diff options
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/download.php | 374 | ||||
-rw-r--r-- | phpBB/includes/functions.php | 1 | ||||
-rw-r--r-- | phpBB/includes/functions_posting.php | 6 | ||||
-rw-r--r-- | phpBB/includes/message_parser.php | 8 | ||||
-rw-r--r-- | phpBB/includes/template.php | 25 | ||||
-rw-r--r-- | phpBB/language/en/lang_main.php | 5 | ||||
-rw-r--r-- | phpBB/posting.php | 24 | ||||
-rw-r--r-- | phpBB/templates/subSilver/viewtopic_attach_body.html | 38 | ||||
-rw-r--r-- | phpBB/templates/subSilver/viewtopic_body.html | 2 | ||||
-rw-r--r-- | phpBB/viewtopic.php | 308 |
10 files changed, 731 insertions, 60 deletions
diff --git a/phpBB/download.php b/phpBB/download.php new file mode 100644 index 0000000000..f20612d58b --- /dev/null +++ b/phpBB/download.php @@ -0,0 +1,374 @@ +<?php +/*************************************************************************** + * download.php + * ------------------- + * begin : Thu, Apr 10, 2003 + * copyright : (C) 2003 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + ***************************************************************************/ + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + ***************************************************************************/ + + +if ( defined('IN_PHPBB') ) +{ + die('Hacking attempt'); + exit; +} + +define('IN_PHPBB', true); +$phpbb_root_path = './'; +include($phpbb_root_path . 'extension.inc'); +include($phpbb_root_path . 'common.'.$phpEx); + +// +// Delete the / * to uncomment the block, and edit the values (read the comments) to +// enable additional security to your board (preventing third site linkage) +// +/* +define('ALLOWED_DENIED', 0); +define('DENIED_ALLOWED', 1); + +// +// From this line on you are able to edit the stuff +// + +// Possible Values: +// ALLOWED_DENIED <- First allow the listed sites, and then deny all others +// DENIED_ALLOWED <- First deny the listed sites, and then allow all others +$allow_deny_order = ALLOWED_DENIED; + +// +// Allowed Syntax: +// Full Domain Name -> www.opentools.de +// Partial Domain Names -> opentools.de +// +$sites = array( + $config['server_name'], // This is your domain + 'phpbb.com' +); + +// This is the message displayed, if someone links to this site... +$lang['Denied_Message'] = 'You are not authorized to view, download or link to this Site.'; + +// End of editable area + +// +// Parse the order and evaluate the array +// + +$site = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']); +$url = trim($site[0]); +//$url = $HTTP_HOST; + +if ($url != '') +{ + $allowed = ($allow_deny_order == ALLOWED_DENIED) ? FALSE : TRUE; + + for ($i = 0; $i < count($sites); $i++) + { + if (strstr($url, $sites[$i])) + { + $allowed = ($allow_deny_order == ALLOWED_DENIED) ? TRUE : FALSE; + break; + } + } +} +else +{ + $allowed = TRUE; +} + +if ($allowed == FALSE) +{ + trigger_error($lang['Denied_Message']); +} + +// Delete the following line, to uncomment this block +*/ + +$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : -1; +$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : false; + +function send_file_to_browser($real_filename, $mimetype, $physical_filename, $upload_dir, $attach_id) +{ + global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config; + + if ($config['upload_dir'] == '') + { + $filename = $physical_filename; + } + else + { + $filename = $config['upload_dir'] . '/' . $physical_filename; + } + + $gotit = FALSE; + + if (!intval($config['allow_ftp_upload'])) + { + if (@!file_exists($filename)) + { + trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); + } + else + { + $gotit = TRUE; + } + } + + // Determine the Browser the User is using, because of some nasty incompatibilities. + // borrowed from phpMyAdmin. :) + if (!empty($_SERVER['HTTP_USER_AGENT'])) + { + $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; + } + else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) + { + $HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT']; + } + else if (!isset($HTTP_USER_AGENT)) + { + $HTTP_USER_AGENT = ''; + } + + if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[2]; + $browser_agent = 'opera'; + } + else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[1]; + $browser_agent = 'ie'; + } + else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[1]; + $browser_agent = 'omniweb'; + } + else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[1]; + $browser_agent = 'netscape'; + } + else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[1]; + $browser_agent = 'mozilla'; + } + else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) + { + $browser_version = $log_version[1]; + $browser_agent = 'konqueror'; + } + else + { + $browser_version = 0; + $browser_agent = 'other'; + } + + // Correct the Mime Type, if it's an octetstream + if ( ($mimetype == 'application/octet-stream') || ($mimetype == 'application/octetstream') ) + { + if ( ($browser_agent == 'ie') || ($browser_agent == 'opera') ) + { + $mimetype = 'application/octetstream'; + } + else + { + $mimetype = 'application/octet-stream'; + } + } + + // Now the tricky part... let's dance + @ob_end_clean(); + @ini_set('zlib.output_compression', 'Off'); + header('Pragma: public'); + header('Content-Transfer-Encoding: none'); + + // Send out the Headers + if ($browser_agent == 'ie') + { + header('Content-Type: ' . $mimetype); + header('Content-Disposition: inline; filename="' . $real_filename . '"'); + } + else + { + header('Content-Type: ' . $mimetype . '; name="' . $real_filename . '"'); + header('Content-Disposition: attachment; filename=' . $real_filename); + } + + // Now send the File Contents to the Browser + if ($gotit) + { + $size = @filesize($filename); + if ($size) + { + header("Content-length: $size"); + } + readfile($filename); + } +/* else if ((!$gotit) && (intval($config['allow_ftp_upload']))) + { + $conn_id = attach_init_ftp(); + + $tmp_path = ( !@ini_get('safe_mode') ) ? '/tmp' : $config['upload_dir'] . '/tmp'; + $tmp_filename = @tempnam($tmp_path, 't0000'); + + @unlink($tmp_filename); + + $mode = FTP_BINARY; + if ( (preg_match("/text/i", $mimetype)) || (preg_match("/html/i", $mimetype)) ) + { + $mode = FTP_ASCII; + } + + $result = @ftp_get($conn_id, $tmp_filename, $filename, $mode); + + if (!$result) + { + trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); + } + + @ftp_quit($conn_id); + + $size = @filesize($tmp_filename); + if ($size) + { + header("Content-length: $size"); + } + readfile($tmp_filename); + @unlink($tmp_filename); + }*/ + else + { + trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); + } + + exit; +} + +// Start session management +$user->start(); +$user->setup(); +$auth->acl($user->data); + +if ($download_id == -1) +{ + trigger_error('NO_ATTACHMENT_SELECTED'); +} + +if (!$config['allow_attachments']) +{ + trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); +} + +$sql = 'SELECT * + FROM ' . ATTACHMENTS_DESC_TABLE . ' + WHERE attach_id = ' . intval($download_id); +$result = $db->sql_query($sql); + +if (!$attachment = $db->sql_fetchrow($result)) +{ + trigger_error('ERROR_NO_ATTACHMENT'); +} + +// get forum_id for attachment authorization or private message authorization +$authorised = FALSE; + +// Additional query, because of more than one attachment assigned to posts and private messages +$sql = "SELECT a.*, p.forum_id + FROM " . ATTACHMENTS_TABLE . " a, " . POSTS_TABLE . " p + WHERE a.attach_id = " . $attachment['attach_id'] . " + AND (a.post_id = p.post_id OR a.post_id = 0)"; +$result = $db->sql_query($sql); + +$auth_pages = $db->sql_fetchrowset($result); + +for ($i = 0; $i < count($auth_pages) && $authorised == FALSE; $i++) +{ + if (intval($auth_pages[$i]['post_id']) != 0) + { + $forum_id = $auth_pages[$i]['forum_id']; + + if ($auth->acl_get('f_download', $forum_id)) + { + $authorised = TRUE; + } + } + else + { + if ( (intval($config['allow_pm_attach'])) && ( ($user->data['user_id'] == $auth_pages[$i]['user_id_2']) || ($user->data['user_id'] == $auth_pages[$i]['user_id_1'])) ) + { + $authorised = TRUE; + } + } +} + +if (!