[ Index ]

PHP Cross Reference of phpBB-3.3.12-deutsch

title

Body

[close]

/includes/acp/ -> acp_attachments.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  if (!defined('IN_PHPBB'))
  18  {
  19      exit;
  20  }
  21  
  22  class acp_attachments
  23  {
  24      /** @var \phpbb\db\driver\driver_interface */
  25      protected $db;
  26  
  27      /** @var \phpbb\config\config */
  28      protected $config;
  29  
  30      /** @var \phpbb\language\language */
  31      protected $language;
  32  
  33      /** @var ContainerBuilder */
  34      protected $phpbb_container;
  35  
  36      /** @var \phpbb\template\template */
  37      protected $template;
  38  
  39      /** @var \phpbb\user */
  40      protected $user;
  41  
  42      /** @var  \phpbb\filesystem\filesystem_interface */
  43      protected $filesystem;
  44  
  45      /** @var \phpbb\attachment\manager */
  46      protected $attachment_manager;
  47  
  48      public $id;
  49      public $u_action;
  50      protected $new_config;
  51  
  52  	function main($id, $mode)
  53      {
  54          global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem, $phpbb_dispatcher;
  55          global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request;
  56  
  57          $this->id = $id;
  58          $this->db = $db;
  59          $this->config = $config;
  60          $this->language = $phpbb_container->get('language');
  61          $this->template = $template;
  62          $this->user = $user;
  63          $this->phpbb_container = $phpbb_container;
  64          $this->filesystem = $phpbb_filesystem;
  65          $this->attachment_manager = $phpbb_container->get('attachment.manager');
  66  
  67          $user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
  68  
  69          $error = $notify = array();
  70          $submit = (isset($_POST['submit'])) ? true : false;
  71          $action = $request->variable('action', '');
  72  
  73          $form_key = 'acp_attach';
  74          add_form_key($form_key);
  75  
  76          if ($submit && !check_form_key($form_key))
  77          {
  78              trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
  79          }
  80  
  81          switch ($mode)
  82          {
  83              case 'attach':
  84                  $l_title = 'ACP_ATTACHMENT_SETTINGS';
  85              break;
  86  
  87              case 'extensions':
  88                  $l_title = 'ACP_MANAGE_EXTENSIONS';
  89              break;
  90  
  91              case 'ext_groups':
  92                  $l_title = 'ACP_EXTENSION_GROUPS';
  93              break;
  94  
  95              case 'orphan':
  96                  $l_title = 'ACP_ORPHAN_ATTACHMENTS';
  97              break;
  98  
  99              case 'manage':
 100                  $l_title = 'ACP_MANAGE_ATTACHMENTS';
 101              break;
 102  
 103              default:
 104                  trigger_error('NO_MODE', E_USER_ERROR);
 105              break;
 106          }
 107  
 108          $this->tpl_name = 'acp_attachments';
 109          $this->page_title = $l_title;
 110  
 111          $template->assign_vars(array(
 112              'L_TITLE'            => $user->lang[$l_title],
 113              'L_TITLE_EXPLAIN'    => $user->lang[$l_title . '_EXPLAIN'],
 114              'U_ACTION'            => $this->u_action)
 115          );
 116  
 117          switch ($mode)
 118          {
 119              case 'attach':
 120  
 121                  if (!function_exists('get_supported_image_types'))
 122                  {
 123                      include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 124                  }
 125  
 126                  $allowed_pm_groups = [];
 127                  $allowed_post_groups = [];
 128                  $s_assigned_groups = [];
 129  
 130                  $sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
 131                      FROM ' . EXTENSION_GROUPS_TABLE . '
 132                      WHERE cat_id > 0
 133                      ORDER BY cat_id';
 134                  $result = $db->sql_query($sql);
 135                  while ($row = $db->sql_fetchrow($result))
 136                  {
 137                      $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 138                      $s_assigned_groups[$row['cat_id']][] = $row['group_name'];
 139  
 140                      if ($row['allow_group'])
 141                      {
 142                          $allowed_post_groups[] = $row['group_id'];
 143                      }
 144  
 145                      if ($row['allow_in_pm'])
 146                      {
 147                          $allowed_pm_groups[] = $row['group_id'];
 148                      }
 149                  }
 150                  $db->sql_freeresult($result);
 151  
 152                  $l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((!empty($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
 153  
 154                  $display_vars = array(
 155                      'title'    => 'ACP_ATTACHMENT_SETTINGS',
 156                      'vars'    => array(
 157                          'legend1'                => 'ACP_ATTACHMENT_SETTINGS',
 158  
 159                          'img_max_width'            => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 160                          'img_max_height'        => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 161                          'img_link_width'        => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 162                          'img_link_height'        => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
 163  
 164                          'allow_attachments'        => array('lang' => 'ALLOW_ATTACHMENTS',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => false),
 165                          'allow_pm_attach'        => array('lang' => 'ALLOW_PM_ATTACHMENTS',    'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => false),
 166                          'max_attachments'        => array('lang' => 'MAX_ATTACHMENTS',        'validate' => 'int:0:999',    'type' => 'number:0:999', 'explain' => false),
 167                          'max_attachments_pm'    => array('lang' => 'MAX_ATTACHMENTS_PM',    'validate' => 'int:0:999',    'type' => 'number:0:999', 'explain' => false),
 168                          'upload_path'            => array('lang' => 'UPLOAD_DIR',            'validate' => 'wpath',    'type' => 'text:25:100', 'explain' => true),
 169                          'display_order'            => array('lang' => 'DISPLAY_ORDER',            'validate' => 'bool',    'type' => 'custom', 'method' => 'display_order', 'explain' => true),
 170                          'attachment_quota'        => array('lang' => 'ATTACH_QUOTA',            'validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 171                          'max_filesize'            => array('lang' => 'ATTACH_MAX_FILESIZE',    'validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 172                          'max_filesize_pm'        => array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 173                          'secure_downloads'        => array('lang' => 'SECURE_DOWNLOADS',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 174                          'secure_allow_deny'        => array('lang' => 'SECURE_ALLOW_DENY',        'validate' => 'int',    'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
 175                          'secure_allow_empty_referer'    => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 176                          'check_attachment_content'         => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 177  
 178                          'legend2'                    => $l_legend_cat_images,
 179                          'img_display_inlined'        => array('lang' => 'DISPLAY_INLINED',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 180                          'img_create_thumbnail'        => array('lang' => 'CREATE_THUMBNAIL',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 181                          'img_max_thumb_width'        => array('lang' => 'MAX_THUMB_WIDTH',        'validate' => 'int:0:999999999999999',    'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 182                          'img_min_thumb_filesize'    => array('lang' => 'MIN_THUMB_FILESIZE',    'validate' => 'int:0:999999999999999',    'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 183                          'img_max'                    => array('lang' => 'MAX_IMAGE_SIZE',        'validate' => 'int:0:9999',    'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 184                          'img_strip_metadata'        => array('lang' => 'IMAGE_STRIP_METADATA',    'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
 185                          'img_quality'                => array('lang' => 'IMAGE_QUALITY',            'validate' => 'int:50:90',    'type' => 'number:50:90', 'explain' => true, 'append' => ' &percnt;'),
 186                          'img_link'                    => array('lang' => 'IMAGE_LINK_SIZE',        'validate' => 'int:0:9999',    'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 187                      )
 188                  );
 189  
 190                  /**
 191                  * Event to add and/or modify acp_attachement configurations
 192                  *
 193                  * @event core.acp_attachments_config_edit_add
 194                  * @var    array    display_vars    Array of config values to display and process
 195                  * @var    string    mode            Mode of the config page we are displaying
 196                  * @var    boolean    submit            Do we display the form or process the submission
 197                  * @since 3.1.11-RC1
 198                  */
 199                  $vars = array('display_vars', 'mode', 'submit');
