// Sync Thumbnails (make sure all non-existent thumbnails are deleted) - the other way around
// Get all Posts/PM's with the Thumbnail Flag NOT set
// Go through all of them and make sure the Thumbnail does NOT exist. If it does exist, delete it
$sql = "SELECT attach_id, physical_filename, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . " WHERE thumbnail = 0";
$result = $db->sql_query($sql);
echo '<br />';
$i = 0;
while ($row = $db->sql_fetchrow($result)) {
@flush();
echo '.';
if ($i % 50 == 0) {
echo '<br />';
}
if (thumbnail_exists(basename($row['physical_filename']))) {
$info .= sprintf($lang['Sync_thumbnail_resetted'], $row['physical_filename']) . '<br />';
unlink_attach(basename($row['physical_filename']), MODE_THUMBNAIL);
}
$i++;
}
$db->sql_freeresult($result);
$cache->destroy('config');
@flush();
die('<br /><br /><br />' . $lang['Attach_sync_finished'] . '<br /><br />' . $info);
exit;
}
// Quota Limit Settings
if ($submit && $mode == 'quota') {
// Change Quota Limit
$quota_change_list = request_var('quota_change_list', array(0));
$quota_desc_list = request_var('quota_desc_list', array(''));
$filesize_list = request_var('max_filesize_list', array(0));
/**
* Delete Attachment(s) from post(s) (intern)
*/
function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0)
{
global $db;
// Generate Array, if it's not an array
if ($post_id_array === 0 && $attach_id_array === 0 && $page === 0) {
return;
}
if ($post_id_array === 0 && $attach_id_array !== 0) {
$post_id_array = array();
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
// Get the post_ids to fill the array
if ($page == PAGE_PRIVMSGS) {
$p_id = 'privmsgs_id';
} else {
$p_id = 'post_id';
}
$sql = "SELECT {$p_id} \n\t\t\tFROM " . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\tGROUP BY {$p_id}";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not select ids', '', __LINE__, __FILE__, $sql);
}
$num_post_list = $db->sql_numrows($result);
if ($num_post_list == 0) {
$db->sql_freeresult($result);
return;
}
while ($row = $db->sql_fetchrow($result)) {
$post_id_array[] = intval($row[$p_id]);
}
$db->sql_freeresult($result);
}
if (!is_array($post_id_array)) {
if (trim($post_id_array) == '') {
return;
}
if (strstr($post_id_array, ', ')) {
$post_id_array = explode(', ', $post_id_array);
} else {
if (strstr($post_id_array, ',')) {
$post_id_array = explode(',', $post_id_array);
} else {
$post_id = intval($post_id_array);
$post_id_array = array();
$post_id_array[] = $post_id;
}
}
}
if (!sizeof($post_id_array)) {
return;
}
// First of all, determine the post id and attach_id
if ($attach_id_array === 0) {
$attach_id_array = array();
// Get the attach_ids to fill the array
if ($page == PAGE_PRIVMSGS) {
$whereclause = 'WHERE privmsgs_id IN (' . implode(', ', $post_id_array) . ')';
} else {
$whereclause = 'WHERE post_id IN (' . implode(', ', $post_id_array) . ')';
}
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . " {$whereclause} \n\t\t\tGROUP BY attach_id";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not select Attachment Ids', '', __LINE__, __FILE__, $sql);
}
$num_attach_list = $db->sql_numrows($result);
if ($num_attach_list == 0) {
$db->sql_freeresult($result);
return;
}
while ($row = $db->sql_fetchrow($result)) {
$attach_id_array[] = (int) $row['attach_id'];
}
$db->sql_freeresult($result);
}
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
if (!sizeof($attach_id_array)) {
return;
}
if ($page == PAGE_PRIVMSGS) {
$sql_id = 'privmsgs_id';
if ($user_id) {
$post_id_array_2 = array();
$sql = 'SELECT privmsgs_id, privmsgs_type, privmsgs_to_userid, privmsgs_from_userid
FROM ' . PRIVMSGS_TABLE . '
WHERE privmsgs_id IN (' . implode(', ', $post_id_array) . ')';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t get Privmsgs Type', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result)) {
$privmsgs_type = $row['privmsgs_type'];
if ($privmsgs_type == PRIVMSGS_READ_MAIL || $privmsgs_type == PRIVMSGS_NEW_MAIL || $privmsgs_type == PRIVMSGS_UNREAD_MAIL) {
if ($row['privmsgs_to_userid'] == $user_id) {
$post_id_array_2[] = $row['privmsgs_id'];
}
} else {
if ($privmsgs_type == PRIVMSGS_SENT_MAIL) {
if ($row['privmsgs_from_userid'] == $user_id) {
$post_id_array_2[] = $row['privmsgs_id'];
}
} else {
if ($privmsgs_type == PRIVMSGS_SAVED_OUT_MAIL) {
if ($row['privmsgs_from_userid'] == $user_id) {
$post_id_array_2[] = $row['privmsgs_id'];
}
} else {
if ($privmsgs_type == PRIVMSGS_SAVED_IN_MAIL) {
if ($row['privmsgs_to_userid'] == $user_id) {
$post_id_array_2[] = $row['privmsgs_id'];
}
}
}
}
}
}
$db->sql_freeresult($result);
$post_id_array = $post_id_array_2;
}
} else {
$sql_id = 'post_id';
}
if (sizeof($post_id_array) && sizeof($attach_id_array)) {
$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', $attach_id_array) . ") \n\t\t\t\tAND {$sql_id} IN (" . implode(', ', $post_id_array) . ')';
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, $lang['Error_deleted_attachments'], '', __LINE__, __FILE__, $sql);
}
for ($i = 0; $i < sizeof($attach_id_array); $i++) {
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id = ' . (int) $attach_id_array[$i];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not select Attachment Ids', '', __LINE__, __FILE__, $sql);
}
$num_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_rows == 0) {
$sql = 'SELECT attach_id, physical_filename, thumbnail
FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id = ' . (int) $attach_id_array[$i];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attach description table', '', __LINE__, __FILE__, $sql);
}
$num_rows = $db->sql_numrows($result);
if ($num_rows != 0) {
$num_attach = $num_rows;
$attachments = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
// delete attachments
for ($j = 0; $j < $num_attach; $j++) {
unlink_attach($attachments[$j]['physical_filename']);
if (intval($attachments[$j]['thumbnail']) == 1) {
unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL);
}
$sql = 'DELETE FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id = ' . (int) $attachments[$j]['attach_id'];
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, $lang['Error_deleted_attachments'], '', __LINE__, __FILE__, $sql);
}
}
} else {
$db->sql_freeresult($result);
}
}
}
}
// Now Sync the Topic/PM
if ($page == PAGE_PRIVMSGS) {
for ($i = 0; $i < sizeof($post_id_array); $i++) {
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE privmsgs_id = ' . (int) $post_id_array[$i];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query Attachments Table', '', __LINE__, __FILE__, $sql);
}
$num_rows = $db->sql_numrows($result);
$db->sql_freeresult($result);
if ($num_rows == 0) {
$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET privmsgs_attachment = 0
WHERE privmsgs_id = ' . $post_id_array[$i];
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t update Private Message Attachment Switch', '', __LINE__, __FILE__, $sql);