$authorised) +{ + trigger_error('SORRY_AUTH_VIEW_ATTACH'); +} + +$extensions = array(); +obtain_attach_extensions($extensions); + +// disallowed ? +if ( (!in_array($attachment['extension'], $extensions['_allowed_'])) ) +{ + trigger_error(sprintf($lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); +} + +$download_mode = intval($extensions[$attachment['extension']]['download_mode']); + +if ($thumbnail) +{ + $attachment['physical_filename'] = 'thumbs/t_' . $attachment['physical_filename']; +} + +// Update download count +if (!$thumbnail) +{ + $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' + SET download_count = download_count + 1 + WHERE attach_id = ' . $attachment['attach_id']; + $db->sql_query($sql); +} + +// Determine the 'presenting'-method +if ($download_mode == PHYSICAL_LINK) +{ + if (intval($config['allow_ftp_upload']) && $config['upload_dir'] == '') + { + trigger_error('Physical Download not possible with the current Attachment Setting'); + } + + redirect($config['upload_dir'] . '/' . $attachment['physical_filename']); +} +else +{ + if (intval($config['allow_ftp_upload'])) + { + // We do not need a download path, we are not downloading physically + send_file_to_browser($attachment['real_filename'], $attachment['mimetype'], $attachment['physical_filename'] , '', $attachment['attach_id']); + exit(); + } + else + { + send_file_to_browser($attachment['real_filename'], $attachment['mimetype'], $attachment['physical_filename'], $config['upload_dir'], $attachment['attach_id']); + exit(); + } +} + +?>
\ No newline at end of file diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index fd9ae37841..cbce502231 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -796,6 +796,7 @@ function obtain_attach_extensions(&$extensions) { $extension = strtolower(trim($row['extension'])); + $extensions['_allowed_'][] = $extension; $extensions[$extension]['display_cat'] = intval($row['cat_id']); $extensions[$extension]['download_mode'] = intval($row['download_mode']); $extensions[$extension]['upload_icon'] = trim($row['upload_icon']); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index eea3c611ca..3eaefe1b1b 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -574,7 +574,7 @@ function format_display($message, $html, $bbcode, $uid, $url, $smilies, $sig) // Signature $user_sig = ($sig && $config['allow_sig']) ? trim($user->data['user_sig']) : ''; - if ($user_sig != '' && $auth->acl_gets('f_sigs', 'm_', 'a_', $forum_id)) + if ($user_sig != '' && $auth->acl_get('f_sigs', $forum_id)) { if (!$auth->acl_get('f_html', $forum_id) && $user->data['user_allowhtml']) { @@ -733,7 +733,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ 'topic_title' => stripslashes($subject), 'topic_time' => $current_time, 'topic_type' => $topic_type, - 'topic_approved' => (($post_data['enable_moderate']) && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', $post_data['forum_id'])) ? 0 : 1, + 'topic_approved' => (($post_data['enable_moderate']) && !$auth->acl_get('f_ignorequeue', $post_data['forum_id'])) ? 0 : 1, 'icon_id' => $post_data['icon_id'], 'topic_attachment' => (sizeof($attachment_data['physical_filename'])) ? 1 : 0, 'topic_poster' => intval($user->data['user_id']), @@ -765,7 +765,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_ 'icon_id' => $post_data['icon_id'], 'poster_ip' => $user->ip, 'post_time' => $current_time, - 'post_approved' => ($post_data['enable_moderate'] && !$auth->acl_gets('f_ignorequeue', 'm_', 'a_', $post_data['forum_id'])) ? 0 : 1, + 'post_approved' => ($post_data['enable_moderate'] && !$auth->acl_get('f_ignorequeue', $post_data['forum_id'])) ? 0 : 1, 'post_edit_time' => ($mode == 'edit' && $post_data['poster_id'] == $user->data['user_id']) ? $current_time : 0, 'enable_sig' => $post_data['enable_sig'], 'enable_bbcode' => $post_data['enable_bbcode'], diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index e18abd6ce1..fcbc470b93 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -179,8 +179,6 @@ class parse_message { global $config, $_FILE, $_POST, $auth, $user; - $config['max_attachments'] = 1; - $error = false; $error_msg = ''; @@ -194,7 +192,7 @@ class parse_message if ( $submit && ($mode == 'post' || $mode == 'reply' || $mode == 