Exemple #1
0
function create_thumbnail($source, $new_file)
{
    global $attach_config;
    $source = amod_realpath($source);
    $min_filesize = intval($attach_config['img_min_thumb_filesize']);
    $img_filesize = file_exists(amod_realpath($source)) ? filesize($source) : false;
    if (!$img_filesize || $img_filesize <= $min_filesize) {
        return FALSE;
    }
    $size = image_getdimension($source);
    if ($size[0] <= 0 && $size[1] <= 0) {
        return FALSE;
    }
    $new_size = get_img_size_format($size[0], $size[1]);
    $tmp_path = '';
    $old_file = '';
    if (intval($attach_config['allow_ftp_upload'])) {
        $old_file = $new_file;
        $tmp_path = explode('/', $source);
        $tmp_path[count($tmp_path) - 1] = '';
        $tmp_path = implode('/', $tmp_path);
        if ($tmp_path == '') {
            $tmp_path = '/tmp';
        }
        $value = trim($tmp_path);
        if ($value[strlen($value) - 1] == '/') {
            $value[strlen($value) - 1] = ' ';
        }
        $new_file = trim($value) . '/t00000';
    }
    global $MAIN_CFG;
    if (!isset($MAIN_CFG['imaging']['type'])) {
        //$attach_config['use_gd2']
        $MAIN_CFG['imaging']['type'] = empty($attach_config['img_imagick']) ? 'gd2' : 'im';
        $MAIN_CFG['imaging']['impath'] = $attach_config['img_imagick'];
        $MAIN_CFG['imaging']['pbmpath'] = $attach_config['img_imagick'];
    }
    require_once 'includes/imaging/imaging.inc';
    Graphic::resize($source, $new_size, $new_file, $size);
    if (!file_exists(amod_realpath($new_file))) {
        return FALSE;
    }
    if (intval($attach_config['allow_ftp_upload'])) {
        $result = ftp_file($new_file, $old_file, $this->type, TRUE);
        // True for disable error-mode
        if (!$result) {
            return FALSE;
        }
    } else {
        chmod($new_file, PHP_AS_NOBODY ? 0666 : 0644);
    }
    return TRUE;
}
function create_thumbnail($source, $new_file, $mimetype)
{
    global $attach_config, $imagick;
    $source = amod_realpath($source);
    $min_filesize = intval($attach_config['img_min_thumb_filesize']);
    $img_filesize = @file_exists(@amod_realpath($source)) ? filesize($source) : false;
    if (!$img_filesize || $img_filesize <= $min_filesize) {
        return FALSE;
    }
    $size = image_getdimension($source);
    if ($size[0] == 0 && $size[1] == 0) {
        return FALSE;
    }
    $new_size = get_img_size_format($size[0], $size[1]);
    $tmp_path = '';
    $old_file = '';
    if (intval($attach_config['allow_ftp_upload'])) {
        $old_file = $new_file;
        $tmp_path = explode('/', $source);
        $tmp_path[count($tmp_path) - 1] = '';
        $tmp_path = implode('/', $tmp_path);
        if ($tmp_path == '') {
            $tmp_path = '/tmp';
        }
        $value = trim($tmp_path);
        if ($value[strlen($value) - 1] == '/') {
            $value[strlen($value) - 1] = ' ';
        }
        $new_file = trim($value) . '/t00000';
    }
    $used_imagick = FALSE;
    if (is_imagick()) {
        if (is_array($size) && count($size) > 0) {
            passthru($imagick . ' -quality 85 -antialias -sample ' . $new_size[0] . 'x' . $new_size[1] . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $new_file) . '"');
            if (@file_exists(@amod_realpath($new_file))) {
                $used_imagick = TRUE;
            }
        }
    }
    if (!$used_imagick) {
        $type = $size[2];
        $supported_types = get_supported_image_types();
        if (in_array($type, $supported_types)) {
            switch ($type) {
                case '1':
                    $im = imagecreatefromgif($source);
                    $new_im = imagecreate($new_size[0], $new_size[1]);
                    imagecopyresized($new_im, $im, 0, 0, 0, 0, $new_size[0], $new_size[1], $size[0], $size[1]);
                    imagegif($new_im, $new_file);
                    break;
                case '2':
                    $im = imagecreatefromjpeg($source);
                    $new_im = intval($attach_config['use_gd2']) ? @imagecreatetruecolor($new_size[0], $new_size[1]) : imagecreate($new_size[0], $new_size[1]);
                    imagecopyresized($new_im, $im, 0, 0, 0, 0, $new_size[0], $new_size[1], $size[0], $size[1]);
                    imagejpeg($new_im, $new_file, 90);
                    break;
                case '3':
                    $im = imagecreatefrompng($source);
                    $new_im = intval($attach_config['use_gd2']) ? @imagecreatetruecolor($new_size[0], $new_size[1]) : imagecreate($new_size[0], $new_size[1]);
                    imagecopyresized($new_im, $im, 0, 0, 0, 0, $new_size[0], $new_size[1], $size[0], $size[1]);
                    imagepng($new_im, $new_file);
                    break;
            }
        }
    }
    if (!@file_exists(@amod_realpath($new_file))) {
        return FALSE;
    }
    if (intval($attach_config['allow_ftp_upload'])) {
        $result = ftp_file($new_file, $old_file, $this->type, TRUE);
        // True for disable error-mode
        if (!$result) {
            return FALSE;
        }
    } else {
        @chmod($new_file, 0664);
    }
    return TRUE;
}
Exemple #3
0
/**
* Assign Variables and Definitions based on the fetched Attachments - internal
* used by all displaying functions, the Data was collected before, it's only dependend on the template used. :)
* before this function is usable, init_display_attachments have to be called for specific pages (pm, posting, review etc...)
*/
function display_attachments($post_id)
{
    global $template, $upload_dir, $userdata, $allowed_extensions, $display_categories, $download_modes, $db, $lang, $phpEx, $attachments, $upload_icons, $attach_config;
    global $phpbb_root_path;
    $num_attachments = sizeof($attachments['_' . $post_id]);
    if ($num_attachments == 0) {
        return;
    }
    $template->assign_block_vars('postrow.attach', array());
    for ($i = 0; $i < $num_attachments; $i++) {
        // Some basic things...
        $filename = $upload_dir . '/' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $upload_image = '';
        if ($attach_config['upload_img'] != '' && trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) == '') {
            // Begin PNphpBB2 Module
            //			$upload_image = '<img src="' . $attach_config['upload_img'] . '" alt="" border="0" />';
            $upload_image = '<img src="' . $phpbb_root_path . $attach_config['upload_img'] . '" alt="" />';
            // End PNphpBB2 Module
        } else {
            if (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
                $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" border="0" />';
            }
        }
        $filesize = $attachments['_' . $post_id][$i]['filesize'];
        $size_lang = $filesize >= 1048576 ? $lang['MB'] : ($filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
        if ($filesize >= 1048576) {
            $filesize = round(round($filesize / 1048576 * 100) / 100, 2);
        } else {
            if ($filesize >= 1024) {
                $filesize = round(round($filesize / 1024 * 100) / 100, 2);
            }
        }
        $display_name = $attachments['_' . $post_id][$i]['real_filename'];
        $comment = $attachments['_' . $post_id][$i]['comment'];
        $comment = str_replace("\n", '<br />', $comment);
        $denied = false;
        // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
        if (!in_array($attachments['_' . $post_id][$i]['extension'], $allowed_extensions)) {
            $denied = true;
            $template->assign_block_vars('postrow.attach.denyrow', array('L_DENIED' => sprintf($lang['Extension_disabled_after_posting'], $attachments['_' . $post_id][$i]['extension'])));
        }
        if (!$denied || $userdata['user_level'] == ADMIN) {
            // Some basic Template Vars
            $template->assign_vars(array('L_DESCRIPTION' => $lang['Description'], 'L_DOWNLOAD' => $lang['Download'], 'L_FILENAME' => $lang['File_name'], 'L_FILESIZE' => $lang['Filesize']));
            // define category
            $image = FALSE;
            $stream = FALSE;
            $swf = FALSE;
            $thumbnail = FALSE;
            $link = FALSE;
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == STREAM_CAT) {
                $stream = TRUE;
            } else {
                if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == SWF_CAT) {
                    $swf = TRUE;
                } else {
                    if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($attach_config['img_display_inlined'])) {
                        if (intval($attach_config['img_link_width']) != 0 || intval($attach_config['img_link_height']) != 0) {
                            list($width, $height) = image_getdimension($filename);
                            if ($width == 0 && $height == 0) {
                                $image = TRUE;
                            } else {
                                if ($width <= intval($attach_config['img_link_width']) && $height <= intval($attach_config['img_link_height'])) {
                                    $image = TRUE;
                                }
                            }
                        } else {
                            $image = TRUE;
                        }
                    }
                }
            }
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                $thumbnail = TRUE;
                $image = FALSE;
            }
            if (!$image && !$stream && !$swf && !$thumbnail) {
                $link = TRUE;
            }
            if ($image) {
                // Images
                // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //	$img_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                //	$download_link = TRUE;
                //
                //
                if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                    // Begin PNphpBB2 Module
                    //					$img_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    $img_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    // End PNphpBB2 Module
                    $download_link = TRUE;
                } else {
                    // Check if we can reach the file or if it is stored outside of the webroot
                    if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                        // Begin PNphpBB2 Module
                        //						$img_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                        $img_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                        // End PNphpBB2 Module
                        $download_link = TRUE;
                    } else {
                        // BEGIN
                        $img_source = $filename;
                        $download_link = FALSE;
                        // END
                    }
                }
                $template->assign_block_vars('postrow.attach.cat_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => $img_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count'])));
                // Directly Viewed Image ... update the download count
                if (!$download_link) {
                    $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' 
						SET download_count = download_count + 1 
						WHERE attach_id = ' . (int) $attachments['_' . $post_id][$i]['attach_id'];
                    if (!$db->sql_query($sql)) {
                        message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count.', '', __LINE__, __FILE__, $sql);
                    }
                }
            }
            if ($thumbnail) {
                // Images, but display Thumbnail
                // NOTE: If you want to use the download.php everytime an thumnmail is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //	$thumb_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                //
                if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                    // Begin PNphpBB2 Module
                    //					$thumb_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                    $thumb_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                    // End PNphpBB2 Module
                } else {
                    // Check if we can reach the file or if it is stored outside of the webroot
                    if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                        // Begin PNphpBB2 Module
                        //						$thumb_source = append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                        $thumb_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                        // End PNphpBB2 Module
                    } else {
                        // BEGIN
                        $thumb_source = $thumbnail_filename;
                        // END
                    }
                }
                $template->assign_block_vars('postrow.attach.cat_thumb_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'IMG_THUMB_SRC' => $thumb_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count'])));
            }
            if ($stream) {
                // Streams
                $template->assign_block_vars('postrow.attach.cat_stream', array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count'])));
                // Viewed/Heared File ... update the download count (download.php is not called here)
                $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' 
					SET download_count = download_count + 1 
					WHERE attach_id = ' . (int) $attachments['_' . $post_id][$i]['attach_id'];
                if (!$db->sql_query($sql)) {
                    message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql);
                }
            }
            if ($swf) {
                // Macromedia Flash Files
                list($width, $height) = swf_getdimension($filename);
                $template->assign_block_vars('postrow.attach.cat_swf', array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']), 'WIDTH' => $width, 'HEIGHT' => $height));
                // Viewed/Heared File ... update the download count (download.php is not called here)
                $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' 
					SET download_count = download_count + 1 
					WHERE attach_id = ' . (int) $attachments['_' . $post_id][$i]['attach_id'];
                if (!$db->sql_query($sql)) {
                    message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql);
                }
            }
            if ($link) {
                $target_blank = 'target="_blank"';
                //( (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT) ) ? 'target="_blank"' : '';
                // display attachment
                $template->assign_block_vars('postrow.attach.attachrow', array('U_DOWNLOAD_LINK' => append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'TARGET_BLANK' => $target_blank, 'L_DOWNLOADED_VIEWED' => $lang['Downloaded'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count'])));
            }
        }
    }
}
Exemple #4
0
/**
* Assign Variables and Definitions based on the fetched Attachments - internal
* used by all displaying functions, the Data was collected before, it's only dependend on the template used. :)
* before this function is usable, init_display_attachments have to be called for specific pages (pm, posting, review etc...)
