// Sync Thumbnails (make sure all non-existent thumbnails are deleted) - the other way around // Get all Posts/PM's with the Thumbnail Flag NOT set // Go through all of them and make sure the Thumbnail does NOT exist. If it does exist, delete it $sql = "SELECT attach_id, physical_filename, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . " WHERE thumbnail = 0"; $result = $db->sql_query($sql); echo '<br />'; $i = 0; while ($row = $db->sql_fetchrow($result)) { @flush(); echo '.'; if ($i % 50 == 0) { echo '<br />'; } if (thumbnail_exists(basename($row['physical_filename']))) { $info .= sprintf($lang['Sync_thumbnail_resetted'], $row['physical_filename']) . '<br />'; unlink_attach(basename($row['physical_filename']), MODE_THUMBNAIL); } $i++; } $db->sql_freeresult($result); $cache->destroy('config'); @flush(); die('<br /><br /><br />' . $lang['Attach_sync_finished'] . '<br /><br />' . $info); exit; } // Quota Limit Settings if ($submit && $mode == 'quota') { // Change Quota Limit $quota_change_list = request_var('quota_change_list', array(0)); $quota_desc_list = request_var('quota_desc_list', array('')); $filesize_list = request_var('max_filesize_list', array(0));
/** * Delete Attachment(s) from post(s) (intern) */ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0) { global $db; // Generate Array, if it's not an array if ($post_id_array === 0 && $attach_id_array === 0 && $page === 0) { return; } if ($post_id_array === 0 && $attach_id_array !== 0) { $post_id_array = array(); if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } // Get the post_ids to fill the array if ($page == PAGE_PRIVMSGS) { $p_id = 'privmsgs_id'; } else { $p_id = 'post_id'; } $sql = "SELECT {$p_id} \n\t\t\tFROM " . ATTACHMENTS_TABLE . ' WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\tGROUP BY {$p_id}"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not select ids', '', __LINE__, __FILE__, $sql); } $num_post_list = $db->sql_numrows($result); if ($num_post_list == 0) { $db->sql_freeresult($result); return; } while ($row = $db->sql_fetchrow($result)) { $post_id_array[] = intval($row[$p_id]); } $db->sql_freeresult($result); } if (!is_array($post_id_array)) { if (trim($post_id_array) == '') { return; } if (strstr($post_id_array, ', ')) { $post_id_array = explode(', ', $post_id_array); } else { if (strstr($post_id_array, ',')) { $post_id_array = explode(',', $post_id_array); } else { $post_id = intval($post_id_array); $post_id_array = array(); $post_id_array[] = $post_id; } } } if (!sizeof($post_id_array)) { return; } // First of all, determine the post id and attach_id if ($attach_id_array === 0) { $attach_id_array = array(); // Get the attach_ids to fill the array if ($page == PAGE_PRIVMSGS) { $whereclause = 'WHERE privmsgs_id IN (' . implode(', ', $post_id_array) . ')'; } else { $whereclause = 'WHERE post_id IN (' . implode(', ', $post_id_array) . ')'; } $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . " {$whereclause} \n\t\t\tGROUP BY attach_id"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not select Attachment Ids', '', __LINE__, __FILE__, $sql); } $num_attach_list = $db->sql_numrows($result); if ($num_attach_list == 0) { $db->sql_freeresult($result); return; } while ($row = $db->sql_fetchrow($result)) { $attach_id_array[] = (int) $row['attach_id']; } $db->sql_freeresult($result); } if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } if (!sizeof($attach_id_array)) { return; } if ($page == PAGE_PRIVMSGS) { $sql_id = 'privmsgs_id'; if ($user_id) { $post_id_array_2 = array(); $sql = 'SELECT privmsgs_id, privmsgs_type, privmsgs_to_userid, privmsgs_from_userid FROM ' . PRIVMSGS_TABLE . ' WHERE privmsgs_id IN (' . implode(', ', $post_id_array) . ')'; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t get Privmsgs Type', '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { $privmsgs_type = $row['privmsgs_type']; if ($privmsgs_type == PRIVMSGS_READ_MAIL || $privmsgs_type == PRIVMSGS_NEW_MAIL || $privmsgs_type == PRIVMSGS_UNREAD_MAIL) { if ($row['privmsgs_to_userid'] == $user_id) { $post_id_array_2[] = $row['privmsgs_id']; } } else { if ($privmsgs_type == PRIVMSGS_SENT_MAIL) { if ($row['privmsgs_from_userid'] == $user_id) { $post_id_array_2[] = $row['privmsgs_id']; } } else { if ($privmsgs_type == PRIVMSGS_SAVED_OUT_MAIL) { if ($row['privmsgs_from_userid'] == $user_id) { $post_id_array_2[] = $row['privmsgs_id']; } } else { if ($privmsgs_type == PRIVMSGS_SAVED_IN_MAIL) { if ($row['privmsgs_to_userid'] == $user_id) { $post_id_array_2[] = $row['privmsgs_id']; } } } } } } $db->sql_freeresult($result); $post_id_array = $post_id_array_2; } } else { $sql_id = 'post_id'; } if (sizeof($post_id_array) && sizeof($attach_id_array)) { $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id IN (' . implode(', ', $attach_id_array) . ") \n\t\t\t\tAND {$sql_id} IN (" . implode(', ', $post_id_array) . ')'; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, $lang['Error_deleted_attachments'], '', __LINE__, __FILE__, $sql); } for ($i = 0; $i < sizeof($attach_id_array); $i++) { $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $attach_id_array[$i]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not select Attachment Ids', '', __LINE__, __FILE__, $sql); } $num_rows = $db->sql_numrows($result); $db->sql_freeresult($result); if ($num_rows == 0) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . (int) $attach_id_array[$i]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t query attach description table', '', __LINE__, __FILE__, $sql); } $num_rows = $db->sql_numrows($result); if ($num_rows != 0) { $num_attach = $num_rows; $attachments = $db->sql_fetchrowset($result); $db->sql_freeresult($result); // delete attachments for ($j = 0; $j < $num_attach; $j++) { unlink_attach($attachments[$j]['physical_filename']); if (intval($attachments[$j]['thumbnail']) == 1) { unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL); } $sql = 'DELETE FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . (int) $attachments[$j]['attach_id']; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, $lang['Error_deleted_attachments'], '', __LINE__, __FILE__, $sql); } } } else { $db->sql_freeresult($result); } } } } // Now Sync the Topic/PM if ($page == PAGE_PRIVMSGS) { for ($i = 0; $i < sizeof($post_id_array); $i++) { $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . ' WHERE privmsgs_id = ' . (int) $post_id_array[$i]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t query Attachments Table', '', __LINE__, __FILE__, $sql); } $num_rows = $db->sql_numrows($result); $db->sql_freeresult($result); if ($num_rows == 0) { $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET privmsgs_attachment = 0 WHERE privmsgs_id = ' . $post_id_array[$i]; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t update Private Message Attachment Switch', '', __LINE__, __FILE__, $sql); } } } } else { if (sizeof($post_id_array)) { $sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id IN (' . implode(', ', $post_id_array) . ') GROUP BY topic_id'; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t select Topic ID', '', __LINE__, __FILE__, $sql); } while ($row = $db->sql_fetchrow($result)) { attachment_sync_topic($row['topic_id']); } $db->sql_freeresult($result); } } }