'edit') && $attachment_data['filename'] != '') { - if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') ) + if ( $num_attachments < $config['max_attachments'] ) //|| $auth->acl_gets('m_', 'a_', $forum_id) ) { $filedata = upload_attachment($attachment_data['filename']); @@ -326,7 +324,7 @@ class parse_message if ((($add_file) || ($preview) ) && ($attachment_data['filename'] != '') ) { - if ( $num_attachments < $config['max_attachments'] || $auth->acl_get('m_', 'a_') ) + if ( $num_attachments < $config['max_attachments'] ) //|| $auth->acl_gets('m_', 'a_', $forum_id) ) { $filedata = upload_attachment($attachment_data['filename']); @@ -372,7 +370,7 @@ class parse_message $err_msg = ''; // Process poll options - if (!empty($poll_data['poll_option_text']) && (($auth->acl_get('f_poll', $forum_id) && !$poll_data['poll_last_vote']) || $auth->acl_gets('m_edit', 'a_', $forum_id))) + if (!empty($poll_data['poll_option_text']) && (($auth->acl_get('f_poll', $forum_id) && !$poll_data['poll_last_vote']) || $auth->acl_get('m_edit', $forum_id))) { if (($result = $this->parse($poll_data['poll_option_text'], $poll_data['enable_html'], $poll_data['enable_bbcode'], $poll_data['bbcode_uid'], $poll_data['enable_urls'], $poll_data['enable_smilies'], false)) != '') { diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index ceee724c81..079a40c0fe 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -247,6 +247,23 @@ class Template { } } + function merge_from_include($filename) + { + $handle = 'include_' . $this->include_counter++; + + $this->filename[$handle] = $filename; + $this->files[$handle] = $this->make_filename($filename); + + if (!file_exists($this->files[$handle])) + { + trigger_error("Template->pparse(): Couldn't load template file for handle $handle", E_USER_ERROR); + } + + $content = implode('', @file($this->files[$handle])); + + return ($content); + } + /** * Root-level variable assignment. Adds to current assignments, overriding * any existing variable assignment with the same name. @@ -323,6 +340,14 @@ class Template { */ function compile($code, $do_not_echo = false, $retvar = '') { + // Pull out all merging includes, to let them parse with the code + preg_match_all('#<!-- MERGE_INCLUDE(.*?)-->#s', $code, $matches); + $merge_blocks = $matches[1]; + foreach($merge_blocks as $filename) + { + $code = preg_replace('#<!-- MERGE_INCLUDE ' . preg_quote(trim($filename)) . ' -->#s', $this->merge_from_include(trim($filename)), $code); + } + // Pull out all block/statement level elements and seperate // plain text preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches); diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php index 917fdaf9fa..1438e565ff 100644 --- a/phpBB/language/en/lang_main.php +++ b/phpBB/language/en/lang_main.php @@ -476,6 +476,11 @@ $lang = array( 'ATTACHMENT_TOO_BIG' => 'The Attachment is too big, maximum size is %1d %2s', 'ATTACH_QUOTA_REACHED' => 'Sorry, the total board attachment quota has been reached.', + 'EXTENSION_DISABLED_AFTER_POSTING' => 'The Extension \'%s\' has been deactivated by an board admin, therefore this Attachment is not displayed.', // used in Posts and PM's, replace %s with extension + 'DESCRIPTION' => 'Description', + 'DOWNLOAD' => 'Download', + 'FILESIZE' => 'Filesize', + 'FILE_NOT_FOUND_404' => '<b>404 File Not Found:</b> The File <i>%s</i> does not exist.', 'User_control_panel' => 'User Control Panel', 'UCP_Main' => 'Control Panel', diff --git a/phpBB/posting.php b/phpBB/posting.php index a3d81beae9..df9bd66025 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -327,22 +327,22 @@ if ($mode != 'post' && $user->data['user_id'] != ANONYMOUS) // Collect general Permissions to be used within the complete page $perm = array( - 'm_lock' => $auth->acl_gets('m_lock', 'a_', $forum_id), - 'm_edit' => $auth->acl_gets('m_edit', 'a_', $forum_id), - 'm_delete' => $auth->acl_gets('m_delete', 'a_', $forum_id), + 'm_lock' => $auth->acl_get('m_lock', $forum_id), + 'm_edit' => $auth->acl_get('m_edit', $forum_id), + 'm_delete' => $auth->acl_get('m_delete', $forum_id), 'u_delete' => $auth->acl_get('f_delete', $forum_id), - 