}
}
}
} else {
if (sizeof($post_id_array)) {
$sql = 'SELECT topic_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_id_array) . ')
GROUP BY topic_id';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t select Topic ID', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result)) {
attachment_sync_topic($row['topic_id']);
}
$db->sql_freeresult($result);
}
}
}
/**
* Upload an Attachment to Filespace (intern)
*/
function upload_attachment()
{
global $HTTP_POST_FILES, $db, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = $this->filename != '' ? TRUE : FALSE;
if ($this->post_attach) {
$r_file = trim(basename(htmlspecialchars($this->filename)));
$file = $HTTP_POST_FILES['fileupload']['tmp_name'];
$this->type = $HTTP_POST_FILES['fileupload']['type'];
if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) {
message_die(GENERAL_ERROR, 'Tried to upload empty file');
}
// Opera add the name to the mime type
$this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
$this->type = strtolower($this->type);
$this->extension = strtolower(get_extension($this->filename));
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM ' . EXTENSION_GROUPS_TABLE . ' g, ' . EXTENSIONS_TABLE . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query Extensions.', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
$cat_id = intval($row['cat_id']);
$auth_cache = trim($row['forum_permissions']);
// check Filename
if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
}
// check php upload-size
if (!$error && $file == 'none') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '') {
$error_msg .= $lang['Attachment_php_size_na'];
} else {
$error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
}
}
// Check Extension
if (!$error && intval($row['allow_group']) == 0) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension'], $this->extension);
}
// Check Forum Permissions
if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
}
// Upload File
$this->thumbnail = 0;
if (!$error) {
// Prepare Values
$this->filetime = time();
$this->filename = $r_file;
// physical filename
$this->attach_filename = strtolower($this->filename);
// To re-add cryptic filenames, change this variable to true
$cryptic = false;
if (!$cryptic) {
$this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
$this->attach_filename = delete_extension($this->attach_filename);
$this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
$this->attach_filename = str_replace('__', '_', $this->attach_filename);
$this->attach_filename = str_replace(array(',', '.', '!', '?', 'ü', 'Ü', 'ö', 'Ö', 'ä', 'Ä', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
$this->attach_filename = str_replace(array('$', 'ß', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
// Remove non-latin characters
$this->attach_filename = preg_replace("/([ÂÃ])([€-¿])/e", "chr(ord('\\1')<<6&0xC0|ord('\\2')&0x3F)", $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
$this->attach_filename = trim($this->attach_filename);
$new_filename = $this->attach_filename;
if (!$new_filename) {
$u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
$new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
do {
$this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
} while (physical_filename_already_stored($this->attach_filename));
unset($new_filename);
} else {
$u_id = intval($userdata['user_id']) == ANONYMOUS ? 0 : intval($userdata['user_id']);
$this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
// Do we have to create a thumbnail ?
if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
$this->thumbnail = 1;
}
}
if ($error) {
$this->post_attach = FALSE;
return;
}
// Upload Attachment
if (!$error) {
if (!intval($attach_config['allow_ftp_upload'])) {
// Descide the Upload method
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$safe_mode = @$ini_val('safe_mode');
if (@$ini_val('open_basedir')) {
if (@phpversion() < '4.0.3') {
$upload_mode = 'copy';
} else {
$upload_mode = 'move';
}
} else {
if (@$ini_val('safe_mode')) {
$upload_mode = 'move';
} else {
$upload_mode = 'copy';
}
}
} else {
$upload_mode = 'ftp';
}
// Ok, upload the Attachment
if (!$error) {
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error) {
if ($upload_mode != 'ftp' && !$this->filesize) {
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
// Check Image Size, if it's an image
if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
// check Filesize
if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
$size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($allowed_filesize >= 1048576) {
$allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
} else {
if ($allowed_filesize >= 1024) {
$allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
}
// Check our complete quota
if ($attach_config['attachment_quota']) {
$sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_filesize = $row['total'];
if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_reached'];
}
}
$this->get_quota_limits($userdata);
// Check our user quota
if ($this->page != PAGE_PRIVMSGS) {
if ($attach_config['upload_filesize_limit']) {
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
AND privmsgs_id = 0
GROUP BY attach_id';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attach_ids = $db->sql_fetchrowset($result);
$num_attach_ids = $db->sql_numrows($result);
$db->sql_freeresult($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++) {
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0) {
// Now get the total filesize
$sql = 'SELECT sum(filesize) as total
FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$total_filesize = $row['total'];
} else {
$total_filesize = 0;
}
if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($upload_filesize_limit >= 1048576) {
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
} else {
if ($upload_filesize_limit >= 1024) {
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
}
}
}
// If we are at Private Messaging, check our PM Quota
if ($this->page == PAGE_PRIVMSGS) {
if ($attach_config['pm_filesize_limit']) {
$total_filesize = get_total_attach_pm_filesize('from_user', $userdata['user_id']);
if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_sender_pm_reached'];
}
}
$to_user = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
// Check Receivers PM Quota
if (!empty($to_user) && $userdata['user_level'] != ADMIN) {
$u_data = get_userdata($to_user, true);
$user_id = (int) $u_data['user_id'];
$this->get_quota_limits($u_data, $user_id);
if ($attach_config['pm_filesize_limit']) {
$total_filesize = get_total_attach_pm_filesize('to_user', $user_id);
if ($total_filesize + $this->filesize > $attach_config['pm_filesize_limit']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user);
}
}
}
}
if ($error) {
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
