function upload_attach_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("member"); $parser = new postParser(); $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params); $fid = $input['forum_id']; //return xmlrespfalse(print_r($_FILES, true)); // Fetch forum information. $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } // Check if this forum is password protected and we have a valid password tt_check_forum_password($forum['fid']); $posthash = $input['group_id']; if (empty($posthash)) { $posthash = md5($mybb->user['uid'] . random_str()); } $mybb->input['posthash'] = $posthash; if (!empty($mybb->input['pid'])) { $attachwhere = "pid='{$mybb->input['pid']}'"; } else { $attachwhere = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); $attachcount = $db->fetch_field($query, "numattachs"); //if(is_array($_FILES['attachment']['name'])){ foreach ($_FILES['attachment'] as $k => $v) { if (is_array($_FILES['attachment'][$k])) { $_FILES['attachment'][$k] = $_FILES['attachment'][$k][0]; } } //} if ($_FILES['attachment']['type'] == 'image/jpg') { $_FILES['attachment']['type'] = 'image/jpeg'; } // If there's an attachment, check it and upload it if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) { require_once MYBB_ROOT . "inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment'], false); } if (empty($attachedfile)) { return xmlrespfalse("No file uploaded"); } //return xmlrespfalse(print_r($attachedfile, true)); if ($attachedfile['error']) { return xmlrespfalse(implode(" :: ", $attachedfile['error'])); } $result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct'); return new xmlrpcresp($result); }
function create_checked($file, $forum_id, $mimetype = 'application/octetstream') { global $user; if (!file_exists($file)) { trigger_error('FILE_NOT_FOUND', E_USER_ERROR); } $filedata = array('realname' => basename($file), 'size' => filesize($file), 'type' => $mimetype); $filedata = upload_attachment(false, $forum_id, true, $file, false, $filedata); if ($filedata['post_attach'] && !sizeof($filedata['error'])) { $attachment = new attachment(); $attachment->poster_id = $user->data['user_id']; $attachment->physical_filename = $filedata['physical_filename']; $attachment->real_filename = $filedata['real_filename']; $attachment->extension = $filedata['extension']; $attachment->mimetype = $filedata['mimetype']; $attachment->filesize = $filedata['filesize']; $attachment->filetime = $filedata['filetime']; $attachment->thumbnail = $filedata['thumbnail']; $attachment->submit(); return $attachment; } else { trigger_error(implode('<br/>', $filedata['error']), E_USER_ERROR); } }
/** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $auth, $user, $phpbb_root_path, $phpEx, $db; $error = array(); $num_attachments = sizeof($this->attachment_data); $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $upload_file = isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name']) ? true : false; $add_file = isset($_POST['add_file']) ? true : false; $delete_file = isset($_POST['delete_file']) ? true : false; // First of all adjust comments if changed $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true)); foreach ($actual_comment_list as $comment_key => $comment) { if (!isset($this->attachment_data[$comment_key])) { continue; } if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key]) { $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key]; } } $cfg = array(); $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = $is_message ? 0 : $forum_id; if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message); $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to false. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $filedata['post_attach'] = false; } } else { $error[] = sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']); } } if ($preview || $refresh || sizeof($error)) { // Perform actions on temporary attachments if ($delete_file) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; $index = array_keys(request_var('delete_file', array(0 => 0))); $index = !empty($index) ? $index[0] : false; if ($index !== false && !empty($this->attachment_data[$index])) { // delete selected attachment if ($this->attachment_data[$index]['is_orphan']) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . ' AND is_orphan = 1 AND poster_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { phpbb_unlink($row['physical_filename'], 'file'); if ($row['thumbnail']) { phpbb_unlink($row['physical_filename'], 'thumbnail'); } $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']); } } else { delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } unset($this->attachment_data[$index]); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message); // Reindex Array $this->attachment_data = array_values($this->attachment_data); } } else { if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id)) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message); $this->filename_data['filecomment'] = ''; } } else { $error[] = sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']); } } } } foreach ($error as $error_msg) { $this->warn_msg[] = $error_msg; } }