*/
function display_attachments($post_id)
{
    global $template, $upload_dir, $userdata, $allowed_extensions, $display_categories, $download_modes, $lang, $attachments, $upload_icons, $attach_config;
    $num_attachments = @sizeof($attachments['_' . $post_id]);
    if ($num_attachments == 0) {
        return;
    }
    $template->assign_block_vars('postrow.attach', array());
    for ($i = 0; $i < $num_attachments; $i++) {
        // Some basic things...
        $filename = $upload_dir . '/' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $upload_image = '';
        if ($attach_config['upload_img'] && empty($upload_icons[$attachments['_' . $post_id][$i]['extension']])) {
            $upload_image = '<img src="' . $attach_config['upload_img'] . '" alt="" border="0" />';
        } else {
            if (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
                $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" border="0" />';
            }
        }
        $filesize = humn_size($attachments['_' . $post_id][$i]['filesize']);
        $display_name = htmlspecialchars($attachments['_' . $post_id][$i]['real_filename']);
        $comment = htmlspecialchars($attachments['_' . $post_id][$i]['comment']);
        $comment = str_replace("\n", '<br />', $comment);
        $denied = false;
        // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
        if (!in_array($attachments['_' . $post_id][$i]['extension'], $allowed_extensions)) {
            $denied = true;
            $template->assign_block_vars('postrow.attach.denyrow', array('L_DENIED' => sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachments['_' . $post_id][$i]['extension'])));
        }
        if (!$denied || IS_ADMIN) {
            // define category
            $image = FALSE;
            $thumbnail = FALSE;
            $link = FALSE;
            if (@intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($attach_config['img_display_inlined'])) {
                if (intval($attach_config['img_link_width']) != 0 || intval($attach_config['img_link_height']) != 0) {
                    list($width, $height) = image_getdimension($filename);
                    if ($width == 0 && $height == 0) {
                        $image = TRUE;
                    } else {
                        if ($width <= intval($attach_config['img_link_width']) && $height <= intval($attach_config['img_link_height'])) {
                            $image = TRUE;
                        }
                    }
                } else {
                    $image = TRUE;
                }
            }
            if (@intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                $thumbnail = TRUE;
                $image = FALSE;
            }
            if (!$image && !$thumbnail) {
                $link = TRUE;
            }
            if ($image) {
                // Images
                if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                    $img_source = BB_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'];
                    $download_link = TRUE;
                } else {
                    $img_source = $filename;
                    $download_link = FALSE;
                }
                $template->assign_block_vars('postrow.attach.cat_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => $img_source, 'FILESIZE' => $filesize, 'COMMENT' => $comment));
                // Directly Viewed Image ... update the download count
                if (!$download_link) {
                    $sql = 'UPDATE ' . BB_ATTACHMENTS_DESC . '
						SET download_count = download_count + 1
						WHERE attach_id = ' . (int) $attachments['_' . $post_id][$i]['attach_id'];
                    if (!DB()->sql_query($sql)) {
                        bb_die('Could not update attachment download count');
                    }
                }
            }
            if ($thumbnail) {
                // Images, but display Thumbnail
                if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                    $thumb_source = BB_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1';
                } else {
                    $thumb_source = $thumbnail_filename;
                }
                $template->assign_block_vars('postrow.attach.cat_thumb_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => BB_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'], 'IMG_THUMB_SRC' => $thumb_source, 'FILESIZE' => $filesize, 'COMMENT' => $comment));
            }
            // bt
            if ($link && $attachments['_' . $post_id][$i]['extension'] === TORRENT_EXT) {
                include ATTACH_DIR . 'displaying_torrent.php';
            } else {
                if ($link) {
                    $target_blank = @intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT ? 'target="_blank"' : '';
                    // display attachment
                    $template->assign_block_vars('postrow.attach.attachrow', array('U_DOWNLOAD_LINK' => BB_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'], 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'COMMENT' => $comment, 'TARGET_BLANK' => $target_blank, 'DOWNLOAD_COUNT' => sprintf($lang['DOWNLOAD_NUMBER'], $attachments['_' . $post_id][$i]['download_count'])));
                }
            }
        }
    }
}
Exemple #5
0
function display_attachments($post_id)
{
    global $template, $upload_dir, $userdata, $allowed_extensions, $display_categories, $download_modes, $lang, $attachments, $upload_icons, $attach_config;
    $num_attachments = @sizeof($attachments['_' . $post_id]);
    if ($num_attachments == 0) {
        return;
    }
    $template->assign_block_vars('postrow.attach', array());
    for ($i = 0; $i < $num_attachments; $i++) {
        //
        // Some basic things...
        //
        $filename = $upload_dir . '/' . $attachments['_' . $post_id][$i]['physical_filename'];
        $thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . $attachments['_' . $post_id][$i]['physical_filename'];
        $upload_image = '';
        if ($attach_config['upload_img'] && empty($upload_icons[$attachments['_' . $post_id][$i]['extension']])) {
            $upload_image = '<img src="' . $attach_config['upload_img'] . '" alt="" border="0" />';
        } else {
            if (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
                $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" border="0" />';
            }
        }
        $filesize = $attachments['_' . $post_id][$i]['filesize'];
        $size_lang = $filesize >= 1048576 ? $lang['MB'] : ($filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
        if ($filesize >= 1048576) {
            $filesize = round(round($filesize / 1048576 * 100) / 100, 2);
        } else {
            if ($filesize >= 1024) {
                $filesize = round(round($filesize / 1024 * 100) / 100, 2);
            }
        }
        $display_name = htmlspecialchars($attachments['_' . $post_id][$i]['real_filename']);
        $comment = trim(htmlspecialchars(stripslashes($attachments['_' . $post_id][$i]['comment'])));
        $comment = str_replace("\n", '<br />', $comment);
        $attachments['_' . $post_id][$i]['extension'] = strtolower(trim($attachments['_' . $post_id][$i]['extension']));
        $denied = false;
        if (!$denied || IS_ADMIN) {
            // define category
            $image = FALSE;
            $thumbnail = FALSE;
            $link = FALSE;
            if (@intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($attach_config['img_display_inlined'])) {
                if (intval($attach_config['img_link_width']) != 0 || intval($attach_config['img_link_height']) != 0) {
                    list($width, $height) = image_getdimension($filename);
                    if ($width == 0 && $height == 0) {
                        $image = TRUE;
                    } else {
                        if ($width <= intval($attach_config['img_link_width']) && $height <= intval($attach_config['img_link_height'])) {
                            $image = TRUE;
                        }
                    }
                } else {
                    $image = TRUE;
                }
            }
            if (@intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                $thumbnail = TRUE;
                $image = FALSE;
            }
            if (!$image && !$thumbnail) {
                $link = TRUE;
            }
            if ($image) {
                // Images
                if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                    $img_source = FT_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'];
                    $download_link = TRUE;
                } else {
                    $img_source = $filename;
                    $download_link = FALSE;
                }
                $template->assign_block_vars('postrow.attach.cat_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => $img_source, 'FILESIZE' => $filesize, 'COMMENT' => $comment));
                // Directly Viewed Image ... update the download count
                if (!$download_link) {
                    $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
						SET download_count = download_count + 1
						WHERE attach_id = ' . (int) $attachments['_' . $post_id][$i]['attach_id'];
                    if (!DB()->sql_query($sql)) {
                        die('Could not update attachment download count');
                    }
                }
            }
            if ($thumbnail) {
                // Images, but display Thumbnail
                if ($attach_config['upload_dir'][0] == '/' || $attach_config['upload_dir'][0] != '/' && $attach_config['upload_dir'][1] == ':') {
                    $thumb_source = FT_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1';
                } else {
                    $thumb_source = $thumbnail_filename;
                }
                $template->assign_block_vars('postrow.attach.cat_thumb_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => FT_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'], 'IMG_THUMB_SRC' => $thumb_source, 'FILESIZE' => $filesize, 'COMMENT' => $comment));
            }
            // bt
            if ($link && $attachments['_' . $post_id][$i]['extension'] === TORRENT_EXT) {
                include FT_ROOT . 'attach_mod/displaying_torrent.php';
            } else {
                if ($link) {
                    $target_blank = @intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT ? 'target="_blank"' : '';
                    // display attachment
                    $template->assign_block_vars('postrow.attach.attachrow', array('U_DOWNLOAD_LINK' => FT_ROOT . DOWNLOAD_URL . $attachments['_' . $post_id][$i]['attach_id'], 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'COMMENT' => $comment, 'TARGET_BLANK' => $target_blank, 'DOWNLOAD_COUNT' => sprintf($lang['DOWNLOAD_NUMBER'], $attachments['_' . $post_id][$i]['download_count'])));
                }
            }
        }
    }
}
/**
* Assign Variables and Definitions based on the fetched Attachments - internal
* used by all displaying functions, the Data was collected before, it's only dependend on the template used. :)
* before this function is usable, init_display_attachments have to be called for specific pages (pm, posting, review etc...)
