/** * Initializes some templating variables for displaying Attachments in Private Messages */ function init_display_pm_attachments($switch_attachment) { global $attach_config, $template, $userdata, $lang, $attachments, $privmsg; if ($userdata['user_level'] == ADMIN) { $auth_download = 1; } else { $auth_download = intval($attach_config['allow_pm_attach']); } if (intval($switch_attachment) == 0 || intval($attach_config['disable_mod']) || !$auth_download) { return; } $privmsgs_id = $privmsg['privmsgs_id']; @reset($attachments); $attachments['_' . $privmsgs_id] = get_attachments_from_pm($privmsgs_id); if (sizeof($attachments['_' . $privmsgs_id]) == 0) { return; } $template->assign_block_vars('postrow', array()); init_display_template('body', '{ATTACHMENTS}'); init_complete_extensions_data(); $template->assign_vars(array('L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'], 'L_KILOBYTE' => $lang['KB'])); display_pm_attachments($privmsgs_id, $switch_attachment); }
/** * Handle all modes... (intern) * @private */ function handle_attachments($mode) { global $is_auth, $attach_config, $refresh, $HTTP_POST_VARS, $post_id, $submit, $preview, $error, $error_msg, $lang, $template, $userdata, $db; // // ok, what shall we do ;) // // Some adjustments for PM's if ($this->page == PAGE_PRIVMSGS) { global $privmsg_id; $post_id = $privmsg_id; if ($mode == 'post') { $mode = 'newtopic'; } else { if ($mode == 'edit') { $mode = 'editpost'; } } if ($userdata['user_level'] == ADMIN) { $is_auth['auth_attachments'] = 1; $max_attachments = ADMIN_MAX_ATTACHMENTS; } else { $is_auth['auth_attachments'] = intval($attach_config['allow_pm_attach']); $max_attachments = intval($attach_config['max_attachments_pm']); } } else { if ($userdata['user_level'] == ADMIN) { $max_attachments = ADMIN_MAX_ATTACHMENTS; } else { $max_attachments = intval($attach_config['max_attachments']); } } // nothing, if the user is not authorized or attachment mod disabled if (intval($attach_config['disable_mod']) || !$is_auth['auth_attachments']) { return false; } // Init Vars $attachments = array(); if (!$refresh) { $add = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE; $delete = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE; $edit = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE; $del_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE; $add_attachment_box = !empty($HTTP_POST_VARS['add_attachment_box']) ? TRUE : FALSE; $posted_attachments_box = !empty($HTTP_POST_VARS['posted_attachments_box']) ? TRUE : FALSE; $refresh = $add || $delete || $edit || $del_thumbnail || $update_attachment || $add_attachment_box || $posted_attachments_box; } // Get Attachments if ($this->page == PAGE_PRIVMSGS) { $attachments = get_attachments_from_pm($post_id); } else { $attachments = get_attachments_from_post($post_id); } if ($this->page == PAGE_PRIVMSGS) { if ($userdata['user_level'] == ADMIN) { $auth = TRUE; } else { $auth = intval($attach_config['allow_pm_attach']) ? TRUE : FALSE; } if (sizeof($attachments) == 1) { $template->assign_block_vars('switch_attachments', array()); $template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachment'])); } else { if (sizeof($attachments) > 0) { $template->assign_block_vars('switch_attachments', array()); $template->assign_vars(array('L_DELETE_ATTACHMENTS' => $lang['Delete_attachments'])); } } } else { $auth = $is_auth['auth_edit'] || $is_auth['auth_mod'] ? TRUE : FALSE; } if (!$submit && $mode == 'editpost' && $auth) { if (!$refresh && !$preview && !$error && !isset($HTTP_POST_VARS['del_poll_option'])) { for ($i = 0; $i < sizeof($attachments); $i++) { $this->attachment_list[] = $attachments[$i]['physical_filename']; $this->attachment_comment_list[] = $attachments[$i]['comment']; $this->attachment_filename_list[] = $attachments[$i]['real_filename']; $this->attachment_extension_list[] = $attachments[$i]['extension']; $this->attachment_mimetype_list[] = $attachments[$i]['mimetype']; $this->attachment_filesize_list[] = $attachments[$i]['filesize']; $this->attachment_filetime_list[] = $attachments[$i]['filetime']; $this->attachment_id_list[] = $attachments[$i]['attach_id']; $this->attachment_thumbnail_list[] = $attachments[$i]['thumbnail']; } } } $this->num_attachments = sizeof($this->attachment_list); if ($submit && $mode != 'vote') { if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') { if ($this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment($this->page); if (!