/**
* Delete Attachment(s) from post(s) (intern)
*/
function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0)
{
global $bb_cfg;
// Generate Array, if it's not an array
if ($post_id_array === 0 && $attach_id_array === 0 && $page === 0) {
return;
}
if ($post_id_array === 0 && $attach_id_array !== 0) {
$post_id_array = array();
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
// Get the post_ids to fill the array
$p_id = 'post_id';
$sql = "SELECT {$p_id}\n\t\t\tFROM " . BB_ATTACHMENTS . '
WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\tGROUP BY {$p_id}";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not select ids');
}
$num_post_list = DB()->num_rows($result);
if ($num_post_list == 0) {
DB()->sql_freeresult($result);
return;
}
while ($row = DB()->sql_fetchrow($result)) {
$post_id_array[] = intval($row[$p_id]);
}
DB()->sql_freeresult($result);
}
if (!is_array($post_id_array)) {
if (trim($post_id_array) == '') {
return;
}
if (strstr($post_id_array, ', ')) {
$post_id_array = explode(', ', $post_id_array);
} else {
if (strstr($post_id_array, ',')) {
$post_id_array = explode(',', $post_id_array);
} else {
$post_id = intval($post_id_array);
$post_id_array = array();
$post_id_array[] = $post_id;
}
}
}
if (!sizeof($post_id_array)) {
return;
}
// First of all, determine the post id and attach_id
if ($attach_id_array === 0) {
$attach_id_array = array();
// Get the attach_ids to fill the array
$whereclause = 'WHERE post_id IN (' . implode(', ', $post_id_array) . ')';
$sql = 'SELECT attach_id
FROM ' . BB_ATTACHMENTS . " {$whereclause}\n\t\t\tGROUP BY attach_id";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not select attachment id #1');
}
$num_attach_list = DB()->num_rows($result);
if ($num_attach_list == 0) {
DB()->sql_freeresult($result);
return;
}
while ($row = DB()->sql_fetchrow($result)) {
$attach_id_array[] = (int) $row['attach_id'];
}
DB()->sql_freeresult($result);
}
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
if (!sizeof($attach_id_array)) {
return;
}
$sql_id = 'post_id';
if (sizeof($post_id_array) && sizeof($attach_id_array)) {
$sql = 'DELETE FROM ' . BB_ATTACHMENTS . '
WHERE attach_id IN (' . implode(', ', $attach_id_array) . ")\n\t\t\t\tAND {$sql_id} IN (" . implode(', ', $post_id_array) . ')';
if (!DB()->sql_query($sql)) {
bb_die($lang['ERROR_DELETED_ATTACHMENTS']);
}
//bt
if ($sql_id == 'post_id') {
$sql = "SELECT topic_id FROM " . BB_BT_TORRENTS . " WHERE attach_id IN(" . implode(',', $attach_id_array) . ")";
if (!($result = DB()->sql_query($sql))) {
bb_die($lang['ERROR_DELETED_ATTACHMENTS']);
}
$torrents_sql = array();
while ($row = DB()->sql_fetchrow($result)) {
$torrents_sql[] = $row['topic_id'];
}
if ($torrents_sql = implode(',', $torrents_sql)) {
// Remove peers from tracker
$sql = "DELETE FROM " . BB_BT_TRACKER . "\n\t\t\t\t\tWHERE topic_id IN({$torrents_sql})";
if (!DB()->sql_query($sql)) {
bb_die('Could not delete peers');
}
}
// Delete torrents
$sql = "DELETE FROM " . BB_BT_TORRENTS . "\n\t\t\t\tWHERE attach_id IN(" . implode(',', $attach_id_array) . ")";
if (!DB()->sql_query($sql)) {
bb_die($lang['ERROR_DELETED_ATTACHMENTS']);
}
}
//bt end
for ($i = 0; $i < sizeof($attach_id_array); $i++) {
$sql = 'SELECT attach_id
FROM ' . BB_ATTACHMENTS . '
WHERE attach_id = ' . (int) $attach_id_array[$i];
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not select Attachment id #2');
}
$num_rows = DB()->num_rows($result);
DB()->sql_freeresult($result);
if ($num_rows == 0) {
$sql = 'SELECT attach_id, physical_filename, thumbnail
FROM ' . BB_ATTACHMENTS_DESC . '
WHERE attach_id = ' . (int) $attach_id_array[$i];
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query attach description table');
}
$num_rows = DB()->num_rows($result);
if ($num_rows != 0) {
$num_attach = $num_rows;
$attachments = DB()->sql_fetchrowset($result);
DB()->sql_freeresult($result);
// delete attachments
for ($j = 0; $j < $num_attach; $j++) {
unlink_attach($attachments[$j]['physical_filename']);
if (intval($attachments[$j]['thumbnail']) == 1) {
unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL);
}
$sql = 'DELETE FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id = ' . (int) $attachments[$j]['attach_id'];
if (!DB()->sql_query($sql)) {
bb_die($lang['ERROR_DELETED_ATTACHMENTS']);
}
}
} else {
DB()->sql_freeresult($result);
}
}
}
}
// Now Sync the Topic/PM
if (sizeof($post_id_array)) {
$sql = 'SELECT topic_id
FROM ' . BB_POSTS . '
WHERE post_id IN (' . implode(', ', $post_id_array) . ')
GROUP BY topic_id';
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not select topic id');
}
while ($row = DB()->sql_fetchrow($result)) {
attachment_sync_topic($row['topic_id']);
}
DB()->sql_freeresult($result);
}
}
protected function handle_attachments($mode)
{
global $is_auth, $attach_config, $refresh, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db;
global $CPG_SESS;
$max_attachments = $userdata['user_level'] == ADMIN ? ADMIN_MAX_ATTACHMENTS : intval($attach_config['max_attachments']);
//
// nothing, if the user is not authorized or attachment mod disabled
//
if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments']) {
return FALSE;
}
//
// Init Vars
//
if (!$refresh) {
$add = isset($_POST['add_attachment']) ? TRUE : FALSE;
$delete = isset($_POST['del_attachment']) ? TRUE : FALSE;
$edit = isset($_POST['edit_comment']) ? TRUE : FALSE;
$update_attachment = isset($_POST['update_attachment']) ? TRUE : FALSE;
$del_thumbnail = isset($_POST['del_thumbnail']) ? TRUE : FALSE;
$add_attachment_box = !empty($_POST['add_attachment_box']) ? TRUE : FALSE;
$posted_attachments_box = !empty($_POST['posted_attachments_box']) ? TRUE : FALSE;
$refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box;
}
//
// Get Attachments
//
$auth = $is_auth['auth_edit'] || $is_auth['auth_mod'] ? TRUE : FALSE;
if (!$submit && $mode == 'editpost' && $auth) {
if (!$refresh && !$preview && !$error && !isset($_POST['del_poll_option'])) {
$this->attachments = get_attachments_from_post($post_id);
}
}
$this->num_attachments = count($this->attachments);
if ($submit && $mode != 'vote') {
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') {
if ($this->filename != '') {
if ($this->num_attachments < intval($max_attachments)) {
$this->upload_attachment();
if (!$error && $this->post_attach) {
array_unshift($this->attachments, array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => 0, 'thumbnail' => $this->thumbnail, 'comment' => $this->file_comment));
$this->file_comment = '';
// This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the
// Database in two modes, one if the id_list is -1 and the second one if post_attach is true
// Since post_attach is automatically switched to true if an Attachment got added to the filesystem,
// but we are assigning an id of -1 here, we have to reset the post_attach variable to FALSE.