 200                  extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
 201  
 202                  $this->new_config = $config;
 203                  $cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => '')) : $this->new_config;
 204                  $error = array();
 205  
 206                  // We validate the complete config if whished
 207                  validate_config_vars($display_vars['vars'], $cfg_array, $error);
 208  
 209                  // Do not write values if there is an error
 210                  if (count($error))
 211                  {
 212                      $submit = false;
 213                  }
 214  
 215                  // We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
 216                  foreach ($display_vars['vars'] as $config_name => $null)
 217                  {
 218                      if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
 219                      {
 220                          continue;
 221                      }
 222  
 223                      $this->new_config[$config_name] = $config_value = $cfg_array[$config_name];
 224  
 225                      if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 226                      {
 227                          $size_var = $request->variable($config_name, '');
 228  
 229                          $config_value = (int) $config_value;
 230  
 231                          $this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
 232                      }
 233  
 234                      if ($submit)
 235                      {
 236                          $config->set($config_name, $config_value);
 237                      }
 238                  }
 239  
 240                  $this->perform_site_list();
 241  
 242                  if ($submit)
 243                  {
 244                      $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH');
 245  
 246                      // Check Settings
 247                      $this->test_upload($error, $this->new_config['upload_path'], false);
 248  
 249                      if (!count($error))
 250                      {
 251                          trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 252                      }
 253                  }
 254  
 255                  $template->assign_var('S_ATTACHMENT_SETTINGS', true);
 256  
 257                  // Secure Download Options - Same procedure as with banning
 258                  $allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
 259  
 260                  $sql = 'SELECT *
 261                      FROM ' . SITELIST_TABLE;
 262                  $result = $db->sql_query($sql);
 263  
 264                  $defined_ips = '';
 265                  $ips = array();
 266  
 267                  while ($row = $db->sql_fetchrow($result))
 268                  {
 269                      $value = ($row['site_ip']) ? $row['site_ip'] : $row['site_hostname'];
 270                      if ($value)
 271                      {
 272                          $defined_ips .= '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>';
 273                          $ips[$row['site_id']] = $value;
 274                      }
 275                  }
 276                  $db->sql_freeresult($result);
 277  
 278                  $template->assign_vars(array(
 279                      'S_EMPTY_PM_GROUPS'        => empty($allowed_pm_groups),
 280                      'S_EMPTY_POST_GROUPS'    => empty($allowed_post_groups),
 281                      'S_SECURE_DOWNLOADS'    => $this->new_config['secure_downloads'],
 282                      'S_DEFINED_IPS'            => ($defined_ips != '') ? true : false,
 283                      'S_WARNING'                => (count($error)) ? true : false,
 284  
 285                      'U_EXTENSION_GROUPS'    => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=ext_groups"),
 286  
 287                      'WARNING_MSG'            => implode('<br />', $error),
 288                      'DEFINED_IPS'            => $defined_ips,
 289  
 290                      'L_SECURE_TITLE'        => $user->lang['DEFINE_' . $allow_deny . '_IPS'],
 291                      'L_IP_EXCLUDE'            => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'],
 292                      'L_REMOVE_IPS'            => $user->lang['REMOVE_' . $allow_deny . '_IPS'])
 293                  );
 294  
 295                  // Output relevant options
 296                  foreach ($display_vars['vars'] as $config_key => $vars)
 297                  {
 298                      if (!is_array($vars) && strpos($config_key, 'legend') === false)
 299                      {
 300                          continue;
 301                      }
 302  
 303                      if (strpos($config_key, 'legend') !== false)
 304                      {
 305                          $template->assign_block_vars('options', array(
 306                              'S_LEGEND'        => true,
 307                              'LEGEND'        => (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars)
 308                          );
 309  
 310                          continue;
 311                      }
 312  
 313                      $type = explode(':', $vars['type']);
 314  
 315                      $l_explain = '';
 316                      if ($vars['explain'] && isset($vars['lang_explain']))
 317                      {
 318                          $l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain'];
 319                      }
 320                      else if ($vars['explain'])
 321                      {
 322                          $l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
 323                      }
 324  
 325                      $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
 326                      if (empty($content))
 327                      {
 328                          continue;
 329                      }
 330  
 331                      $template->assign_block_vars('options', array(
 332                          'KEY'            => $config_key,
 333                          'TITLE'            => $user->lang[$vars['lang']],
 334                          'S_EXPLAIN'        => $vars['explain'],
 335                          'TITLE_EXPLAIN'    => $l_explain,
 336                          'CONTENT'        => $content,
 337                          )
 338                      );
 339  
 340                      unset($display_vars['vars'][$config_key]);
 341                  }
 342  
 343              break;
 344  
 345              case 'extensions':
 346  
 347                  if ($submit || isset($_POST['add_extension_check']))
 348                  {
 349                      if ($submit)
 350                      {
 351                          // Change Extensions ?
 352                          $extension_change_list    = $request->variable('extension_change_list', array(0));
 353                          $group_select_list        = $request->variable('group_select', array(0));
 354  
 355                          // Generate correct Change List
 356                          $extensions = array();
 357  
 358                          for ($i = 0, $size = count($extension_change_list); $i < $size; $i++)
 359                          {
 360                              $extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i];
 361                          }
 362  
 363                          $sql = 'SELECT *
 364                              FROM ' . EXTENSIONS_TABLE . '
 365                              ORDER BY extension_id';
 366                          $result = $db->sql_query($sql);
 367  
 368                          while ($row = $db->sql_fetchrow($result))
 369                          {
 370                              if ($row['group_id'] != $extensions[$row['extension_id']]['group_id'])
 371                              {
 372                                  $sql = 'UPDATE ' . EXTENSIONS_TABLE . '
 373                                      SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . '
 374                                      WHERE extension_id = ' . $row['extension_id'];
 375                                  $db->sql_query($sql);
 376  
 377                                  $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension']));
 378                              }
 379                          }
 380                          $db->sql_freeresult($result);
 381  
 382                          // Delete Extension?
 383                          $extension_id_list = $request->variable('extension_id_list', array(0));
 384  
 385                          if (count($extension_id_list))
 386                          {
 387                              $sql = 'SELECT extension
 388                                  FROM ' . EXTENSIONS_TABLE . '
 389                                  WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 390                              $result = $db->sql_query($sql);
 391  
 392                              $extension_list = '';
 393                              while ($row = $db->sql_fetchrow($result))
 394                              {
 395                                  $extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension'];
 396                              }
 397                              $db->sql_freeresult($result);
 398  
 399                              $sql = 'DELETE
 400                                  FROM ' . EXTENSIONS_TABLE . '
 401                                  WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 402                              $db->sql_query($sql);
 403  
 404                              $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list));
 405                          }
 406                      }
 407  
 408                      // Add Extension?
