[ Index ] |
PHP Cross Reference of phpBB-3.3.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 class acp_attachments 23 { 24 /** @var \phpbb\db\driver\driver_interface */ 25 protected $db; 26 27 /** @var \phpbb\config\config */ 28 protected $config; 29 30 /** @var \phpbb\language\language */ 31 protected $language; 32 33 /** @var ContainerBuilder */ 34 protected $phpbb_container; 35 36 /** @var \phpbb\template\template */ 37 protected $template; 38 39 /** @var \phpbb\user */ 40 protected $user; 41 42 /** @var \phpbb\filesystem\filesystem_interface */ 43 protected $filesystem; 44 45 /** @var \phpbb\attachment\manager */ 46 protected $attachment_manager; 47 48 public $id; 49 public $u_action; 50 protected $new_config; 51 52 function main($id, $mode) 53 { 54 global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem, $phpbb_dispatcher; 55 global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request; 56 57 $this->id = $id; 58 $this->db = $db; 59 $this->config = $config; 60 $this->language = $phpbb_container->get('language'); 61 $this->template = $template; 62 $this->user = $user; 63 $this->phpbb_container = $phpbb_container; 64 $this->filesystem = $phpbb_filesystem; 65 $this->attachment_manager = $phpbb_container->get('attachment.manager'); 66 67 $user->add_lang(array('posting', 'viewtopic', 'acp/attachments')); 68 69 $error = $notify = array(); 70 $submit = (isset($_POST['submit'])) ? true : false; 71 $action = $request->variable('action', ''); 72 73 $form_key = 'acp_attach'; 74 add_form_key($form_key); 75 76 if ($submit && !check_form_key($form_key)) 77 { 78 trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); 79 } 80 81 switch ($mode) 82 { 83 case 'attach': 84 $l_title = 'ACP_ATTACHMENT_SETTINGS'; 85 break; 86 87 case 'extensions': 88 $l_title = 'ACP_MANAGE_EXTENSIONS'; 89 break; 90 91 case 'ext_groups': 92 $l_title = 'ACP_EXTENSION_GROUPS'; 93 break; 94 95 case 'orphan': 96 $l_title = 'ACP_ORPHAN_ATTACHMENTS'; 97 break; 98 99 case 'manage': 100 $l_title = 'ACP_MANAGE_ATTACHMENTS'; 101 break; 102 103 default: 104 trigger_error('NO_MODE', E_USER_ERROR); 105 break; 106 } 107 108 $this->tpl_name = 'acp_attachments'; 109 $this->page_title = $l_title; 110 111 $template->assign_vars(array( 112 'L_TITLE' => $user->lang[$l_title], 113 'L_TITLE_EXPLAIN' => $user->lang[$l_title . '_EXPLAIN'], 114 'U_ACTION' => $this->u_action) 115 ); 116 117 switch ($mode) 118 { 119 case 'attach': 120 121 if (!function_exists('get_supported_image_types')) 122 { 123 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); 124 } 125 126 $allowed_pm_groups = []; 127 $allowed_post_groups = []; 128 $s_assigned_groups = []; 129 130 $sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm 131 FROM ' . EXTENSION_GROUPS_TABLE . ' 132 WHERE cat_id > 0 133 ORDER BY cat_id'; 134 $result = $db->sql_query($sql); 135 while ($row = $db->sql_fetchrow($result)) 136 { 137 $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; 138 $s_assigned_groups[$row['cat_id']][] = $row['group_name']; 139 140 if ($row['allow_group']) 141 { 142 $allowed_post_groups[] = $row['group_id']; 143 } 144 145 if ($row['allow_in_pm']) 146 { 147 $allowed_pm_groups[] = $row['group_id']; 148 } 149 } 150 $db->sql_freeresult($result); 151 152 $l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((!empty($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']'; 153 154 $display_vars = array( 155 'title' => 'ACP_ATTACHMENT_SETTINGS', 156 'vars' => array( 157 'legend1' => 'ACP_ATTACHMENT_SETTINGS', 158 159 'img_max_width' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,), 160 'img_max_height' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,), 161 'img_link_width' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,), 162 'img_link_height' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,), 163 164 'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 165 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 166 'max_attachments' => array('lang' => 'MAX_ATTACHMENTS', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false), 167 'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false), 168 'upload_path' => array('lang' => 'UPLOAD_DIR', 'validate' => 'wpath', 'type' => 'text:25:100', 'explain' => true), 169 'display_order' => array('lang' => 'DISPLAY_ORDER', 'validate' => 'bool', 'type' => 'custom', 'method' => 'display_order', 'explain' => true), 170 'attachment_quota' => array('lang' => 'ATTACH_QUOTA', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 171 'max_filesize' => array('lang' => 'ATTACH_MAX_FILESIZE', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 172 'max_filesize_pm' => array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true), 173 'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 174 'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true), 175 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 176 'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 177 178 'legend2' => $l_legend_cat_images, 179 'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 180 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 181 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 182 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), 183 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 184 'img_strip_metadata' => array('lang' => 'IMAGE_STRIP_METADATA', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 185 'img_quality' => array('lang' => 'IMAGE_QUALITY', 'validate' => 'int:50:90', 'type' => 'number:50:90', 'explain' => true, 'append' => ' %'), 186 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 187 ) 188 ); 189 190 /** 191 * Event to add and/or modify acp_attachement configurations 192 * 193 * @event core.acp_attachments_config_edit_add 194 * @var array display_vars Array of config values to display and process 195 * @var string mode Mode of the config page we are displaying 196 * @var boolean submit Do we display the form or process the submission 197 * @since 3.1.11-RC1 198 */ 199 $vars = array('display_vars', 'mode', 'submit'); 200 extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars))); 201 202 $this->new_config = $config; 203 $cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => '')) : $this->new_config; 204 $error = array(); 205 206 // We validate the complete config if whished 207 