//
// This is very relevant, because it could happen that the post got not submitted, but we do not
// know this circumstance here. We could be at the posting page or we could be redirected to the entered
// post. :)
$this->post_attach = FALSE;
}
} else {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
if ($preview || $refresh || $error) {
$delete_attachment = isset($_POST['del_attachment']) ? TRUE : FALSE;
$delete_thumbnail = isset($_POST['del_thumbnail']) ? TRUE : FALSE;
$add_attachment = isset($_POST['add_attachment']) ? TRUE : FALSE;
$edit_comment = isset($_POST['edit_comment']) ? TRUE : FALSE;
$update_attachment = isset($_POST['update_attachment']) ? TRUE : FALSE;
//
// Perform actions on temporary attachments
//
$actual_list = isset($CPG_SESS['bb_attachments']) ? $CPG_SESS['bb_attachments'] : array();
if ($delete_attachment || $delete_thumbnail) {
// clean values
$this->attachments = array();
// restore values :)
if (!empty($actual_list)) {
for ($i = 0; $i < count($actual_list); $i++) {
$attachment = $actual_list[$i];
$restore = FALSE;
$del_thumb = FALSE;
if ($delete_thumbnail) {
if (!isset($_POST['del_thumbnail'][$attachment['physical_filename']])) {
$restore = TRUE;
} else {
$del_thumb = TRUE;
}
}
if ($delete_attachment) {
if (!isset($_POST['del_attachment'][$attachment['physical_filename']])) {
$restore = TRUE;
}
}
if ($restore) {
$this->attachments[] = $attachment;
} else {
if (!$del_thumb) {
// delete selected attachment
if ($attachment['attach_id'] < 1) {
unlink_attach($attachment['physical_filename']);
if ($attachment['thumbnail'] == 1) {
unlink_attach($attachment['physical_filename'], MODE_THUMBNAIL);
}
} else {
delete_attachment($post_id, $attachment['attach_id'], $this->page);
}
} else {
if ($del_thumb) {
// delete selected thumbnail
$attachment['thumbnail'] = 0;
$this->attachments[] = $attachment;
if ($attachment['attach_id'] < 1) {
unlink_attach($attachment['physical_filename'], MODE_THUMBNAIL);
} else {
$db->sql_query("UPDATE " . ATTACHMENTS_DESC_TABLE . " SET thumbnail = 0\n\t\t\t\t\t\t\t\tWHERE attach_id = " . $attachment['attach_id']);
}
}
}
}
}
}
} else {
if ($edit_comment || $update_attachment || $add_attachment || $preview) {
if ($edit_comment) {
$actual_comment_list = isset($_POST['comment_list']) ? $_POST['comment_list'] : '';
for ($i = 0; $i < count($this->attachments); $i++) {
$this->attachments[$i]['comment'] = $actual_comment_list[$i];
}
}
if ($update_attachment) {
if ($this->filename == '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_empty_add_attachbox'];
}
$this->upload_attachment();
if (!$error) {
$attachment_id = 0;
$actual_element = 0;
for ($i = 0; $i < count($actual_list); $i++) {
if (isset($_POST['update_attachment'][$actual_list[$i]['attach_id']])) {
$attachment_id = intval($actual_list[$i]['attach_id']);
$actual_element = $i;
break;
}
}
// Get current informations to delete the Old Attachment
$sql = "SELECT physical_filename, comment, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . "\n\t\t\t\t\t\tWHERE attach_id = " . $attachment_id;
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) != 1) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_missing_old_entry'];
}
$row = $db->sql_fetchrow($result);
$comment = trim($this->file_comment) == '' ? trim($row['comment']) : trim($this->file_comment);
// Update Entry
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\t\t\tSET physical_filename = '" . $this->attach_filename . "', real_filename = '" . $this->filename . "', comment = '" . Fix_Quotes($comment) . "', extension = '" . $this->extension . "', mimetype = '" . $this->type . "', filesize = " . $this->filesize . ", filetime = " . $this->filetime . ", thumbnail = " . $this->thumbnail . "\n\t\t\t\t\t\tWHERE attach_id = " . $attachment_id;
$db->sql_query($sql);
// Delete the Old Attachment
unlink_attach($row['physical_filename']);
if (intval($row['thumbnail']) == 1) {
unlink_attach($row['physical_filename'], MODE_THUMBNAIL);
}
//
// Make sure it is displayed
//
$this->attachments[$actual_element] = array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => $actual_list[$actual_element]['attach_id'], 'thumbnail' => $this->thumbnail, 'comment' => $comment);
$this->file_comment = '';
}
}
if (($add_attachment || $preview) && $this->filename != '') {
if ($this->num_attachments < intval($max_attachments)) {
$this->upload_attachment();
if (!$error) {
array_unshift($this->attachments, array('physical_filename' => $this->attach_filename, 'real_filename' => $this->filename, 'extension' => $this->extension, 'mimetype' => $this->type, 'filesize' => $this->filesize, 'filetime' => $this->filetime, 'attach_id' => 0, 'thumbnail' => $this->thumbnail, 'comment' => $this->file_comment));
$this->file_comment = '';
}
} else {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
}
$CPG_SESS['bb_attachments'] = $this->attachments;
return TRUE;
}
function upload_attachment()
{
global $HTTP_POST_FILES, $HTTP_POST_VARS, $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = $this->filename != '' ? TRUE : FALSE;
if ($this->post_attach) {
$r_file = trim(basename($this->filename));
$file = $HTTP_POST_FILES['fileupload']['tmp_name'];
$this->type = $HTTP_POST_FILES['fileupload']['type'];
if (isset($HTTP_POST_FILES['fileupload']['size']) && $HTTP_POST_FILES['fileupload']['size'] == 0) {
message_die(GENERAL_ERROR, 'Tried to upload empty file');
}
// Opera add the name to the mime type
$this->type = strstr($this->type, '; name') ? str_replace(strstr($this->type, '; name'), '', $this->type) : $this->type;
$this->extension = get_extension($this->filename);
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$allowed_filesize = $attach_config['max_filesize'];
//
// check Filename
//
if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Invalid_filename'], $this->filename);
}
//
// check php upload-size
//
if (!$error && $file == 'none') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '') {
$error_msg .= $lang['Attachment_php_size_na'];
} else {
$error_msg .= sprintf($lang['Attachment_php_size_overrun'], $max_size);
}
}
//
// Check Forum Permissions
//
if (!$error && $this->page != PAGE_PRIVMSGS && $userdata['user_level'] != ADMIN && (!is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '')) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Disallowed_extension_within_forum'], $this->extension);
}
//bt
// Check if user can post .torrent
global $post_data;
if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Allowed_only_1st_post_attach'];
}
//bt end
// Upload File
$this->thumbnail = 0;
if (!$error) {
//
// Prepare Values
//
$this->filetime = time();
$this->filename = stripslashes($r_file);
$this->attach_filename = strtolower($this->filename);
// To re-add cryptic filenames, change this variable to true
$cryptic = false;
if (!$cryptic) {
$this->attach_filename = str_replace(' ', '_', $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/%(\\w{2})/", "_", $this->attach_filename);
$this->attach_filename = delete_extension($this->attach_filename);
$new_filename = trim($this->attach_filename);
if (!$new_filename) {
$u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']);
$new_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
do {
$this->attach_filename = $new_filename . '_' . substr(rand(), 0, 3) . '.' . $this->extension;
} while (physical_filename_already_stored($this->attach_filename));
unset($new_filename);
} else {
$u_id = intval($userdata['user_id']) == GUEST_UID ? 0 : intval($userdata['user_id']);
$this->attach_filename = $u_id . '_' . $this->filetime . '.' . $this->extension;
}
$this->filename = str_replace("'", "\\'", $this->filename);
//
// Do we have to create a thumbnail ?
