Zeile 6 | Zeile 6 |
---|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* $Id: functions_upload.php 5760 2012-03-09 15:40:38Z Tomm $
| * $Id$
|
*/
| */
|
Zeile 32 | Zeile 32 |
---|
$query = $db->simple_select("attachments", "aid, attachname, thumbnail, visible", "aid='{$aid}' AND pid='{$pid}'"); $attachment = $db->fetch_array($query); }
|
$query = $db->simple_select("attachments", "aid, attachname, thumbnail, visible", "aid='{$aid}' AND pid='{$pid}'"); $attachment = $db->fetch_array($query); }
|
|
|
$plugins->run_hooks("remove_attachment_do_delete", $attachment);
|
$plugins->run_hooks("remove_attachment_do_delete", $attachment);
|
|
|
$db->delete_query("attachments", "aid='{$attachment['aid']}'");
|
$db->delete_query("attachments", "aid='{$attachment['aid']}'");
|
if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else { $uploadpath = $mybb->settings['uploadspath'];
| if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath']; } else { $uploadpath = $mybb->settings['uploadspath'];
|
}
|
}
|
|
|
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query, "numreferences") == 0) { @unlink($uploadpath."/".$attachment['attachname']); if($attachment['thumbnail'])
|
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query, "numreferences") == 0) { @unlink($uploadpath."/".$attachment['attachname']); if($attachment['thumbnail'])
|
{
| {
|
@unlink($uploadpath."/".$attachment['thumbnail']);
|
@unlink($uploadpath."/".$attachment['thumbnail']);
|
}
| }
|
$date_directory = explode('/', $attachment['attachname']); if(@is_dir($uploadpath."/".$date_directory[0])) { @rmdir($uploadpath."/".$date_directory[0]); }
|
$date_directory = explode('/', $attachment['attachname']); if(@is_dir($uploadpath."/".$date_directory[0])) { @rmdir($uploadpath."/".$date_directory[0]); }
|
}
| }
|
if($attachment['visible'] == 1 && $pid) {
| if($attachment['visible'] == 1 && $pid) {
|
Zeile 69 | Zeile 69 |
---|
update_thread_counters($post['tid'], array("attachmentcount" => "-1")); } }
|
update_thread_counters($post['tid'], array("attachmentcount" => "-1")); } }
|
|
|
/** * Remove all of the attachments from a specific post *
| /** * Remove all of the attachments from a specific post *
|
Zeile 79 | Zeile 79 |
---|
function remove_attachments($pid, $posthash="") { global $db, $mybb, $plugins;
|
function remove_attachments($pid, $posthash="") { global $db, $mybb, $plugins;
|
|
|
if($pid) { $post = get_post($pid);
| if($pid) { $post = get_post($pid);
|
Zeile 93 | Zeile 93 |
---|
{ $query = $db->simple_select("attachments", "*", "pid='$pid'"); }
|
{ $query = $db->simple_select("attachments", "*", "pid='$pid'"); }
|
|
|
if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath'];
|
if(defined('IN_ADMINCP')) { $uploadpath = '../'.$mybb->settings['uploadspath'];
|
}
| }
|
else { $uploadpath = $mybb->settings['uploadspath'];
| else { $uploadpath = $mybb->settings['uploadspath'];
|
Zeile 105 | Zeile 105 |
---|
$num_attachments = 0; while($attachment = $db->fetch_array($query))
|
$num_attachments = 0; while($attachment = $db->fetch_array($query))
|
{
| {
|
if($attachment['visible'] == 1) { $num_attachments++; }
|
if($attachment['visible'] == 1) { $num_attachments++; }
|
|
|
$plugins->run_hooks("remove_attachments_do_delete", $attachment);
|
$plugins->run_hooks("remove_attachments_do_delete", $attachment);
|
|
|
$db->delete_query("attachments", "aid='".$attachment['aid']."'");
|
$db->delete_query("attachments", "aid='".$attachment['aid']."'");
|
|
|
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query2 = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query2, "numreferences") == 0) { @unlink($uploadpath."/".$attachment['attachname']); if($attachment['thumbnail'])
|