validate_config_vars($display_vars['vars'], $cfg_array, $error); 208 209 // Do not write values if there is an error 210 if (count($error)) 211 { 212 $submit = false; 213 } 214 215 // We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to... 216 foreach ($display_vars['vars'] as $config_name => $null) 217 { 218 if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false) 219 { 220 continue; 221 } 222 223 $this->new_config[$config_name] = $config_value = $cfg_array[$config_name]; 224 225 if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm'))) 226 { 227 $size_var = $request->variable($config_name, ''); 228 229 $config_value = (int) $config_value; 230 231 $this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value); 232 } 233 234 if ($submit) 235 { 236 $config->set($config_name, $config_value); 237 } 238 } 239 240 $this->perform_site_list(); 241 242 if ($submit) 243 { 244 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH'); 245 246 // Check Settings 247 $this->test_upload($error, $this->new_config['upload_path'], false); 248 249 if (!count($error)) 250 { 251 trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); 252 } 253 } 254 255 $template->assign_var('S_ATTACHMENT_SETTINGS', true); 256 257 // Secure Download Options - Same procedure as with banning 258 $allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED'; 259 260 $sql = 'SELECT * 261 FROM ' . SITELIST_TABLE; 262 $result = $db->sql_query($sql); 263 264 $defined_ips = ''; 265 $ips = array(); 266 267 while ($row = $db->sql_fetchrow($result)) 268 { 269 $value = ($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']; 270 if ($value) 271 { 272 $defined_ips .= '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>'; 273 $ips[$row['site_id']] = $value; 274 } 275 } 276 $db->sql_freeresult($result); 277 278 $template->assign_vars(array( 279 'S_EMPTY_PM_GROUPS' => empty($allowed_pm_groups), 280 'S_EMPTY_POST_GROUPS' => empty($allowed_post_groups), 281 'S_SECURE_DOWNLOADS' => $this->new_config['secure_downloads'], 282 'S_DEFINED_IPS' => ($defined_ips != '') ? true : false, 283 'S_WARNING' => (count($error)) ? true : false, 284 285 'U_EXTENSION_GROUPS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=ext_groups"), 286 287 'WARNING_MSG' => implode('<br />', $error), 288 'DEFINED_IPS' => $defined_ips, 289 290 'L_SECURE_TITLE' => $user->lang['DEFINE_' . $allow_deny . '_IPS'], 291 'L_IP_EXCLUDE' => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'], 292 'L_REMOVE_IPS' => $user->lang['REMOVE_' . $allow_deny . '_IPS']) 293 ); 294 295 // Output relevant options 296 foreach ($display_vars['vars'] as $config_key => $vars) 297 { 298 if (!is_array($vars) && strpos($config_key, 'legend') === false) 299 { 300 continue; 301 } 302 303 if (strpos($config_key, 'legend') !== false) 304 { 305 $template->assign_block_vars('options', array( 306 'S_LEGEND' => true, 307 'LEGEND' => (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars) 308 ); 309 310 continue; 311 } 312 313 $type = explode(':', $vars['type']); 314 315 $l_explain = ''; 316 if ($vars['explain'] && isset($vars['lang_explain'])) 317 { 318 $l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain']; 319 } 320 else if ($vars['explain']) 321 { 322 $l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : ''; 323 } 324 325 $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars); 326 if (empty($content)) 327 { 328 continue; 329 } 330 331 $template->assign_block_vars('options', array( 332 'KEY' => $config_key, 333 'TITLE' => $user->lang[$vars['lang']], 334 'S_EXPLAIN' => $vars['explain'], 335 'TITLE_EXPLAIN' => $l_explain, 336 'CONTENT' => $content, 337 ) 338 ); 339 340 unset($display_vars['vars'][$config_key]); 341 } 342 343 break; 344 345 case 'extensions': 346 347 if ($submit || isset($_POST['add_extension_check'])) 348 { 349 if ($submit) 350 { 351 // Change Extensions ? 352 $extension_change_list = $request->variable('extension_change_list', array(0)); 353 $group_select_list = $request->variable('group_select', array(0)); 354 355 // Generate correct Change List 356 $extensions = array(); 357 358 for ($i = 0, $size = count($extension_change_list); $i < $size; $i++) 359 { 360 $extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i]; 361 } 362 363 $sql = 'SELECT * 364 FROM ' . EXTENSIONS_TABLE . ' 365 ORDER BY extension_id'; 366 $result = $db->sql_query($sql); 367 368 while ($row = $db->sql_fetchrow($result)) 369 { 370 if ($row['group_id'] != $extensions[$row['extension_id']]['group_id']) 371 { 372 $sql = 'UPDATE ' . EXTENSIONS_TABLE . ' 373 SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . ' 374 WHERE extension_id = ' . $row['extension_id']; 375 $db->sql_query($sql); 376 377 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension'])); 378 } 379 } 380 $db->sql_freeresult($result); 381 382 // Delete Extension? 383 $extension_id_list = $request->variable('extension_id_list', array(0)); 384 385 if (count($extension_id_list)) 386 { 387 $sql = 'SELECT extension 388 FROM ' . EXTENSIONS_TABLE . ' 389 WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); 390 $result = $db->sql_query($sql); 391 392 $extension_list = ''; 393 while ($row = $db->sql_fetchrow($result)) 394 { 395 $extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension']; 396 } 397 $db->sql_freeresult($result); 398 399 $sql = 'DELETE 400 FROM ' . EXTENSIONS_TABLE . ' 401 WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); 402 $db->sql_query($sql); 403 404 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list)); 405 } 406 } 407 408 // Add Extension? 