function attach_create_attachment($attach_secure_str, $cur_posting)
{
global $forum_db, $forum_user, $forum_config, $errors, $uploaded_list, $lang_attach;
if ($forum_user['g_id'] == FORUM_ADMIN || $cur_posting['g_pun_attachment_allow_upload'] == 1) {
if ($forum_user['g_id'] != FORUM_ADMIN && count($uploaded_list) + 1 > $cur_posting['g_pun_attachment_files_per_post']) {
$errors[] = sprintf($lang_attach['Attach limit error'], $cur_posting['g_pun_attachment_files_per_post']);
} else {
// Load the profile.php language file
require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php';
if (!isset($_FILES['attach_file'])) {
$errors[] = $lang_profile['No file'];
} else {
$uploaded_file = $_FILES['attach_file'];
}
// Make sure the upload went smooth
if (isset($uploaded_file['error']) && empty($errors)) {
switch ($uploaded_file['error']) {
case 1:
// UPLOAD_ERR_INI_SIZE
// UPLOAD_ERR_INI_SIZE
case 2:
// UPLOAD_ERR_FORM_SIZE
$errors[] = $lang_profile['Too large ini'];
break;
case 3:
// UPLOAD_ERR_PARTIAL
$errors[] = $lang_profile['Partial upload'];
break;
case 4:
// UPLOAD_ERR_NO_FILE
$errors[] = $lang_profile['No file'];
break;
case 6:
// UPLOAD_ERR_NO_TMP_DIR
$errors[] = $lang_profile['No tmp directory'];
break;
default:
// No error occured, but was something actually uploaded?
if ($uploaded_file['size'] == 0) {
$errors[] = $lang_profile['No file'];
}
break;
}
}
if (empty($errors)) {
$file_ext = attach_get_extension($uploaded_file['name']);
if (!in_array($file_ext, explode(',', $cur_posting['g_pun_attachment_disallowed_extensions'])) && in_array($file_ext, explode(',', $forum_config['attach_always_deny']))) {
$errors[] = sprintf($lang_attach['Ext error'], $file_ext);
}
if ($forum_user['g_id'] != FORUM_ADMIN && $uploaded_file['size'] > $cur_posting['g_pun_attachment_upload_max_size']) {
$errors[] = sprintf($lang_attach['Filesize error'], $cur_posting['g_pun_attachment_upload_max_size']);
}
if (utf8_strlen($uploaded_file['name']) > 255) {
$errors[] = $lang_attach['File len err'];
}
if (utf8_strlen($file_ext) > 64) {
$errors[] = $lang_attach['Ext len err'];
}
}
}
} else {
$errors[] = $lang_attach['Up perm error'];
}
if (empty($errors)) {
if (is_uploaded_file($uploaded_file['tmp_name'])) {
$attach_name = attach_generate_filename();
if (!move_uploaded_file($uploaded_file['tmp_name'], $forum_config['attach_basefolder'] . $forum_config['attach_subfolder'] . '/' . $attach_name)) {
$errors[] = sprintf($lang_profile['Move failed'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>');
}
if (empty($errors)) {
$attach_record = array('owner_id' => 0, 'post_id' => 0, 'topic_id' => 0, 'filename' => '\'' . $forum_db->escape($uploaded_file['name']) . '\'', 'file_ext' => '\'' . $forum_db->escape($file_ext) . '\'', 'file_mime_type' => '\'' . attach_create_mime($file_ext) . '\'', 'file_path' => '\'' . $forum_db->escape($forum_config['attach_subfolder'] . '/' . $attach_name) . '\'', 'size' => $uploaded_file['size'], 'download_counter' => 0, 'uploaded_at' => time(), 'secure_str' => '\'' . $forum_db->escape($attach_secure_str) . '\'');
if (empty($errors)) {
$attach_query = array('INSERT' => implode(',', array_keys($attach_record)), 'INTO' => 'attach_files', 'VALUES' => implode(',', array_values($attach_record)));
$forum_db->query_build($attach_query) or error(__FILE__, __LINE__);
$attach_record['id'] = $forum_db->insert_id();
$attach_record['filename'] = $forum_db->escape($uploaded_file['name']);
$attach_record['file_ext'] = $forum_db->escape($file_ext);
$attach_record['secure_str'] = $attach_secure_str;
$attach_record['file_path'] = $forum_db->escape($forum_config['attach_subfolder'] . DIRECTORY_SEPARATOR . $attach_name);
$uploaded_list[] = $attach_record;
}
}
}
}
}
function attach_update_attachment($attach_id, $attach_owner, $attach_post_id, $attach_filename, $attach_extension, $attach_size, $attach_downloads, $attach_mime, $attach_data)
{
global $db, $pun_user, $pun_config;
// fetch an unique name for the file
$unique_name = attach_generate_filename($pun_config['attach_basefolder'] . '/' . $pun_config['attach_subfolder'] . '/', 0, $attach_size);
// create a new file on disk and fill it with data...
$newfile = fopen($pun_config['attach_basefolder'] . '/' . $pun_config['attach_subfolder'] . '/' . $unique_name, 'wb');
//wb = write, reset file to 0 bytes if existing, and b is just for windows, to tell it's binary mode...is ignored on other OS:es
if (!$newfile) {
error('Error creating filepointer for file, for attachment with id: "' . $attach_id . '"', __FILE__, __LINE__);
}
// write the data into the file ...
if (fwrite($newfile, $attach_data) === FALSE) {
error('Error filling empty file with data, attachment with id: "' . $attach_id . '"', __FILE__, __LINE__);
}
fclose($newfile);
// and close the file ...
if (strlen($attach_mime) == 0) {
$attach_mime = attach_create_mime(attach_find_extention($attach_filename));
}
// update the database with this info
$result = $db->query('INSERT INTO ' . $db->prefix . 'attach_2_files (id,owner,post_id,filename,extension,mime,location,size,downloads) VALUES (\'' . $attach_id . '\',\'' . $attach_owner . '\',\'' . $attach_post_id . '\',\'' . $db->escape($attach_filename) . '\',\'' . $attach_extension . '\',\'' . $db->escape($attach_mime) . '\',\'' . $db->escape($pun_config['attach_subfolder'] . '/' . $unique_name) . '\',\'' . $attach_size . '\',\'' . $attach_downloads . '\')') or error('Unable to insert attachment record into database.', __FILE__, __LINE__, $db->error());
return true;
}
function attach_generate_filename($storagepath, $messagelength = 0, $size = 0)
{
// Login keys are one time use only. Use this as salt too.
global $panther_user;
$newfile = md5($messagelength . $size . $panther_user['login_key'] . random_key(18)) . '.attach';
if (!is_file($storagepath . $newfile)) {
return $newfile;
} else {
return attach_generate_filename($storagepath, $messagelength, $size);
}
}