*/
function display_attachments($post_id, $type = 'postrow')
{
    global $db, $config, $template, $user, $lang;
    global $upload_dir, $allowed_extensions, $display_categories, $download_modes, $attachments, $upload_icons, $username_from;
    $num_attachments = sizeof($attachments['_' . $post_id]);
    if ($num_attachments == 0) {
        return;
    }
    $template->assign_block_vars($type . '.attach', array());
    for ($i = 0; $i < $num_attachments; $i++) {
        // Some basic things...
        $filename = $upload_dir . '/' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . basename($attachments['_' . $post_id][$i]['physical_filename']);
        $upload_image = '';
        if ($config['upload_img'] != '' && trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) == '') {
            $upload_image = '<img src="' . $config['upload_img'] . '" alt="" />';
        } elseif (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
            $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" />';
        }
        $filesize = $attachments['_' . $post_id][$i]['filesize'];
        $size_lang = $filesize >= 1048576 ? $lang['MB'] : ($filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
        if ($filesize >= 1048576) {
            $filesize = round(round($filesize / 1048576 * 100) / 100, 2);
        } elseif ($filesize >= 1024) {
            $filesize = round(round($filesize / 1024 * 100) / 100, 2);
        }
        $display_name = $attachments['_' . $post_id][$i]['real_filename'];
        $comment = $attachments['_' . $post_id][$i]['comment'];
        $comment = str_replace("\n", '<br />', $comment);
        $denied = false;
        // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
        if (!in_array($attachments['_' . $post_id][$i]['extension'], $allowed_extensions)) {
            $denied = true;
            $template->assign_block_vars($type . '.attach.denyrow', array('L_DENIED' => sprintf($lang['Extension_disabled_after_posting'], $attachments['_' . $post_id][$i]['extension'])));
        }
        if (!$denied || $user->data['user_level'] == ADMIN) {
            // Some basic Template Vars
            $template->assign_vars(array('L_DESCRIPTION' => $lang['Description'], 'L_DOWNLOAD' => $lang['Download'], 'L_FILENAME' => $lang['File_name'], 'L_FILESIZE' => $lang['Filesize']));
            // define category
            $image = false;
            $stream = false;
            $swf = false;
            $thumbnail = false;
            $link = false;
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == STREAM_CAT) {
                $stream = true;
            } elseif (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == SWF_CAT) {
                $swf = true;
            } elseif (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($config['img_display_inlined'])) {
                if (intval($config['img_link_width']) != 0 || intval($config['img_link_height']) != 0) {
                    list($width, $height) = image_getdimension($filename);
                    if ($width == 0 && $height == 0) {
                        $image = true;
                    } else {
                        if ($width <= intval($config['img_link_width']) && $height <= intval($config['img_link_height'])) {
                            $image = true;
                        }
                    }
                } else {
                    $image = true;
                }
            }
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                $thumbnail = true;
                $image = false;
            }
            if (!$image && !$stream && !$swf && !$thumbnail) {
                $link = true;
            }
            if ($image) {
                // Images
                // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //	$img_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                //	$download_link = true;
                //
                //
                if (intval($config['allow_ftp_upload']) && trim($config['download_path']) == '') {
                    $img_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    $download_link = true;
                } else {
                    // Check if we can reach the file or if it is stored outside of the webroot
                    if ($config['upload_dir'][0] == '/' || $config['upload_dir'][0] != '/' && $config['upload_dir'][1] == ':') {
                        $img_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                        $download_link = true;
                    } else {
                        // BEGIN
                        $img_source = $filename;
                        $download_link = false;
                        // END
                    }
                }
                $max_image_width = intval($config['liw_max_width']);
                $server_protocol = $config['cookie_secure'] ? 'https://' : 'http://';
                $server_name = preg_replace('#^\\/?(.*?)\\/?$#', '\\1', trim($config['server_name']));
                $server_port = $config['server_port'] != 80 ? ':' . trim($config['server_port']) : '';
                $script_name = preg_replace('#^\\/?(.*?)\\/?$#', '\\1', trim($config['script_path']));
                $script_name = $script_name == '' ? $script_name : '/' . $script_name;
                if ($max_image_width != 0 && $config['liw_attach_enabled'] == 1 && !isset($username_from)) {
                    if (!function_exists('liw_get_dimensions')) {
                        include_once IP_ROOT_PATH . ATTACH_MOD_PATH . 'includes/functions_includes.' . PHP_EXT;
                    }
                    list($image_width, $image_height) = liw_get_dimensions($server_protocol . $server_name . $server_port . $script_name . '/' . $img_source, $post_id);
                    if ($image_width && $image_width > $max_image_width || empty($image_width) || empty($image_height)) {
                        $img_code = generate_liw_img_popup($img_source, $image_width, $image_height, $max_image_width);
                    } else {
                        $img_code = '<img src="' . $img_source . '" alt="' . $display_name . '" />';
                    }
                } else {
                    $img_code = '<img src="' . $img_source . '" alt="' . $display_name . '" />';
                }
                $download_count_link = $attachments['_' . $post_id][$i]['download_count'] > '0' && $user->data['user_level'] == ADMIN ? '<a href="' . append_sid(IP_ROOT_PATH . 'attachments.' . PHP_EXT . '?attach_id=' . $attachments['_' . $post_id][$i]['attach_id']) . '">' . sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']) . '</a>' : sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']);
                $template->assign_block_vars($type . '.attach.cat_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_CODE' => $img_code, 'IMG_SRC' => $img_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => $download_count_link));
                // Directly Viewed Image ... update the download count
                if (!$download_link) {
                    update_attachments_stats($attachments['_' . $post_id][$i]['attach_id']);
                }
            }
            if ($thumbnail) {
                // Images, but display Thumbnail
                // NOTE: If you want to use the download.php everytime an thumbnail is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //	$thumb_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                //
                if (intval($config['allow_ftp_upload']) && trim($config['download_path']) == '') {
                    $thumb_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                } else {
                    // Check if we can reach the file or if it is stored outside of the webroot
                    if ($config['upload_dir'][0] == '/' || $config['upload_dir'][0] != '/' && $config['upload_dir'][1] == ':') {
                        $thumb_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                    } else {
                        if (file_exists($thumbnail_filename)) {
                            // BEGIN
                            $thumb_source = $thumbnail_filename;
                            // END
                        } else {
                            $thumb_source = append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                        }
                    }
                }
                $download_count_link = $attachments['_' . $post_id][$i]['download_count'] > '0' && $user->data['user_level'] == ADMIN ? '<a href="' . append_sid(IP_ROOT_PATH . 'attachments.' . PHP_EXT . '?attach_id=' . $attachments['_' . $post_id][$i]['attach_id']) . '">' . sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']) . '</a>' : sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']);
                $template->assign_block_vars($type . '.attach.cat_thumb_images', array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'IMG_THUMB_SRC' => $thumb_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => $download_count_link));
            }
            if ($stream) {
                // Streams
                $download_count_link = $attachments['_' . $post_id][$i]['download_count'] > '0' && $user->data['user_level'] == ADMIN ? '<a href="' . append_sid(IP_ROOT_PATH . 'attachments.' . PHP_EXT . '?attach_id=' . $attachments['_' . $post_id][$i]['attach_id']) . '">' . sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']) . '</a>' : sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']);
                $template->assign_block_vars($type . '.attach.cat_stream', array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => $download_count_link));
                // Viewed/Heared File ... update the download count (download.php is not called here)
                update_attachments_stats($attachments['_' . $post_id][$i]['attach_id']);
            }
            if ($swf) {
                // Macromedia Flash Files
                list($width, $height) = swf_getdimension($filename);
                $download_count_link = $attachments['_' . $post_id][$i]['download_count'] > '0' && $user->data['user_level'] == ADMIN ? '<a href="' . append_sid(IP_ROOT_PATH . 'attachments.' . PHP_EXT . '?attach_id=' . $attachments['_' . $post_id][$i]['attach_id']) . '">' . sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']) . '</a>' : sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']);
                $template->assign_block_vars($type . '.attach.cat_swf', array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => $download_count_link, 'WIDTH' => $width, 'HEIGHT' => $height));
                // Viewed/Heared File ... update the download count (download.php is not called here)
                update_attachments_stats($attachments['_' . $post_id][$i]['attach_id']);
            }
            if ($link) {
                $target_blank = 'target="_blank"';
                //((intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT)) ? 'target="_blank"' : '';
                // display attachment
                $download_count_link = $attachments['_' . $post_id][$i]['download_count'] > '0' && $user->data['user_level'] == ADMIN ? '<a href="' . append_sid(IP_ROOT_PATH . 'attachments.' . PHP_EXT . '?attach_id=' . $attachments['_' . $post_id][$i]['attach_id']) . '">' . sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']) . '</a>' : sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']);
                $template->assign_block_vars($type . '.attach.attachrow', array('U_DOWNLOAD_LINK' => append_sid(IP_ROOT_PATH . 'download.' . PHP_EXT . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'TARGET_BLANK' => $target_blank, 'L_DOWNLOADED_VIEWED' => $lang['Downloaded'], 'L_DOWNLOAD_COUNT' => $download_count_link));
            }
        }
    }
}
    /**
     * Upload an Attachment to Filespace (intern)
     */
    function upload_attachment()
    {
        global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
        $this->post_attach = $this->filename != '' ? TRUE : FALSE;
        if ($this->post_attach) {
            $r_file = trim(basename(htmlspecialchars($this->filename)));
            $file = $HTTP_POST_FILES['fileupload']['tmp_name'];
            $this->type = $HTTP_POST_FILES['fileupload']['type'];
            if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) {
                message_die(GENERAL_ERROR, 'Tried to upload empty file');
            }
            // Opera add the name to the mime type
            $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
            $this->type = strtolower($this->type);
            $this->extension = strtolower(get_extension($this->filename));
            $this->filesize = @filesize($file);
            $this->filesize = intval($this->filesize);
            $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
				FROM ' . EXTENSION_GROUPS_TABLE . ' g, ' . EXTENSIONS_TABLE . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
            if (!($result = $db->sql_query($sql))) {
                message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql);
            }
            $row = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
            $cat_id = intval($row['cat_id']);
            $auth_cache = trim($row['forum_permissions']);
            // check Filename
            if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
            }
            // check php upload-size
            if (!$error && $file == 'none') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
                $max_size = @$ini_val('upload_max_filesize');
                if ($max_size == '') {
                    $error_msg .= $lang['Attachment_php_size_na'];
                } else {
                    $error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
                }
            }
            // Check Extension