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query2 = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='".$db->escape_string($attachment['attachname'])."'"); if($db->fetch_field($query2, "numreferences") == 0) { @unlink($uploadpath."/".$attachment['attachname']); if($attachment['thumbnail'])
|
{
| {
|
@unlink($uploadpath."/".$attachment['thumbnail']); }
| @unlink($uploadpath."/".$attachment['thumbnail']); }
|
Zeile 132 | Zeile 132 |
---|
} } }
|
} } }
|
|
|
if($post['tid']) { update_thread_counters($post['tid'], array("attachmentcount" => "-{$num_attachments}"));
| if($post['tid']) { update_thread_counters($post['tid'], array("attachmentcount" => "-{$num_attachments}"));
|
Zeile 148 | Zeile 148 |
---|
function remove_avatars($uid, $exclude="") { global $mybb, $plugins;
|
function remove_avatars($uid, $exclude="") { global $mybb, $plugins;
|
|
|
if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath'];
| if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath'];
|
Zeile 157 | Zeile 157 |
---|
{ $avatarpath = $mybb->settings['avataruploadpath']; }
|
{ $avatarpath = $mybb->settings['avataruploadpath']; }
|
|
|
$dir = opendir($avatarpath); if($dir) { while($file = @readdir($dir)) { $plugins->run_hooks("remove_avatars_do_delete", $file);
|
$dir = opendir($avatarpath); if($dir) { while($file = @readdir($dir)) { $plugins->run_hooks("remove_avatars_do_delete", $file);
|
|
|
if(preg_match("#avatar_".$uid."\.#", $file) && is_file($avatarpath."/".$file) && $file != $exclude) { @unlink($avatarpath."/".$file);
| if(preg_match("#avatar_".$uid."\.#", $file) && is_file($avatarpath."/".$file) && $file != $exclude) { @unlink($avatarpath."/".$file);
|
Zeile 185 | Zeile 185 |
---|
function upload_avatar($avatar=array(), $uid=0) { global $db, $mybb, $lang, $plugins;
|
function upload_avatar($avatar=array(), $uid=0) { global $db, $mybb, $lang, $plugins;
|
|
|
if(!$uid) { $uid = $mybb->user['uid']; }
if(!$avatar['name'] || !$avatar['tmp_name'])
|
if(!$uid) { $uid = $mybb->user['uid']; }
if(!$avatar['name'] || !$avatar['tmp_name'])
|
{
| {
|
$avatar = $_FILES['avatarupload']; }
if(!is_uploaded_file($avatar['tmp_name']))
|
$avatar = $_FILES['avatarupload']; }
if(!is_uploaded_file($avatar['tmp_name']))
|
{ $ret['error'] = $lang->error_uploadfailed; return $ret;
| { $ret['error'] = $lang->error_uploadfailed; return $ret;
|
}
// Check we have a valid extension $ext = get_extension(my_strtolower($avatar['name']));
|
}
// Check we have a valid extension $ext = get_extension(my_strtolower($avatar['name']));
|
if(!preg_match("#^(gif|jpg|jpeg|jpe|bmp|png)$#i", $ext))
| if(!preg_match("#^(gif|jpg|jpeg|jpe|bmp|png)$#i", $ext))
|
{ $ret['error'] = $lang->error_avatartype;
|
{ $ret['error'] = $lang->error_avatartype;
|
return $ret;
| return $ret;
|
}
|
}
|
|
|
if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath']; $lang->load("messages", true);
|
if(defined('IN_ADMINCP')) { $avatarpath = '../'.$mybb->settings['avataruploadpath']; $lang->load("messages", true);
|
}
| }
|
else { $avatarpath = $mybb->settings['avataruploadpath']; }
|
else { $avatarpath = $mybb->settings['avataruploadpath']; }
|
|
|
$filename = "avatar_".$uid.".".$ext; $file = upload_file($avatar, $avatarpath, $filename); if($file['error']) {
|
$filename = "avatar_".$uid.".".$ext; $file = upload_file($avatar, $avatarpath, $filename); if($file['error']) {
|
@unlink($avatarpath."/".$filename);
| @unlink($avatarpath."/".$filename);
|
$ret['error'] = $lang->error_uploadfailed; return $ret;
|
$ret['error'] = $lang->error_uploadfailed; return $ret;
|
}
| }
|
// Lets just double check that it exists
|
// Lets just double check that it exists
|
Zeile 237 | Zeile 237 |
---|
@unlink($avatarpath."/".$filename); return $ret; }
|
@unlink($avatarpath."/".$filename); return $ret; }
|
|
|
// Check if this is a valid image or not $img_dimensions = @getimagesize($avatarpath."/".$filename); if(!is_array($img_dimensions))