409 $add_extension = strtolower($request->variable('add_extension', '')); 410 $add_extension_group = $request->variable('add_group_select', 0); 411 $add = (isset($_POST['add_extension_check'])) ? true : false; 412 413 if ($add_extension && $add) 414 { 415 if (!count($error)) 416 { 417 $sql = 'SELECT extension_id 418 FROM ' . EXTENSIONS_TABLE . " 419 WHERE extension = '" . $db->sql_escape($add_extension) . "'"; 420 $result = $db->sql_query($sql); 421 422 if ($row = $db->sql_fetchrow($result)) 423 { 424 $error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension); 425 } 426 $db->sql_freeresult($result); 427 428 if (!count($error)) 429 { 430 $sql_ary = array( 431 'group_id' => $add_extension_group, 432 'extension' => $add_extension 433 ); 434 435 $db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); 436 437 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension)); 438 } 439 } 440 } 441 442 if (!count($error)) 443 { 444 $notify[] = $user->lang['EXTENSIONS_UPDATED']; 445 } 446 447 $cache->destroy('_extensions'); 448 } 449 450 $template->assign_vars(array( 451 'S_EXTENSIONS' => true, 452 'ADD_EXTENSION' => (isset($add_extension)) ? $add_extension : '', 453 'GROUP_SELECT_OPTIONS' => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group')) 454 ); 455 456 $sql = 'SELECT * 457 FROM ' . EXTENSIONS_TABLE . ' 458 ORDER BY group_id, extension'; 459 $result = $db->sql_query($sql); 460 461 if ($row = $db->sql_fetchrow($result)) 462 { 463 $old_group_id = $row['group_id']; 464 do 465 { 466 $s_spacer = false; 467 468 $current_group_id = $row['group_id']; 469 if ($old_group_id != $current_group_id) 470 { 471 $s_spacer = true; 472 $old_group_id = $current_group_id; 473 } 474 475 $template->assign_block_vars('extensions', array( 476 'S_SPACER' => $s_spacer, 477 'EXTENSION_ID' => $row['extension_id'], 478 'EXTENSION' => $row['extension'], 479 'GROUP_OPTIONS' => $this->group_select('group_select[]', $row['group_id'])) 480 ); 481 } 482 while ($row = $db->sql_fetchrow($result)); 483 } 484 $db->sql_freeresult($result); 485 486 break; 487 488 case 'ext_groups': 489 490 $template->assign_var('S_EXTENSION_GROUPS', true); 491 492 if ($submit) 493 { 494 $action = $request->variable('action', ''); 495 $group_id = $request->variable('g', 0); 496 497 if ($action != 'add' && $action != 'edit') 498 { 499 trigger_error('NO_MODE', E_USER_ERROR); 500 } 501 502 if (!$group_id && $action == 'edit') 503 { 504 trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); 505 } 506 507 if ($group_id) 508 { 509 $sql = 'SELECT * 510 FROM ' . EXTENSION_GROUPS_TABLE . " 511 WHERE group_id = $group_id"; 512 $result = $db->sql_query($sql); 513 $ext_row = $db->sql_fetchrow($result); 514 $db->sql_freeresult($result); 515 516 if (!$ext_row) 517 { 518 trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); 519 } 520 } 521 else 522 { 523 $ext_row = array(); 524 } 525 526 $group_name = $request->variable('group_name', '', true); 527 $new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : ''); 528 529 if (!$group_name) 530 { 531 $error[] = $user->lang['NO_EXT_GROUP_NAME']; 532 } 533 534 // Check New Group Name 535 if ($new_group_name) 536 { 537 $sql = 'SELECT group_id 538 FROM ' . EXTENSION_GROUPS_TABLE . " 539 WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'"; 540 if ($group_id) 541 { 542 $sql .= ' AND group_id <> ' . $group_id; 543 } 544 $result = $db->sql_query($sql); 545 546 if ($db->sql_fetchrow($result)) 547 { 548 $error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name); 549 } 550 $db->sql_freeresult($result); 551 } 552 553 if (!count($error)) 554 { 555 // Ok, build the update/insert array 556 $upload_icon = $request->variable('upload_icon', 'no_image'); 557 $size_select = $request->variable('size_select', 'b'); 558 $forum_select = $request->variable('forum_select', false); 559 $allowed_forums = $request->variable('allowed_forums', array(0)); 560 $allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false; 561 $max_filesize = $request->variable('max_filesize', 0); 562 $max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize); 563 $allow_group = (isset($_POST['allow_group'])) ? true : false; 564 565 if ($max_filesize == $config['max_filesize']) 566 { 567 $max_filesize = 0; 568 } 569 570 if (!count($allowed_forums)) 571 { 572 $forum_select = false; 573 } 574 575 $group_ary = array( 576 'group_name' => $group_name, 577 'cat_id' => $request->variable('special_category', ATTACHMENT_CATEGORY_NONE), 578 'allow_group' => ($allow_group) ? 1 : 0, 579 'upload_icon' => ($upload_icon == 'no_image') ? '' : $upload_icon, 580 'max_filesize' => $max_filesize, 581 'allowed_forums'=> ($forum_select) ? serialize($allowed_forums) : '', 582 'allow_in_pm' => ($allow_in_pm) ? 1 : 0, 583 ); 584 585 if ($action == 'add') 586 { 587 $group_ary['download_mode'] = INLINE_LINK; 588 } 589 590 $sql = ($action == 'add') ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET '; 591 $sql .= $db->sql_build_array((($action == 'add') ? 'INSERT' : 'UPDATE'), $group_ary); 592 $sql .= ($action == 'edit') ? " WHERE group_id = $group_id" : ''; 593 594 $db->sql_query($sql); 595 596 if ($action == 'add') 597 { 598 $group_id = $db->sql_nextid(); 599 } 600 601 $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name; 602 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name)); 603 } 604 605 $extension_list = $request->variable('extensions', array(0)); 606 607 if ($action == 'edit' && count($extension_list)) 608 { 609 $sql = 'UPDATE ' . EXTENSIONS_TABLE . " 610 SET group_id = 0 611 WHERE group_id = $group_id"; 612 $db->sql_query($sql); 613 } 614 615 if (count($extension_list)) 616 { 617 $sql = 'UPDATE ' . EXTENSIONS_TABLE . " 618 SET group_id = $group_id 619 WHERE " . $db->sql_in_set('extension_id', $extension_list); 620 $db->sql_query($sql); 621 } 622 623 $cache->destroy('_extensions'); 624 625 if (!count($error)) 626 { 627 $notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)]; 628 } 629 } 630 631 $cat_lang = array( 632 ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'], 633 ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'], 634 ); 635 636 $group_id = $request->variable('g', 0); 637 $action = (isset($_POST['add'])) ? 'add' : $action; 638 639 switch ($action) 640 { 641 case 'delete': 642 643 if (confirm_box(true)) 644 { 645 $sql = 'SELECT group_name 646 FROM ' . EXTENSION_GROUPS_TABLE . " 647 WHERE group_id = $group_id"; 648 $result = $db->sql_query($sql); 649 $group_name = (string) $db->sql_fetchfield('group_name'); 650 $db->sql_freeresult($result); 651 652 $sql = 'DELETE 653 FROM ' . EXTENSION_GROUPS_TABLE . " 654 WHERE group_id = $group_id"; 655 $db->sql_query($sql); 656 657 // Set corresponding Extensions to a pending Group 658 $sql = 'UPDATE ' . EXTENSIONS_TABLE . " 659 SET group_id = 0 660 WHERE group_id = $group_id"; 661 $db->sql_query($sql); 662 663 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name)); 664 665 $cache->destroy('_extensions'); 666 667 trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action)); 668 } 669 else 670 { 671 confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( 672 'i' => $id, 673 'mode' => $mode, 674 'group_id' => $group_id, 675 'action' => 'delete', 676 ))); 677 } 678 679 break; 680 681 case 'edit': 682 683 if (!