if ($row['forum_password']) {
// Do something else ... ?
login_forum_box($row);
}
} else {
//trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
} else {
$row['forum_id'] = 0;
if (!$_CLASS['auth']->acl_get('u_pm_download') || !$config['auth_download_pm']) {
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
}
// disallowed ?
$extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) {
trigger_error(sprintf($_CLASS['core_user']->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
if (!download_allowed()) {
trigger_error($_CLASS['core_user']->lang['LINKAGE_FORBIDDEN']);
}
$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
// Fetching filename here to prevent sniffing of filename
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
FROM ' . FORUMS_ATTACHMENTS_TABLE . "\n\tWHERE attach_id = {$download_id}";
$result = $_CLASS['core_db']->query_limit($sql, 1);
if (!($attachment = $_CLASS['core_db']->fetch_row_assoc($result))) {
trigger_error('ERROR_NO_ATTACHMENT');
}
$_CLASS['core_db']->free_result($result);
$attachment['physical_filename'] = basename($attachment['physical_filename']);
/**
* Display Attachments
*/
function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false)
{
global $template, $cache, $user;
global $extensions, $config, $phpbb_root_path, $phpEx;
$return_tpl = array();
$template->set_filenames(array('attachment_tpl' => 'attachment.html'));
if (empty($extensions) || !is_array($extensions)) {
$extensions = array();
$cache->obtain_attach_extensions($extensions);
}
foreach ($attachment_data as $attachment) {
// We need to reset/empty the _file block var, because this function might be called more than once
$template->destroy_block_vars('_file');
$block_array = array();
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
$filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']);
$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
$upload_icon = '';
if (isset($extensions[$attachment['extension']])) {
if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) {
$upload_icon = $user->img('icon_attach', '');
} else {
if ($extensions[$attachment['extension']]['upload_icon']) {
$upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
}
}
}
$filesize = $attachment['filesize'];
$size_lang = $filesize >= 1048576 ? $user->lang['MB'] : ($filesize >= 1024 ? $user->lang['KB'] : $user->lang['BYTES']);
$filesize = $filesize >= 1048576 ? round(round($filesize / 1048576 * 100) / 100, 2) : ($filesize >= 1024 ? round(round($filesize / 1024 * 100) / 100, 2) : $filesize);
$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
$block_array += array('UPLOAD_ICON' => $upload_icon, 'FILESIZE' => $filesize, 'SIZE_LANG' => $size_lang, 'DOWNLOAD_NAME' => basename($attachment['real_filename']), 'COMMENT' => $comment);
$denied = false;
if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) {
$denied = true;
$block_array += array('S_DENIED' => true, 'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
if (!$denied) {
$l_downloaded_viewed = $download_link = '';
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) {
if ($attachment['thumbnail']) {
$display_cat = ATTACHMENT_CATEGORY_THUMB;
} else {
if ($config['img_display_inlined']) {
if ($config['img_link_width'] || $config['img_link_height']) {
list($width, $height) = @getimagesize($filename);
$display_cat = !$width && !$height ? ATTACHMENT_CATEGORY_IMAGE : ($width <= $config['img_link_width'] && $height <= $config['img_link_height'] ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE);
}
} else {
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
}
}
switch ($display_cat) {
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array('S_IMAGE' => true);
$update_count[] = $attachment['attach_id'];
break;
// Images, but display Thumbnail
// Images, but display Thumbnail
case ATTACHMENT_CATEGORY_THUMB:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = !$force_physical && $attachment['attach_id'] ? append_sid("{$phpbb_root_path}download.{$phpEx}", 'id=' . $attachment['attach_id']) : $filename;
$block_array += array('S_THUMBNAIL' => true, 'THUMB_IMAGE' => $thumbnail_filename);
break;
// Windows Media Streams
// Windows Media Streams
case ATTACHMENT_CATEGORY_WM:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array('S_WM_FILE' => true);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
// Real Media Streams
// Real Media Streams
case ATTACHMENT_CATEGORY_RM:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array('S_RM_FILE' => true, 'U_FORUM' => generate_board_url(), 'ATTACH_ID' => $attachment['attach_id']);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
/* // Macromedia Flash Files
case SWF_CAT:
list($width, $height) = swf_getdimension($filename);
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array(
'S_SWF_FILE' => true,
'WIDTH' => $width,
'HEIGHT' => $height,
);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
*/
/* // Macromedia Flash Files
case SWF_CAT:
list($width, $height) = swf_getdimension($filename);
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array(
'S_SWF_FILE' => true,
'WIDTH' => $width,
'HEIGHT' => $height,
);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
*/
default:
$l_downloaded_viewed = $user->lang['DOWNLOADED'];
$download_link = !$force_physical && $attachment['attach_id'] ? append_sid("{$phpbb_root_path}download.{$phpEx}", 'id=' . $attachment['attach_id']) : $filename;
$block_array += array('S_FILE' => true);
break;
}
$l_download_count = !isset($attachment['download_count']) || $attachment['download_count'] == 0 ? $user->lang['DOWNLOAD_NONE'] : ($attachment['download_count'] == 1 ? sprintf($user->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($user->lang['DOWNLOAD_COUNTS'], $attachment['download_count']));
$block_array += array('U_DOWNLOAD_LINK' => $download_link, 'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed, 'L_DOWNLOAD_COUNT' => $l_download_count);
}
$template->assign_block_vars('_file', $block_array);
$tpl = $template->assign_display('attachment_tpl');
if (!$return) {
$template->assign_block_vars($blockname, array('DISPLAY_ATTACHMENT' => $tpl));
} else {
$return_tpl[] = $tpl;
}
}
return $return_tpl;
}
/**
* General attachment parsing
*
* @param mixed $forum_id The forum id the attachments are displayed in (false if in private message)
* @param string &$message The post/private message
* @param array &$attachments The attachments to parse for (inline) display. The attachments array will hold templated data after parsing.