| // Check if this is a valid image or not $img_dimensions = @getimagesize($avatarpath."/".$filename); if(!is_array($img_dimensions))
|
Zeile 246 | Zeile 246 |
---|
$ret['error'] = $lang->error_uploadfailed; return $ret; }
|
$ret['error'] = $lang->error_uploadfailed; return $ret; }
|
|
|
// Check avatar dimensions if($mybb->settings['maxavatardims'] != '') {
| // Check avatar dimensions if($mybb->settings['maxavatardims'] != '') {
|
Zeile 263 | Zeile 263 |
---|
$ret['error'] = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); $ret['error'] .= "<br /><br />".$lang->error_avatarresizefailed; @unlink($avatarpath."/".$filename);
|
$ret['error'] = $lang->sprintf($lang->error_avatartoobig, $maxwidth, $maxheight); $ret['error'] .= "<br /><br />".$lang->error_avatarresizefailed; @unlink($avatarpath."/".$filename);
|
return $ret;
| return $ret;
|
} else {
| } else {
|
Zeile 282 | Zeile 282 |
---|
} @unlink($avatarpath."/".$filename); return $ret;
|
} @unlink($avatarpath."/".$filename); return $ret;
|
}
| }
|
} }
|
} }
|
|
|
// Next check the file size if($avatar['size'] > ($mybb->settings['avatarsize']*1024) && $mybb->settings['avatarsize'] > 0)
|
// Next check the file size if($avatar['size'] > ($mybb->settings['avatarsize']*1024) && $mybb->settings['avatarsize'] > 0)
|
{
| {
|
@unlink($avatarpath."/".$filename); $ret['error'] = $lang->error_uploadsize;
|
@unlink($avatarpath."/".$filename); $ret['error'] = $lang->error_uploadsize;
|
return $ret; }
| return $ret; }
|
// Check a list of known MIME types to establish what kind of avatar we're uploading switch(my_strtolower($avatar['type'])) {
| // Check a list of known MIME types to establish what kind of avatar we're uploading switch(my_strtolower($avatar['type'])) {
|
Zeile 306 | Zeile 306 |
---|
case "image/pjpeg": case "image/jpg": $img_type = 2;
|
case "image/pjpeg": case "image/jpg": $img_type = 2;
|
break;
| break;
|
case "image/png": case "image/x-png": $img_type = 3;
| case "image/png": case "image/x-png": $img_type = 3;
|
Zeile 314 | Zeile 314 |
---|
default: $img_type = 0; }
|
default: $img_type = 0; }
|
|
|
// Check if the uploaded file type matches the correct image type (returned by getimagesize) if($img_dimensions[2] != $img_type || $img_type == 0) { $ret['error'] = $lang->error_uploadfailed; @unlink($avatarpath."/".$filename);
|
// Check if the uploaded file type matches the correct image type (returned by getimagesize) if($img_dimensions[2] != $img_type || $img_type == 0) { $ret['error'] = $lang->error_uploadfailed; @unlink($avatarpath."/".$filename);
|
return $ret;
| return $ret;
|
} // Everything is okay so lets delete old avatars for this user remove_avatars($uid, $filename);
| } // Everything is okay so lets delete old avatars for this user remove_avatars($uid, $filename);
|
Zeile 344 | Zeile 344 |
---|
function upload_attachment($attachment, $update_attachment=false) { global $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;
|
function upload_attachment($attachment, $update_attachment=false) { global $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;
|
|
|
$posthash = $db->escape_string($mybb->input['posthash']);
|
$posthash = $db->escape_string($mybb->input['posthash']);
|
| $pid = intval($pid);
|
if(isset($attachment['error']) && $attachment['error'] != 0) {
| if(isset($attachment['error']) && $attachment['error'] != 0) {
|
Zeile 376 | Zeile 377 |
---|
} return $ret; }
|
} return $ret; }
|
|
|
if(!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4;
|
if(!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_php4;
|
return $ret;
| return $ret;
|
}
|
}
|
|
|
$ext = get_extension($attachment['name']); // Check if we have a valid extension $query = $db->simple_select("attachtypes", "*", "extension='".$db->escape_string($ext)."'"); $attachtype = $db->fetch_array($query); if(!$attachtype['atid'])
|
