1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
|
<?php
$filename="attachment.php";
require("./global.php");
function addtoids($list,$add) {
if($list=="") return $add;
else {
$listelements=explode(',',$list);
if(!in_array($add,$listelements)) {
$listelements[]=$add;
return implode(',',$listelements);
}
else return -1;
}
}
function removefromids($list,$remove) {
$listelements=explode(',',$list);
if(!in_array($remove,$listelements)) return -1;
else {
$count=count($listelements);
for($i=0;$i<$count;$i++) {
if($listelements[$i]==$remove) {
if($i==$count-1) array_pop($listelements);
else $listelements[$i]=array_pop($listelements);
break;
}
}
return implode(',',$listelements);
}
}
if(isset($_REQUEST['action'])) $action=$_REQUEST['action'];
elseif(isset($_POST['action'])) $action=$_POST['action'];
else $action="view";
if(isset($_POST['mode'])) {
reset($_POST);
while(list($key,$val)=each($_POST)) $$key=$val;
}
if($action=="view") {
if($wbbuserdata['candownloadattachments']==0) access_error();
if(isset($attachmentid)) {
$db->query("UPDATE bb".$n."_attachments SET counter=counter+1 WHERE attachmentid = '$attachmentid'");
$disp='inline';
if($attachment['attachmentextension']=="gif") $type="image/gif";
elseif($attachment['attachmentextension']=="jpg" || $attachment['attachmentextension']=="jpeg") $type="image/jpeg";
elseif($attachment['attachmentextension']=="png") $type="image/png";
elseif($attachment['attachmentextension']=="pdf") $type="application/pdf";
else {
$type="application/force-download";
$disp="attachment";
}
header('Content-Type: '.$type);
header('Content-disposition: '.$disp.'; filename="'.$attachment['attachmentname'].'.'.$attachment['attachmentextension'].'"');
header('Pragma: no-cache');
header('Expires: 0');
header('Content-Length: '.$attachment['attachmentsize']);
@readfile("./attachments/attachment-".$attachment['attachmentid'].".".$attachment['attachmentextension']);
}
else eval("error(\"".$tpl->get("error_falselink")."\");");
}
if($action=="edit") {
if(!$wbbuserdata['canuploadattachments'] || ($wbbuserdata['canstarttopic']==0 && $wbbuserdata['canreplyowntopic']==0 && $wbbuserdata['canreplytopic']==0)) {
eval("\$tpl->output(\"".$tpl->get("window_close")."\");");
exit();
}
if(isset($_POST['mode']) && $_POST['mode']=="delete") {
if(isset($attachment_ids)) {
if($wbbuserdata['ismod']!=1 && $wbbuserdata['issupermod']!=1 && $wbbuserdata['canuseacp']!=1 && $post['userid']!=0 && ($wbbuserdata['userid']==0 || $post['userid']!=$wbbuserdata['userid'])) access_error();
for($i=0;$i<count($attachment_ids);$i++) $attachment_ids[$i]=intval($attachment_ids[$i]);
$selectedids=implode(",",$attachment_ids);
$result=$db->query("SELECT * FROM bb".$n."_attachments WHERE attachmentid IN ($selectedids)");
while($row=$db->fetch_array($result)) {
@unlink("attachments/attachment-".$row['attachmentid'].".".$row['attachmentextension']);
$attachmentids=removefromids($attachmentids,$row['attachmentid']);
}
$db->unbuffered_query("DELETE FROM bb".$n."_attachments WHERE attachmentid IN ($selectedids)",1);
}
}
// upload script based on Celeron Dude's awesome uploader script - http://celerondude.com
if(isset($_POST['mode']) && $_POST['mode']=="add") {
$allowedextensions=explode("\n",$wbbuserdata['allowedattachmentextensions']);
$count=0;
$not_uploaded="";
for($i=1;$i<=$uploadinputs;$i++) {
if($_FILES['file'.$i]['tmp_name'] && $_FILES['file'.$i]['tmp_name']!="none") {
$file=$_FILES['file'.$i];
$uploaderror=0;