            if (!$error && intval($row['allow_group']) == 0) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
            }
            // Check Forum Permissions
            if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
            }
            // Upload File
            $this->thumbnail = 0;
            if (!$error) {
                // Prepare Values
                $this->filetime = time();
                $this->filename = $r_file;
                // physical filename
                $this->attach_filename = strtolower($this->filename);
                // To re-add cryptic filenames, change this variable to true
                $cryptic = false;
                if (!$cryptic) {
                    $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
                    $this->attach_filename = delete_extension($this->attach_filename);
                    $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
                    $this->attach_filename = str_replace('__', '_', $this->attach_filename);
                    $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ü', 'Ü', 'ö', 'Ö', 'ä', 'Ä', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
                    $this->attach_filename = str_replace(array('$', 'ß', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
                    // Remove non-latin characters
                    $this->attach_filename = preg_replace("/([ÂÃ])([€-¿])/e", "chr(ord('\\1')<<6&0xC0|ord('\\2')&0x3F)", $this->attach_filename);
                    $this->attach_filename = rawurlencode($this->attach_filename);
                    $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
                    $this->attach_filename = trim($this->attach_filename);
                    $new_filename = $this->attach_filename;
                    if (!$new_filename) {
                        $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
                        $new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
                    }
                    do {
                        $this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
                    } while (physical_filename_already_stored($this->attach_filename));
                    unset($new_filename);
                } else {
                    $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
                    $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
                }
                // Do we have to create a thumbnail ?
                if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
                    $this->thumbnail = 1;
                }
            }
            if ($error) {
                $this->post_attach = FALSE;
                return;
            }
            // Upload Attachment
            if (!$error) {
                if (!intval($attach_config['allow_ftp_upload'])) {
                    // Descide the Upload method
                    $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
                    $safe_mode = @$ini_val('safe_mode');
                    if (@$ini_val('open_basedir')) {
                        if (@phpversion() < '4.0.3') {
                            $upload_mode = 'copy';
                        } else {
                            $upload_mode = 'move';
                        }
                    } else {
                        if (@$ini_val('safe_mode')) {
                            $upload_mode = 'move';
                        } else {
                            $upload_mode = 'copy';
                        }
                    }
                } else {
                    $upload_mode = 'ftp';
                }
                // Ok, upload the Attachment
                if (!$error) {
                    $this->move_uploaded_attachment($upload_mode, $file);
                }
            }
            // Now, check filesize parameters
            if (!$error) {
                if ($upload_mode != 'ftp' && !$this->filesize) {
                    $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
                }
            }
            // Check Image Size, if it's an image
            if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
                list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
                if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
                    if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
                        $error = TRUE;
                        if (!empty($error_msg)) {
                            $error_msg .= '<br />';
                        }
                        $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
                    }
                }
            }
            // check Filesize
            if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
                $size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
                if ($allowed_filesize >= 1048576) {
                    $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
                } else {
                    if ($allowed_filesize >= 1024) {
                        $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
                    }
                }
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
            }
            // Check our complete quota
            if ($attach_config['attachment_quota']) {
                $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
                if (!($result = $db->sql_query($sql))) {
                    message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
                }
                $row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                $total_filesize = $row['total'];
                if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
                    $error = TRUE;
                    if (!empty($error_msg)) {
                        $error_msg .= '<br />';
                    }
                    $error_msg .= $lang['Attach_quota_reached'];
                }
            }
            $this->get_quota_limits($userdata);
            // Check our user quota
            if ($this->page != PAGE_PRIVMSGS) {
                if ($attach_config['upload_filesize_limit']) {
                    $sql = 'SELECT attach_id 
						FROM ' . ATTACHMENTS_TABLE . '
						WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
							AND privmsgs_id = 0
						GROUP BY attach_id';
                    if (!($result = $db->sql_query($sql))) {
                        message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
                    }
                    $attach_ids = $db->sql_fetchrowset($result);
                    $num_attach_ids = $db->sql_numrows($result);
                    $db->sql_freeresult($result);
                    $attach_id = array();
                    for ($i = 0; $i < $num_attach_ids; $i++) {
                        $attach_id[] = intval($attach_ids[$i]['attach_id']);
                    }
                    if ($num_attach_ids > 0) {
                        // Now get the total filesize
                        $sql = 'SELECT sum(filesize) as total
							FROM ' . ATTACHMENTS_DESC_TABLE . '
							WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
                        if (!($result = $db->sql_query($sql))) {
                            message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
                        }
                        $row = $db->sql_fetchrow($result);
                        $db->sql_freeresult($result);
                        $total_filesize = $row['total'];
                    } else {
                        $total_filesize = 0;
                    }
                    if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
                        $upload_filesize_limit = $attach_config['upload_filesize_limit'];
                        $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
                        if ($upload_filesize_limit >= 1048576) {
                            $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
                        } else {
                            if ($upload_filesize_limit >= 1024) {
                                $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
                            }
                        }
                        $error = TRUE;
                        if (!empty($error_msg)) {
                            $error_msg .= '<br />';
                        }
                        $error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
                    }
                }
            }
            // If we are at Private Messaging, check our PM Quota
            if ($this->page == PAGE_PRIVMSGS) {
                if ($attach_config['pm_filesize_limit']) {
                    $total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']);
                    if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
                        $error = TRUE;
                        if (!empty($error_msg)) {
                            $error_msg .= '<br />';
                        }
                        $error_msg .= $lang['Attach_quota_sender_pm_reached'];
                    }
                }
                $to_user = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
                // Check Receivers PM Quota
                if (!empty($to_user) && $userdata['user_level'] != ADMIN) {
                    $u_data = get_userdata($to_user, true);
                    $user_id = (int) $u_data['user_id'];
                    $this->get_quota_limits($u_data, $user_id);
                    if ($attach_config['pm_filesize_limit']) {
                        $total_filesize = get_total_attach_pm_filesize('to_user', $user_id);
                        if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
                            $error = TRUE;
                            if (!empty($error_msg)) {
                                $error_msg .= '<br />';
                            }
                            $error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user);
                        }
                    }
                }
            }
            if ($error) {
                unlink_attach($this->attach_filename);
                unlink_attach($this->attach_filename, MODE_THUMBNAIL);
                $this->post_attach = FALSE;
            }
        }
    }
 function upload_attachment()
 {
     global $HTTP_POST_FILES, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
     $this->post_attach = $this->filename != '' ? TRUE : FALSE;
     if ($this->post_attach) {
         $r_file = trim(basename($this->filename));
         $file = $HTTP_POST_FILES['fileupload']['tmp_name'];
         $this->type = $HTTP_POST_FILES['fileupload']['type'];
         if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) {
             message_die(GENERAL_ERROR, 'Tried to upload empty file');
         }
         // Opera add the name to the mime type
         $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
         $this->extension = get_extension($this->filename);
         $this->filesize = @filesize($file);
         $this->filesize = intval($this->filesize);
         $allowed_filesize = $attach_config['max_filesize'];
         //
         // check Filename
         //
         if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
         }
         //
         // check php upload-size
         //
         if (!$error && $file == 'none') {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
             $max_size = @$ini_val('upload_max_filesize');
             if ($max_size == '') {
                 $error_msg .= $lang['Attachment_php_size_na'];
             } else {
                 $error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
             }
         }
         //
         // Check Forum Permissions
         //
         if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && (!is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '')) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
         }
         //bt
         // Check if user can post .torrent
         global $post_data;
         if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= $lang['Allowed_only_1st_post_attach'];
         }
         //bt end
         // Upload File
         $this->thumbnail = 0;
         if (!$error) {
             //
             // Prepare Values
             //
             $this->filetime = time();
             $this->filename = stripslashes($r_file);
             $this->attach_filename = strtolower($this->filename);
             // To re-add cryptic filenames, change this variable to true
             $cryptic = false;
             if (!$cryptic) {
                 $this->attach_filename = str_replace(' ', '_', $this->attach_filename);
                 $this->attach_filename = rawurlencode($this->attach_filename);
                 $this->attach_filename = preg_replace("/%(\\w{2})/", "_", $this->attach_filename);
                 $this->attach_filename = delete_extension($this->attach_filename);
                 $new_filename = trim($this->attach_filename);
                 if (!$new_filename) {
                     $u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']);
                     $new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
                 }
                 do {
                     $this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
                 } while (physical_filename_already_stored($this->attach_filename));
                 unset($new_filename);
             } else {
                 $u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']);
                 $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
             }
             $this->filename = str_replace("'", "\\'", $this->filename);
             //
             // Do we have to create a thumbnail ?