/** * Upload an Attachment to Filespace (intern) */ function upload_attachment() { global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id; $this->post_attach = $this->filename != '' ? TRUE : FALSE; if ($this->post_attach) { $r_file = trim(basename(htmlspecialchars($this->filename))); $file = $HTTP_POST_FILES['fileupload']['tmp_name']; $this->type = $HTTP_POST_FILES['fileupload']['type']; if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) { message_die(GENERAL_ERROR, 'Tried to upload empty file'); } // Opera add the name to the mime type $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type; $this->type = strtolower($this->type); $this->extension = strtolower(get_extension($this->filename)); $this->filesize = @filesize($file); $this->filesize = intval($this->filesize); $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions FROM ' . EXTENSION_GROUPS_TABLE . ' g, ' . EXTENSIONS_TABLE . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize']; $cat_id = intval($row['cat_id']); $auth_cache = trim($row['forum_permissions']); // check Filename if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Invalid_filename'], $this->filename); } // check php upload-size if (!$error && $file == 'none') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var'; $max_size = @$ini_val('upload_max_filesize'); if ($max_size == '') { $error_msg .= $lang['Attachment_php_size_na']; } else { $error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size); } } // Check Extension if (!$error && intval($row['allow_group']) == 0) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Disallowed_extension'], $this->extension); } // Check Forum Permissions if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension); } // Upload File $this->thumbnail = 0; if (!$error) { // Prepare Values $this->filetime = time(); $this->filename = $r_file; // physical filename $this->attach_filename = strtolower($this->filename); // To re-add cryptic filenames, change this variable to true $cryptic = false; if (!$cryptic) { $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename))); $this->attach_filename = delete_extension($this->attach_filename); $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename); $this->attach_filename = str_replace('__', '_', $this->attach_filename); $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ü', 'Ü', 'ö', 'Ö', 'ä', 'Ä', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename); $this->attach_filename = str_replace(array('$', 'ß', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename); // Remove non-latin characters $this->attach_filename = preg_replace("/([ÂÃ])([€-¿])/e", "chr(ord('\\1')<<6&0xC0|ord('\\2')&0x3F)", $this->attach_filename); $this->attach_filename = rawurlencode($this->attach_filename); $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename); $this->attach_filename = trim($this->attach_filename); $new_filename = $this->attach_filename; if (!$new_filename) { $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']); $new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension; } do { $this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension; } while (physical_filename_already_stored($this->attach_filename)); unset($new_filename); } else { $u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']); $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension; } // Do we have to create a thumbnail ? if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) { $this->thumbnail = 1; } } if ($error) { $this->post_attach = FALSE; return; } // Upload Attachment if (!$error) { if (!intval($attach_config['allow_ftp_upload'])) { // Descide the Upload method $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var'; $safe_mode = @$ini_val('safe_mode'); if (@$ini_val('open_basedir')) { if (@phpversion() < '4.0.3') { $upload_mode = 'copy'; } else { $upload_mode = 'move'; } } else { if (@$ini_val('safe_mode')) { $upload_mode = 'move'; } else { $upload_mode = 'copy'; } } } else { $upload_mode = 'ftp'; } // Ok, upload the Attachment if (!$error) { $this->move_uploaded_attachment($upload_mode, $file); } } // Now, check filesize parameters if (!$error) { if ($upload_mode != 'ftp' && !$this->filesize) { $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename)); } } // Check Image Size, if it's an image if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) { list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename); if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) { if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height'])); } } } // check Filesize if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) { $size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']); if ($allowed_filesize >= 1048576) { $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100; } else { if ($allowed_filesize >= 1024) { $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang); } // Check our complete quota if ($attach_config['attachment_quota']) { $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $total_filesize = $row['total']; if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Attach_quota_reached']; } } $this->get_quota_limits($userdata); // Check our user quota if ($this->page != PAGE_PRIVMSGS) { if ($attach_config['upload_filesize_limit']) { $sql = 'SELECT attach_id FROM ' . ATTACHMENTS_TABLE . ' WHERE user_id_1 = ' . (int) $userdata['user_id'] . ' AND privmsgs_id = 0 GROUP BY attach_id'; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql); } $attach_ids = $db->sql_fetchrowset($result); $num_attach_ids = $db->sql_numrows($result); $db->sql_freeresult($result); $attach_id = array(); for ($i = 0; $i < $num_attach_ids; $i++) { $attach_id[] = intval($attach_ids[$i]['attach_id']); } if ($num_attach_ids > 0) { // Now get the total filesize $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id IN (' . implode(', ', $attach_id) . ')'; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $total_filesize = $row['total']; } else { $total_filesize = 0; } if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) { $upload_filesize_limit = $attach_config['upload_filesize_limit']; $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']); if ($upload_filesize_limit >= 1048576) { $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100; } else { if ($upload_filesize_limit >= 1024) { $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang); } } } // If we are at Private Messaging, check our PM Quota if ($this->page == PAGE_PRIVMSGS) { if ($attach_config['pm_filesize_limit']) { $total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']); if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Attach_quota_sender_pm_reached']; } } $to_user = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; // Check Receivers PM Quota if (!empty($to_user) && $userdata['user_level'] != ADMIN) { $u_data = get_userdata($to_user, true); $user_id = (int) $u_data['user_id']; $this->get_quota_limits($u_data, $user_id); if ($attach_config['pm_filesize_limit']) { $total_filesize = get_total_attach_pm_filesize('to_user', $user_id); if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user); } } } } if ($error) { unlink_attach($this->attach_filename); unlink_attach($this->attach_filename, MODE_THUMBNAIL); $this->post_attach = FALSE; } } }