//
if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
$this->thumbnail = 1;
}
}
if ($error) {
$this->post_attach = FALSE;
return;
}
//
// Upload Attachment
//
if (!$error) {
if (!intval($attach_config['allow_ftp_upload'])) {
//
// Descide the Upload method
//
$ini_val = phpversion() >= '4.0.0' ? 'ini_get' : 'get_cfg_var';
$safe_mode = @$ini_val('safe_mode');
if (@$ini_val('open_basedir')) {
if (@phpversion() < '4.0.3') {
$upload_mode = 'copy';
} else {
$upload_mode = 'move';
}
} else {
if (@$ini_val('safe_mode')) {
$upload_mode = 'move';
} else {
$upload_mode = 'copy';
}
}
} else {
$upload_mode = 'ftp';
}
//
// Ok, upload the Attachment
//
if (!$error) {
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error) {
if ($upload_mode != 'ftp' && !$this->filesize) {
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
//
// Check Image Size, if it's an image
//
if (!$error && $userdata['user_level'] != ADMIN && $cat_id == IMAGE_CAT) {
list($width, $height) = image_getdimension($file);
if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
//
// check Filesize
//
if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && $userdata['user_level'] != ADMIN) {
$size_lang = $allowed_filesize >= 1048576 ? $lang['MB'] : ($allowed_filesize >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($allowed_filesize >= 1048576) {
$allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100;
} else {
if ($allowed_filesize >= 1024) {
$allowed_filesize = round($allowed_filesize / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Attachment_too_big'], $allowed_filesize, $size_lang);
}
//
// Check our complete quota
//
if ($attach_config['attachment_quota']) {
$sql = 'SELECT sum(filesize) as total FROM ' . ATTACHMENTS_DESC_TABLE;
if (!($result = DB()->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = DB()->sql_fetchrow($result);
$total_filesize = $row['total'];
if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Attach_quota_reached'];
}
}
$this->get_quota_limits($userdata);
//
// Check our user quota
//
if ($attach_config['upload_filesize_limit']) {
$sql = "SELECT attach_id\n\t\t\t\t\tFROM " . ATTACHMENTS_TABLE . "\n\t\t\t\t\tWHERE (user_id_1 = " . $userdata['user_id'] . ") AND (privmsgs_id = 0)\n\t\t\t\t\tGROUP BY attach_id";
if (!($result = DB()->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
}
$attach_ids = DB()->sql_fetchrowset($result);
$num_attach_ids = DB()->num_rows($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++) {
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0) {
//
// Now get the total filesize
//
$sql = "SELECT sum(filesize) as total\n\t\t\t\t\t\tFROM " . ATTACHMENTS_DESC_TABLE . "\n\t\t\t\t\t\tWHERE attach_id IN (" . implode(', ', $attach_id) . ")";
if (!($result = DB()->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not query total filesize', '', __LINE__, __FILE__, $sql);
}
$row = DB()->sql_fetchrow($result);
$total_filesize = $row['total'];
} else {
$total_filesize = 0;
}
if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['Bytes']);
if ($upload_filesize_limit >= 1048576) {
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
} else {
if ($upload_filesize_limit >= 1024) {
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['User_upload_quota_reached'], $upload_filesize_limit, $size_lang);
}
}
if ($error) {
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
}
$i++;
}
$db->sql_freeresult($result);
// Sync Thumbnails (make sure all non-existent thumbnails are deleted) - the other way around
// Get all Posts/PM's with the Thumbnail Flag NOT set
// Go through all of them and make sure the Thumbnail does NOT exist. If it does exist, delete it
$result = $db->sql_query("SELECT attach_id, physical_filename, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . " WHERE thumbnail = 0");
echo "\r\n";
$i = 0;
while ($row = $db->sql_fetchrow($result)) {
echo $i % 50 == 0 ? '. ' : ".\r\n";
flush();
if (thumbnail_exists($row['physical_filename'])) {
$info .= sprintf($lang['Sync_thumbnail_resetted'], $row['physical_filename']) . '<br />';
unlink_attach($row['physical_filename'], MODE_THUMBNAIL);
}
$i++;
}
$db->sql_freeresult($result);
flush();
die("\r\n\r\n" . $lang['Attach_sync_finished'] . "\r\n\r\n" . $info);
} else {
if ($submit && $mode == 'quota') {
//
// Change Quota Limit
//
$quota_change_list = isset($_POST['quota_change_list']) ? $_POST['quota_change_list'] : array();
$quota_desc_list = isset($_POST['quota_desc_list']) ? $_POST['quota_desc_list'] : array();
$filesize_list = isset($_POST['max_filesize_list']) ? $_POST['max_filesize_list'] : array();
$size_select_list = isset($_POST['size_select_list']) ? $_POST['size_select_list'] : array();
function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0, $user_id = 0)
{
global $db;
//
// Generate Array, if it's not an array
//
if ($post_id_array < 1 && $attach_id_array < 1 && $page < 1) {
return;
}
if ($post_id_array < 1 && $attach_id_array > 0) {
$post_id_array = array();
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
// Get the post_ids to fill the array
if ($page == PAGE_PRIVMSGS) {
$p_id = 'privmsgs_id';
} else {
$p_id = 'post_id';
}
$result = $db->sql_query("SELECT " . $p_id . " FROM " . ATTACHMENTS_TABLE . " WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") GROUP BY " . $p_id);
$post_list = $db->sql_fetchrowset($result);
$num_post_list = $db->sql_numrows($result);
if ($num_post_list == 0) {
return;
}
for ($i = 0; $i < $num_post_list; $i++) {
$post_id_array[] = intval($post_list[$i][$p_id]);
}
}
if (!is_array($post_id_array)) {
if (trim($post_id_array) == '') {
return;
}
if (strstr($post_id_array, ', ')) {
$post_id_array = explode(', ', $post_id_array);
} else {
if (strstr($post_id_array, ',')) {
$post_id_array = explode(',', $post_id_array);
} else {
$post_id = intval($post_id_array);
$post_id_array = array();
$post_id_array[] = $post_id;
}
}
}
if (count($post_id_array) == 0) {
return;
}
//
// First of all, determine the post id and attach_id
//
if ($attach_id_array < 1) {
$attach_id_array = array();
// Get the attach_ids to fill the array
if ($page == PAGE_PRIVMSGS) {
$whereclause = "WHERE privmsgs_id IN (" . implode(', ', $post_id_array) . ")";
} else {
$whereclause = "WHERE post_id IN (" . implode(', ', $post_id_array) . ")";
}
$result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " " . $whereclause . " GROUP BY attach_id");
$attach_list = $db->sql_fetchrowset($result);
$num_attach_list = $db->sql_numrows($result);
if ($num_attach_list == 0) {
return;
}
for ($i = 0; $i < $num_attach_list; $i++) {
$attach_id_array[] = intval($attach_list[$i]['attach_id']);
}
}
if (!is_array($attach_id_array)) {
if (strstr($attach_id_array, ', ')) {
$attach_id_array = explode(', ', $attach_id_array);
} else {
if (strstr($attach_id_array, ',')) {
$attach_id_array = explode(',', $attach_id_array);
} else {
$attach_id = intval($attach_id_array);
$attach_id_array = array();
$attach_id_array[] = $attach_id;
}
}
}
if (count($attach_id_array) == 0) {
return;
}
if ($page == PAGE_PRIVMSGS) {
$sql_id = 'privmsgs_id';
if ($user_id > 0) {
$post_id_array_2 = array();
for ($i = 0; $i < count($post_id_array); $i++) {
$result = $db->sql_query("SELECT privmsgs_type, privmsgs_to_userid, privmsgs_from_userid\n\t\t\t\tFROM " . PRIVMSGS_TABLE . "\n\t\t\t\tWHERE privmsgs_id = " . $post_id_array[$i]);
if ($db->sql_numrows($result) != 0) {
$row = $db->sql_fetchrow($result);
$privmsgs_type = $row['privmsgs_type'];
if ($privmsgs_type == PRIVMSGS_READ_MAIL || $privmsgs_type == PRIVMSGS_NEW_MAIL || $privmsgs_type == PRIVMSGS_UNREAD_MAIL) {
if ($row['privmsgs_to_userid'] == $user_id) {
$post_id_array_2[] = $post_id_array[$i];
}
} else {
if ($privmsgs_type == PRIVMSGS_SENT_MAIL) {
if ($row['privmsgs_from_userid'] == $user_id) {
$post_id_array_2[] = $post_id_array[$i];
}
} else {
if ($privmsgs_type == PRIVMSGS_SAVED_OUT_MAIL) {
