// | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // include '../lib-common.php'; include 'library.php'; if (!SEC_inGroup($_FMCONF['access_mode'])) { echo COM_refresh($_CONF['site_url']); exit; } $filter = new sanitizer(); $filter->cleanData('int', array('cid' => $_REQUEST['cid'], 'fid' => $_GET['fid'])); $filter->cleanData('char', array('op' => $_REQUEST['op'])); $_CLEAN = $filter->getCleanData(); $cid = $_CLEAN['int']['cid']; $fid = $_CLEAN['int']['fid']; if ($fid > 0 and empty($cid)) { $cid = DB_getItem($_TABLES['nxfile_files'], 'cid', "fid={$fid} AND status=1"); $pid = DB_getItem($_TABLES['nxfile_categories'], 'pid', "cid={$cid}"); if (empty($cid) or !fm_getPermission($cid, 'view') or $pid > 0 and !fm_getPermission($pid, 'view')) { $fid = 0; $cid = 0; } } elseif ($cid > 0) { if (!fm_getPermission($cid, 'view')) { $cid = 0; } } $op = strtolower($_CLEAN['char']['op']);
if ($_USER['uid'] > 0) { $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); } } } //set up the user if ($_USER['uid'] < 2) { $uid = 0; } else { $uid = $_USER['uid']; } $error = 'NULL'; $filter = new sanitizer(); $op = $filter->getCleanData('char', $_REQUEST['op']); $filter->initFilter(); // Reset Filter $firephp = FirePHP::getInstance(true); $firephp->group('Nexfile - AJAX Server'); if (isset($_REQUEST['pending'])) { $logmessage = "op:{$op}, user: {$uid}, cid: {$_POST['cid']}, pending request count: {$_REQUEST['pending']}"; } else { $logmessage = "op:{$op}, user: {$uid}, reportmode: {$_GET['reportmode']}"; } $firephp->log($logmessage); //COM_errorLog ($logmessage); $data = array(); function firelogmsg($message) { global $firephp, $mytimer;
function gf_check4files($id, $tempfile = false) { global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00; global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore, $_FMCONF; $filelinks = ''; $uploadfile = $_FILES['file_forum']; $cid = COM_applyFilter($_POST['filemgmtcat'], true); $use_filestore = false; if ($uploadfile['name'] != '') { if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) { $filename = $uploadfile['name']; $pos = strrpos($uploadfile['name'], '.') + 1; $ext = strtolower(substr($uploadfile['name'], $pos)); $use_filestore = true; } else { $uploadfilename = ppRandomFilename(); $pos = strrpos($uploadfile['name'], '.') + 1; $ext = strtolower(substr($uploadfile['name'], $pos)); $filename = "{$uploadfilename}.{$ext}"; //COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename"); } if ($use_filestore) { if ($CONF_FORUM['filestorage_plugin'] == 'filemgmt') { $filestore_path = $filemgmt_FileStore; } elseif ($CONF_FORUM['filestorage_plugin'] == 'nexfile') { $filestore_path = $_FMCONF['storage_path'] . "{$cid}/"; } else { $filestore_path = $CONF_FORUM['uploadpath']; } } else { $filestore_path = $CONF_FORUM['uploadpath']; } if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) { require_once $_CONF['path'] . 'plugins/forum/simpleimage.class.php'; if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes'])) { if ($_POST['chk_usefilemgmt'] == 1) { $srcImage = "{$filemgmt_FileStore}{$filename}"; $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}"; } else { $srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}"; $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}"; } $image = new SimpleImage(); $image->load($srcImage); $image->resize($CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']); $image->save($destImage); } // Store both the created filename and the real file source filename $realfilename = $filename; $filename = "{$filename}:{$uploadfile['name']}"; $pos = strrpos($filename, '.') + 1; $fileExtension = substr($filename, $pos); $filter = new sanitizer(); $mimetype = $filter->getCleanData('text', $uploadfile['type']); if ($tempfile) { $temp = 1; } else { $temp = 0; } if ($use_filestore) { // Check and see if nexfile or the filemgmt plugin is being used if ($CONF_FORUM['filestorage_plugin'] == 'nexfile') { $sql = "INSERT INTO {$_TABLES['nxfile_files']} " . "(cid,fname,title,version,ftype,size,mimetype,extension,submitter,status,date) " . "VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}'," . "'{$mimetype}','{$fileExtension}','{$_USER['uid']}','1',UNIX_TIMESTAMP())"; DB_query($sql); $fid = DB_insertId(); DB_query("INSERT INTO {$_TABLES['nxfile_filedetail']} (fid,description,hits,rating,votes,comments)\r\n VALUES ('{$fid}','','0','0','0','0')"); DB_query("INSERT INTO {$_TABLES['nxfile_fileversions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')"); DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$fid},'{$filename}',{$temp})"); } elseif ($CONF_FORUM['filestorage_plugin'] == 'filemgmt') { $sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) "; $sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())"; DB_query($sql); $newid = DB_insertID(); DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$newid},'{$filename}',{$temp})"); $description = ppPrepareForDB($_POST['filemgmt_desc']); DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')"); } } else { DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n VALUES ('{$id}','{$filename}',{$temp})"); } } else { COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']); $errmsg = $GLOBALS['gf_errmsg']; } } if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) { DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}"); } return $filelinks; }