/** * Delete Attachment(s) from post(s) (intern) */ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0) { global $bb_cfg; // Generate Array, if it's not an array if ($post_id_array === 0 && $attach_id_array === 0 && $page === 0) { return; } if ($post_id_array === 0 && $attach_id_array !== 0) { $post_id_array = array(); if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } // Get the post_ids to fill the array $p_id = 'post_id'; $sql = "SELECT {$p_id}\n\t\t\tFROM " . BB_ATTACHMENTS . ' WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\tGROUP BY {$p_id}"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not select ids'); } $num_post_list = DB()->num_rows($result); if ($num_post_list == 0) { DB()->sql_freeresult($result); return; } while ($row = DB()->sql_fetchrow($result)) { $post_id_array[] = intval($row[$p_id]); } DB()->sql_freeresult($result); } if (!is_array($post_id_array)) { if (trim($post_id_array) == '') { return; } if (strstr($post_id_array, ', ')) { $post_id_array = explode(', ', $post_id_array); } else { if (strstr($post_id_array, ',')) { $post_id_array = explode(',', $post_id_array); } else { $post_id = intval($post_id_array); $post_id_array = array(); $post_id_array[] = $post_id; } } } if (!sizeof($post_id_array)) { return; } // First of all, determine the post id and attach_id if ($attach_id_array === 0) { $attach_id_array = array(); // Get the attach_ids to fill the array $whereclause = 'WHERE post_id IN (' . implode(', ', $post_id_array) . ')'; $sql = 'SELECT attach_id FROM ' . BB_ATTACHMENTS . " {$whereclause}\n\t\t\tGROUP BY attach_id"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not select attachment id #1'); } $num_attach_list = DB()->num_rows($result); if ($num_attach_list == 0) { DB()->sql_freeresult($result); return; } while ($row = DB()->sql_fetchrow($result)) { $attach_id_array[] = (int) $row['attach_id']; } DB()->sql_freeresult($result); } if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } if (!sizeof($attach_id_array)) { return; } $sql_id = 'post_id'; if (sizeof($post_id_array) && sizeof($attach_id_array)) { $sql = 'DELETE FROM ' . BB_ATTACHMENTS . ' WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\t\tAND {$sql_id} IN (" . implode(', ', $post_id_array) . ')'; if (!DB()->sql_query($sql)) { bb_die($lang['ERROR_DELETED_ATTACHMENTS']); } //bt if ($sql_id == 'post_id') { $sql = "SELECT topic_id FROM " . BB_BT_TORRENTS . " WHERE attach_id IN(" . implode(',', $attach_id_array) . ")"; if (!($result = DB()->sql_query($sql))) { bb_die($lang['ERROR_DELETED_ATTACHMENTS']); } $torrents_sql = array(); while ($row = DB()->sql_fetchrow($result)) { $torrents_sql[] = $row['topic_id']; } if ($torrents_sql = implode(',', $torrents_sql)) { // Remove peers from tracker $sql = "DELETE FROM " . BB_BT_TRACKER . "\n\t\t\t\t\tWHERE topic_id IN({$torrents_sql})"; if (!DB()->sql_query($sql)) { bb_die('Could not delete peers'); } } // Delete torrents $sql = "DELETE FROM " . BB_BT_TORRENTS . "\n\t\t\t\tWHERE attach_id IN(" . implode(',', $attach_id_array) . ")"; if (!DB()->sql_query($sql)) { bb_die($lang['ERROR_DELETED_ATTACHMENTS']); } } //bt end for ($i = 0; $i < sizeof($attach_id_array); $i++) { $sql = 'SELECT attach_id FROM ' . BB_ATTACHMENTS . ' WHERE attach_id = ' . (int) $attach_id_array[$i]; if (!($result = DB()->sql_query($sql))) { bb_die('Could not select Attachment id #2'); } $num_rows = DB()->num_rows($result); DB()->sql_freeresult($result); if ($num_rows == 0) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id = ' . (int) $attach_id_array[$i]; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query attach description table'); } $num_rows = DB()->num_rows($result); if ($num_rows != 0) { $num_attach = $num_rows; $attachments = DB()->sql_fetchrowset($result); DB()->sql_freeresult($result); // delete attachments for ($j = 0; $j < $num_attach; $j++) { unlink_attach($attachments[$j]['physical_filename']); if (intval($attachments[$j]['thumbnail']) == 1) { unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL); } $sql = 'DELETE FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id = ' . (int) $attachments[$j]['attach_id']; if (!DB()->sql_query($sql)) { bb_die($lang['ERROR_DELETED_ATTACHMENTS']); } } } else { DB()->sql_freeresult($result); } } } } // Now Sync the Topic/PM if (sizeof($post_id_array)) { $sql = 'SELECT topic_id FROM ' . BB_POSTS . ' WHERE post_id IN (' . implode(', ', $post_id_array) . ') GROUP BY topic_id'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not select topic id'); } while ($row = DB()->sql_fetchrow($result)) { attachment_sync_topic($row['topic_id']); } DB()->sql_freeresult($result); } }
protected function handle_attachments($mode) { global $is_auth, $attach_config, $refresh, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db; global $CPG_SESS; $max_attachments = $userdata['user_level'] == ADMIN ? ADMIN_MAX_ATTACHMENTS : intval($attach_config['max_attachments']); // // nothing, if the user is not authorized or attachment mod disabled // if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments']) { return FALSE; } // // Init Vars // if (!$refresh) { $add = isset($_POST['add_attachment']) ? TRUE : FALSE; $delete = isset($_POST['del_attachment']) ? TRUE : FALSE; $edit = isset($_POST['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($_POST['update_attachment']) ? TRUE : FALSE; $del_thumbnail = isset($_POST['del_thumbnail']) ? TRUE : FALSE; $add_attachment_box = !empty($_POST['add_attachment_box']) ? TRUE : FALSE; $posted_attachments_box = !empty($_POST['posted_attachments_box']) ? TRUE : FALSE; $refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box; } // // Get Attachments // $auth = $is_auth['auth_edit'] || $is_auth['auth_mod'] ? TRUE : FALSE; if (!$submit && $mode == 'editpost' && $auth) { if (!$refresh && !$preview && !$error && !isset($_POST['del_poll_option'])) { $this->attachments = get_attachments_from_post($post_id); } } $this->num_attachments = count($this->attachments); if ($submit && $mode != 'vote') { if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { if ($this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment(); if (!$error && $this->post_attach) { array_unshift($this->attachments, array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => 0, 'thumbnail' => $this->thumbnail, 'comment' => $this->file_comment)); $this->file_comment = ''; // This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the // Database in two modes, one if the id_list is -1 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of -1 here, we have to reset the post_attach variable to FALSE. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $this->post_attach = FALSE; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } if ($preview || $refresh || $error) { $delete_attachment = isset($_POST['del_attachment']) ? TRUE : FALSE; $delete_thumbnail = isset($_POST['del_thumbnail']) ? TRUE : FALSE; $add_attachment = isset($_POST['add_attachment']) ? TRUE : FALSE; $edit_comment = isset($_POST['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($_POST['update_attachment']) ? TRUE : FALSE; // // Perform actions on temporary attachments // $actual_list = isset($CPG_SESS['bb_attachments']) ? $CPG_SESS['bb_attachments'] : array(); if ($delete_attachment || $delete_thumbnail) { // clean values $this->attachments = array(); // restore values :) if (!empty($actual_list)) { for ($i = 0; $i < count($actual_list); $i++) { $attachment = $actual_list[$i]; $restore = FALSE; $del_thumb = FALSE; if ($delete_thumbnail) { if (!isset($_POST['del_thumbnail'][$attachment['physical_filename']])) { $restore = TRUE; } else { $del_thumb = TRUE; } } if ($delete_attachment) { if (!isset($_POST['del_attachment'][$attachment['physical_filename']])) { $restore = TRUE; } } if ($restore) { $this->attachments[] = $attachment; } else { if (!$del_thumb) { // delete selected attachment if ($attachment['attach_id'] < 1) { unlink_attach($attachment['physical_filename']); if ($attachment['thumbnail'] == 1) { unlink_attach($attachment['physical_filename'], MODE_THUMBNAIL); } } else { delete_attachment($post_id, $attachment['attach_id'], $this->page); } } else { if ($del_thumb) { // delete selected thumbnail $attachment['thumbnail'] = 0; $this->attachments[] = $attachment; if ($attachment['attach_id'] < 1) { unlink_attach($attachment['physical_filename'], MODE_THUMBNAIL); } else { $db->sql_query("UPDATE " . ATTACHMENTS_DESC_TABLE . " SET thumbnail = 0\n\t\t\t\t\t\t\t\tWHERE attach_id = " . $attachment['attach_id']); } } } } } } } else { if ($edit_comment || $update_attachment || $add_attachment || $preview) { if ($edit_comment) { $actual_comment_list = isset($_POST['comment_list']) ? $_POST['comment_list'] : ''; for ($i = 0; $i < count($this->attachments); $i++) { $this->attachments[$i]['comment'] = $actual_comment_list[$i]; } } if ($update_attachment) { if ($this->filename == '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_empty_add_attachbox']; } $this->upload_attachment(); if (!$error) { $attachment_id = 0; $actual_element = 0; for ($i = 0; $i < count($actual_list); $i++) { if (isset($_POST['update_attachment'][$actual_list[$i]['attach_id']])) { $attachment_id = intval($actual_list[$i]['attach_id']); $actual_element = $i; break; } } // Get current informations to delete the Old Attachment $sql = "SELECT physical_filename, comment, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . "\n\t\t\t\t\t\tWHERE attach_id = " . $attachment_id; $result = $db->sql_query($sql); if ($db->sql_numrows($result) != 1) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_missing_old_entry']; } $row = $db->sql_fetchrow($result); $comment = trim($this->file_comment) == '' ? trim($row['comment']) : trim($this->file_comment); // Update Entry $sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\t\t\tSET physical_filename = '" . $this->attach_filename . "', real_filename = '" . $this->filename . "', comment = '" . Fix_Quotes($comment) . "', extension = '" . $this->extension . "', mimetype = '" . $this->type . "', filesize = " . $this->filesize . ", filetime = " . $this->filetime . ", thumbnail = " . $this->thumbnail . "\n\t\t\t\t\t\tWHERE attach_id = " . $attachment_id; $db->sql_query($sql); // Delete the Old Attachment unlink_attach($row['physical_filename']); if (intval($row['thumbnail']) == 1) { unlink_attach($row['physical_filename'], MODE_THUMBNAIL); } // // Make sure it is displayed // $this->attachments[$actual_element] = array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => $actual_list[$actual_element]['attach_id'], 'thumbnail' => $this->thumbnail, 'comment' => $comment); $this->file_comment = ''; } } if (($add_attachment || $preview) && $this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment(); if (!$error) { array_unshift($this->attachments, array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => 0, 'thumbnail' => $this->thumbnail, 'comment' => $this->file_comment)); $this->file_comment = ''; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } } $CPG_SESS['bb_attachments'] = $this->attachments; return TRUE; }
function upload_attachment() { global $HTTP_POST_FILES, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id; $this->post_attach = $this->filename != '' ? TRUE : FALSE; if ($this->post_attach) { $r_file = trim(basename($this->filename)); $file = $HTTP_POST_FILES['fileupload']['tmp_name']; $this->type = $HTTP_POST_FILES['fileupload']['type']; if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) { message_die(GENERAL_ERROR, 'Tried to upload empty file'); } // Opera add the name to the mime type $this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type; $this->extension = get_extension($this->filename); $this->filesize = @filesize($file); $this->filesize = intval($this->filesize); $allowed_filesize = $attach_config['max_filesize']; // // check Filename // if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Invalid_filename'], $this->filename); } // // check php upload-size // if (!$error && $file == 'none') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var'; $max_size = @$ini_val('upload_max_filesize'); if ($max_size == '') { $error_msg .= $lang['Attachment_php_size_na']; } else { $error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size); } } // // Check Forum Permissions // if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && (!is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '')) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension); } //bt // Check if user can post .torrent global $post_data; if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Allowed_only_1st_post_attach']; } //bt end // Upload File $this->thumbnail = 0; if (!$error) { // // Prepare Values // $this->filetime = time(); $this->filename = stripslashes($r_file); $this->attach_filename = strtolower($this->filename); // To re-add cryptic filenames, change this variable to true $cryptic = false; if (!$cryptic) { $this->attach_filename = str_replace(' ', '_', $this->attach_filename); $this->attach_filename = rawurlencode($this->attach_filename); $this->attach_filename = preg_replace("/%(\\w{2})/", "_", $this->attach_filename); $this->attach_filename = delete_extension($this->attach_filename); $new_filename = trim($this->attach_filename); if (!$new_filename) { $u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']); $new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension; } do { $this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension; } while (physical_filename_already_stored($this->attach_filename)); unset($new_filename); } else { $u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']); $this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension; } $this->filename = str_replace("'", "\\'", $this->filename); // // Do we have to create a thumbnail ? // if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) { $this->thumbnail = 1; } } if ($error) { $this->post_attach = FALSE; return; } // // Upload Attachment // if (!$error) { if (!intval($attach_config['allow_ftp_upload'])) { // // Descide the Upload method // $ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var'; $safe_mode = @$ini_val('safe_mode'); if (@$ini_val('open_basedir')) { if (@phpversion() < '4.0.3') { $upload_mode = 'copy'; } else { $upload_mode = 'move'; } } else { if (@$ini_val('safe_mode')) { $upload_mode = 'move'; } else { $upload_mode = 'copy'; } } } else { $upload_mode = 'ftp'; } // // Ok, upload the Attachment // if (!