diff options
| -rw-r--r-- | phpBB/adm/admin_board.php | 7 | ||||
| -rw-r--r-- | phpBB/common.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 770 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 189 | ||||
| -rw-r--r-- | phpBB/install/schemas/firebird_basic.sql | 5 | ||||
| -rw-r--r-- | phpBB/install/schemas/firebird_schema.sql | 120 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_basic.sql | 55 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_schema.sql | 75 | ||||
| -rw-r--r-- | phpBB/language/en/lang_admin.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/lang_main.php | 16 | ||||
| -rw-r--r-- | phpBB/posting.php | 124 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/posting_attach_body.html | 36 | ||||
| -rw-r--r-- | phpBB/templates/subSilver/posting_body.html | 38 |
13 files changed, 1358 insertions, 82 deletions
diff --git a/phpBB/adm/admin_board.php b/phpBB/adm/admin_board.php index 4dec8bdbf5..ed76cda85d 100644 --- a/phpBB/adm/admin_board.php +++ b/phpBB/adm/admin_board.php @@ -224,6 +224,9 @@ switch ($mode) $namechange_yes = ($new['allow_namechange']) ? 'checked="checked"' : ''; $namechange_no = (!$new['allow_namechange']) ? 'checked="checked"' : ''; + $attachments_yes = ($new['allow_attachments']) ? 'checked="checked"' : ''; + $attachments_no = (!$new['allow_attachments']) ? 'checked="checked"' : ''; + ?> <tr> <td class="row1" width="50%"><?php echo $user->lang['Default_style']; ?></td> @@ -266,6 +269,10 @@ switch ($mode) <td class="row2"><input type="radio" name="allow_namechange" value="1" <?php echo $namechange_yes; ?> /> <?php echo $user->lang['YES']; ?> <input type="radio" name="allow_namechange" value="0" <?php echo $namechange_no; ?> /> <?php echo $user->lang['NO']; ?></td> </tr> <tr> + <td class="row1"><?php echo $user->lang['ALLOW_ATTACHMENTS']; ?>: </td> + <td class="row2"><input type="radio" name="allow_attachments" value="1" <?php echo $attachments_yes; ?> /> <?php echo $user->lang['YES']; ?> <input type="radio" name="allow_attachments" value="0" <?php echo $attachments_no; ?> /> <?php echo $user->lang['NO']; ?></td> + </tr> + <tr> <td class="row1"><?php echo $user->lang['Allow_HTML']; ?>: </td> <td class="row2"><input type="radio" name="allow_html" value="1" <?php echo $html_yes; ?> /> <?php echo $user->lang['YES']; ?> <input type="radio" name="allow_html" value="0" <?php echo $html_no; ?> /> <?php echo $user->lang['NO']; ?></td> </tr> diff --git a/phpBB/common.php b/phpBB/common.php index 401bbae2a7..295d8ef0a8 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -111,10 +111,14 @@ define('ACL_GROUPS_TABLE', $table_prefix.'auth_groups'); define('ACL_OPTIONS_TABLE', $table_prefix.'auth_options'); define('ACL_PRESETS_TABLE', $table_prefix.'auth_presets'); define('ACL_USERS_TABLE', $table_prefix.'auth_users'); +define('ATTACHMENTS_TABLE', $table_prefix.'attachments'); +define('ATTACHMENTS_DESC_TABLE', $table_prefix.'attach_desc'); define('BANLIST_TABLE', $table_prefix.'banlist'); define('CONFIG_TABLE', $table_prefix.'config'); define('CONFIRM_TABLE', $table_prefix.'confirm'); define('DISALLOW_TABLE', $table_prefix.'disallow'); // +define('EXTENSIONS_TABLE', $table_prefix.'extensions'); +define('EXTENSION_GROUPS_TABLE', $table_prefix.'extension_groups'); define('FORUMS_TABLE', $table_prefix.'forums'); define('FORUMS_WATCH_TABLE', $table_prefix.'forums_watch'); define('GROUPS_TABLE', $table_prefix.'groups'); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 4e1ce9fa45..da4e939b50 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -26,8 +26,7 @@ function generate_smilies($mode) global $SID, $auth, $db, $user, $config, $template; global $starttime, $phpEx, $phpbb_root_path; - // TODO: To be added to the schema - discuss this first please :) - $config['max_smilies_inline'] = 20; + $max_smilies_inline = 20; if ($mode == 'window') { @@ -55,7 +54,7 @@ function generate_smilies($mode) { if (!in_array($row['smile_url'], $smile_array)) { - if ($mode == 'window' || ($mode == 'inline' && $num_smilies < $config['max_smilies_inline'])) + if ($mode == 'window' || ($mode == 'inline' && $num_smilies < $max_smilies_inline)) { $template->assign_block_vars('emoticon', array( 'SMILEY_CODE' => $row['code'], @@ -73,7 +72,7 @@ function generate_smilies($mode) while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); - if ($mode == 'inline' && $num_smilies >= $config['max_smilies_inline']) + if ($mode == 'inline' && $num_smilies >= $max_smilies_inline) { $template->assign_vars(array( 'S_SHOW_EMOTICON_LINK' => true, @@ -548,7 +547,7 @@ function user_notification($mode, $subject, $forum_id, $topic_id, $post_id) } } -// Format text to be displayed - from viewtopic.php +// Format text to be displayed - from viewtopic.php - centralizing this would be nice ;) function format_display($message, $html, $bbcode, $uid, $url, $smilies, $sig) { global $auth, $forum_id, $config, $censors, $user; @@ -651,8 +650,73 @@ function submit_poll($topic_id, $mode, $poll) } } +// Submit Attachment +function submit_attachment($post_id, $topic_id, $user_id, $mode, $attachment_data) +{ + global $db, $config, $auth; + + // Insert Attachment ? + if ((!empty($post_id)) && ($mode == 'post' || $mode == 'reply' || $mode == 'edit')) + { + for ($i = 0; $i < count($attachment_data['attach_id']); $i++) + { + if ($attachment_data['attach_id'][$i] != '-1') + { + // update entry in db if attachment already stored in db and filespace + $attach_sql = array( + 'comment' => trim($attachment_data['comment'][$i]) + ); + + $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $attach_sql) . ' WHERE attach_id = ' . $attachment_data['attach_id'][$i]; + $db->sql_query($sql); + } + else + { + // insert attachment into db + $attach_sql = array( + 'physical_filename' => $attachment_data['physical_filename'][$i], + 'real_filename' => $attachment_data['real_filename'][$i], + 'comment' => trim($attachment_data['comment'][$i]), + 'extension' => $attachment_data['extension'][$i], + 'mimetype' => $attachment_data['mimetype'][$i], + 'filesize' => $attachment_data['filesize'][$i], + 'filetime' => $attachment_data['filetime'][$i], + 'thumbnail' => $attachment_data['thumbnail'][$i] + ); + + $sql = 'INSERT INTO ' . ATTACHMENTS_DESC_TABLE . ' ' . $db->sql_build_array('INSERT', $attach_sql); + $db->sql_query($sql); + + $attach_sql = array( + 'attach_id' => $db->sql_nextid(), + 'post_id' => $post_id, + 'privmsgs_id' => 0, + 'user_id_from' => $user_id, + 'user_id_to' => 0 + ); + + $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $attach_sql); + $db->sql_query($sql); + } + } + + if (count($attachment_data['attach_id']) > 0) + { + $sql = "UPDATE " . POSTS_TABLE . " + SET post_attachment = 1 + WHERE post_id = " . $post_id; + $db->sql_query($sql); + + $sql = "UPDATE " . TOPICS_TABLE . " + SET topic_attachment = 1 + WHERE topic_id = " . $topic_id; + $db->sql_query($sql); + } + } +} + // Submit Post -function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_uid, $poll, $post_data) +function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_uid, $poll, $attachment_data, $post_data) { global $db, $auth, $user, $config, $phpEx, $SID, $template; @@ -673,8 +737,9 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ 'topic_type' => $topic_type, 'topic_approved' => (($post_data['enable_moderate']) && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', $post_data['forum_id'])) ? 0 : 1, 'icon_id' => $post_data['icon_id'], + 'topic_attachment' => (sizeof($attachment_data['physical_filename'])) ? 1 : 0, 'topic_poster' => intval($user->data['user_id']), - 'topic_first_poster_name' => ($username != '') ? stripslashes($username) : (($user->data['user_id'] == ANONYMOUS) ? '' : stripslashes($user->data['username'])), + 'topic_first_poster_name' => ($username != '') ? stripslashes($username) : (($user->data['user_id'] == ANONYMOUS) ? '' : stripslashes($user->data['username'])) ); if (!empty($poll['poll_options'])) @@ -682,9 +747,10 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ $topic_sql = array_merge($topic_sql, array( 'poll_title' => stripslashes($poll['poll_title']), 'poll_start' => ($poll['poll_start']) ? $poll['poll_start'] : $current_time, - 'poll_length' => $poll['poll_length'] * 3600 - )); + 'poll_length' => $poll['poll_length'] * 3600) + ); } + $sql = ($mode == 'post') ? 