function phorum_check_upload_limits($is_install)
{
$PHORUM = $GLOBALS["PHORUM"];
if ($is_install) {
return array(PHORUM_SANITY_SKIP, NULL, NULL);
}
// Keep track if uploads are used.
$upload_used = false;
// Get the maximum file upload size for PHP.
list($system_max_upload, $php_max_upload, $db_max_upload) = phorum_get_system_max_upload();
// Check limits for file uploading in personal profile.
if ($PHORUM["file_uploads"] && $PHORUM["max_file_size"]) {
$upload_used = true;
$res = phorum_single_check_upload_limits($PHORUM["max_file_size"] * 1024, "the Max File Size option for user file uploads " . "(in their profile)", $php_max_upload, $db_max_upload);
if ($res != NULL) {
return $res;
}
}
// Check limits for attachment uploading in forums.
$forums = phorum_db_get_forums();
foreach ($forums as $id => $forum) {
if ($forum["max_attachments"] > 0 && $forum["max_attachment_size"]) {
$upload_used = true;
$res = phorum_single_check_upload_limits($forum["max_attachment_size"] * 1024, "the Max File Size option for uploading attachments\n in the forum \"{$forum['name']}\"", $php_max_upload, $db_max_upload);
if ($res != NULL) {
return $res;
}
}
}
// No upload functionality found so far? Then we're done.
if (!$upload_used) {
return array(PHORUM_SANITY_OK, NULL);
}
// Check if the upload temp directory can be written.
$tmpdir = get_cfg_var('upload_tmp_dir');
if (!empty($tmpdir)) {
$fp = @fopen("{$tmpdir}/sanity_checks_dummy_uploadtmpfile", "w");
if (!$fp) {
return array(PHORUM_SANITY_CRIT, "The system is unable to write files\n to PHP's upload tmpdir \"" . htmlspecialchars($tmpdir) . "\".\n The system error was:<br/><br/>" . htmlspecialchars($php_errormsg) . ".", "Change the upload_tmp_dir setting in your php.ini file\n or give your webserver more permissions for the current\n upload directory.");
}
fclose($fp);
unlink("{$tmpdir}/sanity_checks_dummy_uploadtmpfile");
}
return array(PHORUM_SANITY_OK, NULL, NULL);
}
$frm->addrow("Read View", $frm->select_tag("threaded_read", array("Flat", "Threaded", "Hybrid"), $threaded_read, $disabled_form_input));
$frm->addrow("Reverse Threading", $frm->select_tag("reverse_threading", array("No", "Yes"), $reverse_threading, $disabled_form_input));
$frm->addrow("Move Threads On Reply", $frm->select_tag("float_to_top", array("No", "Yes"), $float_to_top, $disabled_form_input));
$frm->addrow("Message List Length (Flat Mode)", $frm->text_box("list_length_flat", $list_length_flat, 10, false, false, $disabled_form_input));
$frm->addrow("Message List Length (Threaded Mode, Nr. of Threads)", $frm->text_box("list_length_threaded", $list_length_threaded, 10, false, false, $disabled_form_input));
$frm->addrow("Read Page Length", $frm->text_box("read_length", $read_length, 10, false, false, $disabled_form_input));
$frm->addrow("Display IP Addresses <small>(note: admins always see it)</small>", $frm->select_tag("display_ip_address", array("No", "Yes"), $display_ip_address, $disabled_form_input));
$frm->addrow("Count views", $frm->select_tag("count_views", array(0 => "No", 1 => "Yes, show views added to subject", 2 => "Yes, show views as extra column"), $count_views, $disabled_form_input));
$row = $frm->addrow("Count views per thread for non-threaded list views", $frm->select_tag("count_views_per_thread", array(0 => "No", 1 => "Yes"), $count_views_per_thread, $disabled_form_input));
$frm->addhelp($row, "Count views per thread for non-threaded list", "By default, Phorum only counts views per message. While this is okay\n for a forum that runs in threaded view (since there you will always\n show only one message at a time), it might not work well for forums\n that run in a non-threaded view (there only one message will get\n its view count updated, although multiple messages might show).\n Additionally, if the list view is flat and the read view is threaded, the\n view count on the list view will only show how often the first message\n in the thread was viewed.<br/>\n <br/>\n With this option enabled, a separate view counter will be updated\n for the full thread when viewing any of the read pages for that thread.\n For non-threaded list views, this counter will then be used as the view\n count for the thread. Note that this does require an extra SQL query\n to update the separate counter, so on very busy servers you might not\n want to enable this option.");
