$cur_post['message'] = $parser->parse_message($cur_post['message'], $cur_post['hide_smilies']); // Do signature parsing/caching if ($panther_config['o_signatures'] == '1' && $cur_post['signature'] != '' && $panther_user['show_sig'] != '0') { if (isset($signature_cache[$cur_post['poster_id']])) { $signature = $signature_cache[$cur_post['poster_id']]; } else { $signature = $parser->parse_signature($cur_post['signature']); $signature_cache[$cur_post['poster_id']] = $signature; } } else { $signature = ''; } $attachments = array(); if ($download && isset($results[$cur_post['id']]) && count($results[$cur_post['id']]) > 0) { foreach ($results[$cur_post['id']] as $cur_attach) { $attachments[] = array('icon' => attach_icon(attach_get_extension($cur_attach['filename'])), 'link' => panther_link($panther_url['attachment'], array($cur_attach['id'])), 'name' => $cur_attach['filename'], 'size' => sprintf($lang_topic['Attachment size'], file_size($cur_attach['size'])), 'downloads' => sprintf($lang_topic['Attachment downloads'], forum_number_format($cur_attach['downloads']))); } } $posts[] = array('id' => $cur_post['id'], 'count' => $post_count++, 'number' => $start_from + $post_count, 'link' => panther_link($panther_url['post'], array($cur_post['id'])), 'posted' => format_time($cur_post['posted']), 'username' => $username, 'user_title' => $user_title, 'poster_id' => $cur_post['poster_id'], 'poster_reputation' => $cur_post['poster_reputation'], 'user_avatar' => $user_avatar, 'group_image' => $group_image, 'edited' => $cur_post['edited'] ? format_time($cur_post['edited']) : '', 'edited_by' => $cur_post['edited_by'], 'edit_reason' => $cur_post['edit_reason'], 'attachments' => $attachments, 'message' => $cur_post['message'], 'signature' => $signature, 'is_online' => $cur_post['is_online'], 'user_info' => $user_info, 'user_contacts' => $user_contacts, 'group_image' => $group_image, 'post_actions' => $post_actions, 'actions' => $actions); } $render['posts'] = $posts; if ($cur_topic['parent']) { $render['parent_link'] = panther_link($panther_url['forum'], array($cur_topic['parent_forum'], url_friendly($cur_topic['parent']))); } ($hook = get_extensions('topic_before_users_online')) ? eval($hook) : null; if ($panther_config['o_users_online'] == '1') { require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/online.php'; $guests_in_topic = $users = array(); $online = $db->run('SELECT o.user_id, o.ident, o.currently, o.logged, u.group_id FROM ' . $db->prefix . 'online AS o INNER JOIN ' . $db->prefix . 'users AS u ON u.id=o.user_id WHERE o.currently LIKE \'%viewtopic.php%\' AND o.idle = 0'); foreach ($online as $user_online) { if (strpos($user_online['currently'], '&p=') !== false) {
if (isset($_GET['update'])) { ini_set('max_execution_time', 300); //Apache etc has often a timeout on that, according to the php manual, so I go with that... $attach_amount = intval($_GET['update']); $curattachment = 0; if ($attach_amount < 1 || strlen($attach_amount) == 0) { $attach_amount = 10; } // loop through the attachments and save onto disk... // fetch next 'attach_amount' of files ... $attach_result = $db->query('SELECT af.id, af.owner, af.postid, af.filename, af.size, af.downloads, ad.mime, ad.data, af.dataid FROM ' . $db->prefix . 'attach_files AS af, ' . $db->prefix . 'attach_data AS ad WHERE ad.id=af.dataid ORDER BY af.id ASC LIMIT ' . $attach_amount) or error('Error fetching attachments from database', __FILE__, __LINE__, $db->error()); while (list($attach_id, $attach_owner, $attach_post_id, $attach_filename, $attach_size, $attach_downloads, $attach_mime, $attach_data, $attach_dataid) = $db->fetch_row($attach_result)) { $curattachment++; // create new attachment... echo $curattachment . ". Create new file (item: '.