// Generate correct Change List
$attachments = array();
for ($i = 0; $i < count($attach_change_list); $i++) {
$attachments['_' . $attach_change_list[$i]]['comment'] = $attach_comment_list[$i];
$attachments['_' . $attach_change_list[$i]]['download_count'] = $attach_download_count_list[$i];
}
$sql = 'SELECT *
FROM ' . ATTACHMENTS_DESC_TABLE . '
ORDER BY attach_id';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t get Attachment informations', '', __LINE__, __FILE__, $sql);
}
while ($attachrow = $db->sql_fetchrow($result)) {
if (isset($attachments['_' . $attachrow['attach_id']])) {
if ($attachrow['comment'] != $attachments['_' . $attachrow['attach_id']]['comment'] || $attachrow['download_count'] != $attachments['_' . $attachrow['attach_id']]['download_count']) {
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\t\tSET comment = '" . attach_mod_sql_escape($attachments['_' . $attachrow['attach_id']]['comment']) . "', download_count = " . (int) $attachments['_' . $attachrow['attach_id']]['download_count'] . "\n\t\t\t\t\tWHERE attach_id = " . (int) $attachrow['attach_id'];
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Couldn\'t update Attachments Informations', '', __LINE__, __FILE__, $sql);
}
}
}
}
$db->sql_freeresult($result);
}
// Statistics
if ($view == 'stats') {
$template->set_filenames(array('body' => 'admin/attach_cp_body.tpl'));
$upload_dir_size = get_formatted_dirsize();
if ($attach_config['attachment_quota'] >= 1048576) {
$attachment_quota = round($attach_config['attachment_quota'] / 1048576 * 100) / 100 . ' ' . $lang['MB'];
} else {
/**
* Build sql statement from array for insert/update/select statements
*
* Idea for this from Ikonboard
* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
*/
function attach_mod_sql_build_array($query, $assoc_ary = false)
{
if (!is_array($assoc_ary)) {
return false;
}
$fields = array();
$values = array();
if ($query == 'INSERT' || $query == 'INSERT_SELECT') {
foreach ($assoc_ary as $key => $var) {
$fields[] = $key;
if (is_null($var)) {
$values[] = 'NULL';
} else {
if (is_string($var)) {
$values[] = "'" . attach_mod_sql_escape($var) . "'";
} else {
if (is_array($var) && is_string($var[0])) {
$values[] = $var[0];
} else {
$values[] = is_bool($var) ? intval($var) : $var;
}
}
}
}
$query = $query == 'INSERT' ? ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')' : ' (' . implode(', ', $fields) . ') SELECT ' . implode(', ', $values) . ' ';
} else {
if ($query == 'MULTI_INSERT') {
$ary = array();
foreach ($assoc_ary as $id => $sql_ary) {
$values = array();
foreach ($sql_ary as $key => $var) {
if (is_null($var)) {
$values[] = 'NULL';
} elseif (is_string($var)) {
$values[] = "'" . attach_mod_sql_escape($var) . "'";
} else {
$values[] = is_bool($var) ? intval($var) : $var;
}
}
$ary[] = '(' . implode(', ', $values) . ')';
}
$query = ' (' . implode(', ', array_keys($assoc_ary[0])) . ') VALUES ' . implode(', ', $ary);
} else {
if ($query == 'UPDATE' || $query == 'SELECT') {
$values = array();
foreach ($assoc_ary as $key => $var) {
if (is_null($var)) {
$values[] = "{$key} = NULL";
} elseif (is_string($var)) {
$values[] = "{$key} = '" . attach_mod_sql_escape($var) . "'";
} else {
$values[] = is_bool($var) ? "{$key} = " . intval($var) : "{$key} = {$var}";
}
}
$query = implode($query == 'UPDATE' ? ', ' : ' AND ', $values);
}
}
}
return $query;
}
LIMIT 1';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not get Group Permissions from ' . EXTENSION_GROUPS_TABLE, '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$auth_p2 = auth_unpack(trim($row['forum_permissions']));
$auth_p = array();
// Generate array for Auth_Pack, delete the chosen ones
for ($i = 0; $i < sizeof($auth_p2); $i++) {
if (!in_array($auth_p2[$i], $delete_forums_list)) {
$auth_p[] = $auth_p2[$i];
}
}
$auth_bitstream = sizeof($auth_p) > 0 ? auth_pack($auth_p) : '';
$sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . " SET forum_permissions = '" . attach_mod_sql_escape($auth_bitstream) . "' WHERE group_id = " . (int) $group;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not update Permissions', '', __LINE__, __FILE__, $sql);
}
}
// Display the Group Permissions Box for configuring it
if ($e_mode == 'perm' && $group) {
$template->set_filenames(array('perm_box' => 'admin/extension_groups_permissions.tpl'));
$sql = 'SELECT group_name, forum_permissions
FROM ' . EXTENSION_GROUPS_TABLE . '
WHERE group_id = ' . intval($group) . '
LIMIT 1';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not get Group Name from ' . EXTENSION_GROUPS_TABLE, '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
function search_attachments($order_by, &$total_rows)
{
global $db, $HTTP_POST_VARS, $HTTP_GET_VARS, $lang;
$where_sql = array();
// Get submitted Vars
$search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat');
for ($i = 0; $i < sizeof($search_vars); $i++) {
${$search_vars}[$i] = get_var($search_vars[$i], '');
}
// Author name search
if ($search_author != '') {
// Bring in line with 2.0.x expected username
$search_author = addslashes(html_entity_decode($search_author));
$search_author = stripslashes(phpbb_clean_username($search_author));
// Prepare for directly going into sql query
$search_author = str_replace('*', '%', attach_mod_sql_escape($search_author));
