function attach_create_attachment($attach_secure_str, $cur_posting)
{
    global $forum_db, $forum_user, $forum_config, $errors, $uploaded_list, $lang_attach;
    if ($forum_user['g_id'] == FORUM_ADMIN || $cur_posting['g_pun_attachment_allow_upload'] == 1) {
        if ($forum_user['g_id'] != FORUM_ADMIN && count($uploaded_list) + 1 > $cur_posting['g_pun_attachment_files_per_post']) {
            $errors[] = sprintf($lang_attach['Attach limit error'], $cur_posting['g_pun_attachment_files_per_post']);
        } else {
            // Load the profile.php language file
            require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php';
            if (!isset($_FILES['attach_file'])) {
                $errors[] = $lang_profile['No file'];
            } else {
                $uploaded_file = $_FILES['attach_file'];
            }
            // Make sure the upload went smooth
            if (isset($uploaded_file['error']) && empty($errors)) {
                switch ($uploaded_file['error']) {
                    case 1:
                        // UPLOAD_ERR_INI_SIZE
                    // UPLOAD_ERR_INI_SIZE
                    case 2:
                        // UPLOAD_ERR_FORM_SIZE
                        $errors[] = $lang_profile['Too large ini'];
                        break;
                    case 3:
                        // UPLOAD_ERR_PARTIAL
                        $errors[] = $lang_profile['Partial upload'];
                        break;
                    case 4:
                        // UPLOAD_ERR_NO_FILE
                        $errors[] = $lang_profile['No file'];
                        break;
                    case 6:
                        // UPLOAD_ERR_NO_TMP_DIR
                        $errors[] = $lang_profile['No tmp directory'];
                        break;
                    default:
                        // No error occured, but was something actually uploaded?
                        if ($uploaded_file['size'] == 0) {
                            $errors[] = $lang_profile['No file'];
                        }
                        break;
                }
            }
            if (empty($errors)) {
                $file_ext = attach_get_extension($uploaded_file['name']);
                if (!in_array($file_ext, explode(',', $cur_posting['g_pun_attachment_disallowed_extensions'])) && in_array($file_ext, explode(',', $forum_config['attach_always_deny']))) {
                    $errors[] = sprintf($lang_attach['Ext error'], $file_ext);
                }
                if ($forum_user['g_id'] != FORUM_ADMIN && $uploaded_file['size'] > $cur_posting['g_pun_attachment_upload_max_size']) {
                    $errors[] = sprintf($lang_attach['Filesize error'], $cur_posting['g_pun_attachment_upload_max_size']);
                }
                if (utf8_strlen($uploaded_file['name']) > 255) {
                    $errors[] = $lang_attach['File len err'];
                }
                if (utf8_strlen($file_ext) > 64) {
                    $errors[] = $lang_attach['Ext len err'];
                }
            }
        }
    } else {
        $errors[] = $lang_attach['Up perm error'];
    }
    if (empty($errors)) {
        if (is_uploaded_file($uploaded_file['tmp_name'])) {
            $attach_name = attach_generate_filename();
            if (!move_uploaded_file($uploaded_file['tmp_name'], $forum_config['attach_basefolder'] . $forum_config['attach_subfolder'] . '/' . $attach_name)) {
                $errors[] = sprintf($lang_profile['Move failed'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>');
            }
            if (empty($errors)) {
                $attach_record = array('owner_id' => 0, 'post_id' => 0, 'topic_id' => 0, 'filename' => '\'' . $forum_db->escape($uploaded_file['name']) . '\'', 'file_ext' => '\'' . $forum_db->escape($file_ext) . '\'', 'file_mime_type' => '\'' . attach_create_mime($file_ext) . '\'', 'file_path' => '\'' . $forum_db->escape($forum_config['attach_subfolder'] . '/' . $attach_name) . '\'', 'size' => $uploaded_file['size'], 'download_counter' => 0, 'uploaded_at' => time(), 'secure_str' => '\'' . $forum_db->escape($attach_secure_str) . '\'');
                if (empty($errors)) {
                    $attach_query = array('INSERT' => implode(',', array_keys($attach_record)), 'INTO' => 'attach_files', 'VALUES' => implode(',', array_values($attach_record)));
                    $forum_db->query_build($attach_query) or error(__FILE__, __LINE__);
                    $attach_record['id'] = $forum_db->insert_id();
                    $attach_record['filename'] = $forum_db->escape($uploaded_file['name']);
                    $attach_record['file_ext'] = $forum_db->escape($file_ext);
                    $attach_record['secure_str'] = $attach_secure_str;
                    $attach_record['file_path'] = $forum_db->escape($forum_config['attach_subfolder'] . DIRECTORY_SEPARATOR . $attach_name);
                    $uploaded_list[] = $attach_record;
                }
            }
        }
    }
}
function attach_update_attachment($attach_id, $attach_owner, $attach_post_id, $attach_filename, $attach_extension, $attach_size, $attach_downloads, $attach_mime, $attach_data)
{
    global $db, $pun_user, $pun_config;
    // fetch an unique name for the file
    $unique_name = attach_generate_filename($pun_config['attach_basefolder'] . '/' . $pun_config['attach_subfolder'] . '/', 0, $attach_size);
    // create a new file on disk and fill it with data...
    $newfile = fopen($pun_config['attach_basefolder'] . '/' . $pun_config['attach_subfolder'] . '/' . $unique_name, 'wb');
    //wb = write, reset file to 0 bytes if existing, and b is just for windows, to tell it's binary mode...is ignored on other OS:es
    if (!$newfile) {
        error('Error creating filepointer for file, for attachment with id: "' . $attach_id . '"', __FILE__, __LINE__);
    }
    // write the data into the file ...
    if (fwrite($newfile, $attach_data) === FALSE) {
        error('Error filling empty file with data, attachment with id: "' . $attach_id . '"', __FILE__, __LINE__);
    }
    fclose($newfile);
    // and close the file ...
    if (strlen($attach_mime) == 0) {
        $attach_mime = attach_create_mime(attach_find_extention($attach_filename));
    }
    // update the database with this info
    $result = $db->query('INSERT INTO ' . $db->prefix . 'attach_2_files (id,owner,post_id,filename,extension,mime,location,size,downloads) VALUES (\'' . $attach_id . '\',\'' . $attach_owner . '\',\'' . $attach_post_id . '\',\'' . $db->escape($attach_filename) . '\',\'' . $attach_extension . '\',\'' . $db->escape($attach_mime) . '\',\'' . $db->escape($pun_config['attach_subfolder'] . '/' . $unique_name) . '\',\'' . $attach_size . '\',\'' . $attach_downloads . '\')') or error('Unable to insert attachment record into database.', __FILE__, __LINE__, $db->error());
    return true;
}
Exemple #3
0
function attach_generate_filename($storagepath, $messagelength = 0, $size = 0)
{
    // Login keys are one time use only. Use this as salt too.
    global $panther_user;
    $newfile = md5($messagelength . $size . $panther_user['login_key'] . random_key(18)) . '.attach';
    if (!is_file($storagepath . $newfile)) {
        return $newfile;
    } else {
        return attach_generate_filename($storagepath, $messagelength, $size);
    }
}