$group_id) 684 { 685 trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); 686 } 687 688 $sql = 'SELECT * 689 FROM ' . EXTENSION_GROUPS_TABLE . " 690 WHERE group_id = $group_id"; 691 $result = $db->sql_query($sql); 692 $ext_group_row = $db->sql_fetchrow($result); 693 $db->sql_freeresult($result); 694 695 $forum_ids = (!$ext_group_row['allowed_forums']) ? array() : unserialize(trim($ext_group_row['allowed_forums'])); 696 697 // no break; 698 699 case 'add': 700 701 if ($action == 'add') 702 { 703 $ext_group_row = array( 704 'group_name' => $request->variable('group_name', '', true), 705 'cat_id' => 0, 706 'allow_group' => 1, 707 'allow_in_pm' => 1, 708 'upload_icon' => '', 709 'max_filesize' => 0, 710 ); 711 712 $forum_ids = array(); 713 } 714 715 $sql = 'SELECT * 716 FROM ' . EXTENSIONS_TABLE . " 717 WHERE group_id = $group_id 718 OR group_id = 0 719 ORDER BY extension"; 720 $result = $db->sql_query($sql); 721 $extensions = $db->sql_fetchrowset($result); 722 $db->sql_freeresult($result); 723 724 if ($ext_group_row['max_filesize'] == 0) 725 { 726 $ext_group_row['max_filesize'] = (int) $config['max_filesize']; 727 } 728 729 $max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b')); 730 $size_format = $max_filesize['si_identifier']; 731 $ext_group_row['max_filesize'] = $max_filesize['value']; 732 733 $img_path = $config['upload_icons_path']; 734 735 $filename_list = ''; 736 $no_image_select = false; 737 738 $imglist = filelist($phpbb_root_path . $img_path); 739 740 if (!empty($imglist[''])) 741 { 742 $imglist = array_values($imglist); 743 $imglist = $imglist[0]; 744 745 foreach ($imglist as $key => $img) 746 { 747 if (!$ext_group_row['upload_icon']) 748 { 749 $no_image_select = true; 750 $selected = ''; 751 } 752 else 753 { 754 $selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : ''; 755 } 756 757 if (strlen($img) > 255) 758 { 759 continue; 760 } 761 762 $filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>'; 763 } 764 } 765 766 $i = 0; 767 $assigned_extensions = ''; 768 foreach ($extensions as $num => $row) 769 { 770 if ($row['group_id'] == $group_id && $group_id) 771 { 772 $assigned_extensions .= ($i) ? ', ' . $row['extension'] : $row['extension']; 773 $i++; 774 } 775 } 776 777 $s_extension_options = ''; 778 foreach ($extensions as $row) 779 { 780 $s_extension_options .= '<option' . ((!$row['group_id']) ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . (($row['group_id'] == $group_id && $group_id) ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>'; 781 } 782 783 $template->assign_vars(array( 784 'IMG_PATH' => $img_path, 785 'ACTION' => $action, 786 'GROUP_ID' => $group_id, 787 'GROUP_NAME' => $ext_group_row['group_name'], 788 'ALLOW_GROUP' => $ext_group_row['allow_group'], 789 'ALLOW_IN_PM' => $ext_group_row['allow_in_pm'], 790 'UPLOAD_ICON_SRC' => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'], 791 'EXTGROUP_FILESIZE' => $ext_group_row['max_filesize'], 792 'ASSIGNED_EXTENSIONS' => $assigned_extensions, 793 794 'S_CATEGORY_SELECT' => $this->category_select('special_category', $group_id, 'category'), 795 'S_EXT_GROUP_SIZE_OPTIONS' => size_select_options($size_format), 796 'S_EXTENSION_OPTIONS' => $s_extension_options, 797 'S_FILENAME_LIST' => $filename_list, 798 'S_EDIT_GROUP' => true, 799 'S_NO_IMAGE' => $no_image_select, 800 'S_FORUM_IDS' => (count($forum_ids)) ? true : false, 801 802 'U_EXTENSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=extensions"), 803 'U_BACK' => $this->u_action, 804 805 'L_LEGEND' => $user->lang[strtoupper($action) . '_EXTENSION_GROUP']) 806 ); 807 808 $s_forum_id_options = ''; 809 810 /** @todo use in-built function **/ 811 812 $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id 813 FROM ' . FORUMS_TABLE . ' 814 ORDER BY left_id ASC'; 815 $result = $db->sql_query($sql, 600); 816 817 $right = $cat_right = $padding_inc = 0; 818 $padding = $forum_list = $holding = ''; 819 $padding_store = array('0' => ''); 820 821 while ($row = $db->sql_fetchrow($result)) 822 { 823 if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id'])) 824 { 825 // Non-postable forum with no subforums, don't display 826 continue; 827 } 828 829 if (!$auth->acl_get('f_list', $row['forum_id'])) 830 { 831 // if the user does not have permissions to list this forum skip 832 continue; 833 } 834 835 if ($row['left_id'] < $right) 836 { 837 $padding .= ' '; 838 $padding_store[$row['parent_id']] = $padding; 839 } 840 else if ($row['left_id'] > $right + 1) 841 { 842 $padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']]; 843 } 844 845 $right = $row['right_id']; 846 847 $selected = (in_array($row['forum_id'], $forum_ids)) ? ' selected="selected"' : ''; 848 849 if ($row['left_id'] > $cat_right) 850 { 851 // make sure we don't forget anything 852 $s_forum_id_options .= $holding; 853 $holding = ''; 854 } 855 856 if ($row['right_id'] - $row['left_id'] > 1) 857 { 858 $cat_right = max($cat_right, $row['right_id']); 859 860 $holding .= '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>'; 861 } 862 else 863 { 864 $s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>'; 865 $holding = ''; 866 } 867 } 868 869 if ($holding) 870 { 871 $s_forum_id_options .= $holding; 872 } 873 874 $db->sql_freeresult($result); 875 unset($padding_store); 876 877 $template->assign_vars(array( 878 'S_FORUM_ID_OPTIONS' => $s_forum_id_options) 879 ); 880 881 break; 882 } 883 884 $sql = 'SELECT * 885 FROM ' . EXTENSION_GROUPS_TABLE . ' 886 ORDER BY allow_group DESC, allow_in_pm DESC, group_name'; 887 $result = $db->sql_query($sql); 888 889 $old_allow_group = $old_allow_pm = 1; 890 while ($row = $db->sql_fetchrow($result)) 891 { 892 $s_add_spacer = ($old_allow_group != $row['allow_group'] || $old_allow_pm != $row['allow_in_pm']) ? true : false; 893 894 $template->assign_block_vars('groups', array( 895 'S_ADD_SPACER' => $s_add_spacer, 896 'S_ALLOWED_IN_PM' => ($row['allow_in_pm']) ? true : false, 897 'S_GROUP_ALLOWED' => ($row['allow_group']) ? true : false, 898 899 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 900 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", 901 902 'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'], 