function smarty_function_attachfile_attach_download_r($params, &$smarty) { $mydirname = isset($params['dirname']) ? $params['dirname'] : @$GLOBALS['xoopsModuleConfig']['attachfile_attach_dirname']; if (!preg_match('/^[0-9a-zA-Z_-]+$/', $mydirname) || !file_exists(XOOPS_TRUST_PATH . '/modules/attachfile/include/attach_smarty_functions.php')) { echo "<p>attach_download does not set properly.</p>"; } else { require_once XOOPS_TRUST_PATH . '/modules/attachfile/include/attach_smarty_functions.php'; // 'isactive'/'module_read' check and include language // If the check failed, this function does nothing (not error). if (!attachfile_process_instead_of_common($mydirname)) { return; } //$module_dirname = $xoopsModule->getVar('dirname') ; $module_dirname = $params['module_dirname']; $target_id = intval($params['target_id']); $item = !empty($params['item']) ? $params['item'] : "attached"; $item2 = !empty($params['item2']) ? $params['item2'] : "attach_link"; // check download permission(= check num permission) $error_msg = attachfile_check_download_permission($mydirname, $module_dirname, $target_id); if (isset($error_msg)) { echo $error_msg; } $xoopsDB =& Database::getInstance(); // transaction and view $sql = "SELECT COUNT(*) FROM " . $xoopsDB->prefix($mydirname . "_attach") . " WHERE module_dirname='{$module_dirname}' AND target_id={$target_id}"; if (!($result = $xoopsDB->query($sql))) { die("DB ERROR in num popup"); } $row = $xoopsDB->fetchRow($result); $rtn = attachfile_display_popup_link_r($mydirname, $module_dirname, $target_id, 'dpop', _MD_ATTACHFILE_DOWNLOAD_POPUP, $row[0]); $smarty->assign($item, $row[0]); $smarty->assign($item2, $rtn); } }
function attachfile_display_num($mydirname, $params) { global $xoopsModule, $xoopsDB; // 'isactive'/'module_read' check and include language // If the check failed, this function does nothing (not error). if (!attachfile_process_instead_of_common($mydirname)) { return; } $module_dirname = $xoopsModule->getVar('dirname'); $target_id = intval($params['target_id']); // check download permission(= check num permission) $error_msg = attachfile_check_download_permission($mydirname, $module_dirname, $target_id); if (isset($error_msg)) { echo $error_msg; return; } // transaction and view $sql = "SELECT COUNT(*) FROM " . $xoopsDB->prefix($mydirname . "_attach") . " WHERE module_dirname='{$module_dirname}' AND target_id={$target_id}"; if (!($result = $xoopsDB->query($sql))) { die("DB ERROR in num popup"); } $row = $xoopsDB->fetchRow($result); echo $row[0]; }
$attach_id = attachfile_reqint('attach_id'); // pre transaction (for permission check) // ** DON'T GET "module_dirname" AND "target_id" FROM REQUEST. // ** THEY MIGHT BE CHEAT. // ** YOU SHOULD GET THEM ONLY BY "attach_id" IN DOWNLOAD PROCESS. $sql = "SELECT * FROM " . $xoopsDB->prefix($mydirname . "_attach") . " WHERE attach_id={$attach_id}"; $attached_files =& attachfile_query($sql); $attached_files_count = count($attached_files[0]); if ($attached_files_count == 0) { die(_MD_ATTACHFILE_ERR_READATTACH); } $module_dirname = $attached_files[0]['module_dirname']; $target_id = $attached_files[0]['target_id']; // permission check // check download permission $error_msg = attachfile_check_download_permission($mydirname, $module_dirname, $target_id); if (isset($error_msg)) { echo $error_msg; return; } // transaction $agent = $_SERVER["HTTP_USER_AGENT"]; $title = rawurldecode($attached_files[0]['title']); if (strstr($agent, "MSIE")) { if (!empty($xoopsModuleConfig['ttl_enc_ie']) && function_exists('mb_convert_encoding')) { $title = mb_convert_encoding($title, $xoopsModuleConfig['ttl_enc_ie']); } } else { if (!empty($xoopsModuleConfig['ttl_enc_oth']) && function_exists('mb_convert_encoding')) { $title = mb_convert_encoding($title, $xoopsModuleConfig['ttl_enc_oth']); }