$error) { $this->move_uploaded_attachment($upload_mode, $file); } } // Now, check filesize parameters if (!$error) { if ($upload_mode != 'ftp' && !$this->filesize) { $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename)); } } // // Check Image Size, if it's an image // if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) { list($width, $height) = image_getdimension($file); if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) { if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height'])); } } } // // check Filesize // if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) { $size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']); if ($allowed_filesize >= 1048576) { $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100; } else { if ($allowed_filesize >= 1024) { $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang); } // // Check our complete quota // if ($attach_config['attachment_quota']) { $sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql); } $row = DB()->sql_fetchrow($result); $total_filesize = $row['total']; if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Attach_quota_reached']; } } $this->get_quota_limits($userdata); // // Check our user quota // if ($attach_config['upload_filesize_limit']) { $sql = "SELECT attach_id\n\t\t\t\t\tFROM " . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)\n\t\t\t\t\tGROUP BY attach_id"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql); } $attach_ids = DB()->sql_fetchrowset($result); $num_attach_ids = DB()->num_rows($result); $attach_id = array(); for ($i = 0; $i < $num_attach_ids; $i++) { $attach_id[] = intval($attach_ids[$i]['attach_id']); } if ($num_attach_ids > 0) { // // Now get the total filesize // $sql = "SELECT sum(filesize) as total\n\t\t\t\t\t\tFROM " . ATTACHMENTS_DESC_TABLE . "\n\t\t\t\t\t\tWHERE attach_id IN (" . implode(', ', $attach_id) . ")"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql); } $row = DB()->sql_fetchrow($result); $total_filesize = $row['total']; } else { $total_filesize = 0; } if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) { $upload_filesize_limit = $attach_config['upload_filesize_limit']; $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']); if ($upload_filesize_limit >= 1048576) { $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100; } else { if ($upload_filesize_limit >= 1024) { $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang); } } if ($error) { unlink_attach($this->attach_filename); unlink_attach($this->attach_filename, MODE_THUMBNAIL); $this->post_attach = FALSE; } } }
} $i++; } $db->sql_freeresult($result); // Sync Thumbnails (make sure all non-existent thumbnails are deleted) - the other way around // Get all Posts/PM's with the Thumbnail Flag NOT set // Go through all of them and make sure the Thumbnail does NOT exist. If it does exist, delete it $result = $db->sql_query("SELECT attach_id, physical_filename, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . " WHERE thumbnail = 0"); echo "\r\n"; $i = 0; while ($row = $db->sql_fetchrow($result)) { echo $i % 50 == 0 ? '. ' : ".\r\n"; flush(); if (thumbnail_exists($row['physical_filename'])) { $info .= sprintf($lang['Sync_thumbnail_resetted'], $row['physical_filename']) . '<br />'; unlink_attach($row['physical_filename'], MODE_THUMBNAIL); } $i++; } $db->sql_freeresult($result); flush(); die("\r\n\r\n" . $lang['Attach_sync_finished'] . "\r\n\r\n" . $info); } else { if ($submit && $mode == 'quota') { // // Change Quota Limit // $quota_change_list = isset($_POST['quota_change_list']) ? $_POST['quota_change_list'] : array(); $quota_desc_list = isset($_POST['quota_desc_list']) ? $_POST['quota_desc_list'] : array(); $filesize_list = isset($_POST['max_filesize_list']) ? $_POST['max_filesize_list'] : array(); $size_select_list = isset($_POST['size_select_list']) ? $_POST['size_select_list'] : array();
function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0) { global $db; // // Generate Array, if it's not an array // if ($post_id_array < 1 && $attach_id_array < 1 && $page < 1) { return; } if ($post_id_array < 1 && $attach_id_array > 0) { $post_id_array = array(); if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } // Get the post_ids to fill the array if ($page == PAGE_PRIVMSGS) { $p_id = 'privmsgs_id'; } else { $p_id = 'post_id'; } $result = $db->sql_query("SELECT " . $p_id . " FROM " . ATTACHMENTS_TABLE . " WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") GROUP BY " . $p_id); $post_list = $db->sql_fetchrowset($result); $num_post_list = $db->sql_numrows($result); if ($num_post_list == 0) { return; } for ($i = 0; $i < $num_post_list; $i++) { $post_id_array[] = intval($post_list[$i][$p_id]); } } if (!is_array($post_id_array)) { if (trim($post_id_array) == '') { return; } if (strstr($post_id_array, ', ')) { $post_id_array = explode(', ', $post_id_array); } else { if (strstr($post_id_array, ',')) { $post_id_array = explode(',', $post_id_array); } else { $post_id = intval($post_id_array); $post_id_array = array(); $post_id_array[] = $post_id; } } } if (count($post_id_array) == 0) { return; } // // First of all, determine the post id and attach_id // if ($attach_id_array < 1) { $attach_id_array = array(); // Get the attach_ids to fill the array if ($page == PAGE_PRIVMSGS) { $whereclause = "WHERE privmsgs_id IN (" . implode(', ', $post_id_array) . ")"; } else { $whereclause = "WHERE post_id IN (" . implode(', ', $post_id_array) . ")"; } $result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " " . $whereclause . " GROUP BY attach_id"); $attach_list = $db->sql_fetchrowset($result); $num_attach_list = $db->sql_numrows($result); if ($num_attach_list == 0) { return; } for ($i = 0; $i < $num_attach_list; $i++) { $attach_id_array[] = intval($attach_list[$i]['attach_id']); } } if (!is_array($attach_id_array)) { if (strstr($attach_id_array, ', ')) { $attach_id_array = explode(', ', $attach_id_array); } else { if (strstr($attach_id_array, ',')) { $attach_id_array = explode(',', $attach_id_array); } else { $attach_id = intval($attach_id_array); $attach_id_array = array(); $attach_id_array[] = $attach_id; } } } if (count($attach_id_array) == 0) { return; } if ($page == PAGE_PRIVMSGS) { $sql_id = 'privmsgs_id'; if ($user_id > 0) { $post_id_array_2 = array(); for ($i = 0; $i < count($post_id_array); $i++) { $result = $db->sql_query("SELECT privmsgs_type, privmsgs_to_userid, privmsgs_from_userid\n\t\t\t\tFROM " . PRIVMSGS_TABLE . "\n\t\t\t\tWHERE privmsgs_id = " . $post_id_array[$i]); if ($db->sql_numrows($result) != 0) { $row = $db->sql_fetchrow($result); $privmsgs_type = $row['privmsgs_type']; if ($privmsgs_type == PRIVMSGS_READ_MAIL || $privmsgs_type == PRIVMSGS_NEW_MAIL || $privmsgs_type == PRIVMSGS_UNREAD_MAIL) { if ($row['privmsgs_to_userid'] == $user_id) { $post_id_array_2[] = $post_id_array[$i]; } } else { if ($privmsgs_type == PRIVMSGS_SENT_MAIL) { if ($row['privmsgs_from_userid'] == $user_id) { $post_id_array_2[] = $post_id_array[$i]; } } else { if ($privmsgs_type == PRIVMSGS_SAVED_OUT_MAIL) { if ($row['privmsgs_from_userid'] == $user_id) { $post_id_array_2[] = $post_id_array[$i]; } } else { if ($privmsgs_type == PRIVMSGS_SAVED_IN_MAIL) { if ($row['privmsgs_to_userid'] == $user_id) { $post_id_array_2[] = $post_id_array[$i]; } } } } } } } $post_id_array = $post_id_array_2; } } else { $sql_id = 'post_id'; } $db->sql_query("DELETE FROM " . ATTACHMENTS_TABLE . " WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") AND " . $sql_id . " IN (" . implode(', ', $post_id_array) . ")"); for ($i = 0; $i < count($attach_id_array); $i++) { $result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " WHERE attach_id = " . $attach_id_array[$i]); if ($db->sql_numrows($result) == 0) { $result = $db->sql_query('SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . $attach_id_array[$i]); if ($db->sql_numrows($result) != 0) { $attachments = $db->sql_fetchrowset($result); $num_attach = $db->sql_numrows($result); // // delete attachments // for ($j = 0; $j < $num_attach; $j++) { unlink_attach($attachments[$j]['physical_filename']); if (intval($attachments[$j]['thumbnail']) == 1) { unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL); } $db->sql_query('DELETE FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . $attachments[$j]['attach_id']); } } } } // // Now Sync the Topic/PM // if ($page == PAGE_PRIVMSGS) { for ($i = 0; $i < count($post_id_array); $i++) { $result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " WHERE privmsgs_id = " . $post_id_array[$i]); if ($db->sql_numrows($result) == 0) { $result = $db->sql_query("UPDATE " . PRIVMSGS_TABLE . " SET privmsgs_attachment = 0 WHERE privmsgs_id = " . $post_id_array[$i]); } } } else { $result = $db->sql_query("SELECT topic_id FROM " . POSTS_TABLE . " WHERE post_id IN (" . implode(', ', $post_id_array) . ") GROUP BY topic_id"); $row = $db->sql_fetchrowset($result); $num_rows = $db->sql_numrows($result); for ($i = 0; $i < $num_rows; $i++) { attachment_sync_topic($row[$i]['topic_id']); } } }
// Does the target directory exist, is it a directory and writeable if (!@file_exists(@amod_realpath($upload_dir))) { $error = true; $error_msg = sprintf($lang['DIRECTORY_DOES_NOT_EXIST'], $attach_config['upload_dir']) . '<br />'; } if (!$error && !is_dir($upload_dir)) { $error = TRUE; $error_msg = sprintf($lang['DIRECTORY_IS_NOT_A_DIR'], $attach_config['upload_dir']) . '<br />'; } if (!$error) { if (!($fp = @fopen($upload_dir . '/0_000000.000', 'w'))) { $error = TRUE; $error_msg = sprintf($lang['DIRECTORY_NOT_WRITEABLE'], $attach_config['upload_dir']) . '<br />'; } else { @fclose($fp); unlink_attach($upload_dir . '/0_000000.000'); } } if (!$error) { bb_die($lang['TEST_SETTINGS_SUCCESSFUL'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_ATTACH_CONFIG'], '<a href="admin_attachments.php?mode=manage">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>')); } } // Management if ($submit && $mode == 'manage') { if (!$error) { bb_die($lang['ATTACH_CONFIG_UPDATED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_ATTACH_CONFIG'], '<a href="admin_attachments.php?mode=manage">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>')); } } if ($mode == 'manage') { $yes_no_switches = array('disable_mod', 'allow_pm_attach', 'display_order'); for ($i = 0; $i < sizeof($yes_no_switches); $i++) {
function handle_attachments($mode) { global $is_auth, $attach_config, $refresh, $HTTP_POST_VARS, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db; // // ok, what shall we do ;) // // // Some adjustments for PM's // if ($this->page == PAGE_PRIVMSGS) { global $privmsg_id; $post_id = $privmsg_id; if ($mode == 'post') { $mode = 'newtopic'; } else { if ($mode == 'edit') { $mode = 'editpost'; } } if ($userdata['user_level'] == ADMIN) { $is_auth['auth_attachments'] = '1'; $max_attachments = ADMIN_MAX_ATTACHMENTS; } else { $is_auth['auth_attachments'] = intval($attach_config['allow_pm_attach']); $max_attachments = intval($attach_config['max_attachments_pm']); } } else { if ($userdata['user_level'] == ADMIN) { $max_attachments = ADMIN_MAX_ATTACHMENTS; } else { $max_attachments = intval($attach_config['max_attachments']); } } // // nothing, if the user is not authorized or attachment mod disabled // if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments']) { return FALSE; } // // Init Vars // $attachments = array(); if (!$refresh) { $add = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE; $delete = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE; $edit = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE; $del_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE; $add_attachment_box = !empty($HTTP_POST_VARS['add_attachment_box']) ? TRUE : FALSE; $posted_attachments_box = !empty($HTTP_POST_VARS['posted_attachments_box']) ? TRUE : FALSE; $refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box || $posted_attachment_box; } // // Get Attachments // if ($this->page == PAGE_PRIVMSGS) { $attachments = get_attachments_from_pm($post_id); } else { $attachments = get_attachments_from_post($post_id); } if ($this->page == PAGE_PRIVMSGS) { if ($userdata['user_level'] == ADMIN) { $auth = TRUE; } else { $auth = intval($attach_config['allow_pm_attach']) ? TRUE : FALSE; } if (count($attachments) == 1) { $template->assign_block_vars('switch_attachments', array()); $template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachment'])); } else { if (count($attachments) > 0) { $template->assign_block_vars('switch_attachments', array()); $template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachments'])); } } } else { $auth = $is_auth['auth_edit'] || $is_auth['auth_mod'] ? TRUE : FALSE; } if (!$submit && $mode == 'editpost' && $auth) { if (!$refresh && !$preview && !$error && !isset($HTTP_POST_VARS['del_poll_option'])) { for ($i = 0; $i < count($attachments); $i++) { $this->attachment_list[] = $attachments[$i]['physical_filename']; $this->attachment_comment_list[] = $attachments[$i]['comment']; $this->attachment_filename_list[] = $attachments[$i]['real_filename']; $this->attachment_extension_list[] = $attachments[$i]['extension']; $this->attachment_mimetype_list[] = $attachments[$i]['mimetype']; $this->attachment_filesize_list[] = $attachments[$i]['filesize']; $this->attachment_filetime_list[] = $attachments[$i]['filetime']; $this->attachment_id_list[] = $attachments[$i]['attach_id']; $this->attachment_thumbnail_list[] = $attachments[$i]['thumbnail']; } } } $this->num_attachments = count($this->attachment_list); if ($submit && $mode != 'vote') { if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { if ($this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment($this->page); if (!$error && $this->post_attach) { array_unshift($this->attachment_list, $this->attach_filename); array_unshift($this->attachment_comment_list, $this->file_comment); array_unshift($this->attachment_filename_list, $this->filename); array_unshift($this->attachment_extension_list, $this->extension); array_unshift($this->attachment_mimetype_list, $this->type); array_unshift($this->attachment_filesize_list, $this->filesize); array_unshift($this->attachment_filetime_list, $this->filetime); array_unshift($this->attachment_id_list, '-1'); array_unshift($this->attachment_thumbnail_list, $this->thumbnail); $this->file_comment = ''; // This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the // Database in two modes, one if the id_list is -1 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of -1 here, we have to reset the post_attach variable to FALSE. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $this->post_attach = FALSE; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } if ($preview || $refresh || $error) { $delete_attachment = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE; $delete_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE; $add_attachment = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE; $edit_attachment = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE; // // Perform actions on temporary attachments // if ($delete_attachment || $delete_thumbnail) { // store old values $actual_list = isset($HTTP_POST_VARS['attachment_list']) ? $HTTP_POST_VARS['attachment_list'] : array(); $actual_comment_list = isset($HTTP_POST_VARS['comment_list']) ? $HTTP_POST_VARS['comment_list'] : array(); $actual_filename_list = isset($HTTP_POST_VARS['filename_list']) ? $HTTP_POST_VARS['filename_list'] : array(); $actual_extension_list = isset($HTTP_POST_VARS['extension_list']) ? $HTTP_POST_VARS['extension_list'] : array(); $actual_mimetype_list = isset($HTTP_POST_VARS['mimetype_list']) ? $HTTP_POST_VARS['mimetype_list'] : array(); $actual_filesize_list = isset($HTTP_POST_VARS['filesize_list']) ? $HTTP_POST_VARS['filesize_list'] : array(); $actual_filetime_list = isset($HTTP_POST_VARS['filetime_list']) ? $HTTP_POST_VARS['filetime_list'] : array(); $actual_id_list = isset($HTTP_POST_VARS['attach_id_list']) ? $HTTP_POST_VARS['attach_id_list'] : array(); $actual_thumbnail_list = isset($HTTP_POST_VARS['attach_thumbnail_list']) ? $HTTP_POST_VARS['attach_thumbnail_list'] : array(); // clean values $this->attachment_list = array(); $this->attachment_comment_list = array(); $this->attachment_filename_list = array(); $this->attachment_extension_list = array(); $this->attachment_mimetype_list = array(); $this->attachment_filesize_list = array(); $this->attachment_filetime_list = array(); $this->attachment_id_list = array(); $this->attachment_thumbnail_list = array(); // restore values :) if (isset($HTTP_POST_VARS['attachment_list'])) { for ($i = 0; $i < count($actual_list); $i++) { $restore = FALSE; $del_thumb = FALSE; if ($delete_thumbnail) { if (!isset($HTTP_POST_VARS['del_thumbnail'][$actual_list[$i]])) { $restore = TRUE; } else { $del_thumb = TRUE; } } if ($delete_attachment) { if (!isset($HTTP_POST_VARS['del_attachment'][$actual_list[$i]])) { $restore = TRUE; } } if ($restore) { $this->attachment_list[] = $actual_list[$i]; $this->attachment_comment_list[] = $actual_comment_list[$i]; $this->attachment_filename_list[] = $actual_filename_list[$i]; $this->attachment_extension_list[] = $actual_extension_list[$i]; $this->attachment_mimetype_list[] = $actual_mimetype_list[$i]; $this->attachment_filesize_list[] = $actual_filesize_list[$i]; $this->attachment_filetime_list[] = $actual_filetime_list[$i]; $this->attachment_id_list[] = $actual_id_list[$i]; $this->attachment_thumbnail_list[] = $actual_thumbnail_list[$i]; } else { if (!$del_thumb) { // // delete selected attachment // if ($actual_id_list[$i] == '-1') { unlink_attach($actual_list[$i]); if ($actual_thumbnail_list[$i] == 1) { unlink_attach('t_' . $actual_list[$i], MODE_THUMBNAIL); } } else { delete_attachment($post_id, $actual_id_list[$i], $this->page); } } else { if ($del_thumb) { // // delete selected thumbnail // $this->attachment_list[] = $actual_list[$i]; $this->attachment_comment_list[] = $actual_comment_list[$i]; $this->attachment_filename_list[] = $actual_filename_list[$i]; $this->attachment_extension_list[] = $actual_extension_list[$i]; $this->attachment_mimetype_list[] = $actual_mimetype_list[$i]; $this->attachment_filesize_list[] = $actual_filesize_list[$i]; $this->attachment_filetime_list[] = $actual_filetime_list[$i]; $this->attachment_id_list[] = $actual_id_list[$i]; $this->attachment_thumbnail_list[] = 0; if ($actual_id_list[$i] == '-1') { unlink_attach('t_' . $actual_list[$i], MODE_THUMBNAIL); } else { $sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "\n SET thumbnail = 0\n WHERE attach_id = " . $actual_id_list[$i]; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Unable to update ' . ATTACHMENTS_DESC_TABLE . ' Table.', '', __LINE__, __FILE__, $sql); } } } } } } } } else { if ($edit_attachment || $update_attachment || $add_attachment || $preview) { if ($edit_attachment) { $actual_comment_list = isset($HTTP_POST_VARS['comment_list']) ? $HTTP_POST_VARS['comment_list'] : ''; $this->attachment_comment_list = array(); for ($i = 0; $i < count($this->attachment_list); $i++) { $this->attachment_comment_list[$i] = $actual_comment_list[$i]; } } if ($update_attachment) { if ($this->filename == '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_empty_add_attachbox']; } $this->upload_attachment($this->page); if (!$error) { $actual_list = isset($HTTP_POST_VARS['attachment_list']) ? $HTTP_POST_VARS['attachment_list'] : array(); $actual_id_list = isset($HTTP_POST_VARS['attach_id_list']) ? $HTTP_POST_VARS['attach_id_list'] : array(); $attachment_id = 0; $actual_element = -1; for ($i = 0; $i < count($actual_id_list); $i++) { if (isset($HTTP_POST_VARS['update_attachment'][$actual_id_list[$i]])) { $attachment_id = intval($actual_id_list[$i]); $actual_element = $i; } } // Get current informations to delete the Old Attachment $sql = "SELECT physical_filename, comment, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . "\n WHERE attach_id = " . $attachment_id; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Unable to select old Attachment Entry.', '', __LINE__, __FILE__, $sql); } if ($db->sql_numrows($result) != 1) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_missing_old_entry']; } $row = $db->sql_fetchrow($result); $comment = trim($this->file_comment) == '' ? trim($row['comment']) : trim($this->file_comment); $comment = addslashes($comment); // Update Entry $sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "\n SET physical_filename = '" . $this->attach_filename . "', real_filename = '" . $this->filename . "', comment = '" . $comment . "', extension = '" . $this->extension . "', mimetype = '" . $this->type . "', filesize = " . $this->filesize . ", filetime = " . $this->filetime . ", thumbnail = " . $this->thumbnail . "\n WHERE attach_id = " . $attachment_id; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Unable to update the Attachment.', '', __LINE__, __FILE__, $sql); } // Delete the Old Attachment unlink_attach($row['physical_filename']); if (intval($row['thumbnail']) == 1) { unlink_attach('t_' . $row['physical_filename'], MODE_THUMBNAIL); } // // Make sure it is displayed // $this->attachment_list[$actual_element] = $this->attach_filename; $this->attachment_comment_list[$actual_element] = $comment; $this->attachment_filename_list[$actual_element] = $this->filename; $this->attachment_extension_list[$actual_element] = $this->extension; $this->attachment_mimetype_list[$actual_element] = $this->type; $this->attachment_filesize_list[$actual_element] = $this->filesize; $this->attachment_filetime_list[$actual_element] = $this->filetime; $this->attachment_id_list[$actual_element] = $actual_id_list[$actual_element]; $this->attachment_thumbnail_list[$actual_element] = $this->thumbnail; $this->file_comment = ''; } } if (($add_attachment || $preview) && $this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment($this->page); if (!$error) { array_unshift($this->attachment_list, $this->attach_filename); array_unshift($this->attachment_comment_list, $this->file_comment); array_unshift($this->attachment_filename_list, $this->filename); array_unshift($this->attachment_extension_list, $this->extension); array_unshift($this->attachment_mimetype_list, $this->type); array_unshift($this->attachment_filesize_list, $this->filesize); array_unshift($this->attachment_filetime_list, $this->filetime); array_unshift($this->attachment_id_list, '-1'); array_unshift($this->attachment_thumbnail_list, $this->thumbnail); $this->file_comment = ''; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } } return TRUE; }