 409                      $add_extension            = strtolower($request->variable('add_extension', ''));
 410                      $add_extension_group    = $request->variable('add_group_select', 0);
 411                      $add                    = (isset($_POST['add_extension_check'])) ? true : false;
 412  
 413                      if ($add_extension && $add)
 414                      {
 415                          if (!count($error))
 416                          {
 417                              $sql = 'SELECT extension_id
 418                                  FROM ' . EXTENSIONS_TABLE . "
 419                                  WHERE extension = '" . $db->sql_escape($add_extension) . "'";
 420                              $result = $db->sql_query($sql);
 421  
 422                              if ($row = $db->sql_fetchrow($result))
 423                              {
 424                                  $error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
 425                              }
 426                              $db->sql_freeresult($result);
 427  
 428                              if (!count($error))
 429                              {
 430                                  $sql_ary = array(
 431                                      'group_id'    =>    $add_extension_group,
 432                                      'extension'    =>    $add_extension
 433                                  );
 434  
 435                                  $db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
 436  
 437                                  $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension));
 438                              }
 439                          }
 440                      }
 441  
 442                      if (!count($error))
 443                      {
 444                          $notify[] = $user->lang['EXTENSIONS_UPDATED'];
 445                      }
 446  
 447                      $cache->destroy('_extensions');
 448                  }
 449  
 450                  $template->assign_vars(array(
 451                      'S_EXTENSIONS'            => true,
 452                      'ADD_EXTENSION'            => (isset($add_extension)) ? $add_extension : '',
 453                      'GROUP_SELECT_OPTIONS'    => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
 454                  );
 455  
 456                  $sql = 'SELECT *
 457                      FROM ' . EXTENSIONS_TABLE . '
 458                      ORDER BY group_id, extension';
 459                  $result = $db->sql_query($sql);
 460  
 461                  if ($row = $db->sql_fetchrow($result))
 462                  {
 463                      $old_group_id = $row['group_id'];
 464                      do
 465                      {
 466                          $s_spacer = false;
 467  
 468                          $current_group_id = $row['group_id'];
 469                          if ($old_group_id != $current_group_id)
 470                          {
 471                              $s_spacer = true;
 472                              $old_group_id = $current_group_id;
 473                          }
 474  
 475                          $template->assign_block_vars('extensions', array(
 476                              'S_SPACER'        => $s_spacer,
 477                              'EXTENSION_ID'    => $row['extension_id'],
 478                              'EXTENSION'        => $row['extension'],
 479                              'GROUP_OPTIONS'    => $this->group_select('group_select[]', $row['group_id']))
 480                          );
 481                      }
 482                      while ($row = $db->sql_fetchrow($result));
 483                  }
 484                  $db->sql_freeresult($result);
 485  
 486              break;
 487  
 488              case 'ext_groups':
 489  
 490                  $template->assign_var('S_EXTENSION_GROUPS', true);
 491  
 492                  if ($submit)
 493                  {
 494                      $action = $request->variable('action', '');
 495                      $group_id = $request->variable('g', 0);
 496  
 497                      if ($action != 'add' && $action != 'edit')
 498                      {
 499                          trigger_error('NO_MODE', E_USER_ERROR);
 500                      }
 501  
 502                      if (!$group_id && $action == 'edit')
 503                      {
 504                          trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 505                      }
 506  
 507                      if ($group_id)
 508                      {
 509                          $sql = 'SELECT *
 510                              FROM ' . EXTENSION_GROUPS_TABLE . "
 511                              WHERE group_id = $group_id";
 512                          $result = $db->sql_query($sql);
 513                          $ext_row = $db->sql_fetchrow($result);
 514                          $db->sql_freeresult($result);
 515  
 516                          if (!$ext_row)
 517                          {
 518                              trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 519                          }
 520                      }
 521                      else
 522                      {
 523                          $ext_row = array();
 524                      }
 525  
 526                      $group_name = $request->variable('group_name', '', true);
 527                      $new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
 528  
 529                      if (!$group_name)
 530                      {
 531                          $error[] = $user->lang['NO_EXT_GROUP_NAME'];
 532                      }
 533  
 534                      // Check New Group Name
 535                      if ($new_group_name)
 536                      {
 537                          $sql = 'SELECT group_id
 538                              FROM ' . EXTENSION_GROUPS_TABLE . "
 539                              WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
 540                          if ($group_id)
 541                          {
 542                              $sql .= ' AND group_id <> ' . $group_id;
 543                          }
 544                          $result = $db->sql_query($sql);
 545  
 546                          if ($db->sql_fetchrow($result))
 547                          {
 548                              $error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name);
 549                          }
 550                          $db->sql_freeresult($result);
 551                      }
 552  
 553                      if (!count($error))
 554                      {
 555                          // Ok, build the update/insert array
 556                          $upload_icon    = $request->variable('upload_icon', 'no_image');
 557                          $size_select    = $request->variable('size_select', 'b');
 558                          $forum_select    = $request->variable('forum_select', false);
 559                          $allowed_forums    = $request->variable('allowed_forums', array(0));
 560                          $allow_in_pm    = (isset($_POST['allow_in_pm'])) ? true : false;
 561                          $max_filesize    = $request->variable('max_filesize', 0);
 562                          $max_filesize    = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
 563                          $allow_group    = (isset($_POST['allow_group'])) ? true : false;
 564  
 565                          if ($max_filesize == $config['max_filesize'])
 566                          {
 567                              $max_filesize = 0;
 568                          }
 569  
 570                          if (!count($allowed_forums))
 571                          {
 572                              $forum_select = false;
 573                          }
 574  
 575                          $group_ary = array(
 576                              'group_name'    => $group_name,
 577                              'cat_id'        => $request->variable('special_category', ATTACHMENT_CATEGORY_NONE),
 578                              'allow_group'    => ($allow_group) ? 1 : 0,
 579                              'upload_icon'    => ($upload_icon == 'no_image') ? '' : $upload_icon,
 580                              'max_filesize'    => $max_filesize,
 581                              'allowed_forums'=> ($forum_select) ? serialize($allowed_forums) : '',
 582                              'allow_in_pm'    => ($allow_in_pm) ? 1 : 0,
 583                          );
 584  
 585                          if ($action == 'add')
 586                          {
 587                              $group_ary['download_mode'] = INLINE_LINK;
 588                          }
 589  
 590                          $sql = ($action == 'add') ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET ';
 591                          $sql .= $db->sql_build_array((($action == 'add') ? 'INSERT' : 'UPDATE'), $group_ary);
 592                          $sql .= ($action == 'edit') ? " WHERE group_id = $group_id" : '';
 593  
 594                          $db->sql_query($sql);
 595  
 596                          if ($action == 'add')
 597                          {
 598                              $group_id = $db->sql_nextid();
 599                          }
 600  
 601                          $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
 602                          $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
 603                      }
 604  
 605                      $extension_list = $request->variable('extensions', array(0));
 606  
 607                      if ($action == 'edit' && count($extension_list))
 608                      {
 609                          $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
 610                              SET group_id = 0
 611                              WHERE group_id = $group_id";
 612                          $db->sql_query($sql);
 613                      }
 614  
 615                      if (count($extension_list))
 616                      {
 617                          $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
 618                              SET group_id = $group_id
 619                              WHERE " . $db->sql_in_set('extension_id', $extension_list);
 620                          $db->sql_query($sql);
 621                      }
 622  
 623                      $cache->destroy('_extensions');
 624  
 625                      if (!count($error))
 626                      {
 627                          $notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)];
 628                      }
 629                  }
 630  
 631                  $cat_lang = array(
 632                      ATTACHMENT_CATEGORY_NONE        => $user->lang['NO_FILE_CAT'],
 633                      ATTACHMENT_CATEGORY_IMAGE        => $user->lang['CAT_IMAGES'],
 634                  );
 635  
 636                  $group_id = $request->variable('g', 0);
 637                  $action = (isset($_POST['add'])) ? 'add' : $action;
 638  
 639                  switch ($action)
 640                  {
 641                      case 'delete':
 642  
 643                          if (confirm_box(true))
 644                          {
 645                              $sql = 'SELECT group_name
 646                                  FROM ' . EXTENSION_GROUPS_TABLE . "
 647                                  WHERE group_id = $group_id";
 648                              $result = $db->sql_query($sql);