if ($row['privmsgs_from_userid'] == $user_id) {
$post_id_array_2[] = $post_id_array[$i];
}
} else {
if ($privmsgs_type == PRIVMSGS_SAVED_IN_MAIL) {
if ($row['privmsgs_to_userid'] == $user_id) {
$post_id_array_2[] = $post_id_array[$i];
}
}
}
}
}
}
}
$post_id_array = $post_id_array_2;
}
} else {
$sql_id = 'post_id';
}
$db->sql_query("DELETE FROM " . ATTACHMENTS_TABLE . " WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") AND " . $sql_id . " IN (" . implode(', ', $post_id_array) . ")");
for ($i = 0; $i < count($attach_id_array); $i++) {
$result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " WHERE attach_id = " . $attach_id_array[$i]);
if ($db->sql_numrows($result) == 0) {
$result = $db->sql_query('SELECT attach_id, physical_filename, thumbnail
FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id = ' . $attach_id_array[$i]);
if ($db->sql_numrows($result) != 0) {
$attachments = $db->sql_fetchrowset($result);
$num_attach = $db->sql_numrows($result);
//
// delete attachments
//
for ($j = 0; $j < $num_attach; $j++) {
unlink_attach($attachments[$j]['physical_filename']);
if (intval($attachments[$j]['thumbnail']) == 1) {
unlink_attach($attachments[$j]['physical_filename'], MODE_THUMBNAIL);
}
$db->sql_query('DELETE FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id = ' . $attachments[$j]['attach_id']);
}
}
}
}
//
// Now Sync the Topic/PM
//
if ($page == PAGE_PRIVMSGS) {
for ($i = 0; $i < count($post_id_array); $i++) {
$result = $db->sql_query("SELECT attach_id FROM " . ATTACHMENTS_TABLE . " WHERE privmsgs_id = " . $post_id_array[$i]);
if ($db->sql_numrows($result) == 0) {
$result = $db->sql_query("UPDATE " . PRIVMSGS_TABLE . " SET privmsgs_attachment = 0 WHERE privmsgs_id = " . $post_id_array[$i]);
}
}
} else {
$result = $db->sql_query("SELECT topic_id FROM " . POSTS_TABLE . " WHERE post_id IN (" . implode(', ', $post_id_array) . ") GROUP BY topic_id");
$row = $db->sql_fetchrowset($result);
$num_rows = $db->sql_numrows($result);
for ($i = 0; $i < $num_rows; $i++) {
attachment_sync_topic($row[$i]['topic_id']);
}
}
}
// Does the target directory exist, is it a directory and writeable
if (!@file_exists(@amod_realpath($upload_dir))) {
$error = true;
$error_msg = sprintf($lang['DIRECTORY_DOES_NOT_EXIST'], $attach_config['upload_dir']) . '<br />';
}
if (!$error && !is_dir($upload_dir)) {
$error = TRUE;
$error_msg = sprintf($lang['DIRECTORY_IS_NOT_A_DIR'], $attach_config['upload_dir']) . '<br />';
}
if (!$error) {
if (!($fp = @fopen($upload_dir . '/0_000000.000', 'w'))) {
$error = TRUE;
$error_msg = sprintf($lang['DIRECTORY_NOT_WRITEABLE'], $attach_config['upload_dir']) . '<br />';
} else {
@fclose($fp);
unlink_attach($upload_dir . '/0_000000.000');
}
}
if (!$error) {
bb_die($lang['TEST_SETTINGS_SUCCESSFUL'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_ATTACH_CONFIG'], '<a href="admin_attachments.php?mode=manage">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
}
}
// Management
if ($submit && $mode == 'manage') {
if (!$error) {
bb_die($lang['ATTACH_CONFIG_UPDATED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_ATTACH_CONFIG'], '<a href="admin_attachments.php?mode=manage">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>'));
}
}
if ($mode == 'manage') {
$yes_no_switches = array('disable_mod', 'allow_pm_attach', 'display_order');
for ($i = 0; $i < sizeof($yes_no_switches); $i++) {
function handle_attachments($mode)
{
global $is_auth, $attach_config, $refresh, $HTTP_POST_VARS, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db;
//
// ok, what shall we do ;)
//
//
// Some adjustments for PM's
//
if ($this->page == PAGE_PRIVMSGS) {
global $privmsg_id;
$post_id = $privmsg_id;
if ($mode == 'post') {
$mode = 'newtopic';
} else {
if ($mode == 'edit') {
$mode = 'editpost';
}
}
if ($userdata['user_level'] == ADMIN) {
$is_auth['auth_attachments'] = '1';
$max_attachments = ADMIN_MAX_ATTACHMENTS;
} else {
$is_auth['auth_attachments'] = intval($attach_config['allow_pm_attach']);
$max_attachments = intval($attach_config['max_attachments_pm']);
}
} else {
if ($userdata['user_level'] == ADMIN) {
$max_attachments = ADMIN_MAX_ATTACHMENTS;
} else {
$max_attachments = intval($attach_config['max_attachments']);
}
}
//
// nothing, if the user is not authorized or attachment mod disabled
//
if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments']) {
return FALSE;
}
//
// Init Vars
//
$attachments = array();
if (!$refresh) {
$add = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE;
$delete = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE;
$edit = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE;
$update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE;
$del_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE;
$add_attachment_box = !empty($HTTP_POST_VARS['add_attachment_box']) ? TRUE : FALSE;
$posted_attachments_box = !empty($HTTP_POST_VARS['posted_attachments_box']) ? TRUE : FALSE;
$refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box || $posted_attachment_box;
}
//
// Get Attachments
//
if ($this->page == PAGE_PRIVMSGS) {
$attachments = get_attachments_from_pm($post_id);
} else {
$attachments = get_attachments_from_post($post_id);
}
if ($this->page == PAGE_PRIVMSGS) {
if ($userdata['user_level'] == ADMIN) {
$auth = TRUE;
} else {
$auth = intval($attach_config['allow_pm_attach']) ? TRUE : FALSE;
}
if (count($attachments) == 1) {
$template->assign_block_vars('switch_attachments', array());
$template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachment']));
} else {
if (count($attachments) > 0) {
$template->assign_block_vars('switch_attachments', array());
$template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachments']));
}
}
} else {
$auth = $is_auth['auth_edit'] || $is_auth['auth_mod'] ? TRUE : FALSE;
}
if (!$submit && $mode == 'editpost' && $auth) {
if (!$refresh && !$preview && !$error && !isset($HTTP_POST_VARS['del_poll_option'])) {
for ($i = 0; $i < count($attachments); $i++) {
$this->attachment_list[] = $attachments[$i]['physical_filename'];
$this->attachment_comment_list[] = $attachments[$i]['comment'];
$this->attachment_filename_list[] = $attachments[$i]['real_filename'];
$this->attachment_extension_list[] = $attachments[$i]['extension'];
$this->attachment_mimetype_list[] = $attachments[$i]['mimetype'];
$this->attachment_filesize_list[] = $attachments[$i]['filesize'];
$this->attachment_filetime_list[] = $attachments[$i]['filetime'];
$this->attachment_id_list[] = $attachments[$i]['attach_id'];
$this->attachment_thumbnail_list[] = $attachments[$i]['thumbnail'];
}
}
}
$this->num_attachments = count($this->attachment_list);
if ($submit && $mode != 'vote') {
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') {
if ($this->filename != '') {
if ($this->num_attachments < intval($max_attachments)) {
$this->upload_attachment($this->page);
if (!$error && $this->post_attach) {
array_unshift($this->attachment_list, $this->attach_filename);
array_unshift($this->attachment_comment_list, $this->file_comment);
array_unshift($this->attachment_filename_list, $this->filename);
array_unshift($this->attachment_extension_list, $this->extension);
array_unshift($this->attachment_mimetype_list, $this->type);
array_unshift($this->attachment_filesize_list, $this->filesize);
array_unshift($this->attachment_filetime_list, $this->filetime);
array_unshift($this->attachment_id_list, '-1');
array_unshift($this->attachment_thumbnail_list, $this->thumbnail);
$this->file_comment = '';
// This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the
// Database in two modes, one if the id_list is -1 and the second one if post_attach is true
// Since post_attach is automatically switched to true if an Attachment got added to the filesystem,
// but we are assigning an id of -1 here, we have to reset the post_attach variable to FALSE.
