/**
* Select library
*
* @return object
*/
public static function &fetch_library(&$registry, $contenttypeid, $categoryid = 0, $values = array())
{
if (self::$instance) {
return self::$instance;
}
$types = vB_Types::instance();
if (!($contenttypeid = $types->getContentTypeID($contenttypeid))) {
return false;
}
$package = $types->getContentTypePackage($contenttypeid);
$class = $types->getContentTypeClass($contenttypeid);
$selectclass = "vB_Attachment_Store_{$package}_{$class}";
$path = DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php';
if (file_exists($path)) {
include_once $path;
if (class_exists($selectclass)) {
self::$instance = new $selectclass($registry, $contenttypeid, $categoryid, $values);
return self::$instance;
}
}
return false;
}
$vbulletin->input->clean_array_gpc('r', array('poststarttime' => TYPE_UINT));
$attachmentid = 0;
$contenttypeid = 1;
if (!$vbulletin->userinfo['userid'] or empty($vbulletin->GPC['poststarttime'])) {
json_error(ERR_NO_PERMISSION);
}
$vbulletin->GPC['posthash'] = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
if ($vbulletin->GPC_exists['forumid']) {
$values[f] = $vbulletin->GPC['forumid'];
}
if ($vbulletin->GPC_exists['threadid']) {
$values[t] = $vbulletin->GPC['threadid'];
}
$values[poststarttime] = $vbulletin->GPC['poststarttime'];
$values[posthash] = $vbulletin->GPC['posthash'];
if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, $vbulletin->GPC['categoryid'], $values))) {
json_error("eek");
}
if (!$attachlib->verify_permissions()) {
json_error(ERR_NO_PERMISSION);
}
function do_upload_attachment()
{
global $vbulletin, $db, $foruminfo, $attachlib;
$vbulletin->input->clean_gpc('f', 'attachment', TYPE_FILE);
// format vbulletin expects: $files[name][x]... we only have one per post
$vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['attachment']['name']), 'tmp_name' => array($vbulletin->GPC['attachment']['tmp_name']), 'error' => array($vbulletin->GPC['attachment']['error']), 'size' => array($vbulletin->GPC['attachment']['size']));
if ($vbulletin->GPC['flash'] and is_array($vbulletin->GPC['attachment'])) {
$vbulletin->GPC['attachment']['utf8_names'] = true;
}
$uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']);
$contenttypeid = $vbulletin->input->clean_gpc('r', 'contenttypeid', TYPE_NOHTML);
$insertinline = $vbulletin->input->clean_gpc('r', 'insertinline', TYPE_UINT);
if (!$vbulletin->userinfo['userid'] or empty($vbulletin->userinfo['attachmentextensions']) or $vbulletin->GPC['posthash'] != md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'])) {
if (!$vbulletin->userinfo['userid'] and $vbulletin->GPC['userid']) {
$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
if ($vbulletin->GPC['posthash'] == md5($vbulletin->GPC['poststarttime'] . $userinfo['userid'] . $userinfo['salt'])) {
$vbulletin->userinfo = $userinfo;
cache_permissions($vbulletin->userinfo, true);
} else {
print_no_permission();
}
} else {
print_no_permission();
}
}
if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, $vbulletin->GPC['categoryid'], $vbulletin->GPC['values'])) or !$attachlib->verify_permissions()) {
print_no_permission();
}
$new_attachlist_js = '';
($hook = vBulletinHook::fetch_hook('newattachment_start')) ? eval($hook) : false;
$show['errors'] = false;
if (!$attachlib->fetch_attachcount()) {
print_no_permission();
}
$show['ajaxform'] = $_REQUEST['do'] == 'assetmanager';
$show['ajaxupload'] = ($_POST['ajax'] and $_POST['do'] == 'manageattach');
$currentattachment = array('attachmentid' => 0, 'hasthumbnail' => false);
// ##################### Add Attachment to Content ####################
if ($_POST['do'] == 'manageattach') {