             //
             if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
                 $this->thumbnail = 1;
             }
         }
         if ($error) {
             $this->post_attach = FALSE;
             return;
         }
         //
         // Upload Attachment
         //
         if (!$error) {
             if (!intval($attach_config['allow_ftp_upload'])) {
                 //
                 // Descide the Upload method
                 //
                 $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
                 $safe_mode = @$ini_val('safe_mode');
                 if (@$ini_val('open_basedir')) {
                     if (@phpversion() < '4.0.3') {
                         $upload_mode = 'copy';
                     } else {
                         $upload_mode = 'move';
                     }
                 } else {
                     if (@$ini_val('safe_mode')) {
                         $upload_mode = 'move';
                     } else {
                         $upload_mode = 'copy';
                     }
                 }
             } else {
                 $upload_mode = 'ftp';
             }
             //
             // Ok, upload the Attachment
             //
             if (!$error) {
                 $this->move_uploaded_attachment($upload_mode, $file);
             }
         }
         // Now, check filesize parameters
         if (!$error) {
             if ($upload_mode != 'ftp' && !$this->filesize) {
                 $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
             }
         }
         //
         // Check Image Size, if it's an image
         //
         if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
             list($width, $height) = image_getdimension($file);
             if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
                 if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
                     $error = TRUE;
                     if (!empty($error_msg)) {
                         $error_msg .= '<br />';
                     }
                     $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
                 }
             }
         }
         //
         // check Filesize
         //
         if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
             $size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
             if ($allowed_filesize >= 1048576) {
                 $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
             } else {
                 if ($allowed_filesize >= 1024) {
                     $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
                 }
             }
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
         }
         //
         // Check our complete quota
         //
         if ($attach_config['attachment_quota']) {
             $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
             if (!($result = DB()->sql_query($sql))) {
                 message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
             }
             $row = DB()->sql_fetchrow($result);
             $total_filesize = $row['total'];
             if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
                 $error = TRUE;
                 if (!empty($error_msg)) {
                     $error_msg .= '<br />';
                 }
                 $error_msg .= $lang['Attach_quota_reached'];
             }
         }
         $this->get_quota_limits($userdata);
         //
         // Check our user quota
         //
         if ($attach_config['upload_filesize_limit']) {
             $sql = "SELECT attach_id\n\t\t\t\t\tFROM " . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)\n\t\t\t\t\tGROUP BY attach_id";
             if (!($result = DB()->sql_query($sql))) {
                 message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
             }
             $attach_ids = DB()->sql_fetchrowset($result);
             $num_attach_ids = DB()->num_rows($result);
             $attach_id = array();
             for ($i = 0; $i < $num_attach_ids; $i++) {
                 $attach_id[] = intval($attach_ids[$i]['attach_id']);
             }
             if ($num_attach_ids > 0) {
                 //
                 // Now get the total filesize
                 //
                 $sql = "SELECT sum(filesize) as total\n\t\t\t\t\t\tFROM " . ATTACHMENTS_DESC_TABLE . "\n\t\t\t\t\t\tWHERE attach_id IN (" . implode(', ', $attach_id) . ")";
                 if (!($result = DB()->sql_query($sql))) {
                     message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
                 }
                 $row = DB()->sql_fetchrow($result);
                 $total_filesize = $row['total'];
             } else {
                 $total_filesize = 0;
             }
             if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
                 $upload_filesize_limit = $attach_config['upload_filesize_limit'];
                 $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
                 if ($upload_filesize_limit >= 1048576) {
                     $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
                 } else {
                     if ($upload_filesize_limit >= 1024) {
                         $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
                     }
                 }
                 $error = TRUE;
                 if (!empty($error_msg)) {
                     $error_msg .= '<br />';
                 }
                 $error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
             }
         }
         if ($error) {
             unlink_attach($this->attach_filename);
             unlink_attach($this->attach_filename, MODE_THUMBNAIL);
             $this->post_attach = FALSE;
         }
     }
 }
 private function upload_attachment()
 {
     global $db, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
     $this->post_attach = false;
     if (!is_uploaded_file($_FILES['fileupload']['tmp_name']) || $_FILES['fileupload']['name'] == 'none' || $_FILES['fileupload']['name'] == '') {
         $error = true;
         if (!empty($error_msg)) {
             $error_msg .= '<br />';
         }
         switch ($_FILES['fileupload']['error']) {
             case 1:
                 //uploaded file exceeds the upload_max_filesize directive in php.ini
                 if (!empty($error_msg)) {
                     $error_msg .= '<br />';
                 }
                 $max_size = ini_get('upload_max_filesize');
                 $error_msg .= $max_size == '' ? $lang['Attachment_php_size_na'] : sprintf($lang['Attachment_php_size_overrun'], $max_size);
                 break;
             case 2:
                 //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
                 $error_msg .= $lang['Attachment_php_size_na'];
                 break;
             case 3:
                 //uploaded file was only partially uploaded
                 $error_msg .= 'The file you are trying upload was only partially uploaded.';
                 break;
         }
         return false;
     }
     $r_file = trim(basename($this->filename));
     $this->filesize = intval($_FILES['fileupload']['size']);
     $this->type = $_FILES['fileupload']['type'];
     // Opera add the name to the mime type
     $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
     $this->extension = get_extension($this->filename);
     $sql = "SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions\n\t\tFROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e\n\t\tWHERE (g.group_id = e.group_id) AND (e.extension = '" . $this->extension . "')\n\t\tLIMIT 1";
     $result = $db->sql_query($sql);
     $row = $db->sql_fetchrow($result);
     $allowed_filesize = intval($row['max_filesize']) != 0 ? intval($row['max_filesize']) : intval($attach_config['max_filesize']);
     $cat_id = intval($row['cat_id']);
     $auth_cache = trim($row['forum_permissions']);
     //
     // check Filename
     //
     if (preg_match("/[\\/:*?\"<>|]/i", $this->filename)) {
         $error = TRUE;
         if (!empty($error_msg)) {
             $error_msg .= '<br />';
         }
         $error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
     }
     //
     // Check Extension
     //
     if (!$error && intval($row['allow_group']) == 0) {
         $error = TRUE;
         if (!empty($error_msg)) {
             $error_msg .= '<br />';
         }
         $error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
     }
     //
     // Check Forum Permissions
     //
     if (!$error && $userdata['user_level'] != ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
         $error = TRUE;
         if (!empty($error_msg)) {
             $error_msg .= '<br />';
         }
         $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
     }
     //
     // Check Image Size, if it's an image
     //
     $this->thumbnail = intval($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail']));
     if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
         list($width, $height) = image_getdimension($_FILES['fileupload']['tmp_name']);
         $attach_config['img_max_width'] = intval($attach_config['img_max_width']);
         $attach_config['img_max_height'] = intval($attach_config['img_max_height']);
         if ($width > 0 && $height > 0 && $attach_config['img_max_width'] > 0 && $attach_config['img_max_height'] > 0 && ($width > $attach_config['img_max_width'] || $height > $attach_config['img_max_height'])) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Error_imagesize'], $attach_config['img_max_width'], $attach_config['img_max_height']);
         }
     }
     //
     // check Filesize
     //
     if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
         $error = TRUE;
         if (!empty($error_msg)) {
             $error_msg .= '<br />';
         }
         $error_msg .= sprintf($lang['Attachment_too_big'], filesize_to_human($allowed_filesize), '');
     }
     //
     // Check our complete quota
     //
     if (intval($attach_config['attachment_quota']) != 0) {
         list($total_filesize) = $db->sql_ufetchrow('SELECT sum(filesize) FROM ' . ATTACHMENTS_DESC_TABLE, SQL_NUM);
         if ($total_filesize + $this->filesize > intval($attach_config['attachment_quota'])) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= $lang['Attach_quota_reached'];
         }
     }
     $this->get_quota_limits($userdata);
     //
     // Check our user quota
     //
     if (intval($attach_config['upload_filesize_limit']) != 0) {
         $sql = "SELECT attach_id FROM " . ATTACHMENTS_TABLE . "\n\t\t\tWHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)\n\t\t\tGROUP BY attach_id";
         $result = $db->sql_uquery($sql);
         $attach_id = array();
         while ($row = $db->sql_fetchrow($result, SQL_NUM)) {
             $attach_id[] = intval($row[0]);
         }
         if (count($attach_id) > 0) {
             // Now get the total filesize
             list($total_filesize) = $db->sql_ufetchrow("SELECT sum(filesize) FROM " . ATTACHMENTS_DESC_TABLE . " WHERE attach_id IN (" . implode(', ', $attach_id) . ")", SQL_NUM);
         } else {
             $total_filesize = 0;
         }
         if ($total_filesize + $this->filesize > intval($attach_config['upload_filesize_limit'])) {
             $upload_filesize_limit = intval($attach_config['upload_filesize_limit']);
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['User_upload_quota_reached'], filesize_to_human($upload_filesize_limit), '');
         }
     }
     //
     // Prepare Values
     //
     if (!$error) {
         $this->filetime = time();
         $this->filename = $r_file;
         $this->attach_filename = $this->filename;
         // To re-add cryptic filenames, change this variable to true
         $cryptic = false;
         if (!$cryptic) {
             $this->attach_filename = str_replace(' ', '_', $this->attach_filename);
             $this->attach_filename = rawurlencode($this->attach_filename);
             $this->attach_filename = preg_replace("/%(\\w{2})/", "_", $this->attach_filename);
             if ($this->attach_filename != '' && $db->sql_count(ATTACHMENTS_DESC_TABLE, "physical_filename='" . $this->attach_filename . "'") > 0) {
                 $this->attach_filename = substr($this->attach_filename, 0, strrpos($this->attach_filename, '.'));
                 $this->attach_filename = $this->attach_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
             }
         } else {
             $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
             $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
         }
         $this->filename = str_replace("'", "\\'", $this->filename);
     }
     //
     // Upload Attachment
     //
     if (!$error) {
         $this->move_uploaded_attachment($_FILES['fileupload'], $_FILES['fileupload']['tmp_name']);
     }
     $this->post_attach = !$error;
 }
function display_attachments($post_id, $num_attachments)
{
    global $template, $upload_dir, $userdata, $allowed_extensions, $display_categories, $download_modes, $db, $lang, $phpEx, $attachments, $upload_icons, $attach_config;
    $template->set_filename('attachments', 'attachments.tpl');
    //
    // Some basic Template Vars
    //
    $template->assign_vars(array('L_DESCRIPTION' => $lang['Description'], 'L_DOWNLOAD' => $lang['Download'], 'L_FILENAME' => $lang['File_name'], 'L_FILESIZE' => $lang['Filesize']));
    for ($i = 0; $i < $num_attachments; $i++) {
        //
        // Some basic things...