{$attach_id}.')...<br>\n"; if (!attach_update_attachment($attach_id, $attach_owner, $attach_post_id, $attach_filename, attach_get_extension($attach_filename), $attach_size, $attach_downloads, $attach_mime, $attach_data)) { error('Unable to update attachment with id: "' . $attach_id . '"'); } // delete file entry in database echo $curattachment . ". Delete file in database (item: '.{$attach_id}.')...<br>\n"; $attach_result_2 = $db->query('DELETE FROM ' . $db->prefix . 'attach_files WHERE id=\'' . $attach_id . '\' LIMIT 1') or error('Error deleting attachment entry', __FILE__, __LINE__, $db->error()); // delete file data in database echo $curattachment . ". Delete filedata in database (item: '.{$attach_id}.')...<br><br>\n"; $attach_result_2 = $db->query('DELETE FROM ' . $db->prefix . 'attach_data WHERE id=\'' . $attach_dataid . '\' LIMIT 1') or error('Error deleting attachment data', __FILE__, __LINE__, $db->error()); } // do a count query to see if the data table is empty, if so output endpage, else 'selfrefresh' $attach_result = $db->query('SELECT COUNT(af.id) FROM `' . $db->prefix . 'attach_files` AS af') or error('Error fetching number of attachments still to do', __FILE__, __LINE__, $db->error()); list($attach_rows_to_do) = $db->fetch_row($attach_result); if ($attach_rows_to_do < 1) { //we're finished... delete the tables... echo "Delete old tables...<br>\n";
function check_file_extension($file_name) { global $panther_config; $actual_extension = attach_get_extension($file_name); $always_deny = explode(',', $panther_config['o_always_deny']); foreach ($always_deny as $ext) { if ($ext == $actual_extension) { return false; } } return true; }
function attach_create_attachment($attach_secure_str, $cur_posting) { global $forum_db, $forum_user, $forum_config, $errors, $uploaded_list, $lang_attach; if ($forum_user['g_id'] == FORUM_ADMIN || $cur_posting['g_pun_attachment_allow_upload'] == 1) { if ($forum_user['g_id'] != FORUM_ADMIN && count($uploaded_list) + 1 > $cur_posting['g_pun_attachment_files_per_post']) { $errors[] = sprintf($lang_attach['Attach limit error'], $cur_posting['g_pun_attachment_files_per_post']); } else { // Load the profile.php language file require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php'; if (!isset($_FILES['attach_file'])) { $errors[] = $lang_profile['No file']; } else { $uploaded_file = $_FILES['attach_file']; } // Make sure the upload went smooth if (isset($uploaded_file['error']) && empty($errors)) { switch ($uploaded_file['error']) { case 1: // UPLOAD_ERR_INI_SIZE // UPLOAD_ERR_INI_SIZE case 2: // UPLOAD_ERR_FORM_SIZE $errors[] = $lang_profile['Too large ini']; break; case 3: // UPLOAD_ERR_PARTIAL $errors[] = $lang_profile['Partial upload']; break; case 4: // UPLOAD_ERR_NO_FILE $errors[] = $lang_profile['No file']; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $errors[] = $lang_profile['No tmp directory']; break; default: // No error occured, but was something actually uploaded? if ($uploaded_file['size'] == 0) { $errors[] = $lang_profile['No file']; } break; } } if (empty($errors)) { $file_ext = attach_get_extension($uploaded_file['name']); if (!in_array($file_ext, explode(',', $cur_posting['g_pun_attachment_disallowed_extensions'])) && in_array($file_ext, explode(',', $forum_config['attach_always_deny']))) { $errors[] = sprintf($lang_attach['Ext