} else { $attachwhere = "posthash='" . $db->escape_string($mybb->get_input('posthash')) . "'"; } // If there's an attachment, check it and upload it if ($forumpermissions['canpostattachments'] != 0) { // If attachment exists.. if (!empty($_FILES['attachment']['name']) && !empty($_FILES['attachment']['type'])) { if ($_FILES['attachment']['size'] > 0) { $query = $db->simple_select("attachments", "aid", "filename='" . $db->escape_string($_FILES['attachment']['name']) . "' AND {$attachwhere}"); $updateattach = $db->fetch_field($query, "aid"); require_once MYBB_ROOT . "inc/functions_upload.php"; $update_attachment = false; if ($updateattach > 0 && $mybb->get_input('updateattachment')) { $update_attachment = true; } $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); } else { $errors[] = $lang->error_uploadempty; $mybb->input['action'] = "newreply"; } } } if (!empty($attachedfile['error'])) { $errors[] = $attachedfile['error']; $mybb->input['action'] = "newreply"; } if (!$mybb->get_input('submit')) { $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"{$pid}\" />"; $mybb->input['action'] = "newreply"; } }
/** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $auth, $user, $phpbb_root_path, $phpEx, $db, $request; $error = array(); $num_attachments = sizeof($this->attachment_data); $this->filename_data['filecomment'] = $request->variable('filecomment', '', true); $upload = $request->file($form_name); $upload_file = !empty($upload) && $upload['name'] !== 'none' && trim($upload['name']); $add_file = isset($_POST['add_file']) ? true : false; $delete_file = isset($_POST['delete_file']) ? true : false; // First of all adjust comments if changed $actual_comment_list = $request->variable('comment_list', array(''), true); foreach ($actual_comment_list as $comment_key => $comment) { if (!isset($this->attachment_data[$comment_key])) { continue; } if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key]) { $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key]; } } $cfg = array(); $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = $is_message ? 0 : $forum_id; if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to false. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $filedata['post_attach'] = false; } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } } if ($preview || $refresh || sizeof($error)) { if (isset($this->plupload) && $this->plupload->is_active()) { $json_response = new \phpbb\json_response(); } // Perform actions on temporary attachments if ($delete_file) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; $index = array_keys($request->variable('delete_file', array(0 => 0))); $index = !empty($index) ? $index[0] : false; if ($index !== false && !empty($this->attachment_data[$index])) { // delete selected attachment if ($this->attachment_data[$index]['is_orphan']) { $sql = 'SELECT attach_id, physical_filename, thumbnail FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . ' AND is_orphan = 1 AND poster_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { phpbb_unlink($row['physical_filename'], 'file'); if ($row['thumbnail']) { phpbb_unlink($row['physical_filename'], 'thumbnail'); } $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']); } } else { delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } unset($this->attachment_data[$index]); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) use($index) { return $match[1] == $index ? '' : ($match[1] > $index ? '[attachment=' . ($match[1] - 1) . ']' . $match[2] . '[/attachment]' : $match[0]); }, $this->message); // Reindex Array $this->attachment_data = array_values($this->attachment_data); if (isset($this->plupload) && $this->plupload->is_active()) { $json_response->send($this->attachment_data); } } } else { if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id)) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message, false, $this->mimetype_guesser, $this->plupload); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $sql_ary = array('physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'], 'is_orphan' => 1, 'in_message' => $is_message ? 1 : 0, 'poster_id' => $user->data['user_id']); $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array('attach_id' => $db->sql_nextid(), 'is_orphan' => 1, 'real_filename' => $filedata['real_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'filesize' => $filedata['filesize']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace_callback('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#', function ($match) { return '[attachment=' . ($match[1] + 1) . ']' . $match[2] . '[/attachment]'; }, $this->message); $this->filename_data['filecomment'] = ''; if (isset($this->plupload) && $this->plupload->is_active()) { $download_url = append_sid("{$phpbb_root_path}download/file.{$phpEx}", 'mode=view&id=' . $new_entry['attach_id']); // Send the client the attachment data to maintain state $json_response->send(array('data' => $this->attachment_data, 'download_url' => $download_url)); } } } else { $error[] = $user->lang('TOO_MANY_ATTACHMENTS', (int) $cfg['max_attachments']); } if (!empty($error) && isset($this->plupload) && $this->plupload->is_active()) { // If this is a plupload (and thus ajax) request, give the // client the first error we have $json_response->send(array('jsonrpc' => '2.0', 'id' => 'id', 'error' => array('code' => 105, 'message' => current($error)))); } } } } foreach ($error as $error_msg) { $this->warn_msg[] = $error_msg; } }