// We need the post_id's, because we want to query the Attachment Table
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "\n\t\t\tWHERE username LIKE '{$search_author}'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t obtain list of matching users (searching for: ' . $search_author . ')', '', __LINE__, __FILE__, $sql);
}
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
do {
$matching_userids .= ($matching_userids != '' ? ', ' : '') . intval($row['user_id']);
} while ($row = $db->sql_fetchrow($result));
$db->sql_freeresult($result);
} else {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) ';
}
// Search Keyword
if ($search_keyword_fname != '') {
$match_word = str_replace('*', '%', $search_keyword_fname);
$where_sql[] = " (a.real_filename LIKE '" . attach_mod_sql_escape($match_word) . "') ";
}
if ($search_keyword_comment != '') {
$match_word = str_replace('*', '%', $search_keyword_comment);
$where_sql[] = " (a.comment LIKE '" . attach_mod_sql_escape($match_word) . "') ";
}
// Search Download Count
if ($search_count_smaller != '' || $search_count_greater != '') {
if ($search_count_smaller != '') {
$where_sql[] = ' (a.download_count < ' . (int) $search_count_smaller . ') ';
} else {
if ($search_count_greater != '') {
$where_sql[] = ' (a.download_count > ' . (int) $search_count_greater . ') ';
}
}
}
// Search Filesize
if ($search_size_smaller != '' || $search_size_greater != '') {
if ($search_size_smaller != '') {
$where_sql[] = ' (a.filesize < ' . (int) $search_size_smaller . ') ';
} else {
if ($search_size_greater != '') {
$where_sql[] = ' (a.filesize > ' . (int) $search_size_greater . ') ';
}
}
}
// Search Attachment Time
if ($search_days_greater != '') {
$where_sql[] = ' (a.filetime < ' . (time() - (int) $search_days_greater * 86400) . ') ';
}
// Search Forum
if ($search_forum) {
$where_sql[] = ' (p.forum_id = ' . intval($search_forum) . ') ';
}
// Search Cat... nope... sorry :(
$sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id
FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE ';
if (sizeof($where_sql) > 0) {
$sql .= implode('AND', $where_sql) . ' AND ';
}
$sql .= 't.post_id = p.post_id AND a.attach_id = t.attach_id ';
$total_rows_sql = $sql;
$sql .= $order_by;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attachments = $db->sql_fetchrowset($result);
$num_attach = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_attach == 0) {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
if (!($result = $db->sql_query($total_rows_sql))) {
message_die(GENERAL_ERROR, 'Could not query attachments', '', __LINE__, __FILE__, $sql);
}
$total_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
return $attachments;
}
/**
* Upload an Attachment to Filespace (intern)
*/
function upload_attachment()
{
global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = $this->filename != '' ? TRUE : FALSE;
if ($this->post_attach) {
$r_file = trim(basename(htmlspecialchars($this->filename)));
$file = $HTTP_POST_FILES['fileupload']['tmp_name'];
$this->type = $HTTP_POST_FILES['fileupload']['type'];
if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) {
message_die(GENERAL_ERROR, 'Tried to upload empty file');
}
// Opera add the name to the mime type
$this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
$this->type = strtolower($this->type);
$this->extension = strtolower(get_extension($this->filename));
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM ' . EXTENSION_GROUPS_TABLE . ' g, ' . EXTENSIONS_TABLE . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
$cat_id = intval($row['cat_id']);
$auth_cache = trim($row['forum_permissions']);
// check Filename
if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
}
// check php upload-size
if (!$error && $file == 'none') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '') {
$error_msg .= $lang['Attachment_php_size_na'];
} else {
$error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
}
}
// Check Extension
if (!$error && intval($row['allow_group']) == 0) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
}
// Check Forum Permissions
if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
}
// Upload File
$this->thumbnail = 0;
if (!$error) {
// Prepare Values
$this->filetime = time();
$this->filename = $r_file;
// physical filename
$this->attach_filename = strtolower($this->filename);
// To re-add cryptic filenames, change this variable to true
$cryptic = false;
if (!$cryptic) {
$this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
$this->attach_filename = delete_extension($this->attach_filename);
$this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
$this->attach_filename = str_replace('__', '_', $this->attach_filename);
$this->attach_filename = str_replace(array(',', '.', '!', '?', 'ü', 'Ü', 'ö', 'Ö', 'ä', 'Ä', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
$this->attach_filename = str_replace(array('$', 'ß', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
// Remove non-latin characters
$this->attach_filename = preg_replace("/([ÂÃ])([€-¿])/e", "chr(ord('\\1')<<6&0xC0|ord('\\2')&0x3F)", $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
$this->attach_filename = trim($this->attach_filename);
$new_filename = $this->attach_filename;
