$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $action;
$required_fields = array('req_email' => $lang_common['E-mail'], 'req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']);
$focus_element = array('post');
if (!$pun_user['is_guest']) {
$focus_element[] = $fid ? 'req_subject' : 'req_message';
} else {
$required_fields['req_username'] = $lang_post['Guest name'];
$focus_element[] = 'req_username';
}
//Attachment Mod Block Start
//Fetch some stuff so we know if the user is allowed to attach files to the post ... oh and preview won't work... I'm not going to add shitload of stuff to get some temporary upload area ;)
$attach_allowed = false;
$attach_result = $db->query('SELECT rules,size FROM ' . $db->prefix . 'attach_2_rules WHERE group_id=\'' . $pun_user['g_id'] . '\' AND forum_id=\'' . $cur_posting['id'] . '\' LIMIT 1') or error('Unable to fetch attachment rules', __FILE__, __LINE__, $db->error());
if ($db->num_rows($attach_result)) {
list($attach_rules, $attach_size) = $db->fetch_row($attach_result);
if (attach_rules($attach_rules, ATTACH_UPLOAD)) {
$attach_allowed = true;
}
} elseif ($pun_user['g_id'] == PUN_ADMIN) {
$attach_allowed = true;
$attach_size = $pun_config['attach_max_size'];
}
//Attachment Mod Block End
require PUN_ROOT . 'header.php';
?>
<div class="linkst">
<div class="inbox">
<ul><li><a href="index.php"><?php
echo $lang_common['Index'];
?>
</a></li><li> » <?php
message('No file specified, so no download possible');
}
$attach_item = intval($_GET['item']);
// make it a bit more secure
//check that there is such an item
$result = $db->query('SELECT post_id, filename, extension, mime, location, size FROM ' . $db->prefix . 'attach_2_files WHERE id=\'' . $attach_item . '\' LIMIT 1') or error('Unable to search for specified attachment', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != 1) {
message($lang_common['Bad request']);
}
list($attach_post_id, $attach_filename, $attach_extension, $attach_mime, $attach_location, $attach_size) = $db->fetch_row($result);
// fetch the rules for the forum where the attachment resides and check if one may download it...
$attach_allow_download = false;
$result = $db->query('SELECT ar.rules FROM ' . $db->prefix . 'attach_2_rules AS ar, ' . $db->prefix . 'topics AS t, ' . $db->prefix . 'posts AS p WHERE ar.group_id=\'' . $pun_user['group_id'] . '\' AND ar.forum_id=t.forum_id AND t.id=p.topic_id AND p.id=\'' . $attach_post_id . '\' LIMIT 1') or error('Unable to get ruleset for attachment', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) == 1) {
list($attach_rules) = $db->fetch_row($result);
$attach_allow_download = attach_rules($attach_rules, ATTACH_DOWNLOAD);
} elseif ($pun_user['g_id'] == PUN_ADMIN) {
$attach_allow_download = true;
//admins always allowed to download
} else {
$attach_allow_download = false;
}
// so if one isn't allowed to download, give them the no permission message...
if (!$attach_allow_download) {
message($lang_common['No permission']);
}
// ok, if you've got to here you may download the file ...
// later add possibility to resume files ... but not in Attachment Mod 2.0 ;-)
if (($attach_extension == 'jpg' || $attach_extension == 'jpeg' || $attach_extension == 'gif' || $attach_extension == 'png') && !isset($_GET['download'])) {
// show the imageview page
$page_title = htmlspecialchars($pun_config['o_board_title']) . ' / Image view - ' . $attach_filename . ' - ';
if ($pun_user['g_id'] == PUN_ADMIN) {
$attach_allow_delete = true;
$attach_allow_owner_delete = true;
$attach_allow_upload = true;
$attach_allow_size = $pun_config['attach_max_size'];
$attach_per_post = -1;
} else {
$result_attach = $db->query('SELECT ar.rules,ar.size,ar.per_post,COUNT(f.id) FROM ' . $db->prefix . 'attach_2_rules AS ar, ' . $db->prefix . 'attach_2_files AS f, ' . $db->prefix . 'posts AS p, ' . $db->prefix . 'topics AS t WHERE group_id=\'' . $pun_user['g_id'] . '\' AND p.id = \'' . $id . '\' AND t.id = p.topic_id AND ar.forum_id = t.forum_id GROUP BY f.post_id LIMIT 1') or error('Unable to fetch attachment rules and current number of attachments in post (#2)', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result_attach) == 1) {
list($attach_rules, $attach_allow_size, $attach_per_post, $attach_num_attachments) = $db->fetch_row($result_attach);
//may the user delete others attachments?
$attach_allow_delete = attach_rules($attach_rules, ATTACH_DELETE);
//may the user delete his/her own attachments?
$attach_allow_owner_delete = attach_rules($attach_rules, ATTACH_OWNER_DELETE);
//may the user upload new files?
$attach_allow_upload = attach_rules($attach_rules, ATTACH_UPLOAD);
} else {
//no rules set, so nothing allowed
}
}
$attach_output = '';
$attach_output_two = '';
//check if this post has attachments, if so make the appropiate output
if ($attach_allow_delete || $attach_allow_owner_delete || $attach_allow_upload) {
$attach_allowed = true;
$result_attach = $db->query('SELECT af.id, af.owner, af.filename, af.extension, af.size, af.downloads FROM ' . $db->prefix . 'attach_2_files AS af WHERE post_id=\'' . $id . '\'') or error('Unable to fetch current attachments', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result_attach) > 0) {
//time for some output ... create the existing files ...
$i = 0;
while (list($attach_id, $attach_owner, $attach_filename, $attach_extension, $attach_size, $attach_downloads) = $db->fetch_row($result_attach)) {
if ($attach_owner == $pun_user['id'] && $attach_allow_owner_delete || $attach_allow_delete) {
}
if (attach_rules($value, ATTACH_UPLOAD)) {
if (array_key_exists($key, $attach_grouparray)) {
$attach_cur_forum_upload .= ', ' . $attach_grouparray[$key];
} else {
$attach_cur_forum_upload .= ', (<strong>' . $key . '</strong>)';
}
}
if (attach_rules($value, ATTACH_DELETE)) {
if (array_key_exists($key, $attach_grouparray)) {
$attach_cur_forum_delete .= ', ' . $attach_grouparray[$key];
} else {
$attach_cur_forum_delete .= ', (<strong>' . $key . '</strong>)';
}
}
if (attach_rules($value, ATTACH_OWNER_DELETE)) {
if (array_key_exists($key, $attach_grouparray)) {
$attach_cur_forum_ownerdelete .= ', ' . $attach_grouparray[$key];
} else {
$attach_cur_forum_ownerdelete .= ', (<strong>' . $key . '</strong>)';
}
}
}
}
// output the forum stuff...
$attach_output .= '
<form id="example2" method="post" action="' . $_SERVER['REQUEST_URI'] . '">
<fieldset>
<legend>Forum: ' . $attach_cur_f_name . '</legend>
<div class="infldset">
<table class="aligntop" cellspacing="0">
