erreur'][$nb_erreur]['message'] = $lang['file']['E_exist_file'];
$nb_erreur++;
}
}
# there is no error, we copy the file
if ($nb_erreur == 0) {
# we try to upload the file
$copy_file = @move_uploaded_file($_FILES['file']['tmp_name'], $path_file);
if ($copy_file) {
$page['L_message_file'] = $lang['file']['form_file_add_1'];
} else {
<?php
include "../../include.php";
$d = db_grab("SELECT \n\t\ta.title, \n\t\tt.extension, \n\t\ta.content \n\tFROM wiki_topics_attachments a \n\tJOIN docs_types t ON a.type_id = t.id\n\tWHERE a.id = " . $_GET["id"]);
//db_query("INSERT INTO docs_views ( documentID, user_id, viewedOn ) VALUES ( {$_GET["id"]}, {$_SESSION["user_id"]}, GETDATE() )");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Length: " . strlen($d["content"]));
header("Content-Disposition: attachment; filename=" . format_file_name($d["title"], $d["extension"]));
echo $d["content"];
db_close();
function attachments_make_link($attachment, $show_thumbs = true, $limit_filename = false, $local_path = false, $img_tag = true)
{
if (!is_array($attachment)) {
return false;
}
if (!is_bool($show_thumbs)) {
$show_thumbs = true;
}
if (!is_bool($limit_filename)) {
$limit_filename = false;
}
if (!is_bool($local_path)) {
$local_path = false;
}
if (!is_bool($img_tag)) {
$img_tag = true;
}
if (!($attachment_dir = attachments_check_dir())) {
return false;
}
if (!isset($attachment['hash'])) {
return false;
}
if (!isset($attachment['filename'])) {
return false;
}
if (!isset($attachment['downloads'])) {
return false;
}
if (!is_md5($attachment['hash'])) {
return false;
}
$thumbnail_max_size = 100;
$webtag = get_webtag();
forum_check_webtag_available($webtag);
if (isset($_SESSION['SHOW_THUMBS']) && is_numeric($_SESSION['SHOW_THUMBS'])) {
$user_show_thumbs = $_SESSION['SHOW_THUMBS'];
} else {
$user_show_thumbs = 100;
}
if ($show_thumbs && forum_get_setting('attachment_thumbnails', 'Y') && ($user_show_thumbs > 0 || !session::logged_in())) {
$thumbnail_size = array(1 => 50, 2 => 100, 3 => 150);
$thumbnail_max_size = isset($thumbnail_size[$user_show_thumbs]) ? $thumbnail_size[$user_show_thumbs] : 100;
} else {
$show_thumbs = false;
}
if ($local_path) {
$attachment_href = "attachments/{$attachment['filename']}";
} else {
$attachment_href = "get_attachment.php?webtag={$webtag}&hash={$attachment['hash']}";
$attachment_href .= "&filename={$attachment['filename']}";
}
if ($img_tag) {
$title_array = array();
if (mb_strlen($attachment['filename']) > 16 && $limit_filename) {
$title_array[] = sprintf(gettext("Filename: %s"), $attachment['filename']);
$attachment['filename'] = format_file_name($attachment['filename']);
}
if (isset($attachment['filesize']) && is_numeric($attachment['filesize']) && $attachment['filesize'] > 0) {
$title_array[] = sprintf(gettext("Size: %s"), format_file_size($attachment['filesize']));
}
if ($attachment['downloads'] == 1) {
$title_array[] = gettext("Downloaded: 1 time");
} else {
$title_array[] = sprintf(gettext("Downloaded: %d times"), $attachment['downloads']);
}
if (isset($attachment['width'], $attachment['height'])) {
$title_array[] = sprintf(gettext("Dimensions %dx%dpx"), $attachment['width'], $attachment['height']);
}
$title = implode(", ", $title_array);
if ($show_thumbs && isset($attachment['thumbnail']) && $attachment['thumbnail'] == 'Y') {
$thumbnail_width = 150;
$thumbnail_height = 150;
while ($thumbnail_width > $thumbnail_max_size) {
$thumbnail_width--;
$thumbnail_height--;
}
$attachment_link = "<a href=\"{$attachment_href}\" target=\"_blank\"><span class=\"attachment_thumb\" ";
$attachment_link .= "style=\"background-image: url('{$attachment_href}&thumb=1'); ";
$attachment_link .= "width: {$thumbnail_width}px; height: {$thumbnail_height}px\" ";