'f_attach' => $auth->acl_get('f_attach', 'a_', $forum_id), - 'f_news' => $auth->acl_gets('f_news', 'm_', 'a_', $forum_id), - 'f_announce' => $auth->acl_gets('f_announce', 'm_', 'a_', $forum_id), - 'f_sticky' => $auth->acl_gets('f_sticky', 'm_', 'a_', $forum_id), - 'f_ignoreflood' => $auth->acl_gets('f_ignoreflood', 'm_', 'a_', $forum_id), - 'f_sigs' => $auth->acl_gets('f_sigs', 'm_', 'a_', $forum_id), - 'f_save' => $auth->acl_gets('f_save', 'm_', 'a_', $forum_id) + 'f_attach' => $auth->acl_get('f_attach', $forum_id), + 'f_news' => $auth->acl_get('f_news', $forum_id), + 'f_announce' => $auth->acl_get('f_announce', $forum_id), + 'f_sticky' => $auth->acl_get('f_sticky', $forum_id), + 'f_ignoreflood' => $auth->acl_get('f_ignoreflood', $forum_id), + 'f_sigs' => $auth->acl_get('f_sigs', $forum_id), + 'f_save' => $auth->acl_get('f_save', $forum_id) ); -if ( (!$auth->acl_gets('f_' . $mode, 'm_', 'a_', $forum_id)) && ($forum_postable) ) +if ( (!$auth->acl_get('f_' . $mode, $forum_id)) && ($forum_postable) ) { trigger_error($user->lang['USER_CANNOT_' . strtoupper($mode)]); } @@ -625,7 +625,7 @@ if ($preview) $preview_subject = (sizeof($censors)) ? preg_replace($censors['match'], $censors['replace'], $subject) : $subject; // Poll Preview - if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_gets('m_edit', 'a_', $forum_id)) )) + if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_get('m_edit', $forum_id)) )) { decode_text($poll_title); $preview_poll_title = format_display(stripslashes($poll_title), $enable_html, $enable_bbcode, $bbcode_uid, $enable_urls, $enable_smilies, false, false); diff --git a/phpBB/templates/subSilver/viewtopic_attach_body.html b/phpBB/templates/subSilver/viewtopic_attach_body.html new file mode 100644 index 0000000000..eb91497d1b --- /dev/null +++ b/phpBB/templates/subSilver/viewtopic_attach_body.html @@ -0,0 +1,38 @@ +<br /><br /> +<!-- BEGIN attachment --> +<hr /><br /> + <!-- IF postrow.attachment.IS_DENIED --> + <span class="postbody">[{postrow.attachment.L_DENIED}]</span><br /><br /> + <!-- ENDIF --> + <!-- IF postrow.attachment.IS_STREAM --> + <span class="postbody">{postrow.attachment.COMMENT}</span><br /> + <object id="wmp" classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95" codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,0,0,0" standby="Loading Microsoft Windows Media Player components..." type="application/x-oleobject"> + <param name="FileName" value="{postrow.attachment.U_DOWNLOAD_LINK}"> + <param name="ShowControls" value="1"> + <param name="ShowDisplay" value="0"> + <param name="ShowStatusBar" value="1"> + <param name="AutoSize" value="1"> + <param name="AutoStart" value="0"> + <param name="Visible" value="1"> + <param name="AnimationStart" value="0"> + <param name="Loop" value="0"> + <embed type="application/x-mplayer2" pluginspage="http://www.microsoft.com/windows95/downloads/contents/wurecommended/s_wufeatured/mediaplayer/default.asp" src="{postrow.attachment.U_DOWNLOAD_LINK}" name=MediaPlayer2 showcontrols=1 showdisplay=0 showstatusbar=1 autosize=1 autostart=0 visible=1 animationatstart=0 loop=0></embed> + </object> + <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br /> + <!-- ELSEIF postrow.attachment.IS_IMAGE --> + <span class="postbody">{postrow.attachment.COMMENT}<br /> + <img src="{postrow.attachment.U_DOWNLOAD_LINK}" alt="{postrow.attachment.DOWNLOAD_NAME}" /></span> + <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br /> + <!-- ELSEIF postrow.attachment.IS_THUMBNAIL --> + <span class="postbody">{postrow.attachment.COMMENT}<br /> + <a href="{postrow.attachment.U_DOWNLOAD_LINK}" target="_blank"><img src="{postrow.attachment.IMG_THUMB_SRC}" alt="{postrow.attachment.DOWNLOAD_NAME}" border="0" /></a></span> + <br /><span class="gensmall">{postrow.attachment.DOWNLOAD_NAME} - {postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br /> + <!-- ELSE --> + <span class="postbody">{postrow.attachment.COMMENT}</span><br /> + <span class="postbody">{postrow.attachment.UPLOAD_IMG} + <a href="{postrow.attachment.U_DOWNLOAD_LINK}" target="_blank">{postrow.attachment.DOWNLOAD_NAME}</a> - {postrow.attachment.FILESIZE} {postrow.attachment.SIZE_VAR}<br /></span> + <span class="gensmall">{postrow.attachment.L_DOWNLOAD_COUNT}</span><br /><br /> + <!