* @param array &$update_count The attachment counts to be updated - will be filled
* @param bool $preview If set to true the attachments are parsed for preview. Within preview mode the comments are fetched from the given $attachments array and not fetched from the database.
*/
function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $preview = false)
{
if (!sizeof($attachments)) {
return;
}
global $template, $cache, $user, $phpbb_dispatcher;
global $extensions, $config, $phpbb_root_path, $phpEx;
//
$compiled_attachments = array();
if (!isset($template->filename['attachment_tpl'])) {
$template->set_filenames(array('attachment_tpl' => 'attachment.html'));
}
if (empty($extensions) || !is_array($extensions)) {
$extensions = $cache->obtain_attach_extensions($forum_id);
}
// Look for missing attachment information...
$attach_ids = array();
foreach ($attachments as $pos => $attachment) {
// If is_orphan is set, we need to retrieve the attachments again...
if (!isset($attachment['extension']) && !isset($attachment['physical_filename'])) {
$attach_ids[(int) $attachment['attach_id']] = $pos;
}
}
// Grab attachments (security precaution)
if (sizeof($attach_ids)) {
global $db;
$new_attachment_data = array();
$sql = 'SELECT *
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if (!isset($attach_ids[$row['attach_id']])) {
continue;
}
// If we preview attachments we will set some retrieved values here
if ($preview) {
$row['attach_comment'] = $attachments[$attach_ids[$row['attach_id']]]['attach_comment'];
}
$new_attachment_data[$attach_ids[$row['attach_id']]] = $row;
}
$db->sql_freeresult($result);
$attachments = $new_attachment_data;
unset($new_attachment_data);
}
// Sort correctly
if ($config['display_order']) {
// Ascending sort
krsort($attachments);
} else {
// Descending sort
ksort($attachments);
}
foreach ($attachments as $attachment) {
if (!sizeof($attachment)) {
continue;
}
// We need to reset/empty the _file block var, because this function might be called more than once
$template->destroy_block_vars('_file');
$block_array = array();
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
$filename = $phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);
$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . utf8_basename($attachment['physical_filename']);
$upload_icon = '';
if (isset($extensions[$attachment['extension']])) {
if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) {
$upload_icon = $user->img('icon_topic_attach', '');
} else {
if ($extensions[$attachment['extension']]['upload_icon']) {
$upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
}
}
}
$filesize = get_formatted_filesize($attachment['filesize'], false);
$comment = bbcode_nl2br(censor_text($attachment['attach_comment']));
$block_array += array('UPLOAD_ICON' => $upload_icon, 'FILESIZE' => $filesize['value'], 'SIZE_LANG' => $filesize['unit'], 'DOWNLOAD_NAME' => utf8_basename($attachment['real_filename']), 'COMMENT' => $comment);
$denied = false;
if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) {
$denied = true;
$block_array += array('S_DENIED' => true, 'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
}
if (!$denied) {
$l_downloaded_viewed = $download_link = '';
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) {
if ($attachment['thumbnail']) {
$display_cat = ATTACHMENT_CATEGORY_THUMB;
} else {
if ($config['img_display_inlined']) {
if ($config['img_link_width'] || $config['img_link_height']) {
$dimension = @getimagesize($filename);
// If the dimensions could not be determined or the image being 0x0 we display it as a link for safety purposes
if ($dimension === false || empty($dimension[0]) || empty($dimension[1])) {
$display_cat = ATTACHMENT_CATEGORY_NONE;
} else {
$display_cat = $dimension[0] <= $config['img_link_width'] && $dimension[1] <= $config['img_link_height'] ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE;
}
}
} else {
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
}
}
// Make some descisions based on user options being set.