$vbulletin->input->clean_array_gpc('p', array('upload' => TYPE_STR, 'delete' => TYPE_ARRAY_STR, 'filedata' => TYPE_ARRAY_UINT, 'flash' => TYPE_UINT, 'imageonly' => TYPE_BOOL));
$uploads = array();
function do_upload_photo()
{
global $vbulletin, $db, $show, $vbphrase, $foruminfo, $userinfo, $albuminfo, $session, $contenttypeid;
$vbulletin->input->clean_array_gpc('p', array('caption' => TYPE_STR));
if (empty($albuminfo)) {
standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink']));
}
// adding new, can only add in your own
if ($userinfo['userid'] != $vbulletin->userinfo['userid']) {
print_no_permission();
}
$vbulletin->input->clean_gpc('f', 'photo', TYPE_FILE);
// format vbulletin expects: $files[name][x]... we only have one per post
$vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['photo']['name']), 'tmp_name' => array($vbulletin->GPC['photo']['tmp_name']), 'error' => array($vbulletin->GPC['photo']['error']), 'size' => array($vbulletin->GPC['photo']['size']));
$values['albumid'] = $vbulletin->GPC['albumid'];
if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, 0, $values))) {
json_error("could not create attachment store");
}
if (!$attachlib->verify_permissions()) {
json_error(ERR_NO_PERMISSION);
}
$uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']);
$uploads = explode(',', $uploadids);
if (!empty($attachlib->errors)) {
$errorlist = '';
foreach ($attachlib->errors as $error) {
$filename = htmlspecialchars_uni($error['filename']);
$errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"];
json_error($errormessage, RV_UPLOAD_ERROR);
}
}
// Fetch possible destination albums
$destination_result = $db->query_read("\n SELECT\n albumid, userid, title, coverattachmentid, state\n FROM " . TABLE_PREFIX . "album\n WHERE\n userid = {$userinfo['userid']}\n ");
$destinations = array();
if ($db->num_rows($destination_result)) {
while ($album = $db->fetch_array($destination_result)) {
$destinations[$album['albumid']] = $album;
}
}
$db->free_result($destination_result);
$picture_sql = $db->query_read("\n SELECT\n a.contentid, a.userid, a.caption, a.state, a.dateline, a.attachmentid, a.contenttypeid,\n filedata.extension, filedata.filesize, filedata.thumbnail_filesize, filedata.filedataid\n FROM " . TABLE_PREFIX . "attachment AS a\n INNER JOIN " . TABLE_PREFIX . "filedata AS filedata ON (a.filedataid = filedata.filedataid)\n WHERE\n a.contentid = 0\n AND\n a.attachmentid IN (" . implode(',', $uploads) . ")\n ");
while ($picture = $db->fetch_array($picture_sql)) {
$attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_ARRAY, 'attachment');
$attachdata->set_existing($picture);
$attachdata->set_info('albuminfo', $albuminfo);
$attachdata->set_info('destination', $destinations[$albuminfo['albumid']]);
$attachdata->set('contentid', $albuminfo['albumid']);
$attachdata->set('posthash', '');
$attachdata->set('caption', $vbulletin->GPC['caption']);
$attachdata->save();
}
// update all albums that pictures were moved to
foreach ($destinations as $albumid => $album) {
if (sizeof($album['moved_pictures'])) {
$albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT);
$albumdata->set_existing($album);
if (!$album['coverattachmentid']) {
$albumdata->set('coverattachmentid', array_shift($album['moved_pictures']));
}
$albumdata->rebuild_counts();
$albumdata->save();
unset($albumdata);
}
}
$albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT);
$albumdata->set_existing($albuminfo);
$albumdata->rebuild_counts();
if ($new_coverid or $updatecounter) {
if ($new_coverid or $cover_moved) {
$albumdata->set('coverattachmentid', $new_coverid);
}
}
$albumdata->save();
unset($albumdata);