903 'CATEGORY' => $cat_lang[$row['cat_id']], 904 ) 905 ); 906 907 $old_allow_group = $row['allow_group']; 908 $old_allow_pm = $row['allow_in_pm']; 909 } 910 $db->sql_freeresult($result); 911 912 break; 913 914 case 'orphan': 915 916 /* @var $pagination \phpbb\pagination */ 917 $pagination = $this->phpbb_container->get('pagination'); 918 919 if ($submit) 920 { 921 $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array(); 922 $add_files = (isset($_POST['add'])) ? array_keys($request->variable('add', array('' => 0))) : array(); 923 $post_ids = $request->variable('post_id', array('' => 0)); 924 925 if (count($delete_files)) 926 { 927 $sql = 'SELECT * 928 FROM ' . ATTACHMENTS_TABLE . ' 929 WHERE ' . $db->sql_in_set('attach_id', $delete_files) . ' 930 AND is_orphan = 1'; 931 $result = $db->sql_query($sql); 932 933 $delete_files = array(); 934 while ($row = $db->sql_fetchrow($result)) 935 { 936 $this->attachment_manager->unlink($row['physical_filename'], 'file'); 937 938 if ($row['thumbnail']) 939 { 940 $this->attachment_manager->unlink($row['physical_filename'], 'thumbnail'); 941 } 942 943 $delete_files[$row['attach_id']] = $row['real_filename']; 944 } 945 $db->sql_freeresult($result); 946 } 947 948 if (count($delete_files)) 949 { 950 $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' 951 WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files)); 952 $db->sql_query($sql); 953 954 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files))); 955 $notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files)); 956 } 957 958 $upload_list = array(); 959 foreach ($add_files as $attach_id) 960 { 961 if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id])) 962 { 963 $upload_list[$attach_id] = $post_ids[$attach_id]; 964 } 965 } 966 unset($add_files); 967 968 if (count($upload_list)) 969 { 970 $template->assign_var('S_UPLOADING_FILES', true); 971 972 $sql = 'SELECT forum_id, forum_name 973 FROM ' . FORUMS_TABLE; 974 $result = $db->sql_query($sql); 975 976 $forum_names = array(); 977 while ($row = $db->sql_fetchrow($result)) 978 { 979 $forum_names[$row['forum_id']] = $row['forum_name']; 980 } 981 $db->sql_freeresult($result); 982 983 $sql = 'SELECT forum_id, topic_id, post_id, poster_id 984 FROM ' . POSTS_TABLE . ' 985 WHERE ' . $db->sql_in_set('post_id', $upload_list); 986 $result = $db->sql_query($sql); 987 988 $post_info = array(); 989 while ($row = $db->sql_fetchrow($result)) 990 { 991 $post_info[$row['post_id']] = $row; 992 } 993 $db->sql_freeresult($result); 994 995 // Select those attachments we want to change... 996 $sql = 'SELECT * 997 FROM ' . ATTACHMENTS_TABLE . ' 998 WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . ' 999 AND is_orphan = 1'; 1000 $result = $db->sql_query($sql); 1001 1002 $files_added = $space_taken = 0; 1003 $error_msg = ''; 1004 $upload_row = []; 1005 while ($row = $db->sql_fetchrow($result)) 1006 { 1007 $upload_row = [ 1008 'FILE_INFO' => $user->lang('UPLOADING_FILE_TO', $row['real_filename'], $upload_list[$row['attach_id']]), 1009 ]; 1010 1011 if (isset($post_info[$upload_list[$row['attach_id']]])) 1012 { 1013 $post_row = $post_info[$upload_list[$row['attach_id']]]; 1014 $upload_row = array_merge($upload_row, [ 1015 'S_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']), 1016 'L_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']) ? $user->lang('UPLOAD_DENIED_FORUM', $forum_names[$row['forum_id']]) : '', 1017 ]); 1018 } 1019 else 1020 { 1021 $error_msg = $user->lang('UPLOAD_POST_NOT_EXIST', $row['real_filename'], $upload_list[$row['attach_id']]); 1022 $upload_row = array_merge($upload_row, [ 1023 'ERROR_MSG' => $error_msg, 1024 ]); 1025 }; 1026 1027 $template->assign_block_vars('upload', $upload_row); 1028 1029 if ($error_msg || !$auth->acl_get('f_attach', $post_row['forum_id'])) 1030 { 1031 continue; 1032 } 1033 1034 // Adjust attachment entry 1035 $sql_ary = [ 1036 'in_message' => 0, 1037 'is_orphan' => 0, 1038 'poster_id' => $post_row['poster_id'], 1039 'post_msg_id' => $post_row['post_id'], 1040 'topic_id' => $post_row['topic_id'], 1041 ]; 1042 1043 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' 1044 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 1045 WHERE attach_id = ' . $row['attach_id']; 1046 $db->sql_query($sql); 1047 1048 $sql = 'UPDATE ' . POSTS_TABLE . ' 1049 SET post_attachment = 1 1050 WHERE post_id = ' . $post_row['post_id']; 1051 $db->sql_query($sql); 1052 1053 $sql = 'UPDATE ' . TOPICS_TABLE . ' 1054 SET topic_attachment = 1 1055 WHERE topic_id = ' . $post_row['topic_id']; 1056 $db->sql_query($sql); 1057 1058 $space_taken += $row['filesize']; 1059 $files_added++; 1060 1061 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, [$post_row['post_id'], $row['real_filename']]); 1062 } 1063 $db->sql_freeresult($result); 1064 1065 if ($files_added) 1066 { 1067 $config->increment('upload_dir_size', $space_taken, false); 1068 $config->increment('num_files', $files_added, false); 1069 } 1070 } 1071 } 1072 1073 $template->assign_vars([ 1074 'S_ORPHAN' => true, 1075 ]); 1076 1077 $attachments_per_page = (int) $config['topics_per_page']; 1078 1079 // Get total number or orphans older than 3 hours 1080 $sql = 'SELECT COUNT(attach_id) as num_files, SUM(filesize) as total_size 1081 FROM ' . ATTACHMENTS_TABLE . ' 1082 WHERE is_orphan = 1 1083 AND filetime < ' . (time() - 3*60*60); 1084 $result = $this->db->sql_query($sql); 1085 $row = $this->db->sql_fetchrow($result); 1086 $num_files = (int) $row['num_files']; 1087 $total_size = (int) $row['total_size']; 1088 $this->db->sql_freeresult($result); 1089 1090 $start = $request->variable('start', 0); 1091 $start = $pagination->validate_start($start, $attachments_per_page, $num_files); 1092 1093 // Just get the files with is_orphan set and older than 3 hours 1094 $sql = 'SELECT * 1095 FROM ' . ATTACHMENTS_TABLE . ' 1096 WHERE is_orphan = 1 1097 AND filetime < ' . (time() - 3*60*60) . ' 1098 ORDER BY filetime DESC'; 1099 $result = $db->sql_query_limit($sql, $attachments_per_page, $start); 1100 1101 while ($row = $db->sql_fetchrow($result)) 1102 { 1103 $template->assign_block_vars('orphan', [ 1104 'FILESIZE' => get_formatted_filesize($row['filesize']), 1105 'FILETIME' => $user->format_date($row['filetime']), 1106 'REAL_FILENAME' => utf8_basename($row['real_filename']), 1107 'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']), 1108 'ATTACH_ID' => $row['attach_id'], 1109 'POST_ID' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '', 1110 'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']), 1111 ]); 1112 } 1113 $db->sql_freeresult($result); 1114 1115 $pagination->generate_template_pagination( 1116 $this->u_action, 1117 'pagination', 1118 'start', 1119 $num_files, 1120 $attachments_per_page, 1121 $start 1122 ); 1123 1124 $template->assign_vars([ 1125 'TOTAL_FILES' => $num_files, 1126 'TOTAL_SIZE' => get_formatted_filesize($total_size), 1127 ]); 1128 1129 break; 1130 1131 case 'manage': 1132 1133 if ($submit) 1134 { 1135 $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array(); 1136 1137 if (count($delete_files)) 1138 { 1139 // Select those attachments we want to delete... 