if (($display_cat == ATTACHMENT_CATEGORY_IMAGE || $display_cat == ATTACHMENT_CATEGORY_THUMB) && !$user->optionget('viewimg')) {
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash')) {
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
$download_link = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id']);
$l_downloaded_viewed = 'VIEWED_COUNTS';
switch ($display_cat) {
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$inline_link = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id']);
$download_link .= '&mode=view';
$block_array += array('S_IMAGE' => true, 'U_INLINE_LINK' => $inline_link);
$update_count[] = $attachment['attach_id'];
break;
// Images, but display Thumbnail
// Images, but display Thumbnail
case ATTACHMENT_CATEGORY_THUMB:
$thumbnail_link = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'id=' . $attachment['attach_id'] . '&t=1');
$download_link .= '&mode=view';
$block_array += array('S_THUMBNAIL' => true, 'THUMB_IMAGE' => $thumbnail_link);
$update_count[] = $attachment['attach_id'];
break;
// Windows Media Streams
// Windows Media Streams
case ATTACHMENT_CATEGORY_WM:
// Giving the filename directly because within the wm object all variables are in local context making it impossible
// to validate against a valid session (all params can differ)
// $download_link = $filename;
$block_array += array('U_FORUM' => generate_board_url(), 'ATTACH_ID' => $attachment['attach_id'], 'S_WM_FILE' => true);
// Viewed/Heared File ... update the download count
$update_count[] = $attachment['attach_id'];
break;
// Real Media Streams
// Real Media Streams
case ATTACHMENT_CATEGORY_RM:
case ATTACHMENT_CATEGORY_QUICKTIME:
$block_array += array('S_RM_FILE' => $display_cat == ATTACHMENT_CATEGORY_RM ? true : false, 'S_QUICKTIME_FILE' => $display_cat == ATTACHMENT_CATEGORY_QUICKTIME ? true : false, 'U_FORUM' => generate_board_url(), 'ATTACH_ID' => $attachment['attach_id']);
// Viewed/Heared File ... update the download count
$update_count[] = $attachment['attach_id'];
break;
// Macromedia Flash Files
// Macromedia Flash Files
case ATTACHMENT_CATEGORY_FLASH:
list($width, $height) = @getimagesize($filename);
$block_array += array('S_FLASH_FILE' => true, 'WIDTH' => $width, 'HEIGHT' => $height, 'U_VIEW_LINK' => $download_link . '&view=1');
// Viewed/Heared File ... update the download count
$update_count[] = $attachment['attach_id'];
break;
default:
$l_downloaded_viewed = 'DOWNLOAD_COUNTS';
$block_array += array('S_FILE' => true);
break;
}
if (!isset($attachment['download_count'])) {
$attachment['download_count'] = 0;
}
$block_array += array('U_DOWNLOAD_LINK' => $download_link, 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $attachment['download_count']));
}
/**
* Use this event to modify the attachment template data.
*
* This event is triggered once per attachment.