'INSERT INTO ' . TOPICS_TABLE . ' ' . $db->sql_build_array('INSERT', $topic_sql) : 'UPDATE ' . TOPICS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $topic_sql) . ' WHERE topic_id = ' . $post_data['topic_id']; $db->sql_query($sql); @@ -730,6 +796,13 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ submit_poll($post_data['topic_id'], $mode, $poll); } + // Attachments + if (!empty($attachment_data['physical_filename'])) + { + $poster_id = ($mode == 'edit') ? $post_data['poster_id'] : intval($user->data['user_id']); + submit_attachment($post_data['post_id'], $post_data['topic_id'], $poster_id, $mode, $attachment_data); + } + // Fulltext parse if ($mode != 'edit' || $post_data['message_md5'] != $post_data['post_checksum']) { @@ -818,7 +891,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ $mark_mode = ($mode == 'reply' || $mode == 'quote') ? 'post' : 'topic'; markread($mark_mode, $post_data['forum_id'], $post_data['topic_id'], $post_data['post_id']); - $db->sql_transaction('commit'); +// $db->sql_transaction('commit'); // Send Notifications if (($mode != 'edit') && ($mode != 'delete')) @@ -912,6 +985,9 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $post_data) $user_update_sql .= 'user_posts = user_posts - 1'; } + // Delete Attachment + delete_attachment($post_id); + // TODO: delete common words... maybe just call search_tidy ? // $search->del_words($post_id); @@ -993,4 +1069,678 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $post_data) return; } +// Delete Attachment +function delete_attachment($post_id_array = -1, $attach_id_array = -1, $page = -1, $user_id = -1) +{ + global $db; + + // Generate Array, if it's not an array + if ( ($post_id_array == -1) && ($attach_id_array == -1) && ($page == -1) ) + { + return; + } + + if ( ($post_id_array == -1) && ($attach_id_array != -1) ) + { + $post_id_array = array(); + + if (!is_array($attach_id_array)) + { + if (strstr($attach_id_array, ', ')) + { + $attach_id_array = explode(', ', $attach_id_array); + } + else if (strstr($attach_id_array, ',')) + { + $attach_id_array = explode(',', $attach_id_array); + } + else + { + $attach_id = intval($attach_id_array); + $attach_id_array = array(); + $attach_id_array[] = $attach_id; + } + } + + // Get the post_ids to fill the array + $p_id = ($page == 'privmsgs') ? 'privmsgs_id' : 'post_id'; + + $sql = "SELECT " . $p_id . " + FROM " . ATTACHMENTS_TABLE . " + WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") + GROUP BY " . $p_id; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $post_id_array[] = intval($row[$p_id]); + } + $db->sql_freeresult($result); + + if (count($post_id_array) == 0) + { + return; + } + } + + if (!is_array($post_id_array)) + { + if (trim($post_id_array) == '') + { + return; + } + + if (strstr($post_id_array, ', ')) + { + $post_id_array = explode(', ', $post_id_array); + } + else if (strstr($post_id_array, ',')) + { + $post_id_array = explode(',', $post_id_array); + } + else + { + $post_id = intval($post_id_array); + + $post_id_array = array(); + $post_id_array[] = $post_id; + } + } + + if (count($post_id_array) == 0) + { + return; + } + + // First of all, determine the post id and attach_id + if ($attach_id_array == -1) + { + $attach_id_array = array(); + + // Get the attach_ids to fill the array + $whereclause = ($page == 'privmsgs') ? 'WHERE privmsgs_id IN (' . implode(', ', $post_id_array) . ')' : 'WHERE post_id IN (' . implode(', ', $post_id_array) . ')'; + + $sql = "SELECT attach_id + FROM " . ATTACHMENTS_TABLE . " " . + $whereclause . " + GROUP BY attach_id"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $attach_id_array[] = intval($row['attach_id']); + } + $db->sql_freeresult($result); + + if (count($attach_id_array) == 0) + { + return; + } + } + + if (!is_array($attach_id_array)) + { + if (strstr($attach_id_array, ', ')) + { + $attach_id_array = explode(', ', $attach_id_array); + } + else if (strstr($attach_id_array, ',')) + { + $attach_id_array = explode(',', $attach_id_array); + } + else + { + $attach_id = intval($attach_id_array); + + $attach_id_array = array(); + $attach_id_array[] = $attach_id; + } + } + + if (count($attach_id_array) == 0) + { + return; + } + + if ($page == 'privmsgs') + { + $sql_id = 'privmsgs_id'; + if ($user_id != -1) + { + $post_id_array_2 = array(); + + $sql = "SELECT privmsgs_type, privmsgs_to_userid, privmsgs_from_userid + FROM " . PRIVMSGS_TABLE . " + WHERE privmsgs_id IN (" . implode(', ', $post_id_array) . ")"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + switch (intval($row['privmsgs_type'])) + { + case PRIVMSGS_READ_MAIL: + case PRIVMSGS_NEW_MAIL: + case PRIVMSGS_UNREAD_MAIL: + if ($row['privmsgs_to_userid'] == $user_id) + { + $post_id_array_2[] = $privmsgs_id; + } + break; + case PRIVMSGS_SENT_MAIL: + if ($row['privmsgs_from_userid'] == $user_id) + { + $post_id_array_2[] = $privmsgs_id; + } + break; + case PRIVMSGS_SAVED_OUT_MAIL: + if ($row['privmsgs_from_userid'] == $user_id) + { + $post_id_array_2[] = $privmsgs_id; + } + break; + case PRIVMSGS_SAVED_IN_MAIL: + if ($row['privmsgs_to_userid'] == $user_id) + { + $post_id_array_2[] = $privmsgs_id; + } + break; + } + } + $db->sql_freeresult($result); + $post_id_array = $post_id_array_2; + } + } + else + { + $sql_id = 'post_id'; + } + + $sql = "DELETE FROM " . ATTACHMENTS_TABLE . " + WHERE attach_id IN (" . implode(', ', $attach_id_array) . ") + AND " . $sql_id . " IN (" . implode(', ', $post_id_array) . ")"; + $db->sql_query($sql); + + foreach ($attach_id_array as $attach_id) + { + $sql = "SELECT attach_id + FROM " . ATTACHMENTS_TABLE . " + WHERE attach_id = " . $attach_id; + $select_result = $db->sql_query($sql); + + if (!is_array($db->sql_fetchrow($select_result))) + { + $sql = "SELECT attach_id, physical_filename, thumbnail + FROM " . ATTACHMENTS_DESC_TABLE . " + WHERE attach_id = " . $attach_id; + $result = $db->sql_query($sql); + + // delete attachments + while ($row = $db->sql_fetchrow($result)) + { + phpbb_unlink($row['physical_filename']); + if (intval($row['thumbnail']) == 1) + { + phpbb_unlink($row['physical_filename'], 'thumbnail'); + } + + $sql = "DELETE FROM " . ATTACHMENTS_DESC_TABLE . " + WHERE attach_id = " . $row['attach_id']; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + } + $db->sql_freeresult($select_result); + } + + // Now Sync the Topic/PM + if ($page == 'privmsgs') + { + foreach ($post_id_array as $privmsgs_id) + { + $sql = "SELECT attach_id + FROM " . ATTACHMENTS_TABLE . " + WHERE privmsgs_id = " . $privmsgs_id; + $select_result = $db->sql_query($sql); + + if (!is_array($db->sql_fetchrow($select_result))) + { + $sql = "UPDATE " . PRIVMSGS_TABLE . " + SET privmsgs_attachment = 0 + WHERE privmsgs_id = " . $privmsgs_id; + $db->sql_query($sql); + } + $db->sql_freeresult($select_result); + } + } + else + { + $sql = "SELECT topic_id + FROM " . POSTS_TABLE . " + WHERE post_id IN (" . implode(', ', $post_id_array) . ") + GROUP BY topic_id"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $topic_id = intval($row['topic_id']); + + $sql = "SELECT post_id + FROM " . POSTS_TABLE . " + WHERE topic_id = " . $topic_id . " + GROUP BY post_id"; + $result2 = $db->sql_query($sql); + + $post_ids = array(); + + while ($post_row = $db->sql_fetchrow($result2)) + { + $post_ids[] = intval($post_row['post_id']); + } + $db->sql_freeresult($result2); + + if (count($post_ids)) + { + $post_id_sql = implode(', ', $post_ids); + + $sql = "SELECT attach_id + FROM " . ATTACHMENTS_TABLE . " + WHERE post_id IN (" . $post_id_sql . ") "; + $select_result = $db->sql_query_limit($sql, 1); + $set_id = ( !is_array($db->sql_fetchrow($select_result))) ? 0 : 1; + $db->sql_freeresult($select_result); + + $sql = "UPDATE " . TOPICS_TABLE . " + SET topic_attachment = " . $set_id . " + WHERE topic_id = " . $topic_id; + $db->sql_query($sql); + + foreach ($post_ids as $post_id) + { + $sql = "SELECT attach_id + FROM " . ATTACHMENTS_TABLE . " + WHERE post_id = " . $post_id; + $select_result = $db->sql_query_limit($sql, 1); + $set_id = ( !is_array($db->sql_fetchrow($select_result))) ? 0 : 1; + $db->sql_freeresult($select_result); + + $sql = "UPDATE " . POSTS_TABLE . " + SET post_attachment = " . $set_id . " + WHERE post_id = " . $post_id; + $db->sql_query($sql); + } + } + } + $db->sql_freeresult($result); + } +} + +// Upload Attachment - filedata is generated here +function upload_attachment($filename) +{ + global $_POST, $_FILES, $auth, $user, $config, $db; + + $filedata = array(); + $filedata['error'] = false; + $filedata['err_msg'] = ''; + $filedata['post_attach'] = ($filename != '') ? true : false; + + if (!$filedata['post_attach']) + { + return ($filedata); + } + + $r_file = $filename; + $file = $_FILES['fileupload']['tmp_name']; + $filedata['mimetype'] = $_FILES['fileupload']['type']; + + // Opera add the name to the mime type + $filedata['mimetype'] = ( strstr($filedata['mimetype'], '; name') ) ? str_replace(strstr($filedata['mimetype'], '; name'), '', $filedata['mimetype']) : $filedata['mimetype']; + $filedata['extension'] = strrchr(strtolower($filename), '.'); + $filedata['extension'][0] = ' '; + $filedata['extension'] = strtolower(trim($filedata['extension'])); + $filedata['extension'] = (is_array($filedata['extension'])) ? '' : $filedata['extension']; + + $filedata['filesize'] = (!