$ext = get_extension($attachment['name']); // Check if we have a valid extension $query = $db->simple_select("attachtypes", "*", "extension='".$db->escape_string($ext)."'"); $attachtype = $db->fetch_array($query); if(!$attachtype['atid'])
|
{
| {
|
$ret['error'] = $lang->error_attachtype; return $ret; }
|
$ret['error'] = $lang->error_attachtype; return $ret; }
|
|
|
// Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "") {
| // Check the size if($attachment['size'] > $attachtype['maxsize']*1024 && $attachtype['maxsize'] != "") {
|
Zeile 402 | Zeile 403 |
---|
// Double check attachment space usage if($mybb->usergroup['attachquota'] > 0)
|
// Double check attachment space usage if($mybb->usergroup['attachquota'] > 0)
|
{
| {
|
$query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); $usage = $db->fetch_array($query); $usage = $usage['ausage']+$attachment['size'];
| $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); $usage = $db->fetch_array($query); $usage = $usage['ausage']+$attachment['size'];
|
Zeile 410 | Zeile 411 |
---|
{ $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
|
{ $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
|
return $ret; } }
| return $ret; } }
|
// Gather forum permissions $forumpermissions = forum_permissions($forum['fid']);
// Check if an attachment with this name is already in the post
|
// Gather forum permissions $forumpermissions = forum_permissions($forum['fid']);
// Check if an attachment with this name is already in the post
|
$query = $db->simple_select("attachments", "*", "filename='".$db->escape_string($attachment['name'])."' AND (posthash='$posthash' OR (pid='".intval($pid)."' AND pid!='0'))");
| if($pid != 0) { $uploaded_query = "pid='{$pid}'"; } else { $uploaded_query = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "*", "filename='".$db->escape_string($attachment['name'])."' AND ".$uploaded_query);
|
$prevattach = $db->fetch_array($query); if($prevattach['aid'] && $update_attachment == false) {
| $prevattach = $db->fetch_array($query); if($prevattach['aid'] && $update_attachment == false) {
|
Zeile 446 | Zeile 455 |
---|
$month_dir = ''; } }
|
$month_dir = ''; } }
|
}
| }
|
// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";
|
// All seems to be good, lets move the attachment! $filename = "post_".$mybb->user['uid']."_".TIME_NOW."_".md5(random_str()).".attach";
|
|
|
$file = upload_file($attachment, $mybb->settings['uploadspath']."/".$month_dir, $filename);
|
$file = upload_file($attachment, $mybb->settings['uploadspath']."/".$month_dir, $filename);
|
|
|
// Failed to create the attachment in the monthly directory, just throw it in the main directory if($file['error'] && $month_dir)
|
// Failed to create the attachment in the monthly directory, just throw it in the main directory if($file['error'] && $month_dir)
|
{ $file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename); }
| { $file = upload_file($attachment, $mybb->settings['uploadspath'].'/', $filename); }
|
if($month_dir) { $filename = $month_dir."/".$filename; }
|
if($month_dir) { $filename = $month_dir."/".$filename; }
|
|
|
if($file['error']) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_detail;
| if($file['error']) { $ret['error'] = $lang->error_uploadfailed.$lang->error_uploadfailed_detail;
|
Zeile 474 | Zeile 483 |
---|
break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed;
|
break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed;
|
break; } return $ret;
| break; } return $ret;
|
}
// Lets just double check that it exists
| }
// Lets just double check that it exists
|
Zeile 488 | Zeile 497 |
---|
// Generate the array for the insert_query $attacharray = array(
|
// Generate the array for the insert_query $attacharray = array(
|
"pid" => intval($pid),
| "pid" => $pid,
|
"posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']),
| "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']),