        //
        $filename = $upload_dir . '/' . $attachments['_' . $post_id][$i]['physical_filename'];
        $thumbnail_filename = $upload_dir . '/' . THUMB_DIR . '/t_' . $attachments['_' . $post_id][$i]['physical_filename'];
        $upload_image = '';
        if ($attach_config['upload_img'] != '' && trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) == '') {
            $upload_image = '<img src="templates/' . $template->tpl . '/images/' . $attach_config['upload_img'] . '" alt="" border="0" />';
        } else {
            if (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
                $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" border="0" />';
            }
        }
        $filesize = $attachments['_' . $post_id][$i]['filesize'];
        $size_lang = $filesize >= 1048576 ? $lang['MB'] : ($filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
        if ($filesize >= 1048576) {
            $filesize = round(round($filesize / 1048576 * 100) / 100, 2);
        } else {
            if ($filesize >= 1024) {
                $filesize = round(round($filesize / 1024 * 100) / 100, 2);
            }
        }
        $display_name = $attachments['_' . $post_id][$i]['real_filename'];
        $comment = trim(htmlspecialchars(stripslashes($attachments['_' . $post_id][$i]['comment'])));
        $comment = str_replace("\n", '<br />', $comment);
        $attachments['_' . $post_id][$i]['extension'] = strtolower(trim($attachments['_' . $post_id][$i]['extension']));
        $denied = false;
        //
        // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
        //
        if (!in_array($attachments['_' . $post_id][$i]['extension'], $allowed_extensions)) {
            $denied = true;
        }
        if (!$denied) {
            //
            // define category
            //
            $type = '';
            $image = FALSE;
            $stream = FALSE;
            $swf = FALSE;
            $thumbnail = FALSE;
            $link = FALSE;
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == STREAM_CAT) {
                $type = 'stream';
            } else {
                if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == SWF_CAT) {
                    $type = 'swf';
                } else {
                    if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($attach_config['img_display_inlined'])) {
                        if (intval($attach_config['img_link_width']) != 0 || intval($attach_config['img_link_height']) != 0) {
                            list($width, $height) = image_getdimension($filename);
                            if ($width == 0 && $height == 0) {
                                $type = 'image';
                            } else {
                                if ($width <= intval($attach_config['img_link_width']) && $height <= intval($attach_config['img_link_height'])) {
                                    $type = 'image';
                                }
                            }
                        } else {
                            $type = 'image';
                        }
                    }
                }
            }
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                $type = 'thumbnail';
            }
            if ($type != 'image' && $type != 'stream' && $type != 'swf' && $type != 'thumbnail') {
                $type = 'link';
            }
            if ($type == 'image') {
                //
                // Images
                // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //  $img_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                //  $download_link = TRUE;
                //
                //
                if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                    $img_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    $download_link = TRUE;
                } else {
                    $img_source = $filename;
                    $download_link = FALSE;
                }
                $attachrow_vars = array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => $img_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']));
                //
                // Directly Viewed Image ... update the download count
                //
                if (!$download_link) {
                    $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
                    SET download_count = download_count + 1
                    WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id'];
                    if (!$db->sql_query($sql)) {
                        message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count.', '', __LINE__, __FILE__, $sql);
                    }
                }
            } elseif ($type == 'thumbnail') {
                //
                // Images, but display Thumbnail
                // NOTE: If you want to use the download.php everytime an thumnmail is displayed inlined, replace the
                // Section between BEGIN and END with (Without the // of course):
                //  $thumb_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                //
                if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                    $thumb_source = append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                } else {
                    $thumb_source = $thumbnail_filename;
                }
                $attachrow_vars = array('DOWNLOAD_NAME' => $display_name, 'S_UPLOAD_IMAGE' => $upload_image, 'IMG_SRC' => append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'IMG_THUMB_SRC' => $thumb_source, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']));
            } elseif ($type == 'stream') {
                //
                // Streams
                //
                $attachrow_vars = array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']));
                //
                // Viewed/Heared File ... update the download count (download.php is not called here)
                //
                $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
                SET download_count = download_count + 1
                WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id'];
                if (!$db->sql_query($sql)) {
                    message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql);
                }
            } elseif ($type == 'swf') {
                //
                // Macromedia Flash Files
                //
                list($width, $height) = swf_getdimension($filename);
                $attachrow_vars = array('U_DOWNLOAD_LINK' => $filename, 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'L_DOWNLOADED_VIEWED' => $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']), 'WIDTH' => $width, 'HEIGHT' => $height);
                //
                // Viewed/Heared File ... update the download count (download.php is not called here)
                //
                $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
                SET download_count = download_count + 1
                WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id'];
                if (!$db->sql_query($sql)) {
                    message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql);
                }
            } elseif ($type == 'link') {
                $target_blank = intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT ? 'target="_blank"' : '';
                //
                // display attachment
                //
                $attachrow_vars = array('U_DOWNLOAD_LINK' => append_sid('download.' . $phpEx . '?id=' . $attachments['_' . $post_id][$i]['attach_id']), 'S_UPLOAD_IMAGE' => $upload_image, 'DOWNLOAD_NAME' => $display_name, 'FILESIZE' => $filesize, 'SIZE_VAR' => $size_lang, 'COMMENT' => $comment, 'TARGET_BLANK' => $target_blank, 'L_DOWNLOADED_VIEWED' => $lang['Downloaded'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']));
            }
        }
        $attachrow_vars['TYPE'] = $type;
        $attachrow_vars['L_DENIED'] = $denied ? sprintf($lang['Extension_disabled_after_posting'], $attachments['_' . $post_id][$i]['extension']) : '';
        $template->assign_block_vars('attachrow', $attachrow_vars);
    }
    $template->assign_block_var_from_handle('postrow.ATTACHMENTS', 'attachments');
    $template->clear_block_var('attachrow');
}
Exemple #11
0
function display_attachments($post_id)
{
    global $template, $upload_dir, $userdata, $allowed_extensions, $display_categories, $download_modes, $db, $lang, $attachments, $upload_icons, $attach_config, $module_name;
    if (empty($attachments) || !isset($attachments['_' . $post_id])) {
        //		  trigger_error('There are no attachments for '.$post_id, E_USER_NOTICE);
        return;
    }
    $num_attachments = count($attachments['_' . $post_id]);
    $blockvar = 'postrow.attachment';
    //
    // Some basic Template Vars
    //
    $template->assign_vars(array('L_DESCRIPTION' => $lang['Description'], 'L_DOWNLOAD' => $lang['Download'], 'L_FILENAME' => $lang['File_name'], 'L_FILESIZE' => $lang['Filesize']));
    for ($i = 0; $i < $num_attachments; $i++) {
        //
        // Some basic things...