@filesize($file)) ? intval($_FILES['size']) : @filesize($file); + + $sql = "SELECT g.allow_group, g.max_filesize, g.cat_id + FROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e + WHERE (g.group_id = e.group_id) AND (e.extension = '" . $filedata['extension'] . "')"; + $result = $db->sql_query_limit($sql, 1); + + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $allowed_filesize = ( intval($row['max_filesize']) != 0 ) ? intval($row['max_filesize']) : intval($config['max_filesize']); + $cat_id = intval($row['cat_id']); + + // check Filename + if ( preg_match("/[\\/:*?\"<>|]/i", $filename) ) + { + $filedata['error'] = true; + $filedata['err_msg'] = sprintf($user->lang['INVALID_FILENAME'], $filename); + $filedata['post_attach'] = false; + return ($filedata); + } + + // check php upload-size + if ( ($file == 'none') ) + { + $filedata['error'] = true; + $filedata['err_msg'] = (@ini_get('upload_max_filesize') == '') ? $user->lang['ATTACHMENT_PHP_SIZE_NA'] : sprintf($user->lang['ATTACHMENT_PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); + $filedata['post_attach'] = false; + return ($filedata); + } + + // Check Extension + if (intval($row['allow_group']) == 0) + { + $filedata['error'] = true; + $filedata['err_msg'] = sprintf($user->lang['DISALLOWED_EXTENSION'], $filedata['extension']); + $filedata['post_attach'] = false; + return ($filedata); + } +/* + // Check Image Size, if it is an image + if ( (!$acl->gets('m_', 'a_')) && ($cat_id == IMAGE_CAT) ) + { + list($width, $height) = image_getdimension($file); + + if ( ($width != 0) && ($height != 0) && (intval($attach_config['img_max_width']) != 0) && (intval($attach_config['img_max_height']) != 0) ) + { + if ( ($width > intval($attach_config['img_max_width'])) || ($height > intval($attach_config['img_max_height'])) ) + { + $error = TRUE; + if(!empty($error_msg)) + { + $error_msg .= '<br />'; + } + $error_msg .= sprintf($lang['Error_imagesize'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height'])); + } + } + } +*/ + // check Filesize + if ( ($allowed_filesize != 0) && ($filedata['filesize'] > $allowed_filesize) && (!$acl->gets('m_', 'a_')) ) + { + $size_lang = ($allowed_filesize >= 1048576) ? $user->lang['MB'] : ( ($allowed_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); + + if ($allowed_filesize >= 1048576) + { + $allowed_filesize = round($allowed_filesize / 1048576 * 100) / 100; + } + else if($allowed_filesize >= 1024) + { + $allowed_filesize = round($allowed_filesize / 1024 * 100) / 100; + } + + $filedata['error'] = true; + $filedata['err_msg'] = sprintf($user->lang['ATTACHMENT_TOO_BIG'], $allowed_filesize, $size_lang); + $filedata['post_attach'] = false; + return ($filedata); + } + + // Check our complete quota + if ($config['attachment_quota'] != 0) + { + if ($config['total_filesize'] + $filedata['filesize'] > $config['attachment_quota']) + { + $filedata['error'] = true; + $filedata['err_msg'] = $user->lang['ATTACH_QUOTA_REACHED']; + $filedata['post_attach'] = false; + return ($filedata); + } + } + +/* + // If we are at Private Messaging, check our PM Quota + if ($this->page == PAGE_PRIVMSGS) + { + $to_user = ( isset($_POST['username']) ) ? $_POST['username'] : ''; + + if (intval($config['pm_filesize_limit']) != 0) + { + $total_filesize = get_total_attach_pm_filesize('from_user', $user->data['user_id']); + + if ( ($total_filesize + $filedata['filesize'] > intval($config['pm_filesize_limit'])) ) + { + $error = TRUE; + if(!empty($error_msg)) + { + $error_msg .= '<br />'; + } + $error_msg .= $lang['Attach_quota_sender_pm_reached']; + } + } + + // Check Receivers PM Quota + if ((!empty($to_user)) && ($userdata['user_level'] != ADMIN)) + { + $sql = "SELECT user_id + FROM " . USERS_TABLE . " + WHERE username = '" . $to_user . "'"; + $result = $db->sql_query($sql); + + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $user_id = intval($row['user_id']); + $u_data = get_userdata($user_id); + $this->get_quota_limits($u_data, $user_id); + + if (intval($attach_config['pm_filesize_limit']) != 0) + { + $total_filesize = get_total_attach_pm_filesize('to_user', $user_id); + + if ($total_filesize + $this->filesize > intval($attach_config['pm_filesize_limit'])) + { + $error = TRUE; + if(!empty($error_msg)) + { + $error_msg .= '<br />'; + } + $error_msg .= sprintf($lang['Attach_quota_receiver_pm_reached'], $to_user); + } + } + } + } +*/ + $filedata['thumbnail'] = 0; + + // Prepare Values + $filedata['filetime'] = time(); + $filedata['filename'] = stripslashes($r_file); + + $filedata['destination_filename'] = strtolower($filedata['filename']); + $filedata['destination_filename'] = $user->data['user_id'] . '_' . $filedata['filetime'] . '.' . $filedata['extension']; + + $filedata['filename'] = str_replace("'", "\'", $filedata['filename']); + +/* + // Do we have to create a thumbnail ? + if ( ($cat_id == IMAGE_CAT) && ($config['img_create_thumbnail']) ) + { + $this->thumbnail = 1; + } +*/ + + // Upload Attachment + if (!$config['use_ftp_upload']) + { + // Descide the Upload method + if ( @ini_get('open_basedir') ) + { + $upload_mode = 'move'; + } + else if ( @ini_get('safe_mode') ) + { + $upload_mode = 'move'; + } + else + { + $upload_mode = 'copy'; + } + } + else + { + $upload_mode = 'ftp'; + } + + // Ok, upload the File + $result = move_uploaded_attachment($upload_mode, $file, $filedata); + + if ($result != '') + { + $filedata['error'] = true; + $filedata['err_msg'] = $result; + $filedata['post_attach'] = false; + } + return ($filedata); +} + +// Move/Upload File - could be used for Avatars too ? +function move_uploaded_attachment($upload_mode, $source_filename, &$filedata) +{ + global $user, $config; + + $destination_filename = $filedata['destination_filename']; + $thumbnail = (isset($filedata['thumbnail'])) ? $filedata['thumbnail'] : false; + + switch ($upload_mode) + { + case 'copy': + + if ( !@copy($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) + { + if ( !@move_uploaded_file($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) + { + return (sprintf($user->lang['GENERAL_UPLOAD_ERROR'], './' . $config['upload_dir'] . '/' . $destination_filename)); + } + } + @chmod($config['upload_dir'] . '/' . $destination_filename, 0666); + break; + + case 'move': + if ( !@move_uploaded_file($source_filename, $config['upload_dir'] . '/' . $destination_filename) ) + { + if ( !@copy($source_file, $config['upload_dir'] . '/' . $destination_filename) ) + { + return (sprintf($user->lang['GENERAL_UPLOAD_ERROR'], './' . $config['upload_dir'] . '/' . $destination_filename)); + } + } + @chmod($config['upload_dir'] . '/' . $destination_filename, 0666); + break; + + case 'ftp': +/* + $conn_id = init_ftp(); + + // Binary or Ascii ? + $mode = FTP_BINARY; + if ( (preg_match("/text/i", $filedata['mimetype'])) || (preg_match("/html/i", $filedata['mimetype'])) ) + { + $mode = FTP_ASCII; + } + + $res = @ftp_put($conn_id, $destination_filename, $source_filename, $mode); + + if (!$res) + { + @ftp_quit($conn_id); + return (sprintf($user->lang['Ftp_error_upload'], $config['ftp_path'])); + } + + @ftp_site($conn_id, 'CHMOD 0644 ' . $destination_filename); + @ftp_quit($conn_id); + break; +*/ + } + + $filedata['thumbnail'] = 0; +/* if ($filedata['thumbnail']) + { + if ($upload_mode == 'ftp') + { + $source = $source_filename; + $destination = 'thumbs/t_' . $destination_filename; + } + else + { + $source = $config['upload_dir'] . '/' . $destination_filename; + $destination = phpbb_realpath($config['upload_dir']); + $destination .= '/thumbs/t_' . $destination_filename; + } + + if (!create_thumbnail($source, $destination, $filedata['mimetype'])) + { + if (!create_thumbnail($source_filename, $destination_filename, $filedata['mimetype'])) + { + $filedata['thumbnail'] = 0; + } + } + }*/ + return (''); +} + +// Deletes an Attachment +function phpbb_unlink($filename, $mode = false) +{ + global $config, $user; + + $config['use_ftp_upload'] = 0; + + if (!$config['use_ftp_upload']) + { + if ($mode == 'thumbnail') + { + $filename = $config['upload_dir'] . '/thumbs/t_' . $filename; + } + else + { + $filename = $config['upload_dir'] . '/' . $filename; + } + + $deleted = @unlink($filename); + + if (@file_exists($filename)) + { + $filesys = eregi_replace('/','\\', $filename); + $deleted = @system("del $filesys"); + + if (@file_exists($filename)) + { + $deleted = @chmod($filename, 0777); + $deleted = @unlink($filename); + $deleted = @system("del $filename"); + } + } + } + else + { +/* $conn_id = attach_init_ftp($mode); + + if ($mode == MODE_THUMBNAIL) + { + $filename = 't_' . $filename; + } + + $res = @ftp_delete($conn_id, $filename); + if (!$res) + { + if (ATTACH_DEBUG) + { + $add = ( $mode == MODE_THUMBNAIL ) ? ('/' . THUMB_DIR) : ''; + message_die(GENERAL_ERROR, sprintf($lang['Ftp_error_delete'], $attach_config['ftp_path'] . $add)); + } + + return ($deleted); + } + + @ftp_quit($conn_id); + + $deleted = TRUE;*/ + } + + return ($deleted); +} + ?>