error'], $file_ext); } if ($forum_user['g_id'] != FORUM_ADMIN && $uploaded_file['size'] > $cur_posting['g_pun_attachment_upload_max_size']) { $errors[] = sprintf($lang_attach['Filesize error'], $cur_posting['g_pun_attachment_upload_max_size']); } if (utf8_strlen($uploaded_file['name']) > 255) { $errors[] = $lang_attach['File len err']; } if (utf8_strlen($file_ext) > 64) { $errors[] = $lang_attach['Ext len err']; } } } } else { $errors[] = $lang_attach['Up perm error']; } if (empty($errors)) { if (is_uploaded_file($uploaded_file['tmp_name'])) { $attach_name = attach_generate_filename(); if (!move_uploaded_file($uploaded_file['tmp_name'], $forum_config['attach_basefolder'] . $forum_config['attach_subfolder'] . '/' . $attach_name)) { $errors[] = sprintf($lang_profile['Move failed'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>'); } if (empty($errors)) { $attach_record = array('owner_id' => 0, 'post_id' => 0, 'topic_id' => 0, 'filename' => '\'' . $forum_db->escape($uploaded_file['name']) . '\'', 'file_ext' => '\'' . $forum_db->escape($file_ext) . '\'', 'file_mime_type' => '\'' . attach_create_mime($file_ext) . '\'', 'file_path' => '\'' . $forum_db->escape($forum_config['attach_subfolder'] . '/' . $attach_name) . '\'', 'size' => $uploaded_file['size'], 'download_counter' => 0, 'uploaded_at' => time(), 'secure_str' => '\'' . $forum_db->escape($attach_secure_str) . '\''); if (empty($errors)) { $attach_query = array('INSERT' => implode(',', array_keys($attach_record)), 'INTO' => 'attach_files', 'VALUES' => implode(',', array_values($attach_record))); $forum_db->query_build($attach_query) or error(__FILE__, __LINE__); $attach_record['id'] = $forum_db->insert_id(); $attach_record['filename'] = $forum_db->escape($uploaded_file['name']); $attach_record['file_ext'] = $forum_db->escape($file_ext); $attach_record['secure_str'] = $attach_secure_str; $attach_record['file_path'] = $forum_db->escape($forum_config['attach_subfolder'] . DIRECTORY_SEPARATOR . $attach_name); $uploaded_list[] = $attach_record; } } } } }
if ($attach_num > 0) { if ($pun_user['g_id'] == PUN_ADMIN) { $attach_allow_download = true; } else { //fetch the rules of the forum, and check so that the user is allowed to download. $result_attach_two = $db->query('SELECT ar.rules FROM ' . $db->prefix . 'attach_2_rules AS ar WHERE ar.group_id=\'' . $pun_user['group_id'] . '\' AND ar.forum_id=' . $cur_topic['forum_id'] . ' LIMIT 1') or error('Unable to fetch rules for the attachments', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result_attach_two) == 1) { list($attach_rules) = $db->fetch_row($result_attach_two); $attach_allow_download = attach_rules($attach_rules, ATTACH_DOWNLOAD); } } if ($attach_allow_download) { //check if the user is allowed to download it. $attach_output .= $lang_attach['Attachments:'] . ' '; while (list($attachment_id, $attachment_filename, $attachment_size, $attachment_downloads) = $db->fetch_row($result_attach)) { $attachment_extension = attach_get_extension($attachment_filename); $attach_output .= '<br />' . "\n\t\t\t\t\t\t" . attach_icon($attachment_extension) . ' <a href="./attachment.php?item=' . $attachment_id . '">' . $attachment_filename . '</a>, ' . $lang_attach['Size:'] . ' ' . number_format($attachment_size) . ' ' . $lang_attach['bytes'] . ', ' . $lang_attach['Downloads:'] . ' ' . number_format($attachment_downloads); } } } // Attachment Mod Block End ?> <div id="p<?php echo $cur_post['id']; ?> " class="blockpost<?php echo $vtbg; if ($post_count + $start_from == 1) { echo ' firstpost'; } ?>