 649                              $group_name = (string) $db->sql_fetchfield('group_name');
 650                              $db->sql_freeresult($result);
 651  
 652                              $sql = 'DELETE
 653                                  FROM ' . EXTENSION_GROUPS_TABLE . "
 654                                  WHERE group_id = $group_id";
 655                              $db->sql_query($sql);
 656  
 657                              // Set corresponding Extensions to a pending Group
 658                              $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
 659                                  SET group_id = 0
 660                                  WHERE group_id = $group_id";
 661                              $db->sql_query($sql);
 662  
 663                              $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name));
 664  
 665                              $cache->destroy('_extensions');
 666  
 667                              trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action));
 668                          }
 669                          else
 670                          {
 671                              confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 672                                  'i'            => $id,
 673                                  'mode'        => $mode,
 674                                  'group_id'    => $group_id,
 675                                  'action'    => 'delete',
 676                              )));
 677                          }
 678  
 679                      break;
 680  
 681                      case 'edit':
 682  
 683                          if (!$group_id)
 684                          {
 685                              trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 686                          }
 687  
 688                          $sql = 'SELECT *
 689                              FROM ' . EXTENSION_GROUPS_TABLE . "
 690                              WHERE group_id = $group_id";
 691                          $result = $db->sql_query($sql);
 692                          $ext_group_row = $db->sql_fetchrow($result);
 693                          $db->sql_freeresult($result);
 694  
 695                          $forum_ids = (!$ext_group_row['allowed_forums']) ? array() : unserialize(trim($ext_group_row['allowed_forums']));
 696  
 697                      // no break;
 698  
 699                      case 'add':
 700  
 701                          if ($action == 'add')
 702                          {
 703                              $ext_group_row = array(
 704                                  'group_name'    => $request->variable('group_name', '', true),
 705                                  'cat_id'        => 0,
 706                                  'allow_group'    => 1,
 707                                  'allow_in_pm'    => 1,
 708                                  'upload_icon'    => '',
 709                                  'max_filesize'    => 0,
 710                              );
 711  
 712                              $forum_ids = array();
 713                          }
 714  
 715                          $sql = 'SELECT *
 716                              FROM ' . EXTENSIONS_TABLE . "
 717                              WHERE group_id = $group_id
 718                                  OR group_id = 0
 719                              ORDER BY extension";
 720                          $result = $db->sql_query($sql);
 721                          $extensions = $db->sql_fetchrowset($result);
 722                          $db->sql_freeresult($result);
 723  
 724                          if ($ext_group_row['max_filesize'] == 0)
 725                          {
 726                              $ext_group_row['max_filesize'] = (int) $config['max_filesize'];
 727                          }
 728  
 729                          $max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b'));
 730                          $size_format = $max_filesize['si_identifier'];
 731                          $ext_group_row['max_filesize'] = $max_filesize['value'];
 732  
 733                          $img_path = $config['upload_icons_path'];
 734  
 735                          $filename_list = '';
 736                          $no_image_select = false;
 737  
 738                          $imglist = filelist($phpbb_root_path . $img_path);
 739  
 740                          if (!empty($imglist['']))
 741                          {
 742                              $imglist = array_values($imglist);
 743                              $imglist = $imglist[0];
 744  
 745                              foreach ($imglist as $key => $img)
 746                              {
 747                                  if (!$ext_group_row['upload_icon'])
 748                                  {
 749                                      $no_image_select = true;
 750                                      $selected = '';
 751                                  }
 752                                  else
 753                                  {
 754                                      $selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
 755                                  }
 756  
 757                                  if (strlen($img) > 255)
 758                                  {
 759                                      continue;
 760                                  }
 761  
 762                                  $filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
 763                              }
 764                          }
 765  
 766                          $i = 0;
 767                          $assigned_extensions = '';
 768                          foreach ($extensions as $num => $row)
 769                          {
 770                              if ($row['group_id'] == $group_id && $group_id)
 771                              {
 772                                  $assigned_extensions .= ($i) ? ', ' . $row['extension'] : $row['extension'];
 773                                  $i++;
 774                              }
 775                          }
 776  
 777                          $s_extension_options = '';
 778                          foreach ($extensions as $row)
 779                          {
 780                              $s_extension_options .= '<option' . ((!$row['group_id']) ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . (($row['group_id'] == $group_id && $group_id) ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>';
 781                          }
 782  
 783                          $template->assign_vars(array(
 784                              'IMG_PATH'                => $img_path,
 785                              'ACTION'                => $action,
 786                              'GROUP_ID'                => $group_id,
 787                              'GROUP_NAME'            => $ext_group_row['group_name'],
 788                              'ALLOW_GROUP'            => $ext_group_row['allow_group'],
 789                              'ALLOW_IN_PM'            => $ext_group_row['allow_in_pm'],
 790                              'UPLOAD_ICON_SRC'        => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'],
 791                              'EXTGROUP_FILESIZE'        => $ext_group_row['max_filesize'],
 792                              'ASSIGNED_EXTENSIONS'    => $assigned_extensions,
 793  
 794                              'S_CATEGORY_SELECT'            => $this->category_select('special_category', $group_id, 'category'),
 795                              'S_EXT_GROUP_SIZE_OPTIONS'    => size_select_options($size_format),
 796                              'S_EXTENSION_OPTIONS'        => $s_extension_options,
 797                              'S_FILENAME_LIST'            => $filename_list,
 798                              'S_EDIT_GROUP'                => true,
 799                              'S_NO_IMAGE'                => $no_image_select,
 800                              'S_FORUM_IDS'                => (count($forum_ids)) ? true : false,
 801  
 802                              'U_EXTENSIONS'        => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=extensions"),
 803                              'U_BACK'            => $this->u_action,
 804  
 805                              'L_LEGEND'            => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'])
 806                          );
 807  
 808                          $s_forum_id_options = '';
 809  
 810                          /** @todo use in-built function **/
 811  
 812                          $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 813                              FROM ' . FORUMS_TABLE . '
 814                              ORDER BY left_id ASC';
 815                          $result = $db->sql_query($sql, 600);
 816  
 817                          $right = $cat_right = $padding_inc = 0;
 818                          $padding = $forum_list = $holding = '';
 819                          $padding_store = array('0' => '');
 820  
 821                          while ($row = $db->sql_fetchrow($result))
 822                          {
 823                              if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
 824                              {
 825                                  // Non-postable forum with no subforums, don't display
 826                                  continue;
 827                              }
 828  
 829                              if (!$auth->acl_get('f_list', $row['forum_id']))
 830                              {
 831                                  // if the user does not have permissions to list this forum skip
 832                                  continue;
 833                              }
 834  
 835                              if ($row['left_id'] < $right)
 836                              {
 837                                  $padding .= '&nbsp; &nbsp;';
 838                                  $padding_store[$row['parent_id']] = $padding;
 839                              }
 840                              else if ($row['left_id'] > $right + 1)
 841                              {
 842                                  $padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
 843                              }
 844  
 845                              $right = $row['right_id'];
 846  
 847                              $selected = (in_array($row['forum_id'], $forum_ids)) ? ' selected="selected"' : '';
 848  
 849                              if ($row['left_id'] > $cat_right)
 850                              {
 851                                  // make sure we don't forget anything
 852                                  $s_forum_id_options .= $holding;
 853                                  $holding = '';
 854                              }
 855  
 856                              if ($row['right_id'] - $row['left_id'] > 1)
 857                              {
 858                                  $cat_right = max($cat_right, $row['right_id']);
 859  
 860                                  $holding .= '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
 861                              }
 862                              else
 863                              {
 864                                  $s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
 865                                  $holding = '';
 866                              }
 867                          }
 868  
 869                          if ($holding)
 870                          {