        //
        $attachments['_' . $post_id][$i]['extension'] = strtolower(trim($attachments['_' . $post_id][$i]['extension']));
        //
        // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin
        //
        $denied = !in_array($attachments['_' . $post_id][$i]['extension'], $allowed_extensions);
        if (!$denied || is_admin()) {
            $filename = $upload_dir . '/' . $attachments['_' . $post_id][$i]['physical_filename'];
            $upload_image = '';
            if ($attach_config['upload_img'] != '' && trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) == '') {
                $upload_image = '<img src="' . $attach_config['upload_img'] . '" alt="" />';
            } else {
                if (trim($upload_icons[$attachments['_' . $post_id][$i]['extension']]) != '') {
                    $upload_image = '<img src="' . $upload_icons[$attachments['_' . $post_id][$i]['extension']] . '" alt="" />';
                }
            }
            //
            // define category
            //
            $display = 'DEF_CAT';
            if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == STREAM_CAT) {
                $display = 'STREAM_CAT';
            } else {
                if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == SWF_CAT) {
                    $display = 'SWF_CAT';
                } else {
                    if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && $attachments['_' . $post_id][$i]['thumbnail'] == 1) {
                        $display = 'THUMB_CAT';
                    } else {
                        if (intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT && intval($attach_config['img_display_inlined'])) {
                            if (intval($attach_config['img_link_width']) != 0 || intval($attach_config['img_link_height']) != 0) {
                                list($width, $height) = image_getdimension($filename);
                                if ($width == 0 && $height == 0) {
                                    $display = 'IMAGE_CAT';
                                } else {
                                    if ($width <= intval($attach_config['img_link_width']) && $height <= intval($attach_config['img_link_height'])) {
                                        $display = 'IMAGE_CAT';
                                    }
                                }
                            } else {
                                $display = 'IMAGE_CAT';
                            }
                        }
                    }
                }
            }
            $thumb_source = '';
            $width = $height = 0;
            $blockname = $blockvar;
            $module = $module_name == 'Private_Messages' ? 'Forums' : $module_name;
            switch ($display) {
                // Images
                case 'IMAGE_CAT':
                    // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the
                    // Section between BEGIN and END with (Without the // of course):
                    //	  $img_source = URL::index($module.'&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    //	  $download_link = TRUE;
                    //
                    if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                        $filename = URL::index($module . '&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id']);
                        $download_link = TRUE;
                    } else {
                        $download_link = FALSE;
                    }
                    //
                    // Directly Viewed Image ... update the download count
                    //
                    if (!$download_link) {
                        $db->sql_query('UPDATE ' . ATTACHMENTS_DESC_TABLE . '
						SET download_count = download_count + 1
						WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id']);
                    }
                    break;
                    // Images, but display Thumbnail
                // Images, but display Thumbnail
                case 'THUMB_CAT':
                    // NOTE: If you want to use the download.php everytime an thumnmail is displayed inlined, replace the
                    // Section between BEGIN and END with (Without the // of course):
                    //	  $thumb_source = URL::index($module.'&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                    //
                    if (intval($attach_config['allow_ftp_upload']) && trim($attach_config['download_path']) == '') {
                        $thumb_source = URL::index($module . '&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id'] . '&thumb=1');
                    } else {
                        $thumb_source = $upload_dir . '/' . THUMB_DIR . '/t_' . $attachments['_' . $post_id][$i]['physical_filename'];
                    }
                    $filename = URL::index($module . '&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    break;
                    // Streams
                // Streams
                case 'STREAM_CAT':
                    //
                    // Viewed/Heared File ... update the download count (download.php is not called here)
                    //
                    $db->sql_query('UPDATE ' . ATTACHMENTS_DESC_TABLE . '
					SET download_count = download_count + 1
					WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id']);
                    break;
                    // Macromedia Flash Files
                // Macromedia Flash Files
                case 'SWF_CAT':
                    list($width, $height) = swf_getdimension($filename);
                    //
                    // Viewed/Heared File ... update the download count (download.php is not called here)
                    //
                    $db->sql_query('UPDATE ' . ATTACHMENTS_DESC_TABLE . '
					SET download_count = download_count + 1
					WHERE attach_id = ' . $attachments['_' . $post_id][$i]['attach_id']);
                    break;
                    // display attachment
                // display attachment
                default:
                    $filename = URL::index($module . '&amp;file=download&amp;id=' . $attachments['_' . $post_id][$i]['attach_id']);
                    break;
            }
            $template->assign_block_vars($blockname, array('L_ALLOWED' => !$denied || is_admin(), 'L_DENIED' => $denied ? sprintf($lang['Extension_disabled_after_posting'], $attachments['_' . $post_id][$i]['extension']) : false, 'S_DEF_CAT' => false, 'S_IMAGE_CAT' => false, 'S_THUMB_CAT' => false, 'S_STREAM_CAT' => false, 'S_SWF_CAT' => false, 'S_' . $display => true, 'DOWNLOAD_NAME' => $attachments['_' . $post_id][$i]['real_filename'], 'S_UPLOAD_IMAGE' => $upload_image, 'FILESIZE' => filesize_to_human($attachments['_' . $post_id][$i]['filesize']), 'COMMENT' => htmlprepare($attachments['_' . $post_id][$i]['comment'], true), 'L_DOWNLOADED_VIEWED' => $display == 'DEF_CAT' ? $lang['Downloaded'] : $lang['Viewed'], 'L_DOWNLOAD_COUNT' => sprintf($lang['Download_number'], $attachments['_' . $post_id][$i]['download_count']), 'IMG_SRC' => $filename, 'IMG_THUMB_SRC' => $thumb_source, 'U_DOWNLOAD_LINK' => $filename, 'WIDTH' => $width, 'HEIGHT' => $height, 'TARGET_BLANK' => intval($display_categories[$attachments['_' . $post_id][$i]['extension']]) == IMAGE_CAT || $display == 'DEF_CAT' ? 'target="_blank"' : ''));
        }
    }
}
 function upload_attachment()
 {
     global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
     $this->post_attach = $this->filename != '' ? TRUE : FALSE;
     if ($this->post_attach) {
         $r_file = trim($this->filename);
         $file = $HTTP_POST_FILES['fileupload']['tmp_name'];
         $this->type = $HTTP_POST_FILES['fileupload']['type'];
         // Opera add the name to the mime type
         $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
         $this->extension = get_extension($this->filename);
         $this->filesize = @filesize($file);
         $this->filesize = intval($this->filesize);
         $sql = "SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions\n            FROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e\n            WHERE (g.group_id = e.group_id) AND (e.extension = '" . $this->extension . "')\n            LIMIT 1";
         if (!($result = $db->sql_query($sql))) {
             message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql);
         }
         $row = $db->sql_fetchrow($result);
         $allowed_filesize = intval($row['max_filesize']) != 0 ? intval($row['max_filesize']) : intval($attach_config['max_filesize']);
         $cat_id = intval($row['cat_id']);
         $auth_cache = trim($row['forum_permissions']);
         //
         // check Filename
         //
         if (preg_match("/[\\/:*?\"<>|]/i", $this->filename)) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
         }
         //
         // check php upload-size
         //
         if (!$error && $file == 'none') {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
             $max_size = @$ini_val('upload_max_filesize');
             if ($max_size == '') {
                 $error_msg .= $lang['Attachment_php_size_na'];
             } else {
                 $error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
             }
         }
         //
         // Check Extension
         //
         if (!$error && intval($row['allow_group']) == 0) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
         }
         //
         // Check Forum Permissions
         //
         if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && (!is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '')) {
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
         }
         //
         // Check Image Size, if it's an image
         //
         if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
             list($width, $height) = image_getdimension($file);
             if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
                 if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
                     $error = TRUE;
                     if (!empty($error_msg)) {
                         $error_msg .= '<br />';
                     }
                     $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
                 }
             }
         }
         //
         // check Filesize
         //
         if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
             $size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
             if ($allowed_filesize >= 1048576) {
                 $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
             } else {
                 if ($allowed_filesize >= 1024) {
                     $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
                 }
             }
             $error = TRUE;
             if (!empty($error_msg)) {
                 $error_msg .= '<br />';
             }
             $error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
         }
         //
         // Check our complete quota
         //
         if (intval($attach_config['attachment_quota']) != 0) {
             $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
             if (!($result = $db->sql_query($sql))) {
                 message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
             }
             $row = $db->sql_fetchrow($result);
             $total_filesize = $row['total'];
             if ($total_filesize + $this->filesize > intval($attach_config['attachment_quota'])) {
                 $error = TRUE;
                 if (!empty($error_msg)) {
                     $error_msg .= '<br />';
                 }
                 $error_msg .= $lang['Attach_quota_reached'];
             }
         }
         $this->get_quota_limits($userdata);
         //
         // Check our user quota
         //
         if ($this->page != PAGE_PRIVMSGS) {
             if (intval($attach_config['upload_filesize_limit']) != 0) {
                 $sql = "SELECT attach_id\n                    FROM " . ATTACHMENTS_TABLE . "\n                    WHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)\n                    GROUP BY attach_id";
                 if (!($result = $db->sql_query($sql))) {
                     message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
                 }
                 $attach_ids = $db->sql_fetchrowset($result);
                 $num_attach_ids = $db->sql_numrows($result);
                 $attach_id = array();
                 for ($i = 0; $i < $num_attach_ids; $i++) {
                     $attach_id[] = intval($attach_ids[$i]['attach_id']);
                 }
                 if ($num_attach_ids > 0) {
                     //
                     // Now get the total filesize
                     //
                     $sql = "SELECT sum(filesize) as total\n                        FROM " . ATTACHMENTS_DESC_TABLE . "\n                        WHERE attach_id IN (" . implode(', ', $attach_id) . ")";
                     if (!($result = $db->sql_query($sql))) {
                         message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
                     }
                     $row = $db->sql_fetchrow($result);
                     $total_filesize = $row['total'];
                 } else {
                     $total_filesize = 0;
                 }
                 if ($total_filesize + $this->filesize > intval($attach_config['upload_filesize_limit'])) {
                     $upload_filesize_limit = intval($attach_config['upload_filesize_limit']);
                     $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
                     if ($upload_filesize_limit >= 1048576) {
                         $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
                     } else {
                         if ($upload_filesize_limit >= 1024) {
                             $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
                         }
                     }
                     $error = TRUE;
                     if (!empty($error_msg)) {
                         $error_msg .= '<br />';
                     }
                     $error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
                 }
             }
         }
         //
         // If we are at Private Messaging, check our PM Quota
         //
         if ($this->page == PAGE_PRIVMSGS) {
             $to_user = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
             if (intval($attach_config['pm_filesize_limit']) != 0) {
                 $total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']);
                 if ($total_filesize + $this->filesize > intval($attach_config['pm_filesize_limit'])) {
                     $error = TRUE;
                     if (!empty($error_msg)) {
                         $error_msg .= '<br />';
                     }
                     $error_msg .= $lang['Attach_quota_sender_pm_reached'];
                 }
             }
             //
             // Check Receivers PM Quota
             //
             if (!empty($to_user) && $userdata['user_level'] != ADMIN) {
                 $sql = "SELECT user_id\n                    FROM " . USERS_TABLE . "\n                    WHERE username = '******'";
                 if (!($result = $db->sql_query($sql))) {
                     message_die(GENERAL_ERROR, 'Could not query userdata', '', __LINE__, __FILE__, $sql);
                 }
                 $row = $db->sql_fetchrow($result);
                 $user_id = intval($row['user_id']);
                 $u_data = get_userdata($user_id);
                 $this->get_quota_limits($u_data, $user_id);
                 if (intval($attach_config['pm_filesize_limit']) != 0) {
                     $total_filesize = get_total_attach_pm_filesize('to_user', $user_id);
                     if ($total_filesize + $this->filesize > intval($attach_config['pm_filesize_limit'])) {
                         $error = TRUE;
                         if (!empty($error_msg)) {
                             $error_msg .= '<br />';
                         }
                         $error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user);
                     }
                 }
             }
         }
         $this->thumbnail = 0;
         if (!$error) {
             //
             // Prepare Values
             //
             $this->filetime = time();
             $this->filename = stripslashes($r_file);
             $this->attach_filename = strtolower($this->filename);
             // To re-add cryptic filenames, change this variable to true
             $cryptic = false;
             if (!$cryptic) {
                 $this->attach_filename = str_replace(' ', '_', $this->attach_filename);
                 $this->attach_filename = rawurlencode($this->attach_filename);
                 $this->attach_filename = preg_replace("/%(\\w{2})/", "_", $this->attach_filename);
                 if (physical_filename_already_stored($this->attach_filename)) {
                     $this->attach_filename = delete_extension($this->attach_filename);
                     $this->attach_filename = $this->attach_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
                 }
             } else {
                 $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
                 $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
             }
             $this->filename = str_replace("'", "\\'", $this->filename);
             //
             // Do we have to create a thumbnail ?