$attachment_link .= "title=\"{$title}\"></span></a>";
} else {
$attachment_link = html_style_image('attach', gettext("Attachment"));
$attachment_link .= "<a href=\"{$attachment_href}\" title=\"{$title}\" ";
$attachment_link .= "target=\"_blank\">{$attachment['filename']}</a>";
}
return $attachment_link;
}
return $attachment_href;
}
function action_update_file($filepath)
{
log_write("debug", "file_storage", "Executing action_update_file({$filepath})");
/*
Make sure the supplied file exists
*/
if (!file_exists($filepath)) {
log_write("error", "file_storage", "The requested file {$filepath} does not exist, unable to upload new file.");
return 0;
}
/*
Start SQL Transaction
*/
$sql_obj = new sql_query();
$sql_obj->trans_begin();
/*
If no ID exists, create a new file entry first
*/
if (!$this->id) {
if (!$this->action_create()) {
$sql_obj->trans_rollback();
log_write("error", "file_storage", "Unexpected DB error whilst attempting to create a new file metadata entry");
return 0;
}
}
/*
Fetch metadata from file
*/
$this->data["file_size"] = filesize($filepath);
if (empty($this->data["file_name"])) {
// no filename supplied, take the filename of the provided file path
$this->data["file_name"] = format_file_name($filepath);
}
if ($this->config["data_storage_method"] == "filesystem") {
/*
Upload file to configured location on filesystem
For this, we simply need to copy the temporary file that has been uploaded to the new location.
*/
$uploadname = $this->config["data_storage_location"] . "/" . $this->id;
if (!copy($filepath, $uploadname)) {
log_write("error", "file_storage", "Unable to upload file to filesystem storage location ('{$uploadname}')- possible permissions issue.");
}
$this->data["file_location"] = "fs";
} elseif ($this->config["data_storage_method"]) {
/*
Upload file to database
We need to split the file into 64kb chunks, and add a new row to the file_upload_data table for each chunk - by splitting
the file we reduce memory usage when retrieving the file data as well as supporting standard MySQL database configurations.
*/
// delete any existing files from the database
$sql_obj->string = "DELETE FROM file_upload_data WHERE fileid='" . $this->id . "'";
$sql_obj->execute();
// open the file - read only & binary
$file_handle = fopen($filepath, "rb");
while (!feof($file_handle)) {
// make the data safe for MySQL, we don't want any
// SQL injections from file uploads!
$binarydata = addslashes(fread($file_handle, 65535));
// upload the row
// note that the ID of the rows will increase, so if we sort the rows
// in ascenting order, we will recieve the correct data.
$sql_obj->string = "INSERT INTO file_upload_data (fileid, data) values ('" . $this->id . "', '" . $binarydata . "')";
$sql_obj->execute();
}
// close the file
fclose($file_handle);
$this->data["file_location"] = "db";
} else {
log_write("error", "file_storage", "Invalid data_storage_method (" . $this->config["data_storage_method"] . ") configured, unable to upload file.");
}
// update database record
$sql_obj->string = "UPDATE file_uploads SET " . "timestamp='" . time() . "', " . "file_name='" . $this->data["file_name"] . "', " . "file_size='" . $this->data["file_size"] . "', " . "file_location='" . $this->data["file_location"] . "' " . "WHERE id='" . $this->id . "' LIMIT 1";
$sql_obj->execute();
/*
Commit
*/
if (error_check()) {
$sql_obj->trans_rollback();
log_write("error", "file_storage", "An error occured whilst attempting to upload the file, no changes have been made.");
return 0;
} else {
$sql_obj->trans_commit();
log_write("debug", "file_storage", "Successfully uploaded file ID '" . $this->id . "'");
return $this->id;
}
}