*
* @event core.parse_attachments_modify_template_data
* @var array attachment Array with attachment data
* @var array block_array Template data of the attachment
* @var int display_cat Attachment category data
* @var string download_link Attachment download link
* @var array extensions Array with attachment extensions data
* @var mixed forum_id The forum id the attachments are displayed in (false if in private message)
* @var bool preview Flag indicating if we are in post preview mode
* @var array update_count Array with attachment ids to update download count
* @since 3.1.0-RC5
*/
$vars = array('attachment', 'block_array', 'display_cat', 'download_link', 'extensions', 'forum_id', 'preview', 'update_count');
extract($phpbb_dispatcher->trigger_event('core.parse_attachments_modify_template_data', compact($vars)));
$template->assign_block_vars('_file', $block_array);
$compiled_attachments[] = $template->assign_display('attachment_tpl');
}
$attachments = $compiled_attachments;
unset($compiled_attachments);
$tpl_size = sizeof($attachments);
$unset_tpl = array();
preg_match_all('#<!\\-\\- ia([0-9]+) \\-\\->(.*?)<!\\-\\- ia\\1 \\-\\->#', $message, $matches, PREG_PATTERN_ORDER);
$replace = array();
foreach ($matches[0] as $num => $capture) {
// Flip index if we are displaying the reverse way
$index = $config['display_order'] ? $tpl_size - ($matches[1][$num] + 1) : $matches[1][$num];
$replace['from'][] = $matches[0][$num];
$replace['to'][] = isset($attachments[$index]) ? $attachments[$index] : sprintf($user->lang['MISSING_INLINE_ATTACHMENT'], $matches[2][array_search($index, $matches[1])]);
$unset_tpl[] = $index;
}
if (isset($replace['from'])) {
$message = str_replace($replace['from'], $replace['to'], $message);
}
$unset_tpl = array_unique($unset_tpl);
// Needed to let not display the inlined attachments at the end of the post again
foreach ($unset_tpl as $index) {
unset($attachments[$index]);
}
}
function display_attachments($forum_id, $attachment_data, &$update_count, $force_physical = false, $parse = false)
{
global $config, $_CLASS;
$datas = array();
$extensions = obtain_attach_extensions();
if (!is_array($update_count)) {
$update_count = array();
}
foreach ($attachment_data as $attachment) {
$attachment['extension'] = strtolower(trim($attachment['extension']));
if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) {
$data['category'] = 'DENIED';
$data['lang'] = sprintf($_CLASS['core_user']->get_lang('EXTENSION_DISABLED_AFTER_POSTING'), $attachment['extension']);
} else {
$filename = $config['upload_path'] . '/' . basename($attachment['physical_filename']);
// to easy isn't it ?
$thumbnail_filename = $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) {
if ($attachment['thumbnail']) {
$display_cat = ATTACHMENT_CATEGORY_THUMB;
} else {
if ($config['img_display_inlined']) {
if ($config['img_link_width'] || $config['img_link_height']) {
list($width, $height) = getimagesize($filename);
$display_cat = !$width && !$height ? ATTACHMENT_CATEGORY_IMAGE : ($width <= $config['img_link_width'] && $height <= $config['img_link_height'] ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE);
}
} else {
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
}
}
switch ($display_cat) {
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$data['category'] = 'IMAGE';
$data['image_src'] = $filename;
//$attachment['download_count']++;
$update_count[] = $attachment['attach_id'];
break;
// Images, but display Thumbnail
// Images, but display Thumbnail
case ATTACHMENT_CATEGORY_THUMB:
$data['category'] = 'THUMBNAIL';
$data['image_src'] = $thumbnail_filename;
$data['link'] = !$force_physical ? generate_link('Forums&file=download&id=' . $attachment['attach_id']) : $filename;
break;
// Windows Media Streams
// Windows Media Streams
case ATTACHMENT_CATEGORY_WM:
$data['category'] = 'WM_STREAM';
$data['link'] = $filename;
// Viewed/Heared File ... update the download count (download.php is not called here)
//$attachment['download_count']++;
$update_count[] = $attachment['attach_id'];
break;
// Real Media Streams
// Real Media Streams
case ATTACHMENT_CATEGORY_RM:
$data['category'] = 'RM_STREAM';
$data['link'] = $filename;
// Viewed/Heared File ... update the download count (download.php is not called here)
//$attachment['download_count']++;
$update_count[] = $attachment['attach_id'];
break;
default:
$data['category'] = 'FILE';
$data['link'] = !$force_physical ? generate_link('Forums&file=download&id=' . $attachment['attach_id']) : $filename;
break;
}
$data['lang_size'] = $attachment['filesize'] >= 1048576 ? round(round($attachment['filesize'] / 1048576 * 100) / 100, 2) . $_CLASS['core_user']->lang['MB'] : ($attachment['filesize'] >= 1024 ? round(round($attachment['filesize'] / 1024 * 100) / 100, 2) . $_CLASS['core_user']->lang['KB'] : $attachment['filesize'] . $_CLASS['core_user']->lang['BYTES']);
$data['lang_views'] = !$attachment['download_count'] ? $_CLASS['core_user']->lang['DOWNLOAD_NONE'] : ($attachment['download_count'] == 1 ? sprintf($_CLASS['core_user']->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($_CLASS['core_user']->lang['DOWNLOAD_COUNTS'], $attachment['download_count']));
$data['icon'] = isset($extensions[$attachment['extension']]['upload_icon']) && $extensions[$attachment['extension']]['upload_icon'] ? $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) : false;
$data['name'] = basename($attachment['real_filename']);
$data['comment'] = str_replace("\n", '<br />', censor_text($attachment['comment']));
}
if ($parse) {
$_CLASS['core_template']->assign_vars_array('attachments', $data);
$datas[] = $_CLASS['core_template']->display('modules/Forums/attachments.html', true);
} else {
$datas[] = $data;
}
}
return $datas;
}