\ No newline at end of file diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index da1f96c601..e18abd6ce1 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -31,7 +31,7 @@ class parse_message $this->message_mode = $message_type; } - function parse(&$message, $html, $bbcode, $uid, $url, $smilies, $attach) + function parse(&$message, $html, $bbcode, $uid, $url, $smilies) { global $config, $db, $user; @@ -84,7 +84,6 @@ class parse_message $warn_msg .= (($warn_msg != '') ? '<br />' : '') . $this->bbcode($message, $bbcode, $uid); $warn_msg .= (($warn_msg != '') ? '<br />' : '') . $this->emoticons($message, $smilies); $warn_msg .= (($warn_msg != '') ? '<br />' : '') . $this->magic_url($message, $url); - $warn_msg .= (($warn_msg != '') ? '<br />' : '') . $this->attach($_FILE, $attach); return $warn_msg; } @@ -176,10 +175,192 @@ class parse_message return; } - function attach($file_ary, $attach) + function parse_attachments($mode, $post_id, $submit, $preview, $refresh, &$attachment_data) { - global $config; + global $config, $_FILE, $_POST, $auth, $user; + + $config['max_attachments'] = 1; + + $error = false; + $error_msg = ''; + + $num_attachments = count($attachment_data['attach_id']); + $attachment_data['filecomment'] = ( isset($_POST['filecomment']) ) ? trim( strip_tags($_POST['filecomment'])) : ''; + $attachment_data['filename'] = ( $_FILES['fileupload']['name'] != 'none' ) ? trim($_FILES['fileupload']['name']) : ''; + + $add_file = ( isset($_POST['add_file']) ) ? true : false; + $delete_file = ( isset($_POST['delete_file']) ) ? true : false; + $edit_comment = ( isset($_POST['edit_comment']) ) ? true : false; + + if ( $submit && ($mode == 'post' || $mode == 'reply' || $mode == 'edit') && $attachment_data['filename'] != '') + { + if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') ) + { + $filedata = upload_attachment($attachment_data['filename']); + + if ($filedata['error']) + { + $error = true; + $error_msg .= (!empty($error_msg)) ? '<br />' . $filedata['err_msg'] : $filedata['err_msg']; + } + + if (($filedata['post_attach']) && (!$error)) + { + array_unshift($attachment_data['physical_filename'], $filedata['destination_filename']); + array_unshift($attachment_data['comment'], $attachment_data['filecomment']); + array_unshift($attachment_data['real_filename'], $filedata['filename']); + array_unshift($attachment_data['extension'], $filedata['extension']); + array_unshift($attachment_data['mimetype'], $filedata['mimetype']); + array_unshift($attachment_data['filesize'], $filedata['filesize']); + array_unshift($attachment_data['filetime'], $filedata['filetime']); + array_unshift($attachment_data['attach_id'], '-1'); + array_unshift($attachment_data['thumbnail'], $filedata['thumbnail']); + + $attachment_data['filecomment'] = ''; + + // This Variable is set to FALSE here, because the Attachment Mod enter Attachments into the + // Database in two modes, one if the id_list is -1 and the second one if post_attach is true + // Since post_attach is automatically switched to true if an Attachment got added to the filesystem, + // but we are assigning an id of -1 here, we have to reset the post_attach variable to FALSE. + // + // This is very relevant, because it could happen that the post got not submitted, but we do not + // know this circumstance here. We could be at the posting page or we could be redirected to the entered + // post. :) + $filedata['post_attach'] = false; + } + } + else + { + $error = true; + $error_msg .= (!empty($error_msg)) ? '<br />' : '' . sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $config['max_attachments']); + } + } + + if ($preview || $refresh || $error) + { + // Perform actions on temporary attachments + if ($delete_file) + { + // store old values + $actual_list = ( isset($_POST['attachment_list']) ) ? $_POST['attachment_list'] : array(); + $actual_comment_list = ( isset($_POST['comment_list']) ) ? $_POST['comment_list'] : array(); + $actual_filename_list = ( isset($_POST['filename_list']) ) ? $_POST['filename_list'] : array(); + $actual_extension_list = ( isset($_POST['extension_list']) ) ? $_POST['extension_list'] : array(); + $actual_mimetype_list = ( isset($_POST['mimetype_list']) ) ? $_POST['mimetype_list'] : array(); + $actual_filesize_list = ( isset($_POST['filesize_list']) ) ? $_POST['filesize_list'] : array(); + $actual_filetime_list = ( isset($_POST['filetime_list']) ) ? $_POST['filetime_list'] : array(); + $actual_id_list = ( isset($_POST['attach_id_list']) ) ? $_POST['attach_id_list'] : array(); + $actual_thumbnail_list = ( isset($_POST['attach_thumbnail_list']) ) ? $_POST['attach_thumbnail_list'] : array(); + + // clean values + + $attachment_data['physical_filename'] = array(); + $attachment_data['comment'] = array(); + $attachment_data['real_filename'] = array(); + $attachment_data['extension'] = array(); + $attachment_data['mimetype'] = array(); + $attachment_data['filesize'] = array(); + $attachment_data['filetime'] = array(); + $attachment_data['attach_id'] = array(); + $attachment_data['thumbnail'] = array(); + + // restore values :) + if( isset($_POST['attachment_list']) ) + { + for ($i = 0; $i < count($actual_list); $i++) + { + $restore = false; + if ($delete_file) + { + if (!isset($_POST['delete_file'][$actual_list[$i]])) + { + $restore = true; + } + } + + if ($restore) + { + $attachment_data['physical_filename'][] = $actual_list[$i]; + $attachment_data['comment'][] = $actual_comment_list[$i]; + $attachment_data['real_filename'][] = $actual_filename_list[$i]; + $attachment_data['extension'][] = $actual_extension_list[$i]; + $attachment_data['mimetype'][] = $actual_mimetype_list[$i]; + $attachment_data['filesize'][] = $actual_filesize_list[$i]; + $attachment_data['filetime'][] = $actual_filetime_list[$i]; + $attachment_data['attach_id'][] = $actual_id_list[$i]; + $attachment_data['thumbnail'][] = $actual_thumbnail_list[$i]; + } + else + { + // delete selected attachment + if ($actual_id_list[$i] == '-1') + { + phpbb_unlink($actual_list[$i]); + + if ($actual_thumbnail_list[$i] == 1) + { + phpbb_unlink('t_' . $actual_list[$i], 'thumbnail'); + } + } + else + { + delete_attachment($post_id, $actual_id_list[$i]); + } + } + } + } + } + else if ( ($edit_comment) || ($add_file) || ($preview) ) + { + if ($edit_comment) + { + $actual_comment_list = ( isset($_POST['comment_list']) ) ? $_POST['comment_list'] : ''; + + $attachment_data['comment'] = array(); + + for ($i = 0; $i < count($attachment_data['physical_filename']); $i++) + { + $attachment_data['comment'][$i] = $actual_comment_list[$i]; + } + } + + if ((($add_file) || ($preview) ) && ($attachment_data['filename'] != '') ) + { + if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') ) + { + $filedata = upload_attachment($attachment_data['filename']); + + if ($filedata['error']) + { + $error = true; + $error_msg .= (!empty($error_msg)) ? '<br />' . $filedata['err_msg'] : $filedata['err_msg']; + } + + if (!$error) + { + array_unshift($attachment_data['physical_filename'], $filedata['destination_filename']); + array_unshift($attachment_data['comment'], $attachment_data['filecomment']); + array_unshift($attachment_data['real_filename'], $filedata['filename']); + array_unshift($attachment_data['extension'], $filedata['extension']); + array_unshift($attachment_data['mimetype'], $filedata['mimetype']); + array_unshift($attachment_data['filesize'], $filedata['filesize']); + array_unshift($attachment_data['filetime'], $filedata['filetime']); + array_unshift($attachment_data['attach_id'], '-1'); + array_unshift($attachment_data['thumbnail'], $filedata['thumbnail']); + + $attachment_data['filecomment'] = ''; + } + } + else + { + $error = true; + $error_msg .