$error && $this->post_attach) { array_unshift($this->attachment_list, $this->attach_filename); array_unshift($this->attachment_comment_list, $this->file_comment); array_unshift($this->attachment_filename_list, $this->filename); array_unshift($this->attachment_extension_list, $this->extension); array_unshift($this->attachment_mimetype_list, $this->type); array_unshift($this->attachment_filesize_list, $this->filesize); array_unshift($this->attachment_filetime_list, $this->filetime); array_unshift($this->attachment_id_list, '0'); array_unshift($this->attachment_thumbnail_list, $this->thumbnail); $this->file_comment = ''; // This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to FALSE. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $this->post_attach = FALSE; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } if ($preview || $refresh || $error) { $delete_attachment = isset($HTTP_POST_VARS['del_attachment']) ? TRUE : FALSE; $delete_thumbnail = isset($HTTP_POST_VARS['del_thumbnail']) ? TRUE : FALSE; $add_attachment = isset($HTTP_POST_VARS['add_attachment']) ? TRUE : FALSE; $edit_attachment = isset($HTTP_POST_VARS['edit_comment']) ? TRUE : FALSE; $update_attachment = isset($HTTP_POST_VARS['update_attachment']) ? TRUE : FALSE; // Perform actions on temporary attachments if ($delete_attachment || $delete_thumbnail) { // store old values $actual_id_list = get_var('attach_id_list', array(0)); $actual_comment_list = get_var('comment_list', array(''), true); $actual_filename_list = get_var('filename_list', array('')); $actual_extension_list = get_var('extension_list', array('')); $actual_mimetype_list = get_var('mimetype_list', array('')); $actual_filesize_list = get_var('filesize_list', array(0)); $actual_filetime_list = get_var('filetime_list', array(0)); $actual_list = get_var('attachment_list', array('')); $actual_thumbnail_list = get_var('attach_thumbnail_list', array(0)); // clean values $this->attachment_list = array(); $this->attachment_comment_list = array(); $this->attachment_filename_list = array(); $this->attachment_extension_list = array(); $this->attachment_mimetype_list = array(); $this->attachment_filesize_list = array(); $this->attachment_filetime_list = array(); $this->attachment_id_list = array(); $this->attachment_thumbnail_list = array(); // restore values :) if (isset($HTTP_POST_VARS['attachment_list'])) { for ($i = 0; $i < sizeof($actual_list); $i++) { $restore = FALSE; $del_thumb = FALSE; if ($delete_thumbnail) { if (!isset($HTTP_POST_VARS['del_thumbnail'][$actual_list[$i]])) { $restore = TRUE; } else { $del_thumb = TRUE; } } if ($delete_attachment) { if (!isset($HTTP_POST_VARS['del_attachment'][$actual_list[$i]])) { $restore = TRUE; } } if ($restore) { $this->attachment_list[] = $actual_list[$i]; $this->attachment_comment_list[] = $actual_comment_list[$i]; $this->attachment_filename_list[] = $actual_filename_list[$i]; $this->attachment_extension_list[] = $actual_extension_list[$i]; $this->attachment_mimetype_list[] = $actual_mimetype_list[$i]; $this->attachment_filesize_list[] = $actual_filesize_list[$i]; $this->attachment_filetime_list[] = $actual_filetime_list[$i]; $this->attachment_id_list[] = $actual_id_list[$i]; $this->attachment_thumbnail_list[] = $actual_thumbnail_list[$i]; } else { if (!$del_thumb) { // delete selected attachment if ($actual_id_list[$i] == '0') { unlink_attach($actual_list[$i]); if ($actual_thumbnail_list[$i] == 1) { unlink_attach($actual_list[$i], MODE_THUMBNAIL); } } else { delete_attachment($post_id, $actual_id_list[$i], $this->page); } } else { if ($del_thumb) { // delete selected thumbnail $this->attachment_list[] = $actual_list[$i]; $this->attachment_comment_list[] = $actual_comment_list[$i]; $this->attachment_filename_list[] = $actual_filename_list[$i]; $this->attachment_extension_list[] = $actual_extension_list[$i]; $this->attachment_mimetype_list[] = $actual_mimetype_list[$i]; $this->attachment_filesize_list[] = $actual_filesize_list[$i]; $this->attachment_filetime_list[] = $actual_filetime_list[$i]; $this->attachment_id_list[] = $actual_id_list[$i]; $this->attachment_thumbnail_list[] = 