-$download_id = request_var('id', 0);

-$topic_id = $request->variable('topic_id', 0);

-$post_id = $request->variable('post_id', 0);

-$msg_id = $request->variable('msg_id', 0);

-$archive = $request->variable('archive', '.tar');

-if ($download_id)

-{

- // Attachment id (only 1 attachment)

- $sql_where = 'attach_id = ' . $download_id;

-}

-else if ($msg_id)

-{

- // Private message id (multiple attachments)

- $sql_where = 'is_orphan = 0 AND in_message = 1 AND post_msg_id = ' . $msg_id;

-}

-else if ($post_id)

-{

- // Post id (multiple attachments)

- $sql_where = 'is_orphan = 0 AND in_message = 0 AND post_msg_id = ' . $post_id;

-}

-else if ($topic_id)

-{

- // Topic id (multiple attachments)

- $sql_where = 'is_orphan = 0 AND topic_id = ' . $topic_id;

-}

-else

- WHERE $sql_where";

-

-$attachments = $attachment_ids = array();

-while ($row = $db->sql_fetchrow($result))

-{

- $attachment_id = (int) $row['attach_id'];

-

- $row['physical_filename'] = utf8_basename($row['physical_filename']);

-

- $attachment_ids[$attachment_id] = $attachment_id;

- $attachments[$attachment_id] = $row;

-}

-// Make $attachment the first of the attachments we fetched.

-$attachment = current($attachments);

-

-if (empty($attachments))

-else if ($download_id)

- // sizeof($attachments) == 1

-else

-{

- // sizeof($attachments) >= 1

- if ($attachment['in_message'])

- {

- phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']);

- }

- else

- {

- phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);

- }

-

- if (!class_exists('compress'))

- {

- require $phpbb_root_path . 'includes/functions_compress.' . $phpEx;

- }

-

- if (!in_array($archive, compress::methods()))

- {

- $archive = '.tar';

- }

-

- $post_visibility = array();

- if ($msg_id)

- {

- $sql = 'SELECT message_subject AS attach_subject

- FROM ' . PRIVMSGS_TABLE . "

- WHERE msg_id = $msg_id";

- }

- else if ($post_id)

- {

- $sql = 'SELECT post_subject AS attach_subject, forum_id, post_visibility

- FROM ' . POSTS_TABLE . "

- WHERE post_id = $post_id";

- }

- else

- {

- $sql = 'SELECT post_id, post_visibility

- FROM ' . POSTS_TABLE . "

- WHERE topic_id = $topic_id

- AND post_attachment = 1";

- $result = $db->sql_query($sql);

- while ($row = $db->sql_fetchrow($result))

- {

- $post_visibility[(int) $row['post_id']] = (int) $row['post_visibility'];

- }

- $db->sql_freeresult($result);

-

- $sql = 'SELECT topic_title AS attach_subject, forum_id

- FROM ' . TOPICS_TABLE . "

- WHERE topic_id = $topic_id";

- }

-

- $result = $db->sql_query($sql);

- $row = $db->sql_fetchrow($result);

- $db->sql_freeresult($result);

-

- if (empty($row))

- {

- send_status_line(404, 'Not Found');

- trigger_error('ERROR_NO_ATTACHMENT');

- }

-

- $clean_name = phpbb_download_clean_filename($row['attach_subject']);

- $suffix = '_' . (($msg_id) ? 'm' . $msg_id : (($post_id) ? 'p' . $post_id : 't' . $topic_id)) . '_' . $clean_name;

- $archive_name = 'attachments' . $suffix;

-

- $store_name = 'att_' . time() . '_' . unique_id();

- $archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}";

-

- if ($archive === '.zip')

- {

- $compress = new compress_zip('w', $archive_path);

- }

- else

- {

- $compress = new compress_tar('w', $archive_path, $archive);

- }

-

- $extensions = array();

- $files_added = 0;

- $forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id'];

- $disallowed_extension = array();

-

- foreach ($attachments as $attach)

- {

- if (!extension_allowed($forum_id, $attach['extension'], $extensions))

- {

- $disallowed_extension[$attach['extension']] = $attach['extension'];

- continue;

- }

-

- if ($post_id && $row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id))

- {

- // Attachment of a soft deleted post and the user is not allowed to see the post

- continue;

- }

-

- if ($topic_id && (!isset($post_visibility[$attach['post_msg_id']]) || $post_visibility[$attach['post_msg_id']] != ITEM_APPROVED) && !$auth->acl_get('m_approve', $forum_id))

- {

- // Attachment of a soft deleted post and the user is not allowed to see the post

- continue;

- }

-

- $prefix = '';

- if ($topic_id)

- {

- $prefix = $attach['post_msg_id'] . '_';

- }

-

- $compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}");

- $files_added++;

- }

-

- $compress->close();

-

- if ($files_added)

- {

- phpbb_increment_downloads($db, $attachment_ids);

- $compress->download($store_name, $archive_name);

- }

-

- unlink($archive_path);

-

- if (!$files_added && !empty($disallowed_extension))

- {

- // None of the attachments had a valid extension

- $disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension);

- send_status_line(403, 'Forbidden');

- trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension));

- }

- else if (!$files_added)

- {

- send_status_line(404, 'Not Found');

- trigger_error('ERROR_NO_ATTACHMENT');

- }

-

- file_gc();

-}