 871                              $s_forum_id_options .= $holding;
 872                          }
 873  
 874                          $db->sql_freeresult($result);
 875                          unset($padding_store);
 876  
 877                          $template->assign_vars(array(
 878                              'S_FORUM_ID_OPTIONS'    => $s_forum_id_options)
 879                          );
 880  
 881                      break;
 882                  }
 883  
 884                  $sql = 'SELECT *
 885                      FROM ' . EXTENSION_GROUPS_TABLE . '
 886                      ORDER BY allow_group DESC, allow_in_pm DESC, group_name';
 887                  $result = $db->sql_query($sql);
 888  
 889                  $old_allow_group = $old_allow_pm = 1;
 890                  while ($row = $db->sql_fetchrow($result))
 891                  {
 892                      $s_add_spacer = ($old_allow_group != $row['allow_group'] || $old_allow_pm != $row['allow_in_pm']) ? true : false;
 893  
 894                      $template->assign_block_vars('groups', array(
 895                          'S_ADD_SPACER'        => $s_add_spacer,
 896                          'S_ALLOWED_IN_PM'    => ($row['allow_in_pm']) ? true : false,
 897                          'S_GROUP_ALLOWED'    => ($row['allow_group']) ? true : false,
 898  
 899                          'U_EDIT'        => $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
 900                          'U_DELETE'        => $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",
 901  
 902                          'GROUP_NAME'    => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
 903                          'CATEGORY'        => $cat_lang[$row['cat_id']],
 904                          )
 905                      );
 906  
 907                      $old_allow_group = $row['allow_group'];
 908                      $old_allow_pm = $row['allow_in_pm'];
 909                  }
 910                  $db->sql_freeresult($result);
 911  
 912              break;
 913  
 914              case 'orphan':
 915  
 916                  /* @var $pagination \phpbb\pagination */
 917                  $pagination = $this->phpbb_container->get('pagination');
 918  
 919                  if ($submit)
 920                  {
 921                      $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
 922                      $add_files = (isset($_POST['add'])) ? array_keys($request->variable('add', array('' => 0))) : array();
 923                      $post_ids = $request->variable('post_id', array('' => 0));
 924  
 925                      if (count($delete_files))
 926                      {
 927                          $sql = 'SELECT *
 928                              FROM ' . ATTACHMENTS_TABLE . '
 929                              WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
 930                                  AND is_orphan = 1';
 931                          $result = $db->sql_query($sql);
 932  
 933                          $delete_files = array();
 934                          while ($row = $db->sql_fetchrow($result))
 935                          {
 936                              $this->attachment_manager->unlink($row['physical_filename'], 'file');
 937  
 938                              if ($row['thumbnail'])
 939                              {
 940                                  $this->attachment_manager->unlink($row['physical_filename'], 'thumbnail');
 941                              }
 942  
 943                              $delete_files[$row['attach_id']] = $row['real_filename'];
 944                          }
 945                          $db->sql_freeresult($result);
 946                      }
 947  
 948                      if (count($delete_files))
 949                      {
 950                          $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
 951                              WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files));
 952                          $db->sql_query($sql);
 953  
 954                          $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files)));
 955                          $notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files));
 956                      }
 957  
 958                      $upload_list = array();
 959                      foreach ($add_files as $attach_id)
 960                      {
 961                          if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
 962                          {
 963                              $upload_list[$attach_id] = $post_ids[$attach_id];
 964                          }
 965                      }
 966                      unset($add_files);
 967  
 968                      if (count($upload_list))
 969                      {
 970                          $template->assign_var('S_UPLOADING_FILES', true);
 971  
 972                          $sql = 'SELECT forum_id, forum_name
 973                              FROM ' . FORUMS_TABLE;
 974                          $result = $db->sql_query($sql);
 975  
 976                          $forum_names = array();
 977                          while ($row = $db->sql_fetchrow($result))
 978                          {
 979                              $forum_names[$row['forum_id']] = $row['forum_name'];
 980                          }
 981                          $db->sql_freeresult($result);
 982  
 983                          $sql = 'SELECT forum_id, topic_id, post_id, poster_id
 984                              FROM ' . POSTS_TABLE . '
 985                              WHERE ' . $db->sql_in_set('post_id', $upload_list);
 986                          $result = $db->sql_query($sql);
 987  
 988                          $post_info = array();
 989                          while ($row = $db->sql_fetchrow($result))
 990                          {
 991                              $post_info[$row['post_id']] = $row;
 992                          }
 993                          $db->sql_freeresult($result);
 994  
 995                          // Select those attachments we want to change...
 996                          $sql = 'SELECT *
 997                              FROM ' . ATTACHMENTS_TABLE . '
 998                              WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . '
 999                                  AND is_orphan = 1';
1000                          $result = $db->sql_query($sql);
1001  
1002                          $files_added = $space_taken = 0;
1003                          $error_msg = '';
1004                          $upload_row = [];
1005                          while ($row = $db->sql_fetchrow($result))
1006                          {
1007                              $upload_row = [
1008                                  'FILE_INFO'    => $user->lang('UPLOADING_FILE_TO', $row['real_filename'], $upload_list[$row['attach_id']]),
1009                              ];
1010  
1011                              if (isset($post_info[$upload_list[$row['attach_id']]]))
1012                              {
1013                                  $post_row = $post_info[$upload_list[$row['attach_id']]];
1014                                  $upload_row = array_merge($upload_row, [
1015                                      'S_DENIED'    => !$auth->acl_get('f_attach', $post_row['forum_id']),
1016                                      'L_DENIED'    => !$auth->acl_get('f_attach', $post_row['forum_id']) ? $user->lang('UPLOAD_DENIED_FORUM', $forum_names[$row['forum_id']]) : '',
1017                                  ]);
1018                              }
1019                              else
1020                              {
1021                                  $error_msg = $user->lang('UPLOAD_POST_NOT_EXIST', $row['real_filename'], $upload_list[$row['attach_id']]);
1022                                  $upload_row = array_merge($upload_row, [
1023                                      'ERROR_MSG'    => $error_msg,
1024                                  ]);
1025                              };
1026  
1027                              $template->assign_block_vars('upload', $upload_row);
1028  
1029                              if ($error_msg || !$auth->acl_get('f_attach', $post_row['forum_id']))
1030                              {
1031                                  continue;
1032                              }
1033  
1034                              // Adjust attachment entry
1035                              $sql_ary = [
1036                                  'in_message'    => 0,
1037                                  'is_orphan'        => 0,
1038                                  'poster_id'        => $post_row['poster_id'],
1039                                  'post_msg_id'    => $post_row['post_id'],
1040                                  'topic_id'        => $post_row['topic_id'],
1041                              ];
1042  
1043                              $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
1044                                  SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1045                                  WHERE attach_id = ' . $row['attach_id'];
1046                              $db->sql_query($sql);
1047  
1048                              $sql = 'UPDATE ' . POSTS_TABLE . '
1049                                  SET post_attachment = 1
1050                                  WHERE post_id = ' . $post_row['post_id'];
1051                              $db->sql_query($sql);
1052  
1053                              $sql = 'UPDATE ' . TOPICS_TABLE . '
1054                                  SET topic_attachment = 1
1055                                  WHERE topic_id = ' . $post_row['topic_id'];
1056                              $db->sql_query($sql);
1057  
1058                              $space_taken += $row['filesize'];
1059                              $files_added++;
1060  
1061                              $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, [$post_row['post_id'], $row['real_filename']]);
1062                          }
1063                          $db->sql_freeresult($result);
1064  
1065                          if ($files_added)
1066                          {
1067                              $config->increment('upload_dir_size', $space_taken, false);
1068                              $config->increment('num_files', $files_added, false);
1069                          }
1070                      }
1071                  }
1072  
1073                  $template->assign_vars([
1074                      'S_ORPHAN'        => true,
1075                  ]);
1076  
1077                  $attachments_per_page = (int) $config['topics_per_page'];
1078  
1079                  // Get total number or orphans older than 3 hours
1080                  $sql = 'SELECT COUNT(attach_id) as num_files, SUM(filesize) as total_size
1081                      FROM ' . ATTACHMENTS_TABLE . '
1082                      WHERE is_orphan = 1
1083                          AND filetime < ' . (time() - 3*60*60);
1084                  $result = $this->db->sql_query($sql);
1085                  $row = $this->db->sql_fetchrow($result);
1086                  $num_files = (int) $row['num_files'];
1087                  $total_size = (int) $row['total_size'];
1088                  $this->db->sql_freeresult($result);
1089  
1090                  $start = $request->variable('start', 0);
1091                  $start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1092  
1093                  // Just get the files with is_orphan set and older than 3 hours