1140 $sql = 'SELECT real_filename 1141 FROM ' . ATTACHMENTS_TABLE . ' 1142 WHERE ' . $db->sql_in_set('attach_id', $delete_files) . ' 1143 AND is_orphan = 0'; 1144 $result = $db->sql_query($sql); 1145 while ($row = $db->sql_fetchrow($result)) 1146 { 1147 $deleted_filenames[] = $row['real_filename']; 1148 } 1149 $db->sql_freeresult($result); 1150 1151 if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files)) 1152 { 1153 if (count($delete_files) != $num_deleted) 1154 { 1155 $error[] = $user->lang['FILES_GONE']; 1156 } 1157 1158 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames))); 1159 $notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames)); 1160 } 1161 else 1162 { 1163 $error[] = $user->lang['NO_FILES_TO_DELETE']; 1164 } 1165 } 1166 } 1167 1168 if ($action == 'stats') 1169 { 1170 $this->handle_stats_resync(); 1171 } 1172 1173 $stats_error = $this->check_stats_accuracy(); 1174 1175 if ($stats_error) 1176 { 1177 $error[] = $stats_error; 1178 } 1179 1180 $template->assign_vars(array( 1181 'S_MANAGE' => true, 1182 )); 1183 1184 $start = $request->variable('start', 0); 1185 1186 // Sort keys 1187 $sort_days = $request->variable('st', 0); 1188 $sort_key = $request->variable('sk', 't'); 1189 $sort_dir = $request->variable('sd', 'd'); 1190 1191 // Sorting 1192 $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); 1193 $sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']); 1194 $sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username'); 1195 1196 $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; 1197 gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); 1198 1199 $min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : ''; 1200 $limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : ''; 1201 $start = ($sort_days && isset($_POST['sort'])) ? 0 : $start; 1202 1203 $attachments_per_page = (int) $config['topics_per_page']; 1204 1205 $stats = $this->get_attachment_stats($limit_filetime); 1206 $num_files = $stats['num_files']; 1207 $total_size = $stats['upload_dir_size']; 1208 1209 // Make sure $start is set to the last page if it exceeds the amount 1210 /* @var $pagination \phpbb\pagination */ 1211 $pagination = $phpbb_container->get('pagination'); 1212 $start = $pagination->validate_start($start, $attachments_per_page, $num_files); 1213 1214 // If the user is trying to reach the second half of the attachments list, fetch it starting from the end 1215 $store_reverse = false; 1216 $sql_limit = $attachments_per_page; 1217 1218 if ($start > $num_files / 2) 1219 { 1220 $store_reverse = true; 1221 1222 // Select the sort order. Add time sort anchor for non-time sorting cases 1223 $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : ''; 1224 $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor; 1225 $sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files); 1226 $sql_start = $pagination->reverse_start($start, $sql_limit, $num_files); 1227 } 1228 else 1229 { 1230 // Select the sort order. Add time sort anchor for non-time sorting cases 1231 $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : ''; 1232 $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor; 1233 $sql_start = $start; 1234 } 1235 1236 $attachments_list = array(); 1237 1238 // Just get the files 1239 $sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title 1240 FROM ' . ATTACHMENTS_TABLE . ' a 1241 LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id) 1242 LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id) 1243 WHERE a.is_orphan = 0 1244 $limit_filetime 1245 ORDER BY $sql_sort_order"; 1246 $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); 1247 1248 $i = ($store_reverse) ? $sql_limit - 1 : 0; 1249 1250 // Store increment value in a variable to save some conditional calls 1251 $i_increment = ($store_reverse) ? -1 : 1; 1252 while ($attachment_row = $db->sql_fetchrow($result)) 1253 { 1254 $attachments_list[$i] = $attachment_row; 1255 $i = $i + $i_increment; 1256 } 1257 $db->sql_freeresult($result); 1258 1259 $base_url = $this->u_action . "&$u_sort_param"; 1260 $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start); 1261 1262 $template->assign_vars(array( 1263 'TOTAL_FILES' => $num_files, 1264 'TOTAL_SIZE' => get_formatted_filesize($total_size), 1265 1266 'S_LIMIT_DAYS' => $s_limit_days, 1267 'S_SORT_KEY' => $s_sort_key, 1268 'S_SORT_DIR' => $s_sort_dir) 1269 ); 1270 1271 // Grab extensions 1272 $extensions = $cache->obtain_attach_extensions(true); 1273 1274 for ($i = 0, $end = count($attachments_list); $i < $end; ++$i) 1275 { 1276 $row = $attachments_list[$i]; 1277 1278 $row['extension'] = strtolower(trim((string) $row['extension'])); 1279 $comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : ''; 1280 $display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE; 1281 $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS'; 1282 1283 $template->assign_block_vars('attachments', array( 1284 'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']), 1285 'FILESIZE' => get_formatted_filesize((int) $row['filesize']), 1286 'FILETIME' => $user->format_date((int) $row['filetime']), 1287 'REAL_FILENAME' => utf8_basename((string) $row['real_filename']), 1288 'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'], 1289 'COMMENT' => $comment, 1290 'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '', 1291 'ATTACH_ID' => (int) $row['attach_id'], 1292 1293 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']), 1294 1295 'S_IN_MESSAGE' => (bool) $row['in_message'], 1296 1297 