// add to updated list
if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) {
exec_album_updated($vbulletin->userinfo, $albuminfo);
}
return array('success' => true);
}
$vbulletin->input->clean_array_gpc('p', array('alignment' => TYPE_NOHTML, 'size' => TYPE_NOHTML, 'title' => TYPE_NOHTML, 'caption' => TYPE_NOHTML, 'link' => TYPE_UINT, 'linkurl' => TYPE_NOHTML, 'linktarget' => TYPE_BOOL, 'styles' => TYPE_NOHTML, 'description' => TYPE_NOHTML, 'attachmentid' => TYPE_UINT, 'posthash' => TYPE_NOHTML, 'poststarttime' => TYPE_UINT, 'contentid' => TYPE_UINT));
if ($vbulletin->GPC['posthash'] != md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'])) {
exit;
}
$vbulletin->GPC['title'] = convert_urlencoded_unicode($vbulletin->GPC['title']);
$vbulletin->GPC['caption'] = convert_urlencoded_unicode($vbulletin->GPC['caption']);
$vbulletin->GPC['description'] = convert_urlencoded_unicode($vbulletin->GPC['description']);
$settings = array('alignment' => $vbulletin->GPC['alignment'], 'size' => $vbulletin->GPC['size'], 'caption' => $vbulletin->GPC['caption'], 'link' => $vbulletin->GPC['link'], 'linkurl' => $vbulletin->GPC['linkurl'], 'linktarget' => $vbulletin->GPC['linktarget'], 'styles' => $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canattachmentcss'] ? $vbulletin->GPC['styles'] : '', 'description' => $vbulletin->GPC['description'], 'title' => $vbulletin->GPC['title']);
$attachment = $db->query_first("\n\t\tSELECT attachmentid, settings, posthash, contenttypeid, contentid\n\t\tFROM " . TABLE_PREFIX . "attachment\n\t\tWHERE attachmentid = " . $vbulletin->GPC['attachmentid'] . "\n\t");
if (!$attachment or $attachment['posthash'] and $attachment['posthash'] != $vbulletin->GPC['posthash']) {
exit;
}
if (!$attachment['posthash']) {
require_once DIR . '/packages/vbattach/attach.php';
// Verify that the user can modify this EXISTING attachment..
if ($vbulletin->GPC['contentid'] != $attachment['contentid'] or !($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $attachment['contenttypeid'])) or !$attachlib->verify_permissions_attachmentid($attachment['attachmentid'])) {
exit;
}
}
$db->query_write("\n\t\tINSERT INTO " . TABLE_PREFIX . "attachment\n\t\t\t(attachmentid, settings)\n\t\tVALUES (" . $vbulletin->GPC['attachmentid'] . ", '" . $db->escape_string(serialize($settings)) . "')\n\t\tON DUPLICATE KEY UPDATE settings = '" . $db->escape_string(serialize($settings)) . "'\n\n\t");
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_tag('ok', 1);
$xml->print_xml();
}
if ($_REQUEST['do'] == 'rss') {
//we just replace "ajax.php" with "external.php"
$redirect_url = 'external.php?' . $_SERVER['QUERY_STRING'];
exec_header_redirect($redirect_url, 301);
}
if ($_REQUEST['do'] == 'get_comment_reply') {
$vbulletin->input->clean_array_gpc('r', array('postid' => TYPE_UINT));
/**
* Select library
*
* @return object
*/
public static function &fetch_library(&$registry, $contenttypeid, $categoryid, $values)
{
if (self::$instance)
{
return self::$instance;
}
require_once(DIR . '/includes/class_bootstrap_framework.php');
require_once(DIR . '/vb/types.php');
vB_Bootstrap_Framework::init();
$types = vB_Types::instance();
if (!($contenttypeid = $types->getContentTypeID($contenttypeid)))
{
return false;
}
$package = $types->getContentTypePackage($contenttypeid);
$class = $types->getContentTypeClass($contenttypeid);
$selectclass = "vB_Attachment_Store_{$package}_{$class}";
include_once(DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php');
if (class_exists($selectclass))
{
self::$instance = new $selectclass($registry, $contenttypeid, $categoryid, $values);
}
else
{
exit;
return false;
}
return self::$instance;
}