-- ENDIF --> + + {postrow.attachment.HELLO} +<!-- END attachment --> diff --git a/phpBB/templates/subSilver/viewtopic_body.html b/phpBB/templates/subSilver/viewtopic_body.html index 697920f48a..6318bf794b 100644 --- a/phpBB/templates/subSilver/viewtopic_body.html +++ b/phpBB/templates/subSilver/viewtopic_body.html @@ -128,7 +128,7 @@ </tr> <!-- ENDIF --> <tr> - <td><span class="postbody">{postrow.MESSAGE}{postrow.SIGNATURE}</span><span class="gensmall">{postrow.EDITED_MESSAGE}</span></td> + <td><span class="postbody">{postrow.MESSAGE}<!-- IF postrow.S_HAS_ATTACHMENTS --></span><!-- MERGE_INCLUDE viewtopic_attach_body.html --><span class="postbody"><!-- ENDIF -->{postrow.SIGNATURE}</span><span class="gensmall">{postrow.EDITED_MESSAGE}</span></td> </tr> </table></td> </tr> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 7df4d6bc8b..cd1d8313ff 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -160,7 +160,7 @@ if (!$forum_id) { $forum_id = 2; } -$sql = "SELECT t.topic_id, t.forum_id AS real_forum_id, t.topic_title, t.topic_status, " . (($auth->acl_get('m_approve')) ? 't.topic_replies_real AS topic_replies' : 't.topic_replies') . ", t.topic_time, t.topic_type, t.poll_start, t.poll_length, t.poll_title, f.forum_name, f.forum_desc, f.forum_parents, f.parent_id, f.left_id, f.right_id, f.forum_status, f.forum_id, f.forum_style" . $extra_fields . " +$sql = "SELECT t.topic_id, t.forum_id AS real_forum_id, t.topic_title, t.topic_attachment, t.topic_status, " . (($auth->acl_get('m_approve')) ? 't.topic_replies_real AS topic_replies' : 't.topic_replies') . ", t.topic_time, t.topic_type, t.poll_start, t.poll_length, t.poll_title, f.forum_name, f.forum_desc, f.forum_parents, f.parent_id, f.left_id, f.right_id, f.forum_status, f.forum_id, f.forum_style" . $extra_fields . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " WHERE $join_sql AND (f.forum_id = t.forum_id @@ -195,6 +195,13 @@ if (!empty($post_id)) $start = floor(($prev_posts - 1) / $config['posts_per_page']) * $config['posts_per_page']; } +// Fill extension informations, if this topic has attachments +$extensions = array(); + +if ($topic_attachment) +{ + obtain_attach_extensions($extensions); +} // Are we watching this topic? $s_watching_topic = ''; @@ -464,10 +471,33 @@ if (!empty($poll_start)) // Container for user details, only process once -$user_cache = $attach_list = array(); +$user_cache = $attachments = $attach_list = array(); $force_encoding = ''; $i = 0; +// Pull attachment data +if ( ($config['allow_attachments']) && ($topic_attachment) && ($auth->acl_get('f_download', $forum_id)) ) +{ + $sql = "SELECT a.post_id, p.topic_id, d.* + FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d, " . POSTS_TABLE . " p + WHERE p.topic_id = " . $topic_id . " + AND p.post_id = a.post_id + AND a.attach_id = d.attach_id + AND p.post_attachment = 1 + ORDER BY d.filetime " . ((!$config['display_order']) ? "ASC" : "DESC") . ", a.post_id ASC"; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + do + { + $attachments[$row['post_id']][] = $row; + } + while ($row = $db->sql_fetchrow($result)); + } + $db->sql_freeresult($result); +} + // Go ahead and pull all data for this topic $sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_karma, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, p.* FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u @@ -723,9 +753,9 @@ if ($row = $db->sql_fetchrow($result)) // Does post have an attachment? If so, add it to the list - if ($row['post_attachment']) + if ( ($row['post_attachment']) && ($config['allow_attachments']) && ($auth->acl_get('f_download', $forum_id)) ) { - $attach_list[] = $post_id; + $attach_list[] = $row['post_id']; } @@ -872,7 +902,7 @@ if ($row = $db->sql_fetchrow($result)) 'YIM_IMG' => $user_cache[$poster_id]['yim_img'], 'YIM' => $user_cache[$poster_id]['yim'], - 'S_POST_REPORTED' => ($row['post_reported'] && $auth->acl_gets('m_', $forum_id)) ? TRUE : FALSE, + 'S_POST_REPORTED' => ($row['post_reported'] && $auth->acl_get('m_', $forum_id)) ? TRUE : FALSE, 'U_REPORT' => "report.