//
// This is very relevant, because it could happen that the post got not submitted, but we do not
// know this circumstance here. We could be at the posting page or we could be redirected to the entered
// post. :)
$this->post_attach = FALSE;
}
} else {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
if ($preview || $refresh || $error) {
$delete_attachment = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE;
$delete_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE;
$add_attachment = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE;
$edit_attachment = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE;
$update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE;
//
// Perform actions on temporary attachments
//
if ($delete_attachment || $delete_thumbnail) {
// store old values
$actual_list = isset($HTTP_POST_VARS['attachment_list']) ? $HTTP_POST_VARS['attachment_list'] : array();
$actual_comment_list = isset($HTTP_POST_VARS['comment_list']) ? $HTTP_POST_VARS['comment_list'] : array();
$actual_filename_list = isset($HTTP_POST_VARS['filename_list']) ? $HTTP_POST_VARS['filename_list'] : array();
$actual_extension_list = isset($HTTP_POST_VARS['extension_list']) ? $HTTP_POST_VARS['extension_list'] : array();
$actual_mimetype_list = isset($HTTP_POST_VARS['mimetype_list']) ? $HTTP_POST_VARS['mimetype_list'] : array();
$actual_filesize_list = isset($HTTP_POST_VARS['filesize_list']) ? $HTTP_POST_VARS['filesize_list'] : array();
$actual_filetime_list = isset($HTTP_POST_VARS['filetime_list']) ? $HTTP_POST_VARS['filetime_list'] : array();
$actual_id_list = isset($HTTP_POST_VARS['attach_id_list']) ? $HTTP_POST_VARS['attach_id_list'] : array();
$actual_thumbnail_list = isset($HTTP_POST_VARS['attach_thumbnail_list']) ? $HTTP_POST_VARS['attach_thumbnail_list'] : array();
// clean values
$this->attachment_list = array();
$this->attachment_comment_list = array();
$this->attachment_filename_list = array();
$this->attachment_extension_list = array();
$this->attachment_mimetype_list = array();
$this->attachment_filesize_list = array();
$this->attachment_filetime_list = array();
$this->attachment_id_list = array();
$this->attachment_thumbnail_list = array();
// restore values :)
if (isset($HTTP_POST_VARS['attachment_list'])) {
for ($i = 0; $i < count($actual_list); $i++) {
$restore = FALSE;
$del_thumb = FALSE;
if ($delete_thumbnail) {
if (!isset($HTTP_POST_VARS['del_thumbnail'][$actual_list[$i]])) {
$restore = TRUE;
} else {
$del_thumb = TRUE;
}
}
if ($delete_attachment) {
if (!isset($HTTP_POST_VARS['del_attachment'][$actual_list[$i]])) {
$restore = TRUE;
}
}
if ($restore) {
$this->attachment_list[] = $actual_list[$i];
$this->attachment_comment_list[] = $actual_comment_list[$i];
$this->attachment_filename_list[] = $actual_filename_list[$i];
$this->attachment_extension_list[] = $actual_extension_list[$i];
$this->attachment_mimetype_list[] = $actual_mimetype_list[$i];
$this->attachment_filesize_list[] = $actual_filesize_list[$i];
$this->attachment_filetime_list[] = $actual_filetime_list[$i];
$this->attachment_id_list[] = $actual_id_list[$i];
$this->attachment_thumbnail_list[] = $actual_thumbnail_list[$i];
} else {
if (!$del_thumb) {
//
// delete selected attachment
//
if ($actual_id_list[$i] == '-1') {
unlink_attach($actual_list[$i]);
if ($actual_thumbnail_list[$i] == 1) {
unlink_attach('t_' . $actual_list[$i], MODE_THUMBNAIL);
}
} else {
delete_attachment($post_id, $actual_id_list[$i], $this->page);
}
} else {
if ($del_thumb) {
//
// delete selected thumbnail
//
$this->attachment_list[] = $actual_list[$i];
$this->attachment_comment_list[] = $actual_comment_list[$i];
$this->attachment_filename_list[] = $actual_filename_list[$i];
$this->attachment_extension_list[] = $actual_extension_list[$i];
$this->attachment_mimetype_list[] = $actual_mimetype_list[$i];
$this->attachment_filesize_list[] = $actual_filesize_list[$i];
$this->attachment_filetime_list[] = $actual_filetime_list[$i];
$this->attachment_id_list[] = $actual_id_list[$i];
$this->attachment_thumbnail_list[] = 0;
if ($actual_id_list[$i] == '-1') {
unlink_attach('t_' . $actual_list[$i], MODE_THUMBNAIL);
} else {
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "\n SET thumbnail = 0\n WHERE attach_id = " . $actual_id_list[$i];
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Unable to update ' . ATTACHMENTS_DESC_TABLE . ' Table.', '', __LINE__, __FILE__, $sql);
}
}
}
}
}
}
}
} else {
if ($edit_attachment || $update_attachment || $add_attachment || $preview) {
if ($edit_attachment) {
$actual_comment_list = isset($HTTP_POST_VARS['comment_list']) ? $HTTP_POST_VARS['comment_list'] : '';
$this->attachment_comment_list = array();
for ($i = 0; $i < count($this->attachment_list); $i++) {
$this->attachment_comment_list[$i] = $actual_comment_list[$i];
}
}
if ($update_attachment) {
if ($this->filename == '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_empty_add_attachbox'];
}
$this->upload_attachment($this->page);
if (!$error) {
$actual_list = isset($HTTP_POST_VARS['attachment_list']) ? $HTTP_POST_VARS['attachment_list'] : array();
$actual_id_list = isset($HTTP_POST_VARS['attach_id_list']) ? $HTTP_POST_VARS['attach_id_list'] : array();
$attachment_id = 0;
$actual_element = -1;
for ($i = 0; $i < count($actual_id_list); $i++) {
if (isset($HTTP_POST_VARS['update_attachment'][$actual_id_list[$i]])) {
$attachment_id = intval($actual_id_list[$i]);
$actual_element = $i;
}
}
// Get current informations to delete the Old Attachment
$sql = "SELECT physical_filename, comment, thumbnail FROM " . ATTACHMENTS_DESC_TABLE . "\n WHERE attach_id = " . $attachment_id;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Unable to select old Attachment Entry.', '', __LINE__, __FILE__, $sql);
}
if ($db->sql_numrows($result) != 1) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['Error_missing_old_entry'];
}
$row = $db->sql_fetchrow($result);
$comment = trim($this->file_comment) == '' ? trim($row['comment']) : trim($this->file_comment);
$comment = addslashes($comment);
// Update Entry
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . "\n SET physical_filename = '" . $this->attach_filename . "', real_filename = '" . $this->filename . "', comment = '" . $comment . "', extension = '" . $this->extension . "', mimetype = '" . $this->type . "', filesize = " . $this->filesize . ", filetime = " . $this->filetime . ", thumbnail = " . $this->thumbnail . "\n WHERE attach_id = " . $attachment_id;
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Unable to update the Attachment.', '', __LINE__, __FILE__, $sql);
}
// Delete the Old Attachment
unlink_attach($row['physical_filename']);
if (intval($row['thumbnail']) == 1) {
unlink_attach('t_' . $row['physical_filename'], MODE_THUMBNAIL);
}
//
// Make sure it is displayed
//
$this->attachment_list[$actual_element] = $this->attach_filename;
$this->attachment_comment_list[$actual_element] = $comment;
$this->attachment_filename_list[$actual_element] = $this->filename;
$this->attachment_extension_list[$actual_element] = $this->extension;
$this->attachment_mimetype_list[$actual_element] = $this->type;
$this->attachment_filesize_list[$actual_element] = $this->filesize;
$this->attachment_filetime_list[$actual_element] = $this->filetime;