= (!empty($error_msg)) ? '<br />' : '' . sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $config['max_attachments']); + } + } + } + } + return ($error_msg); } // Parse Poll diff --git a/phpBB/install/schemas/firebird_basic.sql b/phpBB/install/schemas/firebird_basic.sql index e6b2def9c2..82025c8a2b 100644 --- a/phpBB/install/schemas/firebird_basic.sql +++ b/phpBB/install/schemas/firebird_basic.sql @@ -20,6 +20,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_bbcode','1') INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_smilies','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_namechange','0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_attachments','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_topic_notify','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_forum_notify','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local','0'); @@ -81,6 +82,10 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_server', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('lastread', '432000'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize', '262144'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('attachment_quota', '52428800'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_attachments', '3'); +INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('upload_dir', 'files', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_users', '0', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_date', '0', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('newest_user_id', '2', 1); diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 5ccfd80bf7..b0ea7fec99 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -6,31 +6,52 @@ # -------------------------------------------------------- # -# Table structure for table 'phpbb_attach_desc' +# Table structure for table `phpbb_attachments` +# +CREATE TABLE phpbb_attachments ( + attach_id INTEGER DEFAULT 0 NOT NULL, + post_id INTEGER DEFAULT 0 NOT NULL, + privmsgs_id INTEGER DEFAULT 0 NOT NULL, + user_id_from INTEGER NOT NULL, + user_id_to INTEGER NOT NULL +); + +CREATE INDEX phpbb_attachments_attach_id ON phpbb_attachments (attach_id); +CREATE INDEX phpbb_attachments_post_id ON phpbb_attachments (post_id); +CREATE INDEX phpbb_attachments_privmsgs_id ON phpbb_attachments (privmsgs_id); + + +# -------------------------------------------------------- +# +# Table structure for table `phpbb_attach_desc` # CREATE TABLE phpbb_attach_desc ( - attach_id NUMERIC NOT NULL, - attach_filename VARCHAR(255) DEFAULT '' NOT NULL, + attach_id INTEGER NOT NULL, + physical_filename VARCHAR(255) NOT NULL, + real_filename VARCHAR(255) NOT NULL, download_count INTEGER DEFAULT 0 NOT NULL, - filename VARCHAR(255) DEFAULT '' NOT NULL, - comment VARCHAR(60), - mimetype VARCHAR(60), - filesize INTEGER DEFAULT 0 NOT NULL, - filetime INTEGER DEFAULT 0 NOT NULL, - PRIMARY KEY (attach_id) + comment VARCHAR(255) DEFAULT '', + extension VARCHAR(100), + mimetype VARCHAR(100), + filesize INTEGER NOT NULL, + filetime INTEGER DEFAULT 0 NOT NULL, + thumbnail SMALLINT DEFAULT 0 NOT NULL, + PRIMARY KEY (attach_id) ); CREATE GENERATOR phpbb_attach_desc_gen; SET GENERATOR phpbb_attach_desc_gen TO 0; +CREATE INDEX phpbb_attach_desc_filetime ON phpbb_attach_desc (filetime); +CREATE INDEX phpbb_attach_desc_physical_filename ON phpbb_attach_desc (physical_filename); +CREATE INDEX phpbb_attach_desc_filesize ON phpbb_attach_desc (filesize); CREATE TRIGGER phpbb_attach_desc_trig - FOR phpbb_attach_desc BEFORE INSERT + FOR phpbb_attach_desc BEFORE INSERT AS BEGIN IF (NEW.attach_id IS NULL) THEN - NEW.attach_id = GEN_ID(phpbb_attach_desc_gen, 1)| + NEW.attach_id = GEN_ID(phpbb_attach_desc_gen, 1)| END; - # -------------------------------------------------------- # # Table structure for table `phpbb_auth_groups` @@ -188,6 +209,74 @@ CREATE TRIGGER phpbb_disallow_trig # -------------------------------------------------------- # +# Table structure for table 'phpbb_extensions' +# +CREATE TABLE phpbb_extensions ( + extension_id INTEGER NOT NULL, + group_id INTEGER DEFAULT 0 NOT NULL, + extension VARCHAR(100) NOT NULL, + comment VARCHAR(100), + PRIMARY KEY (extension_id) +); + +CREATE GENERATOR phpbb_extensions_gen; +SET GENERATOR phpbb_extensions_gen TO 0; + +CREATE TRIGGER phpbb_extensions_trig + FOR phpbb_extensions BEFORE INSERT + AS BEGIN + IF (NEW.extension_id IS NULL) THEN + NEW.extension_id = GEN_ID(phpbb_extensions_gen, 1)| + END; + +# -------------------------------------------------------- +# +# Table structure for table 'phpbb_extension_groups' +# +CREATE TABLE phpbb_extension_groups ( + group_id INTEGER NOT NULL, + group_name VARCHAR(20) NOT NULL, + cat_id SMALLINT DEFAULT 0 NOT NULL, + allow_group SMALLINT DEFAULT 0 NOT NULL, + download_mode SMALLINT UNSIGNED DEFAULT 1 NOT NULL, + max_filesize INTEGER DEFAULT 0 NOT NULL, + PRIMARY KEY (group_id) +); + +CREATE GENERATOR phpbb_extension_groups_gen; +SET GENERATOR phpbb_extension_groups_gen TO 0; + +CREATE TRIGGER phpbb_extension_groups_trig + FOR phpbb_extension_groups BEFORE INSERT + AS BEGIN + IF (NEW.group_id IS NULL) THEN + NEW.group_id = GEN_ID(phpbb_extension_groups_gen, 1)| + END; + + +# -------------------------------------------------------- +# +# Table structure for table 'phpbb_forbidden_extensions' +# +CREATE TABLE phpbb_forbidden_extensions ( + extension_id INTEGER NOT NULL, + extension VARCHAR(100) NOT NULL, + PRIMARY KEY (extension_id) +); + +CREATE GENERATOR phpbb_forbidden_extensions_gen; +SET GENERATOR phpbb_forbidden_extensions_gen TO 0; + +CREATE TRIGGER phpbb_forbidden_extensions_trig + FOR phpbb_forbidden_extensions BEFORE INSERT + AS BEGIN + IF (NEW.extension_id IS NULL) THEN + NEW.extension_id = GEN_ID(phpbb_forbidden_extensions_gen, 1)| + END; + + +# -------------------------------------------------------- +# # Table structure for table 'phpbb_forums' # CREATE TABLE phpbb_forums ( @@ -329,7 +418,7 @@ CREATE TRIGGER phpbb_lang_trig FOR phpbb_lang BEFORE INSERT AS BEGIN IF (NEW.lang_id IS NULL) THEN - NEW.lang_id = GEN_ID(phpbb_icons_gen, 1)| + NEW.lang_id = GEN_ID(phpbb_lang_gen, 1)| END; @@ -460,7 +549,6 @@ CREATE TABLE phpbb_posts ( topic_id INTEGER DEFAULT 0 NOT NULL, forum_id SMALLINT DEFAULT 0 NOT NULL, poster_id INTEGER DEFAULT 0 NOT NULL, - attach_id INTEGER DEFAULT 0 NOT NULL, icon_id SMALLINT DEFAULT 1 NOT NULL, poster_ip VARCHAR(40) DEFAULT '' NOT NULL, post_time INTEGER DEFAULT 0 NOT NULL, @@ -476,6 +564,7 @@ CREATE TABLE phpbb_posts ( post_text BLOB SUB_TYPE 1 DEFAULT '' NOT NULL, post_checksum VARCHAR(32) DEFAULT '' NOT NULL, post_encoding VARCHAR(11) DEFAULT 'iso-8859-15' NOT NULL, + post_attachment SMALLINT DEFAULT 0 NOT NULL, bbcode_bitfield INTEGER DEFAULT 0 NOT NULL, bbcode_uid VARCHAR(10) DEFAULT '' NOT NULL, post_edit_time INTEGER DEFAULT 0 NOT NULL, @@ -503,7 +592,7 @@ CREATE TRIGGER phpbb_posts_trig # CREATE TABLE phpbb_privmsgs ( privmsgs_id INTEGER NOT NULL, - attach_id INTEGER DEFAULT 0 NOT NULL, + privmsgs_attachment SMALLINT DEFAULT 0 NOT NULL, privmsgs_type SMALLINT DEFAULT 0 NOT NULL, privmsgs_subject VARCHAR(60) DEFAULT 0 NOT NULL, privmsgs_from_userid INTEGER DEFAULT 0 NOT NULL, @@ -875,6 +964,7 @@ CREATE TABLE phpbb_topics ( topic_id INTEGER NOT NULL, forum_id INTEGER DEFAULT 0 NOT NULL, icon_id SMALLINT DEFAULT 1 NOT NULL, + topic_attachment SMALLINT DEFAULT 0 NOT NULL, topic_approved SMALLINT DEFAULT 1 NOT NULL, topic_reported SMALLINT DEFAULT 0 NOT NULL, topic_title VARCHAR(60) NOT NULL, diff --git a/phpBB/install/schemas/mysql_basic.sql b/phpBB/install/schemas/mysql_basic.sql index 040a269bd5..d36f91b022 100644 --- a/phpBB/install/schemas/mysql_basic.sql +++ b/phpBB/install/schemas/mysql_basic.sql @@ -20,6 +20,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_bbcode','1') INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_smilies','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_namechange','0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_attachments','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_topic_notify','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_forum_notify','1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local','0'); @@ -81,6 +82,10 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_server', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('lastread', '432000'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_filesize', '262144'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('attachment_quota', '52428800'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_attachments', '3'); +INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('upload_dir', 'files', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_users', '0', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_date', '0', 1); INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('newest_user_id', '2', 1); @@ -345,4 +350,52 @@ INSERT INTO phpbb_search_wordmatch (word_id, post_id, title_match) VALUES ( 3, 1 # -- reasons INSERT INTO phpbb_reports_reasons (reason_id, reason_priority, reason_name, reason_description) VALUES ( 1, 0, 'warez', 'The reported post contains links to pirated or illegal software.' ); -INSERT INTO phpbb_reports_reasons (reason_id, reason_priority, reason_name, reason_description) VALUES ( 2, 1, 'other', 'The reported post does not fit into any other category, please use the description field.' );