|
Zeile 522 | Zeile 531 |
---|
default: $img_type = 0; }
|
default: $img_type = 0; }
|
|
|
$supported_mimes = array(); $attachtypes = $cache->read("attachtypes"); foreach($attachtypes as $attachtype)
| $supported_mimes = array(); $attachtypes = $cache->read("attachtypes"); foreach($attachtypes as $attachtype)
|
Zeile 553 | Zeile 562 |
---|
{ @unlink($mybb->settings['uploadspath']."/".$filename); $ret['error'] = $lang->error_uploadfailed;
|
{ @unlink($mybb->settings['uploadspath']."/".$filename); $ret['error'] = $lang->error_uploadfailed;
|
return $ret; }
| return $ret; }
|
require_once MYBB_ROOT."inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.$ext", $filename); $thumbnail = generate_thumbnail($mybb->settings['uploadspath']."/".$filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);
|
require_once MYBB_ROOT."inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.$ext", $filename); $thumbnail = generate_thumbnail($mybb->settings['uploadspath']."/".$filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);
|
|
|
if($thumbnail['filename']) { $attacharray['thumbnail'] = $thumbnail['filename'];
| if($thumbnail['filename']) { $attacharray['thumbnail'] = $thumbnail['filename'];
|
Zeile 571 | Zeile 580 |
---|
if($forum['modattachments'] == 1 && !is_moderator($forum['fid'], "", $mybb->user['uid'])) { $attacharray['visible'] = 0;
|
if($forum['modattachments'] == 1 && !is_moderator($forum['fid'], "", $mybb->user['uid'])) { $attacharray['visible'] = 0;
|
}
| }
|
else { $attacharray['visible'] = 1; }
|
else { $attacharray['visible'] = 1; }
|
|
|
$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);
|
$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);
|
|
|
if($prevattach['aid'] && $update_attachment == true)
|
if($prevattach['aid'] && $update_attachment == true)
|
{
| {
|
unset($attacharray['downloads']); // Keep our download count if we're updating an attachment $db->update_query("attachments", $attacharray, "aid='".$db->escape_string($prevattach['aid'])."'"); $aid = $prevattach['aid'];
| unset($attacharray['downloads']); // Keep our download count if we're updating an attachment $db->update_query("attachments", $attacharray, "aid='".$db->escape_string($prevattach['aid'])."'"); $aid = $prevattach['aid'];
|
Zeile 588 | Zeile 597 |
---|
else { $aid = $db->insert_query("attachments", $attacharray);
|
else { $aid = $db->insert_query("attachments", $attacharray);
|
}
if($tid) { update_thread_counters($tid, array("attachmentcount" => "+1"));
| if($pid) { update_thread_counters($tid, array("attachmentcount" => "+1")); }
|
} $ret['aid'] = $aid; return $ret;
| } $ret['aid'] = $aid; return $ret;
|
Zeile 608 | Zeile 616 |
---|
function upload_file($file, $path, $filename="") { global $plugins;
|
function upload_file($file, $path, $filename="") { global $plugins;
|
|
|
if(empty($file['name']) || $file['name'] == "none" || $file['size'] < 1) { $upload['error'] = 1; return $upload;
|
if(empty($file['name']) || $file['name'] == "none" || $file['size'] < 1) { $upload['error'] = 1; return $upload;
|
}
| }
|
if(!$filename) { $filename = $file['name']; }
|
if(!$filename) { $filename = $file['name']; }
|
|
|
$upload['original_filename'] = preg_replace("#/$#", "", $file['name']); // Make the filename safe
|
$upload['original_filename'] = preg_replace("#/$#", "", $file['name']); // Make the filename safe
|
| $upload['original_filename'] = utf8_handle_4byte_string($upload['original_filename']);
|
$filename = preg_replace("#/$#", "", $filename); // Make the filename safe $moved = @move_uploaded_file($file['tmp_name'], $path."/".$filename);
|
$filename = preg_replace("#/$#", "", $filename); // Make the filename safe $moved = @move_uploaded_file($file['tmp_name'], $path."/".$filename);
|
|
|
if(!$moved) { $upload['error'] = 2;
| if(!$moved) { $upload['error'] = 2;
|