} if (empty($_POST) && empty($_FILES) && $mybb->input['processed'] == '1') { error($lang->error_cannot_upload_php_post); } if (!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])) { if ($mybb->input['action'] == "editdraft" || $mybb->input['tid'] && $mybb->input['pid']) { $attachwhere = "pid='{$pid}'"; } else { $attachwhere = "posthash='" . $db->escape_string($mybb->input['posthash']) . "'"; } $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); $attachcount = $db->fetch_field($query, "numattachs"); // If there's an attachment, check it and upload it if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) { require_once MYBB_ROOT . "inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment']); } if ($attachedfile['error']) { eval("\$attacherror = \"" . $templates->get("error_attacherror") . "\";"); $mybb->input['action'] = "newreply"; } if (!$mybb->input['submit']) { $mybb->input['action'] = "newreply"; $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"{$pid}\" />"; } } // Remove an attachment. if ($mybb->input['attachmentaid'] && $mybb->input['posthash']) { require_once MYBB_ROOT . "inc/functions_upload.php"; remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); if (!$mybb->input['submit']) {
/** * Upload already uploaded file... huh? are you kidding? */ function upload_file($post_id, $topic_id, $forum_id, $upload_dir, $filename) { global $message_parser, $db, $user, $phpbb_root_path; $message_parser->attachment_data = array(); $message_parser->filename_data['filecomment'] = ''; $message_parser->filename_data['filename'] = $phpbb_root_path . $upload_dir . '/' . basename($filename); $filedata = upload_attachment('local', $forum_id, true, $phpbb_root_path . $upload_dir . '/' . basename($filename)); if ($filedata['post_attach'] && !sizeof($filedata['error'])) { $message_parser->attachment_data = array('post_msg_id' => $post_id, 'poster_id' => $user->data['user_id'], 'topic_id' => $topic_id, 'in_message' => 0, 'physical_filename' => $filedata['physical_filename'], 'real_filename' => $filedata['real_filename'], 'comment' => $message_parser->filename_data['filecomment'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail']); $message_parser->filename_data['filecomment'] = ''; $filedata['post_attach'] = false; // Submit Attachment $attach_sql = $message_parser->attachment_data; $db->sql_transaction('begin'); $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $attach_sql); $db->sql_query($sql); $sql = 'UPDATE ' . POSTS_TABLE . "\n\t\t\t\tSET post_attachment = 1\n\t\t\t\tWHERE post_id = {$post_id}"; $db->sql_query($sql); $sql = 'UPDATE ' . TOPICS_TABLE . "\n\t\t\t\tSET topic_attachment = 1\n\t\t\t\tWHERE topic_id = {$topic_id}"; $db->sql_query($sql); $db->sql_transaction('commit'); add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_id, $filename); return true; } else { if (sizeof($filedata['error'])) { return sprintf($user->lang['ADMIN_UPLOAD_ERROR'], implode('<br />', $filedata['error'])); } } }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $filename; $template->assign_vars(array( 'S_GALLERY' => true, )); $template_root = 'gallery/'; $cat_id = request_var('c', 0); $gallery_id = request_var('g', 0); $user_id = request_var('u', 0); $username = request_var('un', '', true); $start = request_var('start', 0); $photo_id = request_var('p', 0); $submit = isset($_REQUEST['submit']) ? true : false; define('USER_GALLERIES', 1); define('GALLERY_UPLOAD', 1); //define the extensions we need to grab $sql = 'SELECT e.extension FROM ' . EXTENSIONS_TABLE . ' e LEFT JOIN ' . EXTENSION_GROUPS_TABLE . " eg ON (eg.group_id = e.group_id) WHERE eg.group_name = 'Images'"; $result = $db->sql_query($sql); $extensions = ''; while ($row = $db->sql_fetchrow($result)) { $extensions .= (!$extensions) ? "'{$row['extension']}'" : ", '{$row['extension']}'"; } $db->sql_freeresult($result); //set our multibyte to utf8 mb_internal_encoding("UTF-8"); // Set desired template $this->tpl_name = $template_root . $mode; $this->page_title = $user->lang['GALLERY_' . strtoupper($mode)] . ' ' . $user->lang['PHOTOS']; $template->assign_vars(array( 'WHOS_PHOTOS' => $user->lang['GALLERY_' . strtoupper($mode)] . ' ' . $user->lang['PHOTOS'], )); $this->u_action = str_replace("&mode=$mode", '', $this->u_action); switch ($mode) { case 'browse': //select information about the gallery we're in if (!$cat_id && !$gallery_id) { if ($gallery_id) { $sql = 'SELECT * FROM ' . GALLERY_TABLE . " WHERE gallery_id = $gallery_id"; } else if ($user_id) { $sql = 'SELECT * FROM ' . GALLERY_TABLE . " WHERE user_id = $user_id"; } else if ($username) { $sql = 'SELECT g.* FROM ' . GALLERY_TABLE . ' g, ' . USERS_TABLE . " u WHERE u.username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "' AND g.user_id = u.user_id"; } } else { $sql = 'SELECT * FROM ' . GALLERY_TABLE . " WHERE gallery_id = $cat_id"; } $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $gallery = array( 'gallery_id' => isset($row['gallery_id']) ? $row['gallery_id'] : 0, 'user_id' => isset($row['user_id']) ? $row['user_id'] : 0, 'parent_id' => isset($row['parent_id']) ? $row['parent_id'] : 0, 'left_id' => isset($row['left_id']) ? $row['left_id'] : 0, 'right_id' => isset($row['right_id']) ? $row['right_id'] : 0, 'gallery_name' => isset($row['gallery_name']) ? $row['gallery_name'] : 'gallery', 'gallery_desc' => isset($row['gallery_desc']) ? $row['gallery_desc'] : 'gallery', 'gallery_type' => isset($row['gallery_type']) ? $row['gallery_type'] : 0, 'gallery_last_update_time' => isset($row['gallery_last_update_time']) ? $row['gallery_last_update_time'] : 0, ); $db->sql_freeresult($result); //get list of categories under current category $sql = 'SELECT * FROM ' . GALLERY_TABLE . " WHERE parent_id = {$gallery['gallery_id']} ORDER BY left_id ASC"; //if this is a user galleries cat, grab a little differently if ($gallery['gallery_type'] == USER_GALLERIES) { $sql = 'SELECT g.