0; if ($actual_id_list[$i] == 0) { unlink_attach($actual_list[$i], MODE_THUMBNAIL); } else { $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' SET thumbnail = 0 WHERE attach_id = ' . (int) $actual_id_list[$i]; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Unable to update ' . ATTACHMENTS_DESC_TABLE . ' Table.', '', __LINE__, __FILE__, $sql); } } } } } } } } else { if ($edit_attachment || $update_attachment || $add_attachment || $preview) { if ($edit_attachment) { $actual_comment_list = get_var('comment_list', array(''), true); $this->attachment_comment_list = array(); for ($i = 0; $i < sizeof($this->attachment_list); $i++) { $this->attachment_comment_list[$i] = $actual_comment_list[$i]; } } if ($update_attachment) { if ($this->filename == '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_empty_add_attachbox']; } $this->upload_attachment($this->page); if (!$error) { $actual_list = get_var('attachment_list', array('')); $actual_id_list = get_var('attach_id_list', array(0)); $attachment_id = 0; $actual_element = 0; for ($i = 0; $i < sizeof($actual_id_list); $i++) { if (isset($HTTP_POST_VARS['update_attachment'][$actual_id_list[$i]])) { $attachment_id = intval($actual_id_list[$i]); $actual_element = $i; } } // Get current informations to delete the Old Attachment $sql = 'SELECT physical_filename, comment, thumbnail FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . (int) $attachment_id; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Unable to select old Attachment Entry.', '', __LINE__, __FILE__, $sql); } if ($db->sql_numrows($result) != 1) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['Error_missing_old_entry']; } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $comment = trim($this->file_comment) == '' ? trim($row['comment']) : trim($this->file_comment); // Update Entry $sql_ary = array('physical_filename' => (string) basename($this->attach_filename), 'real_filename' => (string) basename($this->filename), 'comment' => (string) $comment, 'extension' => (string) strtolower($this->extension), 'mimetype' => (string) strtolower($this->type), 'filesize' => (int) $this->filesize, 'filetime' => (int) $this->filetime, 'thumbnail' => (int) $this->thumbnail); $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' SET ' . attach_mod_sql_build_array('UPDATE', $sql_ary) . ' WHERE attach_id = ' . (int) $attachment_id; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Unable to update the Attachment.', '', __LINE__, __FILE__, $sql); } // Delete the Old Attachment unlink_attach($row['physical_filename']); if (intval($row['thumbnail']) == 1) { unlink_attach($row['physical_filename'], MODE_THUMBNAIL); } // Make sure it is displayed $this->attachment_list[$actual_element] = $this->attach_filename; $this->attachment_comment_list[$actual_element] = $comment; $this->attachment_filename_list[$actual_element] = $this->filename; $this->attachment_extension_list[$actual_element] = $this->extension; $this->attachment_mimetype_list[$actual_element] = $this->type; $this->attachment_filesize_list[$actual_element] = $this->filesize; $this->attachment_filetime_list[$actual_element] = $this->filetime; $this->attachment_id_list[$actual_element] = $actual_id_list[$actual_element]; $this->attachment_thumbnail_list[$actual_element] = $this->thumbnail; $this->file_comment = ''; } } if (($add_attachment || $preview) && $this->filename != '') { if ($this->num_attachments < intval($max_attachments)) { $this->upload_attachment($this->page); if (!$error) { array_unshift($this->attachment_list, $this->attach_filename); array_unshift($this->attachment_comment_list, $this->file_comment); array_unshift($this->attachment_filename_list, $this->filename); array_unshift($this->attachment_extension_list, $this->extension); array_unshift($this->attachment_mimetype_list, $this->type); array_unshift($this->attachment_filesize_list, $this->filesize); array_unshift($this->attachment_filetime_list, $this->filetime); array_unshift($this->attachment_id_list, '0'); array_unshift($this->attachment_thumbnail_list, $this->thumbnail); $this->file_comment = ''; } } else { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Too_many_attachments'], intval($max_attachments)); } } } } } return TRUE; }