$phpEx$SID&p=" . $row['post_id'], 'U_MCP_REPORT' => ($auth->acl_get('f_report', $forum_id)) ? "mcp.$phpEx$SID&mode=post_details&p=" . $row['post_id'] : '', @@ -882,12 +912,234 @@ if ($row = $db->sql_fetchrow($result)) 'S_ROW_COUNT' => $i++, + 'S_HAS_ATTACHMENTS' => ($row['post_attachment']) ? TRUE : FALSE, 'S_POST_UNAPPROVED' => ($row['post_approved']) ? FALSE : TRUE, 'U_MCP_APPROVE' => "mcp.$phpEx$SID&mode=approve&p=" . $row['post_id'], 'U_MINI_POST' => $mini_post_url, 'U_POST_ID' => $u_post_id )); + + // Process Attachments for this post + if (sizeof($attachments[$row['post_id']]) && $row['post_attachment']) + { + foreach($attachments[$row['post_id']] as $attachment) + { + // Some basics... + $attachment['extension'] = strtolower(trim($attachment['extension'])); + $filename = $config['upload_dir'] . '/' . $attachment['physical_filename']; + $thumbnail_filename = $config['upload_dir'] . '/thumbs/t_' . $attachment['physical_filename']; + + $upload_image = ''; + + if ( ($user->img('icon_attach', '') != '') && (trim($extensions[$attachment['extension']]['upload_icon']) == '') ) + { + $upload_image = $user->img('icon_attach', ''); + } + else if (trim($extensions[$attachment['extension']]['upload_icon']) != '') + { + $upload_image = '<img src="' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" border="0" />'; + } + + $filesize = $attachment['filesize']; + $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); + if ($filesize >= 1048576) + { + $filesize = (round((round($filesize / 1048576 * 100) / 100), 2)); + } + else if ($filesize >= 1024) + { + $filesize = (round((round($filesize / 1024 * 100) / 100), 2)); + } + + $display_name = $attachment['real_filename']; + $comment = stripslashes(trim(nl2br($attachment['comment']))); + + $denied = false; + $update_count = false; + + // Admin is allowed to view forbidden Attachments, but the error-message is displayed too to inform the Admin + if ( (!in_array($attachment['extension'], $extensions['_allowed_'])) ) + { + $denied = true; + + $template->assign_block_vars('postrow.attachment', array( + 'IS_DENIED' => true, + 'L_DENIED' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])) + ); + } + + if (!$denied) + { + // define category + $image = FALSE; + $stream = FALSE; +// $swf = FALSE; + $thumbnail = FALSE; + $link = FALSE; + + $l_downloaded_viewed = ''; + $download_link = ''; + $additional_array = array(); + + switch (intval($extensions[$attachment['extension']]['display_cat'])) + { + case STREAM_CAT: + $stream = TRUE; + break; +/* case SWF_CAT: + $swf = TRUE; + break;*/ + case IMAGE_CAT: + if (intval($config['img_display_inlined'])) + { + if ( (intval($config['img_link_width']) != 0) || (intval($config['img_link_height']) != 0) ) + { + list($width, $height) = image_getdimension($filename); + + $image = (($width == 0) && ($height == 0)) ? true : ((($width <= intval($config['img_link_width'])) && ($height <= intval($config['img_link_height']))) ? true : false); + } + } + else + { + $image = TRUE; + } + + if ($attachment['thumbnail']) + { + $thumbnail = TRUE; + $image = FALSE; + } + break; + } + + + if ( (!$image) && (!$stream) /*&& (!$swf)*/ && (!$thumbnail) ) + { + $link = TRUE; + } + + if ($image) + { + // Images + // NOTE: If you want to use the download.php everytime an image is displayed inlined, replace the + // Section between BEGIN and END with (Without the // of course): + // $img_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id']; + // $download_link = TRUE; + // + // BEGIN + if ((intval($config['ftp_upload'])) && (trim($config['upload_dir']) == '')) + { + $img_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id']; + $download_link = TRUE; + } + else + { + $img_source = $filename; + $download_link = FALSE; + } + // END + + $l_downloaded_viewed = $user->lang['VIEWED']; + $download_link = $img_source; + + // Directly Viewed Image ... update the download count + if (!