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}", 1298 'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id'])) 1299 ); 1300 } 1301 1302 break; 1303 } 1304 1305 if (count($error)) 1306 { 1307 $template->assign_vars(array( 1308 'S_WARNING' => true, 1309 'WARNING_MSG' => implode('<br />', $error)) 1310 ); 1311 } 1312 1313 if (count($notify)) 1314 { 1315 $template->assign_vars(array( 1316 'S_NOTIFY' => true, 1317 'NOTIFY_MSG' => implode('<br />', $notify)) 1318 ); 1319 } 1320 } 1321 1322 /** 1323 * Get attachment file count and size of upload directory 1324 * 1325 * @param $limit string Additional limit for WHERE clause to filter stats by. 1326 * @return array Returns array with stats: num_files and upload_dir_size 1327 */ 1328 public function get_attachment_stats($limit = '') 1329 { 1330 $sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size 1331 FROM ' . ATTACHMENTS_TABLE . " a 1332 WHERE a.is_orphan = 0 1333 $limit"; 1334 $result = $this->db->sql_query($sql); 1335 $row = $this->db->sql_fetchrow($result); 1336 $this->db->sql_freeresult($result); 1337 1338 return array( 1339 'num_files' => (int) $row['num_files'], 1340 'upload_dir_size' => (float) $row['upload_dir_size'], 1341 ); 1342 } 1343 1344 /** 1345 * Set config attachment stat values 1346 * 1347 * @param $stats array Array of config key => value pairs to set. 1348 * @return null 1349 */ 1350 public function set_attachment_stats($stats) 1351 { 1352 foreach ($stats as $key => $value) 1353 { 1354 $this->config->set($key, $value, true); 1355 } 1356 } 1357 1358 /** 1359 * Check accuracy of attachment statistics. 1360 * 1361 * @return bool|string Returns false if stats are correct or error message 1362 * otherwise. 1363 */ 1364 public function check_stats_accuracy() 1365 { 1366 // Get fresh stats. 1367 $stats = $this->get_attachment_stats(); 1368 1369 // Get current files stats 1370 $num_files = (int) $this->config['num_files']; 1371 $total_size = (float) $this->config['upload_dir_size']; 1372 1373 if (($num_files != $stats['num_files']) || ($total_size != $stats['upload_dir_size'])) 1374 { 1375 $u_resync = $this->u_action . '&action=stats'; 1376 1377 return $this->user->lang( 1378 'FILES_STATS_WRONG', 1379 (int) $stats['num_files'], 1380 get_formatted_filesize($stats['upload_dir_size']), 1381 '<a href="' . $u_resync . '">', 1382 '</a>' 1383 ); 1384 } 1385 return false; 1386 } 1387 1388 /** 1389 * Handle stats resync. 1390 * 1391 * @return null 1392 */ 1393 public function handle_stats_resync() 1394 { 1395 if (!confirm_box(true)) 1396 { 1397 confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array( 1398 'i' => $this->id, 1399 'mode' => 'manage', 1400 'action' => 'stats', 1401 ))); 1402 } 1403 else 1404 { 1405 $this->set_attachment_stats($this->get_attachment_stats()); 1406 1407 /* @var $log \phpbb\log\log_interface */ 1408 $log = $this->phpbb_container->get('log'); 1409 $log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS'); 1410 } 1411 1412 } 1413 1414 /** 1415 * Build Select for category items 1416 */ 1417 function category_select($select_name, $group_id = false, $key = '') 1418 { 1419 global $db, $user; 1420 1421 $types = array( 1422 ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'], 1423 ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'], 1424 ); 1425 1426 if ($group_id) 1427 { 1428 $sql = 'SELECT cat_id 1429 FROM ' . EXTENSION_GROUPS_TABLE . ' 1430 WHERE group_id = ' . (int) $group_id; 1431 $result = $db->sql_query($sql); 1432 1433 $cat_type = (!($row = $db->sql_fetchrow($result))) ? ATTACHMENT_CATEGORY_NONE : $row['cat_id']; 1434 1435 $db->sql_freeresult($result); 1436 } 1437 else 1438 { 1439 $cat_type = ATTACHMENT_CATEGORY_NONE; 1440 } 1441 1442 $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>'; 1443 1444 foreach ($types as $type => $mode) 1445 { 1446 $selected = ($type == $cat_type) ? ' selected="selected"' : ''; 1447 $group_select .= '<option value="' . $type . '"' . $selected . '>' . $mode . '</option>'; 1448 } 1449 1450 $group_select .= '</select>'; 1451 1452 return $group_select; 1453 } 1454 1455 /** 1456 * Extension group select 1457 */ 1458 function group_select($select_name, $default_group = false, $key = '') 1459 { 1460 global $db, $user; 1461 1462 $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>'; 1463 1464 $sql = 'SELECT group_id, group_name 1465 FROM ' . EXTENSION_GROUPS_TABLE . ' 1466 ORDER BY group_name'; 1467 $result = $db->sql_query($sql); 1468 1469 $group_name = array(); 1470 while ($row = $db->sql_fetchrow($result)) 1471 { 1472 $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; 1473 $group_name[] = $row; 1474 } 1475 $db->sql_freeresult($result); 1476 1477 $row['group_id'] = 0; 1478 $row['group_name'] = $user->lang['NOT_ASSIGNED']; 1479 $group_name[] = $row; 1480 1481 for ($i = 0, $groups_size = count($group_name); $i < $groups_size; $i++) 1482 { 1483 if ($default_group === false) 1484 { 1485 $selected = ($i == 0) ? ' selected="selected"' : ''; 1486 } 1487 else 1488 { 1489 $selected = ($group_name[$i]['group_id'] == $default_group) ? ' selected="selected"' : ''; 1490 } 1491 1492 $group_select .= '<option value="' . $group_name[$i]['group_id'] . '"' . $selected . '>' . $group_name[$i]['group_name'] . '</option>'; 1493 } 1494 1495 $group_select .= '</select>'; 1496 1497 return $group_select; 1498 } 1499 1500 /** 1501 * Test Settings 1502 */ 1503 function test_upload(&$error, $upload_dir, $create_directory = false) 1504 { 1505 global $user, $phpbb_root_path; 1506 1507 // Does the target directory exist, is it a directory and writable. 1508 if ($create_directory) 1509 { 1510 if (!file_exists($phpbb_root_path . $upload_dir)) 1511 { 1512 @mkdir($phpbb_root_path . $upload_dir, 0777); 1513 1514 try 1515 { 1516 $this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE); 1517 } 1518 catch (\phpbb\filesystem\exception\filesystem_exception $e) 1519 { 1520 // Do nothing 1521 } 1522 } 1523 } 1524 1525 if (!file_exists($phpbb_root_path . $upload_dir)) 1526 { 1527 $error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $upload_dir); 1528 return; 1529 } 1530 1531 if (!is_dir($phpbb_root_path . $upload_dir)) 1532 { 1533 $error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $upload_dir); 1534 return; 1535 } 1536 1537 if (!