\ No newline at end of file +INSERT INTO phpbb_reports_reasons (reason_id, reason_priority, reason_name, reason_description) VALUES ( 2, 1, 'other', 'The reported post does not fit into any other category, please use the description field.' ); + +# -- forbidden_extensions +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (1,'php'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (2,'php3'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (3,'php4'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (4,'phtml'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (5,'pl'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (6,'asp'); +INSERT INTO phpbb_forbidden_extensions (extension_id, extension) VALUES (7,'cgi'); + +# -- extension_groups +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (1,'Images',1,1,1,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (2,'Archives',0,1,1,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (3,'Plain Text',0,0,1,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (4,'Documents',0,0,1,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (5,'Real Media',0,0,2,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (6,'Streams',2,0,1,0); +INSERT INTO phpbb_extension_groups (group_id, group_name, cat_id, allow_group, download_mode, max_filesize) VALUES (7,'Flash Files',3,0,1,0); + +# -- extensions +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (1, 1,'gif', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (2, 1,'png', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (3, 1,'jpeg', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (4, 1,'jpg', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (5, 1,'tif', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (6, 1,'tga', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (7, 2,'gtar', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (8, 2,'gz', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (9, 2,'tar', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (10, 2,'zip', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (11, 2,'rar', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (12, 2,'ace', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (13, 3,'txt', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (14, 3,'c', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (15, 3,'h', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (16, 3,'cpp', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (17, 3,'hpp', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (18, 3,'diz', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (19, 4,'xls', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (20, 4,'doc', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (21, 4,'dot', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (22, 4,'pdf', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (23, 4,'ai', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (24, 4,'ps', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (25, 4,'ppt', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (26, 5,'rm', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (27, 6,'wma', ''); +INSERT INTO phpbb_extensions (extension_id, group_id, extension, comment) VALUES (28, 7,'swf', ''); diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index 68da2f0bd3..d33466a82a 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -6,18 +6,37 @@ # -------------------------------------------------------- # -# Table structure for table 'phpbb_attach_desc' +# Table structure for table `phpbb_attachments` +# +CREATE TABLE phpbb_attachments ( + attach_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + post_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + privmsgs_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + user_id_from mediumint(8) NOT NULL, + user_id_to mediumint(8) NOT NULL, + KEY attach_id (attach_id) +); + + +# -------------------------------------------------------- +# +# Table structure for table `phpbb_attachments_desc` # CREATE TABLE phpbb_attach_desc ( attach_id mediumint(8) UNSIGNED NOT NULL auto_increment, - attach_filename varchar(255) NOT NULL, + physical_filename varchar(255) NOT NULL, + real_filename varchar(255) NOT NULL, download_count mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, - filename varchar(255) NOT NULL, - comment varchar(60), - mimetype varchar(60), + comment varchar(255), + extension varchar(100), + mimetype varchar(100), filesize int(20) NOT NULL, filetime int(11) DEFAULT '0' NOT NULL, - PRIMARY KEY (attach_id) + thumbnail tinyint(1) DEFAULT '0' NOT NULL, + PRIMARY KEY (attach_id), + KEY filetime (filetime), + KEY physical_filename (physical_filename(10)), + KEY filesize (filesize) ); @@ -136,6 +155,45 @@ CREATE TABLE phpbb_disallow ( # -------------------------------------------------------- # +# Table structure for table 'phpbb_extensions' +# +CREATE TABLE phpbb_extensions ( + extension_id mediumint(8) UNSIGNED NOT NULL auto_increment, + group_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + extension varchar(100) NOT NULL, + comment varchar(100), + PRIMARY KEY (extension_id) +); + + +# -------------------------------------------------------- +# +# Table structure for table 'phpbb_extension_groups' +# +CREATE TABLE phpbb_extension_groups ( + group_id mediumint(8) NOT NULL auto_increment, + group_name char(20) NOT NULL, + cat_id tinyint(2) DEFAULT '0' NOT NULL, + allow_group tinyint(1) DEFAULT '0' NOT NULL, + download_mode tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, + max_filesize int(20) DEFAULT '0' NOT NULL, + PRIMARY KEY (group_id) +); + + +# -------------------------------------------------------- +# +# Table structure for table 'phpbb_forbidden_extensions' +# +CREATE TABLE phpbb_forbidden_extensions ( + extension_id mediumint(8) UNSIGNED NOT NULL auto_increment, + extension varchar(100) NOT NULL, + PRIMARY KEY (extension_id) +); + + +# -------------------------------------------------------- +# # Table structure for table 'phpbb_forums' # CREATE TABLE phpbb_forums ( @@ -327,7 +385,6 @@ CREATE TABLE phpbb_posts ( topic_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, forum_id smallint(5) UNSIGNED DEFAULT '0' NOT NULL, poster_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, - attach_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, icon_id tinyint(4) UNSIGNED DEFAULT '1' NOT NULL, poster_ip varchar(40) NOT NULL, post_time int(11) DEFAULT '0' NOT NULL, @@ -343,6 +400,7 @@ CREATE TABLE phpbb_posts ( post_text text, post_checksum varchar(32) NOT NULL, post_encoding varchar(11) DEFAULT 'iso-8859-15' NOT NULL, + post_attachment tinyint(1) DEFAULT '0' NOT NULL, bbcode_bitfield int(11) UNSIGNED DEFAULT '0' NOT NULL, bbcode_uid varchar(10) NOT NULL, post_edit_time int(11), @@ -360,7 +418,7 @@ CREATE TABLE phpbb_posts ( # CREATE TABLE phpbb_privmsgs ( privmsgs_id mediumint(8) UNSIGNED NOT NULL auto_increment, - attach_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, + privmsgs_attachment tinyint(1) DEFAULT '0' NOT NULL, privmsgs_type tinyint(4) DEFAULT '0' NOT NULL, privmsgs_subject varchar(60) DEFAULT '0' NOT NULL, privmsgs_from_userid mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, @@ -636,6 +694,7 @@ CREATE TABLE phpbb_topics ( topic_id mediumint(8) UNSIGNED NOT NULL auto_increment, forum_id smallint(8) UNSIGNED DEFAULT '0' NOT NULL, icon_id tinyint(4) UNSIGNED DEFAULT '1' NOT NULL, + topic_attachment tinyint(1) DEFAULT '0' NOT NULL, topic_approved tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, topic_reported tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, topic_title varchar(60) NOT NULL, diff --git a/phpBB/language/en/lang_admin.php b/phpBB/language/en/lang_admin.php index fe41659f18..1d2a46e491 100644 --- a/phpBB/language/en/lang_admin.php +++ b/phpBB/language/en/lang_admin.php @@ -500,6 +500,7 @@ $lang = array_merge($lang, array( 'Max_sig_length' => 'Maximum signature length', 'Max_sig_length_explain' => 'Maximum number of characters in user signatures', 'Allow_name_change' => 'Allow Username changes', + 'ALLOW_ATTACHMENTS' => 'Allow Attachments', 'Forum_admin_explain' => 'In phpBB 2.2 there are no categories, everything is forum based. Each forum can have an unlimited number of sub-forums and you can determine whether each may be posted to or not (i.e. whether it acts like an old category). Here you can add, edit, delete, lock, unlock individual forums as well as set certain additional controls. If your posts and topics have got out of sync you can also resynchronise a forum.', diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index e0bb5b76b4..45558ec92f 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -391,6 +391,9 @@ $lang = array( 'ADD_FILE' => 'Add File', 'FILENAME' => 'Filename', 'FILE_COMMENT' => 'File comment', + 'POSTED_ATTACHMENTS' => 'Posted attachments', + 'UPDATE_COMMENT' => 'Update comment', + 'DELETE_FILE' => 'Delete File', 'DISABLE_HTML' => 'Disable HTML', 'DISABLE_BBCODE' => 'Disable BBCode', 'DISABLE_SMILIES' => 'Disable Smilies', @@ -626,6 +629,19 @@ $lang = array( 'Password_activated' => 'Your account has been re-activated. To logon please use the password supplied in the email you received', + 'GENERAL_UPLOAD_ERROR' => 'Upload Error: Could not upload Attachment to %s', + 'TOO_MANY_ATTACHMENTS' => 'Attachment cannot be added, since the max. number of %d Attachments in this post was achieved', + 'INVALID_FILENAME' => '%s is an invalid filename', + 'ATTACHMENT_PHP_SIZE_NA' => 'The Attachment is too big.