$download_link) + { + $update_count = true; + } + } + + if ($thumbnail) + { + // Images, but display Thumbnail + // NOTE: If you want to use the download.php everytime an thumnmail is displayed inlined, replace the + // Section between BEGIN and END with (Without the // of course): + // $thumb_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id'] . '&thumb=1'; + // + // BEGIN + if ( (intval($config['allow_ftp_upload'])) && (trim($config['upload_dir']) == '') ) + { + $thumb_source = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id'] . '&thumb=1'; + } + else + { + $thumb_source = $thumbnail_filename; + } + // END + + $l_downloaded_viewed = $user->lang['VIEWED']; + $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id']; + + $additional_array = array( + 'IMG_THUMB_SRC' => $thumb_source + ); + } + + if ($stream) + { + // Streams + $l_downloaded_viewed = $user->lang['VIEWED']; + $download_link = $filename; +// $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id']; + + // Viewed/Heared File ... update the download count (download.php is not called here) + $update_count = true; + } +/* + if ($swf) + { + // Macromedia Flash Files + list($width, $height) = swf_getdimension($filename); + + $l_downloaded_viewed = $user->lang['VIEWED']; + $download_link = $filename; + + $additional_array = array( + 'WIDTH' => $width, + 'HEIGHT' => $height + ); + + // Viewed/Heared File ... update the download count (download.php is not called here) + $update_count = true; + } +*/ + if ($link) + { + $l_downloaded_viewed = $user->lang['DOWNLOADED']; + $download_link = $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $attachment['attach_id']; + } + + if ($image || $thumbnail || $stream || $thumbnail || $link) + { + $template_array = array_merge($additional_array, array( +// 'IS_FLASH' => ($swf) ? true : false, + 'IS_STREAM' => ($stream) ? true : false, + 'IS_THUMBNAIL' => ($thumbnail) ? true : false, + 'IS_IMAGE' => ($image) ? true : false, + 'U_DOWNLOAD_LINK' => $download_link, + 'UPLOAD_IMG' => $upload_image, + 'DOWNLOAD_NAME' => $display_name, + 'FILESIZE' => $filesize, + 'SIZE_VAR' => $size_lang, + 'COMMENT' => $comment, + 'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed, + 'L_DOWNLOAD_COUNT' => sprintf($user->lang['DOWNLOAD_NUMBER'], $attachment['download_count'])) + ); + + $template->assign_block_vars('postrow.attachment', $template_array); + } + + if ($update_count) + { + $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' + SET download_count = download_count + 1 + WHERE attach_id = ' . $attachment['attach_id']; + $db->sql_query($sql); + } + } + } + } } while ($row = $db->sql_fetchrow($result)); @@ -898,43 +1150,21 @@ else trigger_error($user->lang['NO_TOPIC']); } -// If we have attachments, grab them ... -if (sizeof($attach_list)) +// No attachments exist, but post table thinks they do +// so go ahead and reset post_attach flags +if ( (sizeof($attach_list)) && (count($attachments) == 0) ) { - $sql = "SELECT a.post_id, d.* - FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d - WHERE a.post_id IN (" . implode(', ', $attach_list) . ") - AND a.attach_id = d.attach_id - ORDER BY d.filetime " . ((!$config['display_order']) ? "ASC" : "DESC"); - $result = $db->sql_query($sql); - - $extensions = array(); - obtain_attach_extensions($extensions); - - if ($db->sql_fetchrow($result)) - { - - do - { - } - while ($db->sql_fetchrow($result)); - } - else - { - // No attachments exist, but post table thinks they do - // so go ahead and reset post_attach flags - $sql = "UPDATE " . POSTS_TABLE . " - SET post_attachment = 0 - WHERE post_id IN (" . implode(', ', $attach_list) . ")"; - $db->sql_query($sql); - - // We need to update the topic indicator too if the - // complete topic is now without an attachment - } - $db->sql_freeresult($result); + echo "DELETE THOSE STUFF"; +/* + $sql = "UPDATE " . POSTS_TABLE . " + SET post_attachment = 0 + WHERE post_id IN (" . implode(', ', $attach_list) . ")"; + $db->sql_query($sql); +*/ + // We need to update the topic indicator too if the + // complete topic is now without an attachment } - // Mark topics read markread('topic', $forum_id, $topic_id, $forum_topic_data['topic_last_post_id']); |