$this->filesystem->is_writable($phpbb_root_path . $upload_dir)) 1538 { 1539 $error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir); 1540 return; 1541 } 1542 } 1543 1544 /** 1545 * Perform operations on sites for external linking 1546 */ 1547 function perform_site_list() 1548 { 1549 global $db, $user, $request, $phpbb_log; 1550 1551 if (isset($_REQUEST['securesubmit'])) 1552 { 1553 // Grab the list of entries 1554 $ips = $request->variable('ips', ''); 1555 $ip_list = array_unique(explode("\n", $ips)); 1556 $ip_list_log = implode(', ', $ip_list); 1557 1558 $ip_exclude = (int) $request->variable('ipexclude', false, false, \phpbb\request\request_interface::POST); 1559 1560 $iplist = array(); 1561 $hostlist = array(); 1562 1563 foreach ($ip_list as $item) 1564 { 1565 if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode)) 1566 { 1567 // Don't ask about all this, just don't ask ... ! 1568 $ip_1_counter = $ip_range_explode[1]; 1569 $ip_1_end = $ip_range_explode[5]; 1570 1571 while ($ip_1_counter <= $ip_1_end) 1572 { 1573 $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; 1574 $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; 1575 1576 if ($ip_2_counter == 0 && $ip_2_end == 254) 1577 { 1578 $ip_2_counter = 256; 1579 1580 $iplist[] = "'$ip_1_counter.*'"; 1581 } 1582 1583 while ($ip_2_counter <= $ip_2_end) 1584 { 1585 $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; 1586 $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; 1587 1588 if ($ip_3_counter == 0 && $ip_3_end == 254) 1589 { 1590 $ip_3_counter = 256; 1591 1592 $iplist[] = "'$ip_1_counter.$ip_2_counter.*'"; 1593 } 1594 1595 while ($ip_3_counter <= $ip_3_end) 1596 { 1597 $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; 1598 $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; 1599 1600 if ($ip_4_counter == 0 && $ip_4_end == 254) 1601 { 1602 $ip_4_counter = 256; 1603 1604 $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'"; 1605 } 1606 1607 while ($ip_4_counter <= $ip_4_end) 1608 { 1609 $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'"; 1610 $ip_4_counter++; 1611 } 1612 $ip_3_counter++; 1613 } 1614 $ip_2_counter++; 1615 } 1616 $ip_1_counter++; 1617 } 1618 } 1619 else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($item))) 1620 { 1621 $iplist[] = "'" . trim($item) . "'"; 1622 } 1623 else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item))) 1624 { 1625 $hostlist[] = "'" . trim($item) . "'"; 1626 } 1627 else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item))) 1628 { 1629 $hostlist[] = "'" . trim($item) . "'"; 1630 } 1631 } 1632 1633 $sql = 'SELECT site_ip, site_hostname 1634 FROM ' . SITELIST_TABLE . " 1635 WHERE ip_exclude = $ip_exclude"; 1636 $result = $db->sql_query($sql); 1637 1638 if ($row = $db->sql_fetchrow($result)) 1639 { 1640 $iplist_tmp = array(); 1641 $hostlist_tmp = array(); 1642 do 1643 { 1644 if ($row['site_ip']) 1645 { 1646 if (strlen($row['site_ip']) > 40) 1647 { 1648 continue; 1649 } 1650 1651 $iplist_tmp[] = "'" . $row['site_ip'] . "'"; 1652 } 1653 else if ($row['site_hostname']) 1654 { 1655 if (strlen($row['site_hostname']) > 255) 1656 { 1657 continue; 1658 } 1659 1660 $hostlist_tmp[] = "'" . $row['site_hostname'] . "'"; 1661 } 1662 // break; 1663 } 1664 while ($row = $db->sql_fetchrow($result)); 1665 1666 $iplist = array_unique(array_diff($iplist, $iplist_tmp)); 1667 $hostlist = array_unique(array_diff($hostlist, $hostlist_tmp)); 1668 unset($iplist_tmp); 1669 unset($hostlist_tmp); 1670 } 1671 $db->sql_freeresult($result); 1672 1673 if (count($iplist)) 1674 { 1675 foreach ($iplist as $ip_entry) 1676 { 1677 $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude) 1678 VALUES ($ip_entry, $ip_exclude)"; 1679 $db->sql_query($sql); 1680 } 1681 } 1682 1683 if (count($hostlist)) 1684 { 1685 foreach ($hostlist as $host_entry) 1686 { 1687 $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_hostname, ip_exclude) 1688 VALUES ($host_entry, $ip_exclude)"; 1689 $db->sql_query($sql); 1690 } 1691 } 1692 1693 if (!empty($ip_list_log)) 1694 { 1695 // Update log 1696 $log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP'; 1697 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry, false, array($ip_list_log)); 1698 } 1699 1700 trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action)); 1701 } 1702 else if (isset($_POST['unsecuresubmit'])) 1703 { 1704 $unip_sql = $request->variable('unip', array(0)); 1705 1706 if (count($unip_sql)) 1707 { 1708 $l_unip_list = ''; 1709 1710 // Grab details of ips for logging information later 1711 $sql = 'SELECT site_ip, site_hostname 1712 FROM ' . SITELIST_TABLE . ' 1713 WHERE ' . $db->sql_in_set('site_id', $unip_sql); 1714 $result = $db->sql_query($sql); 1715 1716 while ($row = $db->sql_fetchrow($result)) 1717 { 1718 $l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']); 1719 } 1720 $db->sql_freeresult($result); 1721 1722 $sql = 'DELETE FROM ' . SITELIST_TABLE . ' 1723 WHERE ' . $db->sql_in_set('site_id', $unip_sql); 1724 $db->sql_query($sql); 1725 1726 $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DOWNLOAD_REMOVE_IP', false, array($l_unip_list)); 1727 } 1728 1729 trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action)); 1730 } 1731 } 1732 1733 /** 1734 * Write display_order config field 1735 */ 1736 function display_order($value, $key = '') 1737 { 1738 $radio_ary = array(0 => 'DESCENDING', 1 => 'ASCENDING'); 1739 1740 return h_radio('config[display_order]', $radio_ary, $value, $key); 1741 } 1742 1743 /** 1744 * Adjust all three max_filesize config vars for display 1745 */ 1746 function max_filesize($value, $key = '') 1747 { 1748 // Determine size var and adjust the value accordingly 1749 $filesize = get_formatted_filesize($value, false, array('mb', 'kb', 'b')); 1750 $size_var = $filesize['si_identifier']; 1751 $value = $filesize['value']; 1752 1753 // size and maxlength must not be specified for input of type number 1754 return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>'; 1755 } 1756 1757 /** 1758 * Write secure_allow_deny config field 1759 */ 1760 function select_allow_deny($value, $key = '') 1761 { 1762 $radio_ary = array(1 => 'ORDER_ALLOW_DENY', 0 => 'ORDER_DENY_ALLOW'); 1763 1764 return h_radio('config[' . $key . ']', $radio_ary, $value, $key); 1765 } 1766 1767 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Sun Jun 23 12:25:44 2024 | Cross-referenced by PHPXref 0.7.1 |