1094                  $sql = 'SELECT *
1095                      FROM ' . ATTACHMENTS_TABLE . '
1096                      WHERE is_orphan = 1
1097                          AND filetime < ' . (time() - 3*60*60) . '
1098                      ORDER BY filetime DESC';
1099                  $result = $db->sql_query_limit($sql, $attachments_per_page, $start);
1100  
1101                  while ($row = $db->sql_fetchrow($result))
1102                  {
1103                      $template->assign_block_vars('orphan', [
1104                          'FILESIZE'            => get_formatted_filesize($row['filesize']),
1105                          'FILETIME'            => $user->format_date($row['filetime']),
1106                          'REAL_FILENAME'        => utf8_basename($row['real_filename']),
1107                          'PHYSICAL_FILENAME'    => utf8_basename($row['physical_filename']),
1108                          'ATTACH_ID'            => $row['attach_id'],
1109                          'POST_ID'            => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
1110                          'U_FILE'            => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']),
1111                      ]);
1112                  }
1113                  $db->sql_freeresult($result);
1114  
1115                  $pagination->generate_template_pagination(
1116                      $this->u_action,
1117                      'pagination',
1118                      'start',
1119                      $num_files,
1120                      $attachments_per_page,
1121                      $start
1122                  );
1123  
1124                  $template->assign_vars([
1125                      'TOTAL_FILES'        => $num_files,
1126                      'TOTAL_SIZE'        => get_formatted_filesize($total_size),
1127                  ]);
1128  
1129              break;
1130  
1131              case 'manage':
1132  
1133                  if ($submit)
1134                  {
1135                      $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
1136  
1137                      if (count($delete_files))
1138                      {
1139                          // Select those attachments we want to delete...
1140                          $sql = 'SELECT real_filename
1141                              FROM ' . ATTACHMENTS_TABLE . '
1142                              WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
1143                                  AND is_orphan = 0';
1144                          $result = $db->sql_query($sql);
1145                          while ($row = $db->sql_fetchrow($result))
1146                          {
1147                              $deleted_filenames[] = $row['real_filename'];
1148                          }
1149                          $db->sql_freeresult($result);
1150  
1151                          if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files))
1152                          {
1153                              if (count($delete_files) != $num_deleted)
1154                              {
1155                                  $error[] = $user->lang['FILES_GONE'];
1156                              }
1157  
1158                              $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames)));
1159                              $notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames));
1160                          }
1161                          else
1162                          {
1163                              $error[] = $user->lang['NO_FILES_TO_DELETE'];
1164                          }
1165                      }
1166                  }
1167  
1168                  if ($action == 'stats')
1169                  {
1170                      $this->handle_stats_resync();
1171                  }
1172  
1173                  $stats_error = $this->check_stats_accuracy();
1174  
1175                  if ($stats_error)
1176                  {
1177                      $error[] = $stats_error;
1178                  }
1179  
1180                  $template->assign_vars(array(
1181                      'S_MANAGE'        => true,
1182                  ));
1183  
1184                  $start        = $request->variable('start', 0);
1185  
1186                  // Sort keys
1187                  $sort_days    = $request->variable('st', 0);
1188                  $sort_key    = $request->variable('sk', 't');
1189                  $sort_dir    = $request->variable('sd', 'd');
1190  
1191                  // Sorting
1192                  $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1193                  $sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']);
1194                  $sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username');
1195  
1196                  $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1197                  gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1198  
1199                  $min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : '';
1200                  $limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : '';
1201                  $start = ($sort_days && isset($_POST['sort'])) ? 0 : $start;
1202  
1203                  $attachments_per_page = (int) $config['topics_per_page'];
1204  
1205                  $stats = $this->get_attachment_stats($limit_filetime);
1206                  $num_files = $stats['num_files'];
1207                  $total_size = $stats['upload_dir_size'];
1208  
1209                  // Make sure $start is set to the last page if it exceeds the amount
1210                  /* @var $pagination \phpbb\pagination */
1211                  $pagination = $phpbb_container->get('pagination');
1212                  $start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1213  
1214                  // If the user is trying to reach the second half of the attachments list, fetch it starting from the end
1215                  $store_reverse = false;
1216                  $sql_limit = $attachments_per_page;
1217  
1218                  if ($start > $num_files / 2)
1219                  {
1220                      $store_reverse = true;
1221  
1222                      // Select the sort order. Add time sort anchor for non-time sorting cases
1223                      $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : '';
1224                      $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor;
1225                      $sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files);
1226                      $sql_start = $pagination->reverse_start($start, $sql_limit, $num_files);
1227                  }
1228                  else
1229                  {
1230                      // Select the sort order. Add time sort anchor for non-time sorting cases
1231                      $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : '';
1232                      $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor;
1233                      $sql_start = $start;
1234                  }
1235  
1236                  $attachments_list = array();
1237  
1238                  // Just get the files
1239                  $sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title
1240                      FROM ' . ATTACHMENTS_TABLE . ' a
1241                      LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id)
1242                      LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)
1243                      WHERE a.is_orphan = 0
1244                          $limit_filetime
1245                      ORDER BY $sql_sort_order";
1246                  $result = $db->sql_query_limit($sql, $sql_limit, $sql_start);
1247  
1248                  $i = ($store_reverse) ? $sql_limit - 1 : 0;
1249  
1250                  // Store increment value in a variable to save some conditional calls
1251                  $i_increment = ($store_reverse) ? -1 : 1;
1252                  while ($attachment_row = $db->sql_fetchrow($result))
1253                  {
1254                      $attachments_list[$i] = $attachment_row;
1255                      $i = $i + $i_increment;
1256                  }
1257                  $db->sql_freeresult($result);
1258  
1259                  $base_url = $this->u_action . "&amp;$u_sort_param";
1260                  $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start);
1261  
1262                  $template->assign_vars(array(
1263                      'TOTAL_FILES'        => $num_files,
1264                      'TOTAL_SIZE'        => get_formatted_filesize($total_size),
1265  
1266                      'S_LIMIT_DAYS'        => $s_limit_days,
1267                      'S_SORT_KEY'        => $s_sort_key,
1268                      'S_SORT_DIR'        => $s_sort_dir)
1269                  );
1270  
1271                  // Grab extensions
1272                  $extensions = $cache->obtain_attach_extensions(true);
1273  
1274                  for ($i = 0, $end = count($attachments_list); $i < $end; ++$i)
1275                  {
1276                      $row = $attachments_list[$i];
1277  
1278                      $row['extension'] = strtolower(trim((string) $row['extension']));
1279                      $comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : '';
1280                      $display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
1281                      $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS';
1282  
1283                      $template->assign_block_vars('attachments', array(
1284                          'ATTACHMENT_POSTER'    => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
1285                          'FILESIZE'            => get_formatted_filesize((int) $row['filesize']),
1286                          'FILETIME'            => $user->format_date((int) $row['filetime']),
1287                          'REAL_FILENAME'        => utf8_basename((string) $row['real_filename']),
1288                          'EXT_GROUP_NAME'    => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ?  $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
1289                          'COMMENT'            => $comment,
1290                          'TOPIC_TITLE'        => (!$row['in_message']) ? (string) $row['topic_title'] : '',
1291                          'ATTACH_ID'            => (int) $row['attach_id'],
1292  
1293                          'L_DOWNLOAD_COUNT'    => $user->lang($l_downloaded_viewed, (int) $row['download_count']),
1294  
1295                          'S_IN_MESSAGE'        => (bool) $row['in_message'],
1296  
1297                          'U_VIEW_TOPIC'        => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
1298                          'U_FILE'            => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
1299                      );
1300                  }
1301  
1302              break;
1303          }
1304  
1305          if (count($error))
1306          {
1307              $template->assign_vars(array(
1308                  'S_WARNING'        => true,
1309                  'WARNING_MSG'    => implode('<br />', $error))
1310              );
1311          }
1312  
1313          if (count($notify))
1314          {
1315              $template->assign_vars(array(
1316                  'S_NOTIFY'        => true,
1317                  'NOTIFY_MSG'    => implode('<br />', $notify))
1318              );
1319          }
1320      }
1321  
1322      /**
1323      * Get attachment file count and size of upload directory
1324      *
1325      * @param $limit string    Additional limit for WHERE clause to filter stats by.