$frm->addbreak("Posting Settings");
$frm->addrow("Check for Duplicates", $frm->select_tag("check_duplicate", array("No", "Yes"), $check_duplicate, $disabled_form_input));
$frm->addbreak("Attachment Settings");
$frm->addrow("Number Allowed (0 to disable)", $frm->text_box("max_attachments", $max_attachments, 10, false, false, $disabled_form_input));
$frm->addrow("Allowed Files (eg: gif;jpg;png, empty for any)", $frm->text_box("allow_attachment_types", $allow_attachment_types, 10, false, false, $disabled_form_input));
list($system_max_upload, $php_max_upload, $db_max_upload) = phorum_get_system_max_upload();
$max_size = phorum_api_format_filesize($system_max_upload);
$row = $frm->addrow("Max File Size In KB ({$max_size} maximum)", $frm->text_box("max_attachment_size", $max_attachment_size, 10, false, false, $disabled_form_input));
$frm->addhelp($row, "Max File Size", "This is the maximum that one uploaded file can be. If you see a maximum here, that is the maximum imposed by either your PHP installation, database server or both. Leaving this field as 0 will use this maximum.");
$frm->addrow("Max cumulative File Size In KB (0 for unlimited)", $frm->text_box("max_totalattachment_size", $max_totalattachment_size, 10, false, false, $disabled_form_input));
$frm->show();
?>
<script type="text/javascript">
//<![CDATA[
// Handle changes to the setting inheritance select list.
$PJ('select[name=inherit_id]').change(function updateInheritedFields()
{
var inherit = $PJ('select[name=inherit_id]').val();
*
* return $data;
* }
* </hookcode>
*/
if (isset($PHORUM["hooks"]["after_detach"])) {
list($message, $info) = phorum_hook("after_detach", array($message, $info));
}
$attach_count--;
break;
}
}
} elseif ($do_attach && !empty($_FILES)) {
// Find the maximum allowed attachment size.
require_once './include/upload_functions.php';
$system_max_upload = phorum_get_system_max_upload();
if ($PHORUM["max_attachment_size"] == 0) {
$PHORUM["max_attachment_size"] = $system_max_upload[0] / 1024;
}
$PHORUM["max_attachment_size"] = min($PHORUM["max_attachment_size"], $system_max_upload[0] / 1024);
// The editor template that I use only supports one upload
// at a time. This code does support multiple uploads though.
// This can be done by simply adding multiple file upload
// fields to the posting form.
$attached = 0;
foreach ($_FILES as $file) {
// Check if the maximum number of attachments isn't exceeded.
if ($attach_count >= $PHORUM["max_attachments"]) {
break;
}
// Only continue if the tempfile is really an uploaded file?
/**
* Check if the active user has permissions to store a personal
* file or a message attachment.
*
* Note that the checks for message attachments aren't all checks that are
* done by Phorum. The attachment posting script does run some additional
* checks on the message level (e.g. to see if the maximum cumulative
* attachment size is not exceeded).
*
* @example file_store.php Store a personal file.
*
* @param array $file
* This is an array, containing information about the
* file that will be uploaded. The array should contain at least the
* "link" field. That field will be used to handle checking for personal
* uploaded files in the control center (PHORUM_LINK_USER) or message
* attachments (PHORUM_LINK_MESSAGE). Next to that, interesting file
* fields to pass to this function are "filesize" (to check maximum size)
* and "filename" (to check allowed file type extensions). A "user_id"
* field can either be provided or the user_id of the active Phorum
* user will be used.
*
* @return array
* If access is allowed, then TRUE will be returned. If access is denied,
* then FALSE will be returned. The functions {@link phorum_api_strerror()}
* and {@link phorum_api_errno()} can be used to retrieve information
* about the error which occurred.
*/
function phorum_api_file_check_write_access($file)
{
$PHORUM = $GLOBALS["PHORUM"];
// Reset error storage.