$this->attachment_id_list[$actual_element] = $actual_id_list[$actual_element];
$this->attachment_thumbnail_list[$actual_element] = $this->thumbnail;
$this->file_comment = '';
}
}
if (($add_attachment || $preview) && $this->filename != '') {
if ($this->num_attachments < intval($max_attachments)) {
$this->upload_attachment($this->page);
if (!$error) {
array_unshift($this->attachment_list, $this->attach_filename);
array_unshift($this->attachment_comment_list, $this->file_comment);
array_unshift($this->attachment_filename_list, $this->filename);
array_unshift($this->attachment_extension_list, $this->extension);
array_unshift($this->attachment_mimetype_list, $this->type);
array_unshift($this->attachment_filesize_list, $this->filesize);
array_unshift($this->attachment_filetime_list, $this->filetime);
array_unshift($this->attachment_id_list, '-1');
array_unshift($this->attachment_thumbnail_list, $this->thumbnail);
$this->file_comment = '';
}
} else {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments));
}
}
}
}
}
return TRUE;
}
/**
* Upload an Attachment to Filespace (intern)
*/
function upload_attachment()
{
global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
$this->post_attach = $this->filename != '' ? TRUE : FALSE;
if ($this->post_attach) {
$r_file = trim(basename($this->filename));
$file = $_FILES['fileupload']['tmp_name'];
$this->type = $_FILES['fileupload']['type'];
if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) {
bb_die('Tried to upload empty file');
}
$this->type = strtolower($this->type);
$this->extension = strtolower(get_extension($this->filename));
$this->filesize = @filesize($file);
$this->filesize = intval($this->filesize);
$sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query extensions');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
$cat_id = intval($row['cat_id']);
$auth_cache = trim($row['forum_permissions']);
// check Filename
if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename));
}
// check php upload-size
if (!$error && $file == 'none') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$ini_val = 'ini_get';
$max_size = @$ini_val('upload_max_filesize');
if ($max_size == '') {
$error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA'];
} else {
$error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size);
}
}
// Check Extension
if (!$error && intval($row['allow_group']) == 0) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension));
}
// Check Forum Permissions
if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension));
}
//bt
// Check if user can post torrent
global $post_data;
if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH'];
}
//bt end
// Upload File
$this->thumbnail = 0;
if (!$error) {
//
// Prepare Values
$this->filetime = TIMENOW;
$this->filename = $r_file;
// physical filename
//$this->attach_filename = strtolower($this->filename);
$this->attach_filename = $this->filename;
//bt
if (FILENAME_CRYPTIC) {
$this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH);
} else {
// original
$this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
$this->attach_filename = delete_extension($this->attach_filename);
$this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
$this->attach_filename = str_replace('__', '_', $this->attach_filename);
$this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
$this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
// Remove non-latin characters
$this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename);
$this->attach_filename = rawurlencode($this->attach_filename);
$this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
$this->attach_filename = trim($this->attach_filename);
}
$this->attach_filename = str_replace(array('&', '&', ' '), '_', $this->attach_filename);
$this->attach_filename = str_replace('php', '_php_', $this->attach_filename);
$this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH);
for ($i = 0, $max_try = 5; $i <= $max_try; $i++) {
$fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_';
$new_physical_filename = clean_filename($fn_prefix . $this->attach_filename);
if (!physical_filename_already_stored($new_physical_filename)) {
break;
}
if ($i == $max_try) {
bb_die('Could not create filename for attachment');
}
}
$this->attach_filename = $new_physical_filename;
// Do we have to create a thumbnail ?
if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
$this->thumbnail = 1;
}
}
if ($error) {
$this->post_attach = FALSE;
return;
}
// Upload Attachment
if (!$error) {
// Descide the Upload method
$ini_val = 'ini_get';
$safe_mode = @$ini_val('safe_mode');
if (@$ini_val('open_basedir')) {
$upload_mode = 'move';
} else {
if (@$ini_val('safe_mode')) {
$upload_mode = 'move';
} else {
$upload_mode = 'copy';
}
}
// Ok, upload the Attachment
if (!$error) {
$this->move_uploaded_attachment($upload_mode, $file);
}
}
// Now, check filesize parameters
if (!$error) {
if (!$this->filesize) {
$this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
}
}
// Check Image Size, if it's an image
if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) {
list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
}
}
}
// check Filesize
if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) {
$allowed_filesize = humn_size($allowed_filesize);
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize);
}
// Check our complete quota
if ($attach_config['attachment_quota']) {
$sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC;
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query total filesize #1');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$total_filesize = $row['total'];
if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= $lang['ATTACH_QUOTA_REACHED'];
}
}
$this->get_quota_limits($userdata);
// Check our user quota
if ($attach_config['upload_filesize_limit']) {
$sql = 'SELECT attach_id
FROM ' . BB_ATTACHMENTS . '
WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
GROUP BY attach_id';
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query attachments');
}
$attach_ids = DB()->sql_fetchrowset($result);
$num_attach_ids = DB()->num_rows($result);
DB()->sql_freeresult($result);
$attach_id = array();
for ($i = 0; $i < $num_attach_ids; $i++) {
$attach_id[] = intval($attach_ids[$i]['attach_id']);
}
if ($num_attach_ids > 0) {
// Now get the total filesize
$sql = 'SELECT sum(filesize) as total
FROM ' . BB_ATTACHMENTS_DESC . '
WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
if (!($result = DB()->sql_query($sql))) {
bb_die('Could not query total filesize #2');
}
$row = DB()->sql_fetchrow($result);
DB()->sql_freeresult($result);
$total_filesize = $row['total'];
} else {
$total_filesize = 0;
}
if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
$upload_filesize_limit = $attach_config['upload_filesize_limit'];
$size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']);
if ($upload_filesize_limit >= 1048576) {
$upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
} else {
if ($upload_filesize_limit >= 1024) {
$upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
}
}
$error = TRUE;
if (!empty($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang);
}
}
if ($error) {
unlink_attach($this->attach_filename);
unlink_attach($this->attach_filename, MODE_THUMBNAIL);
$this->post_attach = FALSE;
}
}
}