1326      * @return array Returns array with stats: num_files and upload_dir_size
1327      */
1328  	public function get_attachment_stats($limit = '')
1329      {
1330          $sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
1331              FROM ' . ATTACHMENTS_TABLE . " a
1332              WHERE a.is_orphan = 0
1333                  $limit";
1334          $result = $this->db->sql_query($sql);
1335          $row = $this->db->sql_fetchrow($result);
1336          $this->db->sql_freeresult($result);
1337  
1338          return array(
1339              'num_files'            => (int) $row['num_files'],
1340              'upload_dir_size'    => (float) $row['upload_dir_size'],
1341          );
1342      }
1343  
1344      /**
1345      * Set config attachment stat values
1346      *
1347      * @param $stats array    Array of config key => value pairs to set.
1348      * @return null
1349      */
1350  	public function set_attachment_stats($stats)
1351      {
1352          foreach ($stats as $key => $value)
1353          {
1354              $this->config->set($key, $value, true);
1355          }
1356      }
1357  
1358      /**
1359      * Check accuracy of attachment statistics.
1360      *
1361      * @return bool|string    Returns false if stats are correct or error message
1362      *    otherwise.
1363      */
1364  	public function check_stats_accuracy()
1365      {
1366          // Get fresh stats.
1367          $stats = $this->get_attachment_stats();
1368  
1369          // Get current files stats
1370          $num_files = (int) $this->config['num_files'];
1371          $total_size = (float) $this->config['upload_dir_size'];
1372  
1373          if (($num_files != $stats['num_files']) || ($total_size != $stats['upload_dir_size']))
1374          {
1375              $u_resync = $this->u_action . '&amp;action=stats';
1376  
1377              return $this->user->lang(
1378                  'FILES_STATS_WRONG',
1379                  (int) $stats['num_files'],
1380                  get_formatted_filesize($stats['upload_dir_size']),
1381                  '<a href="' . $u_resync . '">',
1382                  '</a>'
1383              );
1384          }
1385          return false;
1386      }
1387  
1388      /**
1389      * Handle stats resync.
1390      *
1391      * @return null
1392      */
1393  	public function handle_stats_resync()
1394      {
1395          if (!confirm_box(true))
1396          {
1397              confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array(
1398                  'i'            => $this->id,
1399                  'mode'        => 'manage',
1400                  'action'    => 'stats',
1401              )));
1402          }
1403          else
1404          {
1405              $this->set_attachment_stats($this->get_attachment_stats());
1406  
1407              /* @var $log \phpbb\log\log_interface */
1408              $log = $this->phpbb_container->get('log');
1409              $log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS');
1410          }
1411  
1412      }
1413  
1414      /**
1415      * Build Select for category items
1416      */
1417  	function category_select($select_name, $group_id = false, $key = '')
1418      {
1419          global $db, $user;
1420  
1421          $types = array(
1422              ATTACHMENT_CATEGORY_NONE        => $user->lang['NO_FILE_CAT'],
1423              ATTACHMENT_CATEGORY_IMAGE        => $user->lang['CAT_IMAGES'],
1424          );
1425  
1426          if ($group_id)
1427          {
1428              $sql = 'SELECT cat_id
1429                  FROM ' . EXTENSION_GROUPS_TABLE . '
1430                  WHERE group_id = ' . (int) $group_id;
1431              $result = $db->sql_query($sql);
1432  
1433              $cat_type = (!($row = $db->sql_fetchrow($result))) ? ATTACHMENT_CATEGORY_NONE : $row['cat_id'];
1434  
1435              $db->sql_freeresult($result);
1436          }
1437          else
1438          {
1439              $cat_type = ATTACHMENT_CATEGORY_NONE;
1440          }
1441  
1442          $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
1443  
1444          foreach ($types as $type => $mode)
1445          {
1446              $selected = ($type == $cat_type) ? ' selected="selected"' : '';
1447              $group_select .= '<option value="' . $type . '"' . $selected . '>' . $mode . '</option>';
1448          }
1449  
1450          $group_select .= '</select>';
1451  
1452          return $group_select;
1453      }
1454  
1455      /**
1456      * Extension group select
1457      */
1458  	function group_select($select_name, $default_group = false, $key = '')
1459      {
1460          global $db, $user;
1461  
1462          $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
1463  
1464          $sql = 'SELECT group_id, group_name
1465              FROM ' . EXTENSION_GROUPS_TABLE . '
1466              ORDER BY group_name';
1467          $result = $db->sql_query($sql);
1468  
1469          $group_name = array();
1470          while ($row = $db->sql_fetchrow($result))
1471          {
1472              $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
1473              $group_name[] = $row;
1474          }
1475          $db->sql_freeresult($result);
1476  
1477          $row['group_id'] = 0;
1478          $row['group_name'] = $user->lang['NOT_ASSIGNED'];
1479          $group_name[] = $row;
1480  
1481          for ($i = 0, $groups_size = count($group_name); $i < $groups_size; $i++)
1482          {
1483              if ($default_group === false)
1484              {
1485                  $selected = ($i == 0) ? ' selected="selected"' : '';
1486              }
1487              else
1488              {
1489                  $selected = ($group_name[$i]['group_id'] == $default_group) ? ' selected="selected"' : '';
1490              }
1491  
1492              $group_select .= '<option value="' . $group_name[$i]['group_id'] . '"' . $selected . '>' . $group_name[$i]['group_name'] . '</option>';
1493          }
1494  
1495          $group_select .= '</select>';
1496  
1497          return $group_select;
1498      }
1499  
1500      /**
1501      * Test Settings
1502      */
1503  	function test_upload(&$error, $upload_dir, $create_directory = false)
1504      {
1505          global $user, $phpbb_root_path;
1506  
1507          // Does the target directory exist, is it a directory and writable.