$GLOBALS["PHORUM"]["API"]["errno"] = NULL;
$GLOBALS["PHORUM"]["API"]["error"] = NULL;
if (!isset($file["link"])) {
trigger_error("phorum_api_file_check_write_access(): \$file parameter needs a " . "\"link\" field.", E_USER_ERROR);
}
if (empty($file["user_id"])) {
$file["user_id"] = $PHORUM["user"]["user_id"];
}
// ---------------------------------------------------------------------
// Handle write access checks for uploading user files.
// ---------------------------------------------------------------------
if ($file["link"] == PHORUM_LINK_USER) {
// If file uploads are enabled, then access is granted. Access
// is always granted to administrator users.
if (!$PHORUM["file_uploads"] && !$PHORUM["user"]["admin"]) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, $PHORUM["DATA"]["LANG"]["UploadNotAllowed"]);
}
// Check if the file doesn't exceed the maximum allowed file size.
if (isset($file["filesize"]) && $PHORUM["max_file_size"] > 0 && $file["filesize"] > $PHORUM["max_file_size"] * 1024) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, $PHORUM["DATA"]["LANG"]["FileTooLarge"]);
}
// Check if the user won't exceed the file quota when storing the file.
if (isset($file["filesize"]) && $PHORUM["file_space_quota"] > 0) {
$sz = phorum_db_get_user_filesize_total($PHORUM["user"]["user_id"]);
$sz += $file["filesize"];
if ($sz > $PHORUM["file_space_quota"] * 1024) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, $PHORUM["DATA"]["LANG"]["FileOverQuota"]);
}
}
// Check if the file type is allowed.
if (isset($file["filename"]) && isset($PHORUM["file_types"]) && trim($PHORUM["file_types"]) != '') {
// Determine the file extension for the file.
$pos = strrpos($file["filename"], ".");
if ($pos !== FALSE) {
$ext = strtolower(substr($file["filename"], $pos + 1));
} else {
$ext = strtolower($file["filename"]);
}
// Create an array of allowed file extensions.
$allowed_exts = explode(";", strtolower($PHORUM["file_types"]));
// Check if the extension for the file is an allowed extension.
if (!in_array($ext, $allowed_exts)) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, $PHORUM["DATA"]["LANG"]["FileWrongType"]);
}
}
} elseif ($file["link"] == PHORUM_LINK_EDITOR || $file["link"] == PHORUM_LINK_MESSAGE) {
// Check if the file doesn't exceed the maximum allowed file size
// for the active forum.
if (isset($file["filesize"])) {
// Find the maximum allowed attachment size. This depends on
// both the settings for the current forum and the limits
// that are enforced by the system.
require_once './include/upload_functions.php';
$max_upload = phorum_get_system_max_upload();
$max_forum = $PHORUM["max_attachment_size"] * 1024;
if ($max_forum > 0 && $max_forum < $max_upload) {
$max_upload = $max_forum;
}
// Check if the file doesn't exceed the maximum allowed size.
if ($max_upload > 0 && $file["filesize"] > $max_upload) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, str_replace('%size%', phorum_filesize($max_upload), $PHORUM["DATA"]["LANG"]["AttachFileSize"]));
}
}
// Check if the file type is allowed for the active forum.
if (isset($file["filename"]) && isset($PHORUM["allow_attachment_types"]) && trim($PHORUM["allow_attachment_types"]) != '') {
// Determine the file extension for the file.
$pos = strrpos($file["filename"], ".");
if ($pos !== FALSE) {
$ext = strtolower(substr($file["filename"], $pos + 1));
} else {
$ext = strtolower($file["filename"]);
}
// Create an array of allowed file extensions.
$allowed_exts = explode(";", strtolower($PHORUM["allow_attachment_types"]));
// Check if the extension for the file is an allowed extension.
if (!in_array($ext, $allowed_exts)) {
return phorum_api_error_set(PHORUM_ERRNO_NOACCESS, $PHORUM["DATA"]["LANG"]["AttachInvalidType"] . " " . str_replace('%types%', implode(", ", $allowed_exts), $PHORUM["DATA"]["LANG"]["AttachFileTypes"]));
}
}
}
return TRUE;
}