if (!$new_filename) {
$u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
$new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
do {
$this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
} while (physical_filename_already_stored($this->attach_filename));
unset($new_filename);
} else {
$u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
$this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
// Do we have to create a thumbnail ?
if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
$this->thumbnail = 1;
}
}
if ($error) {
$this->post_attach = FALSE;
return;
}
// Upload Attachment
if (!$error) {
if (!intval($attach_config['allow_ftp_upload'])) {
// Descide the Upload method
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$safe_mode = @$ini_val('safe_mode');
if (@$ini_val('open_basedir')) {
if (@phpversion() < '4.0.3') {
$upload_mode = 'copy';
} else {
$upload_mode = 'move';
}
} else {
if (@$ini_val('safe_mode')) {
$upload_mode = 'move';
} else {
$upload_mode = 'copy';
}
}
} else {
$upload_mode = 'ftp';
}
// Ok, upload the Attachment
if (!$error) {
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error) {
if ($upload_mode != 'ftp' && !$this->filesize) {
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
// Check Image Size, if it's an image
if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
// check Filesize
if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
$size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($allowed_filesize >= 1048576) {
$allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
} else {
if ($allowed_filesize >= 1024) {
$allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
}
// Check our complete quota
if ($attach_config['attachment_quota']) {
$sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_filesize = $row['total'];
if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_reached'];
}
}
$this->get_quota_limits($userdata);
// Check our user quota
if ($this->page != PAGE_PRIVMSGS) {
if ($attach_config['upload_filesize_limit']) {
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
AND privmsgs_id = 0
GROUP BY attach_id';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attach_ids = $db->sql_fetchrowset($result);
$num_attach_ids = $db->sql_numrows($result);
$db->sql_freeresult($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++) {
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0) {
// Now get the total filesize
$sql = 'SELECT sum(filesize) as total
FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_filesize = $row['total'];
} else {
$total_filesize = 0;
}
if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($upload_filesize_limit >= 1048576) {
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
} else {
if ($upload_filesize_limit >= 1024) {
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
}
}
}
// If we are at Private Messaging, check our PM Quota
if ($this->page == PAGE_PRIVMSGS) {
if ($attach_config['pm_filesize_limit']) {
$total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']);
if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_sender_pm_reached'];
}
}
$to_user = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
// Check Receivers PM Quota
if (!empty($to_user) && $userdata['user_level'] != ADMIN) {
$u_data = get_userdata($to_user, true);
$user_id = (int) $u_data['user_id'];
$this->get_quota_limits($u_data, $user_id);
if ($attach_config['pm_filesize_limit']) {
$total_filesize = get_total_attach_pm_filesize('to_user', $user_id);
if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user);
}
}
}
}
if ($error) {
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
$num_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_rows > 0) {
for ($i = 0; $i < $num_rows; $i++) {
if ($row[$i]['quota_desc'] == $quota_desc) {
$error = TRUE;
if (isset($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Quota_limit_exist'], $extension_group);
}
}
}
if (!$error) {
$filesize = $size_select == 'kb' ? round($filesize * 1024) : ($size_select == 'mb' ? round($filesize * 1048576) : $filesize);
$sql = "INSERT INTO " . QUOTA_LIMITS_TABLE . " (quota_desc, quota_limit) \n\t\t\tVALUES ('" . attach_mod_sql_escape($quota_desc) . "', " . (int) $filesize . ")";
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not add Quota Limit', '', __LINE__, __FILE__, $sql);
}
}
}
if (!$error) {
// Begin PNphpBB2 Module
// $message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . append_sid("admin_attachments.$phpEx?mode=quota") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
$message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . append_sid("admin_attachments.{$phpEx}?mode=quota") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("admin.{$phpEx}?pane=right") . '">', '</a>');
// End PNphpBB2 Module
message_die(GENERAL_MESSAGE, $message);
}
}
if ($mode == 'quota') {
$template->set_filenames(array('body' => 'admin/attach_quota_body.tpl'));
/**
* Upload an Attachment to Filespace (intern)
*/
function upload_attachment()
{
global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = $this->filename != '' ? TRUE : FALSE;
if ($this->post_attach) {
$r_file = trim(basename($this->filename));
$file = $_FILES['fileupload']['tmp_name'];