1508          if ($create_directory)
1509          {
1510              if (!file_exists($phpbb_root_path . $upload_dir))
1511              {
1512                  @mkdir($phpbb_root_path . $upload_dir, 0777);
1513  
1514                  try
1515                  {
1516                      $this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
1517                  }
1518                  catch (\phpbb\filesystem\exception\filesystem_exception $e)
1519                  {
1520                      // Do nothing
1521                  }
1522              }
1523          }
1524  
1525          if (!file_exists($phpbb_root_path . $upload_dir))
1526          {
1527              $error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $upload_dir);
1528              return;
1529          }
1530  
1531          if (!is_dir($phpbb_root_path . $upload_dir))
1532          {
1533              $error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $upload_dir);
1534              return;
1535          }
1536  
1537          if (!$this->filesystem->is_writable($phpbb_root_path . $upload_dir))
1538          {
1539              $error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
1540              return;
1541          }
1542      }
1543  
1544      /**
1545      * Perform operations on sites for external linking
1546      */
1547  	function perform_site_list()
1548      {
1549          global $db, $user, $request, $phpbb_log;
1550  
1551          if (isset($_REQUEST['securesubmit']))
1552          {
1553              // Grab the list of entries
1554              $ips = $request->variable('ips', '');
1555              $ip_list = array_unique(explode("\n", $ips));
1556              $ip_list_log = implode(', ', $ip_list);
1557  
1558              $ip_exclude = (int) $request->variable('ipexclude', false, false, \phpbb\request\request_interface::POST);
1559  
1560              $iplist = array();
1561              $hostlist = array();
1562  
1563              foreach ($ip_list as $item)
1564              {
1565                  if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode))
1566                  {
1567                      // Don't ask about all this, just don't ask ... !
1568                      $ip_1_counter = $ip_range_explode[1];
1569                      $ip_1_end = $ip_range_explode[5];
1570  
1571                      while ($ip_1_counter <= $ip_1_end)
1572                      {
1573                          $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
1574                          $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
1575  
1576                          if ($ip_2_counter == 0 && $ip_2_end == 254)
1577                          {
1578                              $ip_2_counter = 256;
1579  
1580                              $iplist[] = "'$ip_1_counter.*'";
1581                          }
1582  
1583                          while ($ip_2_counter <= $ip_2_end)
1584                          {
1585                              $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
1586                              $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
1587  
1588                              if ($ip_3_counter == 0 && $ip_3_end == 254)
1589                              {
1590                                  $ip_3_counter = 256;
1591  
1592                                  $iplist[] = "'$ip_1_counter.$ip_2_counter.*'";
1593                              }
1594  
1595                              while ($ip_3_counter <= $ip_3_end)
1596                              {
1597                                  $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
1598                                  $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
1599  
1600                                  if ($ip_4_counter == 0 && $ip_4_end == 254)
1601                                  {
1602                                      $ip_4_counter = 256;
1603  
1604                                      $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
1605                                  }
1606  
1607                                  while ($ip_4_counter <= $ip_4_end)
1608                                  {
1609                                      $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
1610                                      $ip_4_counter++;
1611                                  }
1612                                  $ip_3_counter++;
1613                              }
1614                              $ip_2_counter++;
1615                          }
1616                          $ip_1_counter++;
1617                      }
1618                  }
1619                  else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($item)))
1620                  {
1621                      $iplist[] = "'" . trim($item) . "'";
1622                  }
1623                  else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item)))
1624                  {
1625                      $hostlist[] = "'" . trim($item) . "'";
1626                  }
1627                  else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item)))
1628                  {
1629                      $hostlist[] = "'" . trim($item) . "'";
1630                  }
1631              }
1632  
1633              $sql = 'SELECT site_ip, site_hostname
1634                  FROM ' . SITELIST_TABLE . "
1635                  WHERE ip_exclude = $ip_exclude";
1636              $result = $db->sql_query($sql);
1637  
1638              if ($row = $db->sql_fetchrow($result))
1639              {
1640                  $iplist_tmp = array();
1641                  $hostlist_tmp = array();
1642                  do
1643                  {
1644                      if ($row['site_ip'])
1645                      {
1646                          if (strlen($row['site_ip']) > 40)
1647                          {
1648                              continue;
1649                          }
1650  
1651                          $iplist_tmp[] = "'" . $row['site_ip'] . "'";
1652                      }
1653                      else if ($row['site_hostname'])
1654                      {
1655                          if (strlen($row['site_hostname']) > 255)
1656                          {
1657                              continue;
1658                          }
1659  
1660                          $hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
1661                      }
1662                      // break;
1663                  }
1664                  while ($row = $db->sql_fetchrow($result));
1665  
1666                  $iplist = array_unique(array_diff($iplist, $iplist_tmp));
1667                  $hostlist = array_unique(array_diff($hostlist, $hostlist_tmp));
1668                  unset($iplist_tmp);
1669                  unset($hostlist_tmp);
1670              }
1671              $db->sql_freeresult($result);
1672  
1673              if (count($iplist))
1674              {
1675                  foreach ($iplist as $ip_entry)
1676                  {
1677                      $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude)
1678                          VALUES ($ip_entry, $ip_exclude)";
1679                      $db->sql_query($sql);
1680                  }
1681              }
1682  
1683              if (count($hostlist))
1684              {
1685                  foreach ($hostlist as $host_entry)
1686                  {
1687                      $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_hostname, ip_exclude)
1688                          VALUES ($host_entry, $ip_exclude)";
1689                      $db->sql_query($sql);
1690                  }
1691              }
1692  
1693              if (!empty($ip_list_log))
1694              {
1695                  // Update log
1696                  $log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP';
1697                  $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry, false, array($ip_list_log));
1698              }
1699  
1700              trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1701          }
1702          else if (isset($_POST['unsecuresubmit']))
1703          {
1704              $unip_sql = $request->variable('unip', array(0));
1705  
1706              if (count($unip_sql))
1707              {
1708                  $l_unip_list = '';
1709  
1710                  // Grab details of ips for logging information later
1711                  $sql = 'SELECT site_ip, site_hostname
1712                      FROM ' . SITELIST_TABLE . '
1713                      WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1714                  $result = $db->sql_query($sql);
1715  
1716                  while ($row = $db->sql_fetchrow($result))
1717                  {
1718                      $l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']);
1719                  }
1720                  $db->sql_freeresult($result);
1721  
1722                  $sql = 'DELETE FROM ' . SITELIST_TABLE . '
1723                      WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1724                  $db->sql_query($sql);
1725  
1726                  $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DOWNLOAD_REMOVE_IP', false, array($l_unip_list));
1727              }
1728  
1729              trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1730          }
1731      }
1732  
1733      /**
1734      * Write display_order config field
1735      */
1736  	function display_order($value, $key = '')
1737      {
1738          $radio_ary = array(0 => 'DESCENDING', 1 => 'ASCENDING');
1739  
1740          return h_radio('config[display_order]', $radio_ary, $value, $key);
1741      }
1742  
1743      /**
1744      * Adjust all three max_filesize config vars for display
1745      */
1746  	function max_filesize($value, $key = '')
1747      {
1748          // Determine size var and adjust the value accordingly
1749          $filesize = get_formatted_filesize($value, false, array('mb', 'kb', 'b'));
1750          $size_var = $filesize['si_identifier'];
1751          $value = $filesize['value'];
1752  
1753          // size and maxlength must not be specified for input of type number
1754          return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
1755      }
1756  
1757      /**
1758      * Write secure_allow_deny config field
1759      */
1760  	function select_allow_deny($value, $key = '')
1761      {
1762          $radio_ary = array(1 => 'ORDER_ALLOW_DENY', 0 => 'ORDER_DENY_ALLOW');
1763  
1764          return h_radio('config[' . $key . ']', $radio_ary, $value, $key);
1765      }
1766  
1767  }


Generated: Sun Jun 23 12:25:44 2024 Cross-referenced by PHPXref 0.7.1