<br />Couldn\'t get the maximum Size defined in PHP.<br />The Attachment Mod is unable to determine the maximum Upload Size defined in the php.ini file.', + 'ATTACHMENT_PHP_SIZE_OVERRUN' => 'The Attachment is too big.<br />Maximum Upload Size: %d MB.<br />Please note that this Size is defined in php.ini, this means it\'s set by PHP and the Attachment Mod can not override this value.', + 'DISALLOWED_EXTENSION' => 'The Extension %s is not allowed', + 'BYTES' => 'Bytes', + 'KB' => 'KB', + 'MB' => 'MB', + 'ATTACHMENT_TOO_BIG' => 'The Attachment is too big.<br />Max Size: %1d %2s', + 'ATTACH_QUOTA_REACHED' => 'Sorry, but the maximum filesize for all Attachments is reached. Please contact the Board Administrator if you have questions.', + + 'FIND_USERNAME' => 'Find a member', 'FIND_USERNAME_EXPLAIN' => 'Use this form to search for specific members. You do not need to fill out all fields. To match partial data use * as a wildcard. When entering dates use the format yyyy-mm-dd, e.g. 2002-01-01. Use the mark checkboxes to select one or more usernames (several usernames may be accepted depending on the form itself). Alternatively you can mark the users required and click the Insert Marked button.', 'NO_MEMBERS' => 'No members found for this search criteria', diff --git a/phpBB/posting.php b/phpBB/posting.php index 448a1e5c49..845411be7f 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -80,7 +80,9 @@ $cancel = (isset($_POST['cancel'])) ? true : false; $confirm = (isset($_POST['confirm'])) ? true : false; $delete = (isset($_POST['delete'])) ? true : false; -if (($delete) && (!$preview) && ($submit)) +$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']); + +if (($delete) && (!$preview) && (!$refresh) && ($submit)) { $mode = 'delete'; } @@ -103,7 +105,7 @@ $forum_fields = array('forum_name' => 's', 'parent_id' => 'i', 'forum_parents' = $topic_fields = array('topic_status' => 'i', 'topic_first_post_id' => 'i', 'topic_last_post_id' => 'i', 'topic_type' => 'i', 'topic_title' => 's', 'poll_last_vote' => 'i', 'poll_start' => 'i', 'poll_title' => 's', 'poll_length' => 'i'); -$post_fields = array('post_time' => 'i', 'poster_id' => 'i', 'post_username' => 's', 'post_text' => 's', 'post_subject' => 's', 'post_checksum' => 's', 'bbcode_uid' => 's', 'enable_magic_url' => 'i', 'enable_sig' => 'i', 'enable_smilies' => 'i', 'enable_bbcode' => 'i'); +$post_fields = array('post_time' => 'i', 'poster_id' => 'i', 'post_username' => 's', 'post_text' => 's', 'post_subject' => 's', 'post_checksum' => 's', 'post_attachment' => 'i', 'bbcode_uid' => 's', 'enable_magic_url' => 'i', 'enable_sig' => 'i', 'enable_smilies' => 'i', 'enable_bbcode' => 'i'); switch ($mode) { @@ -247,6 +249,46 @@ if ($sql != '') $db->sql_freeresult($result); } + $attachment_data = array(); + + $attachment_data['filecomment'] = ( isset($_POST['filecomment']) ) ? trim( strip_tags($_POST['filecomment'])) : ''; + $attachment_data['filename'] = ( $_FILES['fileupload']['name'] != 'none' ) ? trim($_FILES['fileupload']['name']) : ''; + + // Get Attachment Data + $attachment_data['physical_filename'] = ( isset($_POST['attachment_list']) ) ? $_POST['attachment_list'] : array(); + $attachment_data['comment'] = ( isset($_POST['comment_list']) ) ? $_POST['comment_list'] : array(); + $attachment_data['real_filename'] = ( isset($_POST['filename_list']) ) ? $_POST['filename_list'] : array(); + $attachment_data['extension'] = ( isset($_POST['extension_list']) ) ? $_POST['extension_list'] : array(); + $attachment_data['mimetype'] = ( isset($_POST['mimetype_list']) ) ? $_POST['mimetype_list'] : array(); + $attachment_data['filesize'] = ( isset($_POST['filesize_list']) ) ? $_POST['filesize_list'] : array(); + $attachment_data['filetime'] = ( isset($_POST['filetime_list']) ) ? $_POST['filetime_list'] : array(); + $attachment_data['attach_id'] = ( isset($_POST['attach_id_list']) ) ? $_POST['attach_id_list'] : array(); + $attachment_data['thumbnail'] = ( isset($_POST['attach_thumbnail_list']) ) ? $_POST['attach_thumbnail_list'] : array(); + + if (($post_attachment) && (!$submit) && (!$refresh) && (!$preview) && ($mode == 'edit')) + { + $sql = "SELECT d.* + FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d + WHERE a.post_id = " . $post_id . " + AND a.attach_id = d.attach_id + ORDER BY d.filetime DESC"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $attachment_data['attach_id'][] = intval($row['attach_id']); + $attachment_data['physical_filename'][] = trim($row['physical_filename']); + $attachment_data['comment'][] = trim($row['comment']); + $attachment_data['real_filename'][] = trim($row['real_filename']); + $attachment_data['extension'][] = trim($row['extension']); + $attachment_data['mimetype'][] = trim($row['mimetype']); + $attachment_data['filesize'][] = intval($row['filesize']); + $attachment_data['filetime'][] = intval($row['filetime']); + $attachment_data['thumbnail'][] = intval($row['thumbnail']); + } + $db->sql_freeresult($result); + } + if (($poster_id == ANONYMOUS) || (!$poster_id)) { $username = ($post_validate) ? trim($post_username) : ''; @@ -290,6 +332,7 @@ $perm = array( 'u_delete' => $auth->acl_get('f_delete', $forum_id), + 'f_attach' => $auth->acl_get('f_attach', 'a_', $forum_id), 'f_news' => $auth->acl_gets('f_news', 'm_', 'a_', $forum_id), 'f_announce' => $auth->acl_gets('f_announce', 'm_', 'a_', $forum_id), 'f_sticky' => $auth->acl_gets('f_sticky', 'm_', 'a_', $forum_id), @@ -383,7 +426,7 @@ if ($mode == 'delete') trigger_error('USER_CANNOT_DELETE'); } -if (($submit) || ($preview)) +if (($submit) || ($preview) || ($refresh)) { $topic_cur_post_id = (isset($_POST['topic_cur_post_id'])) ? intval($_POST['topic_cur_post_id']) : false; $subject = (!empty($_POST['subject'])) ? trim(htmlspecialchars(strip_tags($_POST['subject']))) : ''; @@ -440,13 +483,18 @@ if (($submit) || ($preview)) if ($mode != 'edit' || $message_md5 != $post_checksum) { // Parse message - if (($result = $message_parser->parse($message, $enable_html, $enable_bbcode, $bbcode_uid, $enable_urls, $enable_smilies, false)) != '') + if (($result = $message_parser->parse($message, $enable_html, $enable_bbcode, $bbcode_uid, $enable_urls, $enable_smilies)) != '') { $err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result; } } - if (($mode != 'edit') && (!$preview)) + if (($result = $message_parser->parse_attachments($mode, $post_id, $submit, $preview, $refresh, $attachment_data)) != '') + { + $err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result; + } + + if (($mode != 'edit') && (!$preview) && (!$refresh)) { // Flood check $where_sql = ($user->data['user_id'] == ANONYMOUS) ? "poster_ip = '$user->ip'" : 'poster_id = ' . $user->data['user_id']; @@ -550,7 +598,7 @@ if (($submit) || ($preview)) 'notify_set' => $notify_set ); - submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_uid, $poll, $post_data); + submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_uid, $poll, $attachment_data, $post_data); } $post_text = stripslashes($message); @@ -604,12 +652,12 @@ $poll_options_tmp = implode("\n", $poll_options); decode_text($poll_options_tmp); $poll_options = explode("\n", $poll_options_tmp); -if (($mode == 'quote') && (!$preview)) +if (($mode == 'quote') && (!$preview) && (!$refresh)) { $post_text = ' [quote' . ( (empty($username)) ? ']' : '="' . addslashes(trim($username)) . '"]') . trim($post_text) . '[/quote] '; } -if ( (($mode == 'reply') || ($mode == 'quote')) && (!$preview) ) +if ( (($mode == 'reply') || ($mode == 'quote')) && (!$preview) && (!