/** * Upload an Attachment to Filespace (intern) */ function upload_attachment() { global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id; $this->post_attach = $this->filename != '' ? TRUE : FALSE; if ($this->post_attach) { $r_file = trim(basename($this->filename)); $file = $_FILES['fileupload']['tmp_name']; $this->type = $_FILES['fileupload']['type']; if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) { bb_die('Tried to upload empty file'); } $this->type = strtolower($this->type); $this->extension = strtolower(get_extension($this->filename)); $this->filesize = @filesize($file); $this->filesize = intval($this->filesize); $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query extensions'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize']; $cat_id = intval($row['cat_id']); $auth_cache = trim($row['forum_permissions']); // check Filename if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename)); } // check php upload-size if (!$error && $file == 'none') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $ini_val = 'ini_get'; $max_size = @$ini_val('upload_max_filesize'); if ($max_size == '') { $error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA']; } else { $error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size); } } // Check Extension if (!$error && intval($row['allow_group']) == 0) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension)); } // Check Forum Permissions if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension)); } //bt // Check if user can post torrent global $post_data; if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH']; } //bt end // Upload File $this->thumbnail = 0; if (!$error) { // // Prepare Values $this->filetime = TIMENOW; $this->filename = $r_file; // physical filename //$this->attach_filename = strtolower($this->filename); $this->attach_filename = $this->filename; //bt if (FILENAME_CRYPTIC) { $this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH); } else { // original $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename))); $this->attach_filename = delete_extension($this->attach_filename); $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename); $this->attach_filename = str_replace('__', '_', $this->attach_filename); $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename); $this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename); // Remove non-latin characters $this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename); $this->attach_filename = rawurlencode($this->attach_filename); $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename); $this->attach_filename = trim($this->attach_filename); } $this->attach_filename = str_replace(array('&', '&', ' '), '_', $this->attach_filename); $this->attach_filename = str_replace('php', '_php_', $this->attach_filename); $this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH); for ($i = 0, $max_try = 5; $i <= $max_try; $i++) { $fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_'; $new_physical_filename = clean_filename($fn_prefix . $this->attach_filename); if (!physical_filename_already_stored($new_physical_filename)) { break; } if ($i == $max_try) { bb_die('Could not create filename for attachment'); } } $this->attach_filename = $new_physical_filename; // Do we have to create a thumbnail ? if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) { $this->thumbnail = 1; } } if ($error) { $this->post_attach = FALSE; return; } // Upload Attachment if (!$error) { // Descide the Upload method $ini_val = 'ini_get'; $safe_mode = @$ini_val('safe_mode'); if (@$ini_val('open_basedir')) { $upload_mode = 'move'; } else { if (@$ini_val('safe_mode')) { $upload_mode = 'move'; } else { $upload_mode = 'copy'; } } // Ok, upload the Attachment if (!$error) { $this->move_uploaded_attachment($upload_mode, $file); } } // Now, check filesize parameters if (!$error) { if (!$this->filesize) { $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename)); } } // Check Image Size, if it's an image if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) { list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename); if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) { if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height'])); } } } // check Filesize if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) { $allowed_filesize = humn_size($allowed_filesize); $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize); } // Check our complete quota if ($attach_config['attachment_quota']) { $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query total filesize #1'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $total_filesize = $row['total']; if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['ATTACH_QUOTA_REACHED']; } } $this->get_quota_limits($userdata); // Check our user quota if ($attach_config['upload_filesize_limit']) { $sql = 'SELECT attach_id FROM ' . BB_ATTACHMENTS . ' WHERE user_id_1 = ' . (int) $userdata['user_id'] . ' GROUP BY attach_id'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query attachments'); } $attach_ids = DB()->sql_fetchrowset($result); $num_attach_ids = DB()->num_rows($result); DB()->sql_freeresult($result); $attach_id = array(); for ($i = 0; $i < $num_attach_ids; $i++) { $attach_id[] = intval($attach_ids[$i]['attach_id']); } if ($num_attach_ids > 0) { // Now get the total filesize $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id IN (' . implode(', ', $attach_id) . ')'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query total filesize #2'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $total_filesize = $row['total']; } else { $total_filesize = 0; } if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) { $upload_filesize_limit = $attach_config['upload_filesize_limit']; $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']); if ($upload_filesize_limit >= 1048576) { $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100; } else { if ($upload_filesize_limit >= 1024) { $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang); } } if ($error) { unlink_attach($this->attach_filename); unlink_attach($this->attach_filename, MODE_THUMBNAIL); $this->post_attach = FALSE; } } }