*, u.username, u.user_colour FROM ' . GALLERY_TABLE . ' g, ' . USERS_TABLE .' u WHERE g.user_id <> 0 AND g.user_id = u.user_id ORDER BY u.username ASC'; } $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { if ($row['gallery_id'] != $gallery['gallery_id']) { $template->assign_block_vars('catrow', array( 'GALLERY_COMMENTS' => $row['gallery_comments'], 'GALLERY_DESC' => $row['gallery_desc'], 'GALLERY_IMAGE' => ($row['gallery_image']) ? $row['gallery_image'] : false, 'GALLERY_LAST_IMAGE_ID' => $row['gallery_last_image_id'], 'GALLERY_LAST_COMMENT_ID' => $row['gallery_last_comment_id'], 'GALLERY_LAST_UPLOADER_ID' => $row['gallery_last_uploader_id'], 'GALLERY_LAST_COMMENTOR_ID' => $row['gallery_last_comenter_id'], 'GALLERY_NAME' => $row['gallery_name'], 'GALLERY_PHOTOS' => $row['gallery_photos'], 'GALLERY_VIEWS' => $row['gallery_views'], 'U_GALLERY_LINK' => $this->u_action . "&mode=$mode&c={$row['gallery_id']}", )); } } $db->sql_freeresult($result); //if we're looking at a users gallery, grab their images $where = "a.gallery_id = {$gallery['gallery_id']}"; if ($gallery['user_id']) { $where = "a.poster_id = {$gallery['user_id']} AND a.gallery_id <> 0"; } //grab gallery information if ($gallery['gallery_id']) { //grab images for this gallery $sql = 'SELECT a.*, u.username, u.user_id, u.user_colour FROM ' . GALLERY_PHOTOS_TABLE . ' a LEFT JOIN ' . USERS_TABLE . " u ON (u.user_id = a.poster_id) WHERE $where AND a.extension IN ($extensions) ORDER BY a.filetime DESC"; $result = $db->sql_query_limit($sql, $config['images_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('imagerow', array( 'PHOTO_COMMENT' => ((mb_strlen($row['photo_comment']) > 20) ? mb_substr($row['photo_comment'], 0, 20) . '...' : $row['photo_comment']), 'PHOTO_MOUSEOVER' => (mb_strlen($row['photo_comment']) > 20) ? $row['photo_comment'] : '', 'PHOTO_NAME' => $row['photo_name'], 'COMMENT_FULL' => $row['photo_comment'], 'IMAGE_TIME' => $user->format_date($row['filetime']), 'IMAGE_VIEWS' => $row['download_count'], 'IMAGE_ID' => $row['photo_id'], 'TOPIC_ID' => ($row['thumbnail']) ? 1 : false, 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $user->lang['GUEST']), 'U_IMAGE_DOWNLOAD' => $this->u_action . "&mode=photo&p={$row['photo_id']}", 'U_IMAGE_THUMBNAIL' => append_sid("{$phpbb_root_path}photo.$phpEx", "id={$row['photo_id']}" . (($row['thumbnail']) ? '&t=1' : '')), )); $template->assign_vars(array( 'S_PHOTOS' => true, )); } //if we're looking at a users gallery, grab their images $where = "gallery_id = {$gallery['gallery_id']}"; if ($gallery['user_id']) { $where = "poster_id = {$gallery['user_id']} AND gallery_id <> 0"; } $update_photos = ''; if ($gallery['gallery_last_update_time'] < strtotime('-1 day', time()) && $gallery['gallery_id']) { //update number of images in gallery… this will be removed when this feature works properly $sql = 'SELECT COUNT(gallery_id) as total_photos FROM ' . GALLERY_PHOTOS_TABLE . " WHERE $where AND extension IN ($extensions)"; $result = $db->sql_query($sql); $gallery_photos = $db->sql_fetchfield('total_photos'); $db->sql_freeresult($result); $update_photos = ", gallery_photos = $gallery_photos, gallery_last_update_time = " . time(); } //increment the view number for this gallery $sql = 'UPDATE ' . GALLERY_TABLE . " SET gallery_views = gallery_views + 1 $update_photos WHERE gallery_id = {$gallery['gallery_id']}"; $db->sql_query($sql); } $template->assign_vars(array( 'GALLERY_NAME' => $gallery['gallery_name'], 'GALLERY_DESC' => $gallery['gallery_desc'], 'UPLOAD_ICON' => $user->img('icon_upload', 'REPLY_WITH_QUOTE'), )); break; case 'gallery': if (!$user->data['is_registered']) { // Can this user view profiles/memberlist? login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); } $sql = "SELECT * FROM " . GALLERY_PHOTOS_TABLE . " WHERE poster_id = {$user->data['user_id']} AND extension IN ($extensions) and gallery_id <> 0 ORDER BY filetime DESC"; $result = $db->sql_query_limit($sql, $config['images_per_page'], $start); $count = 0; while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('imagerow', array( 'PHOTO_COMMENT' => ((mb_strlen($row['photo_comment']) > 20) ? mb_substr($row['photo_comment'], 0, 20) . '...' : $row['photo_comment']), 'PHOTO_MOUSEOVER' => (mb_strlen($row['photo_comment']) > 20) ? $row['photo_comment'] : '', 'PHOTO_NAME' => $row['photo_name'], 'COMMENT_FULL' => $row['photo_comment'], 'IMAGE_TIME' => $user->format_date($row['filetime']), 'IMAGE_VIEWS' => $row['download_count'], 'IMAGE_ID' => $row['photo_id'], 'TOPIC_ID' => ($row['thumbnail']) ? 1 : false, 'USERNAME_FULL' => get_username_string('full', $user->data['user_id'], $user->data['username'], $user->data['user_colour'], $user->lang['GUEST']), 'U_IMAGE_DOWNLOAD' => $this->u_action . "&mode=photo&p={$row['photo_id']}", 'U_IMAGE_THUMBNAIL' => append_sid("{$phpbb_root_path}photo.