             //
             if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
                 $this->thumbnail = 1;
             }
         }
         //
         // Upload Attachment
         //
         if (!$error) {
             if (!intval($attach_config['allow_ftp_upload'])) {
                 //
                 // Descide the Upload method
                 //
                 $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
                 $safe_mode = @$ini_val('safe_mode');
                 if (@$ini_val('open_basedir')) {
                     if (@phpversion() < '4.0.3') {
                         $upload_mode = 'copy';
                     } else {
                         $upload_mode = 'move';
                     }
                 } else {
                     if (@$ini_val('safe_mode')) {
                         $upload_mode = 'move';
                     } else {
                         $upload_mode = 'copy';
                     }
                 }
             } else {
                 $upload_mode = 'ftp';
             }
             //
             // Ok, upload the Attachment
             //
             if (!$error) {
                 $this->move_uploaded_attachment($upload_mode, $file);
             }
         }
         if ($error) {
             $this->post_attach = FALSE;
         }
     }
 }
    /**
     * Upload an Attachment to Filespace (intern)
     */
    function upload_attachment()
    {
        global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
        $this->post_attach = $this->filename != '' ? TRUE : FALSE;
        if ($this->post_attach) {
            $r_file = trim(basename($this->filename));
            $file = $_FILES['fileupload']['tmp_name'];
            $this->type = $_FILES['fileupload']['type'];
            if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) {
                bb_die('Tried to upload empty file');
            }
            $this->type = strtolower($this->type);
            $this->extension = strtolower(get_extension($this->filename));
            $this->filesize = @filesize($file);
            $this->filesize = intval($this->filesize);
            $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
				FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
            if (!($result = DB()->sql_query($sql))) {
                bb_die('Could not query extensions');
            }
            $row = DB()->sql_fetchrow($result);
            DB()->sql_freeresult($result);
            $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
            $cat_id = intval($row['cat_id']);
            $auth_cache = trim($row['forum_permissions']);
            // check Filename
            if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename));
            }
            // check php upload-size
            if (!$error && $file == 'none') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $ini_val = 'ini_get';
                $max_size = @$ini_val('upload_max_filesize');
                if ($max_size == '') {
                    $error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA'];
                } else {
                    $error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size);
                }
            }
            // Check Extension
            if (!$error && intval($row['allow_group']) == 0) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension));
            }
            // Check Forum Permissions
            if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension));
            }
            //bt
            // Check if user can post torrent
            global $post_data;
            if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH'];
            }
            //bt end
            // Upload File
            $this->thumbnail = 0;
            if (!$error) {
                //
                // Prepare Values
                $this->filetime = TIMENOW;
                $this->filename = $r_file;
                // physical filename
                //$this->attach_filename = strtolower($this->filename);
                $this->attach_filename = $this->filename;
                //bt
                if (FILENAME_CRYPTIC) {
                    $this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH);
                } else {
                    // original
                    $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
                    $this->attach_filename = delete_extension($this->attach_filename);
                    $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
                    $this->attach_filename = str_replace('__', '_', $this->attach_filename);
                    $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
                    $this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
                    // Remove non-latin characters
                    $this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename);
                    $this->attach_filename = rawurlencode($this->attach_filename);
                    $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
                    $this->attach_filename = trim($this->attach_filename);
                }
                $this->attach_filename = str_replace(array('&amp;', '&', ' '), '_', $this->attach_filename);
                $this->attach_filename = str_replace('php', '_php_', $this->attach_filename);
                $this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH);
                for ($i = 0, $max_try = 5; $i <= $max_try; $i++) {
                    $fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_';
                    $new_physical_filename = clean_filename($fn_prefix . $this->attach_filename);
                    if (!physical_filename_already_stored($new_physical_filename)) {
                        break;
                    }
                    if ($i == $max_try) {
                        bb_die('Could not create filename for attachment');
                    }
                }
                $this->attach_filename = $new_physical_filename;
                // Do we have to create a thumbnail ?
                if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
                    $this->thumbnail = 1;
                }
            }
            if ($error) {
                $this->post_attach = FALSE;
                return;
            }
            // Upload Attachment
            if (!$error) {
                // Descide the Upload method
                $ini_val = 'ini_get';
                $safe_mode = @$ini_val('safe_mode');
                if (@$ini_val('open_basedir')) {
                    $upload_mode = 'move';
                } else {
                    if (@$ini_val('safe_mode')) {
                        $upload_mode = 'move';
                    } else {
                        $upload_mode = 'copy';
                    }
                }
                // Ok, upload the Attachment
                if (!$error) {
                    $this->move_uploaded_attachment($upload_mode, $file);
                }
            }
            // Now, check filesize parameters
            if (!$error) {
                if (!$this->filesize) {
                    $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
                }
            }
            // Check Image Size, if it's an image
            if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) {
                list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
                if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
                    if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
                        $error = TRUE;
                        if (!empty($error_msg)) {
                            $error_msg .= '<br />';
                        }
                        $error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
                    }
                }
            }
            // check Filesize
            if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) {
                $allowed_filesize = humn_size($allowed_filesize);
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize);
            }
            // Check our complete quota
            if ($attach_config['attachment_quota']) {
                $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC;
                if (!($result = DB()->sql_query($sql))) {
                    bb_die('Could not query total filesize #1');
                }
                $row = DB()->sql_fetchrow($result);
                DB()->sql_freeresult($result);
                $total_filesize = $row['total'];
                if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
                    $error = TRUE;
                    if (!empty($error_msg)) {
                        $error_msg .= '<br />';
                    }
                    $error_msg .= $lang['ATTACH_QUOTA_REACHED'];
                }
            }
            $this->get_quota_limits($userdata);
            // Check our user quota
            if ($attach_config['upload_filesize_limit']) {
                $sql = 'SELECT attach_id
					FROM ' . BB_ATTACHMENTS . '
					WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
					GROUP BY attach_id';
                if (!($result = DB()->sql_query($sql))) {
                    bb_die('Could not query attachments');
                }
                $attach_ids = DB()->sql_fetchrowset($result);
                $num_attach_ids = DB()->num_rows($result);
                DB()->sql_freeresult($result);
                $attach_id = array();
                for ($i = 0; $i < $num_attach_ids; $i++) {
                    $attach_id[] = intval($attach_ids[$i]['attach_id']);
                }
                if ($num_attach_ids > 0) {
                    // Now get the total filesize
                    $sql = 'SELECT sum(filesize) as total
						FROM ' . BB_ATTACHMENTS_DESC . '
						WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
                    if (!($result = DB()->sql_query($sql))) {
                        bb_die('Could not query total filesize #2');
                    }
                    $row = DB()->sql_fetchrow($result);
                    DB()->sql_freeresult($result);
                    $total_filesize = $row['total'];
                } else {
                    $total_filesize = 0;
                }
                if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
                    $upload_filesize_limit = $attach_config['upload_filesize_limit'];
                    $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']);
                    if ($upload_filesize_limit >= 1048576) {
                        $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
                    } else {
                        if ($upload_filesize_limit >= 1024) {
                            $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
                        }
                    }
                    $error = TRUE;
                    if (!empty($error_msg)) {
                        $error_msg .= '<br />';
                    }
                    $error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang);
                }
            }
            if ($error) {
                unlink_attach($this->attach_filename);
                unlink_attach($this->attach_filename, MODE_THUMBNAIL);
                $this->post_attach = FALSE;
            }
        }
    }