$file_extension=strtolower(substr(strrchr($file['name'], "."), 1));
$file_name=substr(strrev(strstr(strrev($file['name']), ".")),0,-1);
// check for empty file
if(!$uploaderror && $file['size']===0) {
$uploaderror=1;
eval("\$not_uploaded .= \"".$tpl->get("attachments_error1")."\";");
}
// check for the size of the file
if(!$uploaderror && ($file['size'] > $wbbuserdata['maxattachmentsize'])) {
$uploaderror=1;
eval("\$not_uploaded .= \"".$tpl->get("attachments_error2")."\";");
}
// check for bad characters in the file name
if(!$uploaderror && preg_match("#\\|\/|\:|\*|\?|\&|\<|\>|\|#i", $file['name'])) {
$uploaderror=1;
eval("\$not_uploaded .= \"".$tpl->get("attachments_error3")."\";");
}
// check for file type
if(!$uploaderror && ($wbbuserdata['allowedattachmentextensions']!="*") && !in_array($file_extension,$allowedextensions)){
$uploaderror=1;
eval("\$not_uploaded .= \"".$tpl->get("attachments_error4")."\";");
}
if(!$uploaderror) {
$db->query("INSERT INTO bb".$n."_attachments (attachmentid,postid,attachmentname,attachmentextension,attachmentsize) VALUES (NULL,'$postid','".addslashes($file_name)."','".addslashes($file_extension)."','".$file['size']."')");
$attachmentid=$db->insert_id();
if(@move_uploaded_file($file['tmp_name'],"attachments/attachment-".$attachmentid.".".$file_extension)) {
@chmod("attachments/attachment-".$attachmentid.".".$file_extension,0777);
$attachmentids=addtoids($attachmentids,$attachmentid);
$count++;
} else {
$db->unbuffered_query("DELETE FROM bb".$n."_attachments WHERE attachmentid='$attachmentid'",1);
$uploaderror=1;
eval("\$not_uploaded .= \"".$tpl->get("attachments_error5")."\";");
}
}
}
}
if(!$count && !$not_uploaded) eval("\$error = \"".$tpl->get("attachments_error6")."\";");
}
if($not_uploaded) eval("\$error = \"".$tpl->get("attachments_error")."\";");
if($attachmentids) {
$result=$db->query("SELECT * FROM bb".$n."_attachments WHERE attachmentid IN ($attachmentids)");
$attachmentscount=$db->num_rows($result);
}
elseif($postid) {
$result=$db->query("SELECT * FROM bb".$n."_attachments WHERE postid='$postid'");
$attachmentscount=$db->num_rows($result);
}
if($attachmentscount) {
unset($attachmentids);
while($row=$db->fetch_array($result)) {
$attachmentinfo=$row['attachmentname'].".".$row['attachmentextension']." (".formatFilesize($row['attachmentsize']).")";
$attachmentoptions.=makeoption($row['attachmentid'],htmlspecialchars($attachmentinfo),0,0);
if(isset($attachmentids)) $attachmentids.=",".$row['attachmentid'];
else $attachmentids=$row['attachmentid'];
}
$db->free_result($result);
eval ("\$attachments_view = \"".$tpl->get("attachments_view")."\";");
}
$maxattachmentscount=intval($wbbuserdata['maxattachmentscount']);
$allowedattachmentextensions = str_replace("\n"," ",$wbbuserdata['allowedattachmentextensions']);
$maxattachmentsize = formatFilesize($wbbuserdata['maxattachmentsize']);
if($maxattachmentscount==-1) {
eval("\$maxattachmentscount = \"".$tpl->get("attachments_unlimited")."\";");
$uploadinputs=10;
for($i=1;$i<=$uploadinputs;$i++) eval("\$attachments_addbit .= \"".$tpl->get("attachments_addbit")."\";");
eval("\$attachments_add = \"".$tpl->get("attachments_add")."\";");
}
else {
$uploadinputs=$maxattachmentscount-$attachmentscount;
if($uploadinputs) {
for($i=1;$i<=$uploadinputs;$i++) eval("\$attachments_addbit .= \"".$tpl->get("attachments_addbit")."\";");
eval("\$attachments_add = \"".$tpl->get("attachments_add")."\";");
}
}
eval("\$tpl->output(\"".$tpl->get("attachments_edit")."\");");
}
?>
|