$phpEx", "id={$row['photo_id']}" . (($row['thumbnail']) ? '&t=1' : '')), )); $count++; } $total_pages = 1; if ($count == $config['images_per_page']) { $sql = "SELECT COUNT(photo_id) as total_images FROM " . GALLERY_PHOTOS_TABLE . " WHERE poster_id = {$user->data['user_id']} AND extension IN ($extensions)"; $result = $db->sql_query($sql); $total_pages = $db->sql_fetchfield('total_images') / ($config['images_per_page'] > 0) ? $config['images_per_page'] : 1; $db->sql_freeresult($result); } $template->assign_vars(array( 'WHOS_PHOTOS' => get_username_string('full', $user->data['user_id'], $user->data['username'], $user->data['user_colour'], $user->lang['GUEST']) . ' ' . $user->lang['PHOTOS'], 'USERNAME_FULL' => get_username_string('full', $user->data['user_id'], $user->data['username'], $user->data['user_colour'], $user->lang['GUEST']), 'MAX_WIDTH' => $config['img_max_thumb_width'], 'MAX_HEIGHT' => $config['img_link_height'], 'PAGINATION' => generate_pagination($this->u_action . "&mode=$mode&un={$user->data['username']}", $total_pages, $config['images_per_page'], $start, true), 'U_UPLOAD' => $this->u_action . '&mode=upload', )); $this->page_title = $user->data['username'] . ' ' . $user->lang['PHOTOS']; break; case 'photo': if ($submit) { $rating = request_var('rating', 0); $comment = utf8_normalize_nfc(request_var('message', '', true)); //update the rating for this photo if ($rating) { $sql = 'SELECT * FROM ' . GALLERY_RATINGS_TABLE . " WHERE user_id = {$user->data['user_id']} AND photo_id = $photo_id"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_fetchrow($result); if ($row['photo_id']) { trigger_error('ALREADY_RATED'); } else { $sql_ary = array( 'photo_id' => $photo_id, 'user_id' => $user->data['user_id'], 'rating' => $rating, ); $sql = 'INSERT INTO ' . GALLERY_RATINGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $count = $rating = 0; $sql = 'SELECT rating FROM ' . GALLERY_RATINGS_TABLE . " WHERE photo_id = $photo_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $count++; $rating += $row['rating']; } $db->sql_freeresult($result); if ($count) { $rating = $rating / $count; $sql = 'UPDATE ' . GALLERY_PHOTOS_TABLE . " SET photo_rating = $rating WHERE photo_id = $photo_id"; $db->sql_query($sql); redirect(append_sid("./$filename", "i=$id&mode=$mode&p=$photo_id")); } } } //add a comment for this photo else if ($comment) { $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage $allow_bbcode = $allow_urls = $allow_smilies = true; generate_text_for_storage($comment, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies); $sql_ary = array( 'photo_id' => $photo_id, 'user_id' => $user->data['user_id'], 'comment_time' => time(), 'comment_text' => $comment, 'comment_bitfield' => $bitfield, 'comment_uid' => $uid, 'comment_options' => $options, ); $sql = 'INSERT INTO ' . GALLERY_COMMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); redirect(append_sid("./$filename", "i=$id&mode=$mode&p=$photo_id")); } } $where = "ORDER BY a.filetime DESC"; if ($photo_id) { $where = "AND a.photo_id = $photo_id"; } //generate smliies include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); generate_smilies('inline', 1); $sql = 'SELECT a.*, u.username, u.user_colour, g.rating FROM ' . GALLERY_PHOTOS_TABLE . ' a, ' . USERS_TABLE . ' u LEFT JOIN ' . GALLERY_RATINGS_TABLE . " g ON (g.photo_id = $photo_id) WHERE a.extension IN ($extensions) AND a.poster_id = u.user_id $where"; $result = $db->sql_query_limit($sql, 1); $photo = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$photo['rating']) { //setup rate photo $start = $config['photo_min_rating']; $stop = $config['photo_max_rating']; $photo_rate = '<select name="rating">'; $photo_rate .= '<option disabled="disabled" selected="selected">' . $user->lang['RATE_THIS'] . '</option>'; for ($i = $start; $i <= $stop; $i++) { $photo_rate .= '<option id="' . $i . '">' . $i . '</option>'; } $photo_rate .= '</select>'; } else { $photo_rate = "({$photo['rating']})"; } $template->assign_vars(array( 'PHOTO_BBCODE' => "[{$config['photo_bbcode']}]{$photo['photo_id']}[/{$config['photo_bbcode']}]", 'PHOTO_DESCRIPTION' => $photo['photo_comment'], 'PHOTO_DETAILS' => '', 'PHOTO_ID' => $photo['photo_id'], 'PHOTO_NAME' => $photo['photo_name'], 'PHOTO_POST_TIME' => $user->format_date($photo['filetime']), 'PHOTO_POSTER' => get_username_string('full', $photo['poster_id'], $photo['username'], $photo['user_colour']), 'PHOTO_RATE' => $photo_rate, 'PHOTO_RATED' => $photo['rating'], 'PHOTO_RATING' => round($photo['photo_rating'], 2), 'PHOTO_SIZE' => $photo['filesize'], 'PHOTO_TYPE' => $photo['extension'], 'PHOTO_VIEWS' => $photo['download_count'], 'I_PHOTO' => append_sid("{$phpbb_root_path}photo.$phpEx", "id={$photo['photo_id']}"), 'U_SUBMIT' => $this->u_action . "&mode=$mode&p=$photo_id", )); $now = getdate(time() + $user->timezone + $user->dst - date('Z')); include($phpbb_root_path . 'includes/functions_display.' . $phpEx); $id_cache = $user_cache = $message_cache = array(); $sql = 'SELECT g.*, u.