$this->type = $_FILES['fileupload']['type'];
if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) {
bb_die('Tried to upload empty file');
}
$this->type = strtolower($this->type);
$this->extension = strtolower(get_extension($this->filename));
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query extensions');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
$cat_id = intval($row['cat_id']);
$auth_cache = trim($row['forum_permissions']);
// check Filename
if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename));
}
// check php upload-size
if (!$error && $file == 'none') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$ini_val = 'ini_get';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '') {
$error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA'];
} else {
$error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size);
}
}
// Check Extension
if (!$error && intval($row['allow_group']) == 0) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension));
}
// Check Forum Permissions
if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension));
}
//bt
// Check if user can post torrent
global $post_data;
if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH'];
}
//bt end
// Upload File
$this->thumbnail = 0;
if (!$error) {
//
// Prepare Values
$this->filetime = TIMENOW;
$this->filename = $r_file;
// physical filename
//$this->attach_filename = strtolower($this->filename);
$this->attach_filename = $this->filename;
//bt
if (FILENAME_CRYPTIC) {
$this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH);
} else {
// original
$this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
$this->attach_filename = delete_extension($this->attach_filename);
$this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
$this->attach_filename = str_replace('__', '_', $this->attach_filename);
$this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
$this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
// Remove non-latin characters
$this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
$this->attach_filename = trim($this->attach_filename);
}
$this->attach_filename = str_replace(array('&', '&', ' '), '_', $this->attach_filename);
$this->attach_filename = str_replace('php', '_php_', $this->attach_filename);
$this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH);
for ($i = 0, $max_try = 5; $i <= $max_try; $i++) {
$fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_';
$new_physical_filename = clean_filename($fn_prefix . $this->attach_filename);
if (!physical_filename_already_stored($new_physical_filename)) {
break;
}
if ($i == $max_try) {
bb_die('Could not create filename for attachment');
}
}
$this->attach_filename = $new_physical_filename;
// Do we have to create a thumbnail ?
if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
$this->thumbnail = 1;
}
}
if ($error) {
$this->post_attach = FALSE;
return;
}
// Upload Attachment
if (!$error) {
// Descide the Upload method
$ini_val = 'ini_get';
$safe_mode = @$ini_val('safe_mode');
if (@$ini_val('open_basedir')) {
$upload_mode = 'move';
} else {
if (@$ini_val('safe_mode')) {
$upload_mode = 'move';
} else {
$upload_mode = 'copy';
}
}
// Ok, upload the Attachment
if (!$error) {
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error) {
if (!$this->filesize) {
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
// Check Image Size, if it's an image
if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) {
list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
// check Filesize
if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) {
$allowed_filesize = humn_size($allowed_filesize);
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize);
}
// Check our complete quota
if ($attach_config['attachment_quota']) {
$sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC;
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query total filesize #1');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$total_filesize = $row['total'];
if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['ATTACH_QUOTA_REACHED'];
}
}
$this->get_quota_limits($userdata);
// Check our user quota
if ($attach_config['upload_filesize_limit']) {
$sql = 'SELECT attach_id
FROM ' . BB_ATTACHMENTS . '
WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
GROUP BY attach_id';
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query attachments');
}
$attach_ids = DB()->sql_fetchrowset($result);
$num_attach_ids = DB()->num_rows($result);
DB()->sql_freeresult($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++) {
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0) {
// Now get the total filesize
$sql = 'SELECT sum(filesize) as total
FROM ' . BB_ATTACHMENTS_DESC . '
WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query total filesize #2');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$total_filesize = $row['total'];
} else {
$total_filesize = 0;
}
if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']);
if ($upload_filesize_limit >= 1048576) {
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
} else {
if ($upload_filesize_limit >= 1024) {
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang);
}
}
if ($error) {
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