$refresh)) { $post_subject = ( ( !preg_match('/^Re:/', $post_subject) ) ? 'Re: ' : '' ) . $post_subject; } @@ -703,6 +751,7 @@ generate_forum_nav($forum_data); $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $topic_last_post_id . '" />' : ''; $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . time() . '" />'; +$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments']) ? '' : 'enctype="multipart/form-data"'; // Start assigning vars for main posting page ... $template->assign_vars(array( @@ -752,13 +801,14 @@ $template->assign_vars(array( 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? 'checked="checked"' : '', 'S_TYPE_TOGGLE' => $topic_type_toggle, 'S_SAVE_ALLOWED' => ($perm['f_save']) ? true : false, - + 'S_FORM_ENCTYPE' => $form_enctype, + 'S_POST_ACTION' => $s_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); // Poll entry -if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_gets('m_edit', 'a_', $forum_id)) )) +if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($perm['m_edit']) )) { $template->assign_vars(array( 'S_SHOW_POLL_BOX' => true, @@ -772,6 +822,60 @@ if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_pos ); } +// Attachment entry +if (($perm['f_attach']) || ($perm['m_edit'])) +{ + $template->assign_vars(array( + 'S_SHOW_ATTACH_BOX' => true) + ); + + if (count($attachment_data['physical_filename']) > 0) + { + $template->assign_vars(array( + 'S_HAS_ATTACHMENTS' => true) + ); + + for ($i = 0; $i < count($attachment_data['physical_filename']); $i++) + { + $attachment_data['real_filename'][$i] = stripslashes($attachment_data['real_filename'][$i]); + + $hidden = '<input type="hidden" name="attachment_list[]" value="' . $attachment_data['physical_filename'][$i] . '" />'; + $hidden .= '<input type="hidden" name="filename_list[]" value="' . $attachment_data['real_filename'][$i] . '" />'; + $hidden .= '<input type="hidden" name="extension_list[]" value="' . $attachment_data['extension'][$i] . '" />'; + $hidden .= '<input type="hidden" name="mimetype_list[]" value="' . $attachment_data['mimetype'][$i] . '" />'; + $hidden .= '<input type="hidden" name="filesize_list[]" value="' . $attachment_data['filesize'][$i] . '" />'; + $hidden .= '<input type="hidden" name="filetime_list[]" value="' . $attachment_data['filetime'][$i] . '" />'; + $hidden .= '<input type="hidden" name="attach_id_list[]" value="' . $attachment_data['attach_id'][$i] . '" />'; + $hidden .= '<input type="hidden" name="attach_thumbnail_list[]" value="' . $attachment_data['thumbnail'][$i] . '" />'; + + if ( $attachment_data['attach_id'][$i] == '-1' ) + { + $download_link = $config['upload_dir'] . '/' . $attachment_data['physical_filename'][$i]; + } + else + { + $download_link = $phpbb_root_path . "download." . $phpEx . "$SID?id=" . $attachment_data['attach_id'][$i]; + } + + $template->assign_block_vars('attach_row', array( + 'FILENAME' => $attachment_data['real_filename'][$i], + 'ATTACH_FILENAME' => $attachment_data['physical_filename'][$i], + 'FILE_COMMENT' => stripslashes(htmlspecialchars($attachment_data['comment'][$i])), + 'ATTACH_ID' => $attachment_data['attach_id'][$i], + + 'U_VIEW_ATTACHMENT' => $download_link, + 'S_HIDDEN' => $hidden) + ); + } + } + + $template->assign_vars(array( + 'FILE_COMMENT' => stripslashes(htmlspecialchars($attachment_data['filecomment'])), + 'FILESIZE' => $config['max_filesize'], + 'FILENAME' => $attachment_data['filename']) + ); +} + // Output page ... include($phpbb_root_path . 'includes/page_header.'.$phpEx); diff --git a/phpBB/templates/subSilver/posting_attach_body.html b/phpBB/templates/subSilver/posting_attach_body.html new file mode 100644 index 0000000000..348a2eb698 --- /dev/null +++ b/phpBB/templates/subSilver/posting_attach_body.html @@ -0,0 +1,36 @@ + + <tr> + <th colspan="2">{L_ADD_ATTACHMENT}</th> + </tr> + <tr> + <td class="row3" colspan="2"><span class="gensmall">{L_ADD_ATTACHMENT_EXPLAIN}</span></td> + </tr> + + <tr> + <td class="row1"><b class="gen">{L_FILENAME}</b></td> + <td class="row2"><input class="post" type="file" name="fileupload" size="40" maxlength="{FILESIZE}" value="{FILENAME}" /></td> + </tr> + <tr> + <td class="row1"><b class="gen">{L_FILE_COMMENT}</b></td> + <td class="row2"><textarea class="post" name="filecomment" rows="3" cols="35" wrap="virtual" size="40">{FILE_COMMENT}</textarea> + <input class="liteoption" type="submit" name="add_file" value="{L_ADD_FILE}" /></td> + </tr> + + <!-- IF S_HAS_ATTACHMENTS --> + <tr> + <th colspan="2">{L_POSTED_ATTACHMENTS}</th> + </tr> + + <!-- BEGIN attach_row --> + <tr> + <td class="row1"><b class="gen">{L_FILENAME}</b></td> + <td class="row2"><a class="gen" href="{attach_row.U_VIEW_ATTACHMENT}" target="_blank">{attach_row.FILENAME}</a></td> + </tr> + <tr> + <td class="row1"><b class="gen">{L_FILE_COMMENT}</b></td> + <td class="row2"><textarea class="post" name="comment_list[]" rows="3" cols="35" wrap="virtual" size=40>{attach_row.FILE_COMMENT}</textarea> <input class="liteoption" type="submit" name="edit_comment[{attach_row.ATTACH_FILENAME}]" value="{L_UPDATE_COMMENT}" /> <input class="liteoption" type="submit" name="delete_file[{attach_row.ATTACH_FILENAME}]" value="{L_DELETE_FILE}" /></td> + </tr> + {attach_row.S_HIDDEN} + <!-- END attach_row --> + + <!-- ENDIF --> diff --git a/phpBB/templates/subSilver/posting_body.html b/phpBB/templates/subSilver/posting_body.html index 192a902ac3..11cc8ba617 100644 --- a/phpBB/templates/subSilver/posting_body.html +++ b/phpBB/templates/subSilver/posting_body.html @@ -37,7 +37,7 @@ function checkForm() </script> <script language="javascript" type="text/javascript" src="templates/subSilver/editor.js"></script> -<form action="{S_POST_ACTION}" method="post" name="post" onsubmit="return checkForm(this)"> +<form action="{S_POST_ACTION}" method="post" name="post" onsubmit="return checkForm(this)" {S_FORM_ENCTYPE}> <table width="100%" cellspacing="2" cellpadding="2" border="0" align="center"> <tr> <td colspan="2" align="left" valign="bottom"><a class="titles" href="{U_VIEW_FORUM}" title="{FORUM_DESC}">{FORUM_NAME}</a><!-- IF TOPIC_TITLE --> :: <a class="titles" href="{U_VIEWTOPIC}">{TOPIC_TITLE}</a><!-- ENDIF --><br /><b class="gensmall">{L_MODERATORS}: {MODERATORS}</b><br /><br /><b class="gensmall">{LOGGED_IN_USER_LIST}</b></td> @@ -210,41 +210,11 @@ function checkForm() <!-- ENDIF --> </table></td> </tr> - <!-- IF S_SHOW_POLL_BOX --> - <!-- INCLUDE posting_poll_body.html --> - <!-- ENDIF --> <!-- IF S_SHOW_ATTACH_BOX --> - <tr> - <th colspan="2">{L_ADD_ATTACHMENT}</th> - </tr> - <tr> - <td class="row3" colspan="2"><span class="gensmall">{L_ADD_ATTACHMENT_EXPLAIN}</span></td> - </tr> - - <tr> - <td class="row1"><span class="gen"><b>{L_FILENAME}</b></span></td> - <td class="row2"><input class="post" type="file" name="fileupload" size="50" value="{FILENAME}"></td> - </tr> - <tr> - <td class="row1"><span class="gen"><b>{L_FILE_COMMENT}</b></span></td> - <td class="row2"><input class="post" type="text" name="filecomment" size="40" maxlength="60" value="{FILE_COMMENT}" /> <input class="liteoption" type="submit" name="add_attachment" value="{L_ADD_FILE}" /></td> - </tr> - <!-- IF S_HAS_ATTACHMENTS --> - <tr> - <th colspan="2">{L_POSTED_ATTACHMENTS}</th> - </tr> - <!-- BEGIN attach_row --> - <tr> - <td class="row1"><span class="gen"><b>{L_FILE_NAME}</b></span></td> - <td class="row2"><span class="gen"><a class="gen" href="{attach_row.U_VIEW_ATTACHMENT}" target="_blank">{attach_row.FILE_NAME}</a></span></td> - </tr> - <tr> - <td class="row1"><span class="gen"><b>{L_FILE_COMMENT}</b></span></td> - <td class="row2"><input type="text" name="comment_list[]" size="40" class="post" maxlength="60" value="{attach_row.FILE_COMMENT}" /> <input type="submit" name="edit_comment[{attach_row.ATTACH_FILENAME}]" value="{L_UPDATE_COMMENT}" class="liteoption" /> <input type="submit" name="del_attachment[{attach_row.ATTACH_FILENAME}]" value="{L_DELETE_ATTACHMENT}" class="liteoption" /></td> - </tr> - {attach_row.S_HIDDEN} - <!-- END attach_row --> + <!-- INCLUDE posting_attach_body.html --> <!-- ENDIF --> + <!-- IF S_SHOW_POLL_BOX --> + <!-- INCLUDE posting_poll_body.html --> <!-- ENDIF --> <tr> <td class="cat" colspan="2" align="center">{S_HIDDEN_FIELDS}<input class="liteoption" type="submit" tabindex="5" name="preview" value="{L_PREVIEW}" /> <input class="mainoption" type="submit" accesskey="s" tabindex="6" name="post" value="{L_SUBMIT}" /><!-- IF S_SAVE_ALLOWED --> <input class="liteoption" type="submit" accesskey="k" tabindex="8" name="save" value="{L_SAVE}" /><!-- ENDIF --> <input class="liteoption" type="submit" accesskey="c" tabindex="7" name="cancel" value="{L_CANCEL}" /></td> |