* FROM ' . GALLERY_COMMENTS_TABLE . ' g LEFT JOIN ' . USERS_TABLE . " u ON (u.user_id = g.user_id) WHERE photo_id = $photo_id ORDER BY g.comment_time DESC"; $result = $db->sql_query_limit($sql, $config['comments_per_page']); while ($row = $db->sql_fetchrow($result)) { $poster_id = $row['user_id']; $id_cache[] = $poster_id; $message_cache[$row['comment_id']] = array( 'message' => generate_text_for_display($row['comment_text'], $row['comment_uid'], $row['comment_bitfield'], $row['comment_options']), 'user_id' => $row['user_id'], 'post_time' => $user->format_date($row['comment_time']), 'username' => $row['username'], 'user_colour' => $row['user_colour'], ); $user_cache[$poster_id] = array( 'joined' => $user->format_date($row['user_regdate']), 'posts' => $row['user_posts'], 'warnings' => $row['user_warnings'], 'from' => $row['user_from'], 'viewonline' => $row['user_allow_viewonline'], 'allow_pm' => $row['user_allow_pm'], 'avatar' => ($user->optionget('viewavatars')) ? get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'], $row['user_avatar_height']) : '', 'age' => '', 'rank_title' => '', 'rank_image' => '', 'rank_image_src' => '', 'username' => $row['username'], 'user_colour' => $row['user_colour'], 'online' => false, 'profile' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u=$poster_id"), 'www' => $row['user_website'], 'aim' => ($row['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&action=aim&u=$poster_id") : '', 'msn' => ($row['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&action=msnm&u=$poster_id") : '', 'yim' => ($row['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg' : '', 'jabber' => ($row['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&action=jabber&u=$poster_id") : '', 'search' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'search_author=' . urlencode($row['username']) .'&showresults=posts') : '', 'email' => '', 'icq' => ($row['user_icq']) ? 'http://www.icq.com/people/webmsg.php?to=' . $row['user_icq'] : '', 'icq_status_img' => ($row['user_icq']) ? '<img src="http://web.icq.com/whitepages/online?icq=' . $row['user_icq'] . '&img=5" width="18" height="18" alt="" />' : '', ); get_user_rank($row['user_rank'], $row['user_posts'], $user_cache[$poster_id]['rank_title'], $user_cache[$poster_id]['rank_image'], $user_cache[$poster_id]['rank_image_src']); if (!empty($row['user_allow_viewemail']) || $auth->acl_get('a_email')) { $user_cache[$poster_id]['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&u=$poster_id") : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $row['user_email']); } if ($row['user_birthday']) { list($bday_day, $bday_month, $bday_year) = array_map('intval', explode('-', $row['user_birthday'])); if ($bday_year) { $diff = $now['mon'] - $bday_month; if ($diff == 0) { $diff = ($now['mday'] - $bday_day < 0) ? 1 : 0; } else { $diff = ($diff < 0) ? 1 : 0; } $user_cache[$poster_id]['age'] = (int) ($now['year'] - $bday_year - $diff); } } } $db->sql_freeresult($result); // Load custom profile fields if ($config['load_cpf_viewtopic']) { include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); $cp = new custom_profile(); // Grab all profile fields from users in id cache for later use - similar to the poster cache $profile_fields_cache = $cp->generate_profile_fields_template('grab', $id_cache); } // Generate online information for user if ($config['load_onlinetrack'] && sizeof($id_cache)) { $sql = 'SELECT session_user_id, MAX(session_time) as online_time, MIN(session_viewonline) AS viewonline FROM ' . SESSIONS_TABLE . ' WHERE ' . $db->sql_in_set('session_user_id', $id_cache) . ' GROUP BY session_user_id'; $result = $db->sql_query($sql); $update_time = $config['load_online_time'] * 60; while ($row = $db->sql_fetchrow($result)) { $user_cache[$row['session_user_id']]['online'] = (time() - $update_time < $row['online_time'] && (($row['viewonline']) || $auth->acl_get('u_viewonline'))) ? true : false; } $db->sql_freeresult($result); } unset($id_cache); $cp_row = array(); foreach ($message_cache as $post_id => $row) { $poster_id = $row['user_id']; // if ($config['load_cpf_viewtopic']) { $cp_row = (isset($profile_fields_cache[$poster_id])) ? $cp->generate_profile_fields_template('show', false, $profile_fields_cache[$poster_id]) : array(); } $postrow = array( 'POST_AUTHOR_FULL' => get_username_string('full', $poster_id, $row['username'], $row['user_colour']), 'POST_AUTHOR_COLOUR' => get_username_string('colour', $poster_id, $row['username'], $row['user_colour']), 'POST_AUTHOR' => get_username_string('username', $poster_id, $row['username'], $row['user_colour']), 'U_POST_AUTHOR' => get_username_string('profile', $poster_id, $row['username'], $row['user_colour']), 'RANK_TITLE' => $user_cache[$poster_id]['rank_title'], 'RANK_IMG' => $user_cache[$poster_id]['rank_image'], 'RANK_IMG_SRC' => $user_cache[$poster_id]['rank_image_src'], 'POSTER_JOINED' => $user_cache[$poster_id]['joined'], 'POSTER_POSTS' => $user_cache[$poster_id]['posts'], 'POSTER_FROM' => $user_cache[$poster_id]['from'], 'POSTER_AVATAR' => $user_cache[$poster_id]['avatar'], 'POSTER_WARNINGS' => $user_cache[$poster_id]['warnings'], 'POSTER_AGE' => $user_cache[$poster_id]['age'], 'POST_DATE' => $user->format_date($row['post_time']), 'MESSAGE' => $row['message'], 'MINI_POST_IMG' => $user->img('icon_post_target', 'POST'), 'ICQ_STATUS_IMG' => $user_cache[$poster_id]['icq_status_img'], 'ONLINE_IMG' => ($poster_id == ANONYMOUS || !$config['load_onlinetrack']) ? '' : (($user_cache[$poster_id]['online']) ? $user->img('icon_user_online', 'ONLINE') : $user->img('icon_user_offline', 'OFFLINE')), 'S_ONLINE' => ($poster_id == ANONYMOUS || !$config['load_onlinetrack']) ? false : (($user_cache[$poster_id]['online']) ? true : false), //'U_EDIT' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_')) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_id}") : ''), //'U_DELETE' => ($auth->acl_get('m_')) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&p={$post_id}") : '', 'U_PROFILE' => $user_cache[$poster_id]['profile'], 'U_SEARCH' => $user_cache[$poster_id]['search'], 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_cache[$poster_id]['allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=compose") : '', 'U_EMAIL' => $user_cache[$poster_id]['email'], 'U_WWW' => $user_cache[$poster_id]['www'], 'U_ICQ' => $user_cache[$poster_id]['icq'], 'U_AIM' => $user_cache[$poster_id]['aim'], 'U_MSN' => $user_cache[$poster_id]['msn'], 'U_YIM' => $user_cache[$poster_id]['yim'], 'U_JABBER' => $user_cache[$poster_id]['jabber'], 'U_WARN' => ($auth->acl_get('m_warn') && $poster_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_post', true, $user->session_id) : '', 'POST_ID' => $post_id, 'POSTER_ID' => $poster_id, 'S_CUSTOM_FIELDS' => (isset($cp_row['row']) && sizeof($cp_row['row'])) ? true : false, 'S_TOPIC_POSTER' => ($user->data['user_id'] == $poster_id) ? true : false, ); if (isset($cp_row['row']) && sizeof($cp_row['row'])) { $postrow = array_merge($postrow, $cp_row['row']); } // Dump vars into template $template->assign_block_vars('postrow', $postrow); if (!empty($cp_row['blockrow'])) { foreach ($cp_row['blockrow'] as $field_data) { $template->assign_block_vars('postrow.custom_fields', $field_data); } } } break; case 'rating': case 'recent': $sql = "SELECT a.*, u.username, u.user_colour, u.user_id FROM " . GALLERY_PHOTOS_TABLE . ' a LEFT JOIN ' . USERS_TABLE . " u ON (u.user_id = a.poster_id) WHERE a.gallery_id <> 0 AND a.extension IN ($extensions) ORDER BY a.filetime DESC"; $result = $db->sql_query_limit($sql, $config['images_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('imagerow', array( 'PHOTO_COMMENT' => ((mb_strlen($row['photo_comment']) > 20) ? mb_substr($row['photo_comment'], 0, 20) . '...' : $row['photo_comment']), 'PHOTO_MOUSEOVER' => (mb_strlen($row['photo_comment']) > 20) ? $row['photo_comment'] : '', 'PHOTO_NAME' => $row['photo_name'], 'COMMENT_FULL' => $row['photo_comment'], 'IMAGE_TIME' => $user->format_date($row['filetime']), 'IMAGE_VIEWS' => $row['download_count'], 'IMAGE_ID' => $row['photo_id'], 'TOPIC_ID' => ($row['thumbnail']) ? 1 : false, 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $user->lang['GUEST']), 'U_IMAGE_DOWNLOAD' => $this->u_action . "&mode=photo&p={$row['photo_id']}", 'U_IMAGE_THUMBNAIL' => append_sid("{$phpbb_root_path}photo.$phpEx", "id={$row['photo_id']}" . (($row['thumbnail']) ? '&t=1' : '')), )); } $db->sql_freeresult($result); $template->assign_vars(array( 'MAX_WIDTH' => $config['img_max_thumb_width'], 'MAX_HEIGHT' => $config['img_link_height'], )); break; case 'upload': if (!$user->data['is_registered']) { // Can this user view profiles/memberlist? login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); } if ($submit) { include($phpbb_root_path . 'includes/functions_gallery.' . $phpEx); $filedata = upload_attachment(); if (!sizeof($filedata['error'])) { redirect(append_sid("./$filename", "i=$id&mode=$mode&p={$filedata['photo_id']}")); } $error_message = ''; foreach ($filedata['error'] as $error) { $error_message .= $error . '<br />'; } trigger_error($error); } $template->assign_vars(array( 'I_IMAGE_THUMBNAIL' => ($photo_id) ? append_sid("{$phpbb_root_path}photo.$phpEx", "id=$photo_id&t=1") : '', 'U_ACTION' => $this->u_action . "&mode=$mode", )); break; case 'views': $sql = "SELECT a.*, u.username, u.user_colour, u.user_id FROM " . GALLERY_PHOTOS_TABLE . ' a LEFT JOIN ' . USERS_TABLE . " u ON (u.user_id = a.poster_id) WHERE a.gallery_id <> 0 AND a.extension IN ($extensions) ORDER BY a.download_count DESC"; $result = $db->sql_query_limit($sql, $config['images_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('imagerow', array( 'PHOTO_COMMENT' => ((mb_strlen($row['photo_comment']) > 20) ? mb_substr($row['photo_comment'], 0, 20) . '...' : $row['photo_comment']), 'PHOTO_MOUSEOVER' => (mb_strlen($row['photo_comment']) > 20) ? $row['photo_comment'] : '', 'PHOTO_NAME' => $row['photo_name'], 'COMMENT_FULL' => $row['photo_comment'], 'IMAGE_TIME' => $user->format_date($row['filetime']), 'IMAGE_VIEWS' => $row['download_count'], 'IMAGE_ID' => $row['photo_id'], 'TOPIC_ID' => ($row['thumbnail']) ? 1 : false, 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $user->lang['GUEST']), 'U_IMAGE_DOWNLOAD' => $this->u_action . "&mode=photo&p={$row['photo_id']}", 'U_IMAGE_THUMBNAIL' => append_sid("{$phpbb_root_path}photo.$phpEx", "id={$row['photo_id']}" . (($row['thumbnail']) ? '&t=1' : '')), )); } $db->sql_freeresult($result); $template->assign_vars(array( 'MAX_WIDTH' => $config['img_max_thumb_width'], 'MAX_HEIGHT' => $config['img_link_height'], )); break; } $template->assign_vars(array( 'S_' . strtoupper($mode) => true, )); }
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { global $config, $_CLASS, $site_file_root, $forum_id; $error = array(); $num_attachments = sizeof($this->attachment_data); $this->filename_data['filecomment'] = request_var('filecomment', '', true); $upload_file = isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name']) ? true : false; $add_file = isset($_POST['add_file']); $delete_file = isset($_POST['delete_file']); $edit_comment = isset($_POST['edit_comment']); $cfg = array(); $cfg['max_attachments'] = $is_message ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = $is_message ? 0 : $forum_id; if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $_CLASS['auth']->acl_gets('m_', 'a_')) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $new_entry = array('physical_filename' => $filedata['physical_filename'], 'comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'attach_id' => 0, 'thumbnail' => $filedata['thumbnail']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message); $this->filename_data['filecomment'] = ''; // This Variable is set to false here, because Attachments are entered into the // Database in two modes, one if the id_list is 0 and the second one if post_attach is true // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, // but we are assigning an id of 0 here, we have to reset the post_attach variable to false. // // This is very relevant, because it could happen that the post got not submitted, but we do not // know this circumstance here. We could be at the posting page or we could be redirected to the entered // post. :) $filedata['post_attach'] = false; } } else { $error[] = sprintf($_CLASS['core_user']->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']); } } if ($preview || $refresh || sizeof($error)) { // Perform actions on temporary attachments if ($delete_file) { $index = (int) key($_POST['delete_file']); // delete selected attachment if (!$this->attachment_data[$index]['attach_id']) { phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'file'); if ($this->attachment_data[$index]['thumbnail']) { phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'thumbnail'); } } else { delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } unset($this->attachment_data[$index]); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message); // Reindex Array $this->attachment_data = array_values($this->attachment_data); } else { if ($edit_comment || $add_file || $preview) { if ($edit_comment) { $actual_comment_list = request_var('comment_list', array('')); foreach ($actual_comment_list as $index => $entry) { $this->attachment_data[$index]['comment'] = preg_replace('#&(\\#[0-9]+;)#', '&\\1', $entry); } } if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $_CLASS['auth']->acl_gets('m_', 'a_')) { $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $new_entry = array('physical_filename' => $filedata['physical_filename'], 'comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'attach_id' => 0, 'thumbnail' => $filedata['thumbnail']); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); $this->message = preg_replace('#\\[attachment=([0-9]+)\\](.*?)\\[\\/attachment\\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message); $this->filename_data['filecomment'] = ''; } } else { $error[] = sprintf($_CLASS['core_user']->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']); } } } } } foreach ($error as $error_msg) { $this->warn_msg[] = $error_msg; } }
function upload_file($post_id, $topic_id, $forum_id, $upload_dir, $filename) { global $message_parser, $_CLASS; $message_parser->attachment_data = array(); $message_parser->filename_data['filecomment'] = ''; $message_parser->filename_data['filename'] = $upload_dir . '/' . $filename; $filedata = upload_attachment('local', $forum_id, true, $upload_dir . '/' . basename($filename)); if ($filedata['post_attach'] && !sizeof($filedata['error'])) { $message_parser->attachment_data = array( 'post_msg_id' => $post_id, 'poster_id' => $_CLASS['core_user']->data['user_id'], 'topic_id' => $topic_id, 'in_message' => 0, 'physical_filename' => $filedata['physical_filename'], 'real_filename' => $filedata['real_filename'], 'comment' => $message_parser->filename_data['filecomment'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], 'thumbnail' => $filedata['thumbnail'] ); $message_parser->filename_data['filecomment'] = ''; $filedata['post_attach'] = FALSE; // Submit Attachment $attach_sql = $message_parser->attachment_data; $_CLASS['core_db']->sql_transaction(); $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $_CLASS['core_db']->sql_build_array('INSERT', $attach_sql); $_CLASS['core_db']->sql_query($sql); $sql = 'UPDATE ' . POSTS_TABLE . " SET post_attachment = 1 WHERE post_id = $post_id"; $_CLASS['core_db']->sql_query($sql); $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_attachment = 1 WHERE topic_id = $topic_id"; $_CLASS['core_db']->sql_query($sql); $_CLASS['core_db']->sql_transaction('commit'); add_log('admin', sprintf($_CLASS['core_user']->lang['LOG_ATTACH_FILEUPLOAD'], $post_id, $filename)); echo '<span style="color:green">' . $_CLASS['core_user']->lang['SUCCESSFULLY_UPLOADED'] . '</span><br /><br />'; } else if (sizeof($filedata['error'])) { echo '<span style="color:red">' . sprintf($_CLASS['core_user']->lang['ADMIN_UPLOAD_ERROR'], implode("<br />\t", $filedata['error'])) . '</span><br /><br />'; } }