echo '
<p>
<a href="index.php?group_id='.$group_id.'&add_forum=1">'.$Language->getText('forum_admin','add_forum').'</a>';
- echo '
- | <a href="attachments.php?action=attach_extensions&group_id=' . $group_id . '">' . $Language->getText('forum_admin','manage_attach_types').'</a>';
echo '
| <a href="pending.php?action=view_pending&group_id=' . $group_id . '">' . $Language->getText('forum_admin','manage_pending_messages').'</a><br /></p>';
}
return true;
}
-
- /**
- * AttachTypeManagerAM - AMD for add, modify. it returns the structure with the info of one attach type
- *
- * @param array The values to fill
- */
- function AttachTypeManagerAM($type) {
- global $Language;
-
- $output = '
- <table cellpadding="4" cellspacing="0" align="center" border="0" width="90%">
- <tr>
- <td align="center" colspan="2">
- <b>' . $Language->getText('forum_admin_attachs','attachtype') .' : ' . $type['extension'] . '</b>
- </td></tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','extension') . '</td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td>
- <input type="text" name="type[extension]" value="' . $type['extension'] . '" size="35" tabindex="1" /></td>
- </tr>
- </table>
- </td>
- </tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','maxfilesize') . ' (bytes)</td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td>
- <input type="text" name="type[size]" value="' . $type['size'] . '" size="35" tabindex="1" />
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','maxwidth') . ' (pixels)
- </td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td>
- <input type="text" name="type[width]" value="' . $type['width'] . '" size="35" tabindex="1" />
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','maxheight') . ' (pixels)
- </td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td>
- <input type="text" name="type[height]" value="' . $type['height'] . '" size="35" tabindex="1" />
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','mimetype_advice') . '</td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td>
- <textarea name="type[mimetype]" rows="4" cols="40" wrap="virtual" tabindex="1">' . $type['mimetype'] . '</textarea>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr valign="top">
- <td>' . $Language->getText('forum_admin_attachs','enabled') . '</td>
- <td>
- <table cellpadding="0" cellspacing="0" border="0" width="100%">
- <tr valign="top">
- <td><span style="white-space:nowrap">
- <input type="radio" name="type[enabled]" value="1" tabindex="1" '; if ($type['enabled']) $output.= 'checked="checked"'; $output.= ' />Yes
- <input type="radio" name="type[enabled]" value="0" tabindex="1" '; if (!$type['enabled']) $output.= 'checked="checked"'; $output.= ' />No
- </span>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <tr>
- <td colspan="2" align="center">
- <input type="submit" tabindex="1" value=" Update " />
- <input type="reset" tabindex="1" value=" Reset " />
- </td>
- </tr>
- </table>';
- return $output;
- }
-
-
/**
* ExecuteAction - Executes the action passed as parameter
*
*/
function ExecuteAction ($action) {
global $Language,$HTML;
- if ($action=="attach_extensions") {
- //view the attachment type extensions
- $gid = $this->group_id;
- $types = db_query("SELECT * FROM forum_attachment_type ORDER BY extension");
- $this->PrintAdminOptions();
-
- echo '
- <form action="attachments.php" method="post">
- <input type="hidden" name="action" value="add_newattachtype" />
- <input type="hidden" name="form_key" value="' . form_generate_key() . '">
- <input type="hidden" name="group_id" value="' . getIntFromRequest("group_id") . '" />
- <span class="important">This applies to every project</span>
- <p>
- <p>
- <script type="text/javascript">
- function confirmDel($dir) {
- var agree=confirm("Proceed with deletion? ");
- if (agree) {
- window.location = $dir;
- }
- }
- </script>
-
- ';
- $title = array();
- $title[] = $Language->getText('forum_admin_attachs','extension');
- $title[] = $Language->getText('forum_admin_attachs','maxfilesize');
- $title[] = $Language->getText('forum_admin_attachs','maxwidth');
- $title[] = $Language->getText('forum_admin_attachs','maxheight');
- $title[] = $Language->getText('forum_admin_attachs','enabled');
- $title[] = $Language->getText('forum_admin_attachs','actions');
- echo $HTML->listTableTop($title);
- $i = 2;
- while ($onetype = db_fetch_array($types)) {
- $onetype['size'] = $onetype['size'] ? $onetype['size']: $Language->getText('include_html','none');
- switch($onetype['extension']) {
- case 'gif':
- case 'bmp':
- case 'jpg':
- case 'jpeg':
- case 'jpe':
- case 'png':
- case 'psd':
- case 'swf':
- case 'tiff':
- case 'tif':
- $onetype['width'] = $onetype['width'] ? $onetype['width'] : $Language->getText('include_html','none');
- $onetype['height'] = $onetype['height'] ? $onetype['height'] : $Language->getText('include_html','none');
- break;
- default:
- $onetype['width'] = ' ';
- $onetype['height'] = ' ';
- }
- $onetype['enabled'] = $onetype['enabled'] ? $Language->getText('survey_edit','yes'): $Language->getText('survey_edit','no');
- echo "
- <tr" . $HTML->boxGetAltRowStyle($i++). ">
- <td><b>$onetype[extension]</b></td>
- <td><center>$onetype[size]</center></td>
- <td><center>$onetype[width]</center></td>
- <td><center>$onetype[height]</center></td>
- <td><center>$onetype[enabled]</center></td>
- <td><div align=\"right\"><a href=\"attachments.php?action=update_attach_type&group_id=$gid&extension=$onetype[extension]\"> Edit </a> |
- <a href=\"javascript:confirmDel('attachments.php?action=remove_attach_type&group_id=$gid&extension=$onetype[extension]'); \"> Delete</a></div></td>
- </tr>";
- }
- echo $HTML->listTableBottom();
- echo "
- <p>
- <center><input type=\"submit\" value=\"Add new\"></center></td>
- </form>
- ";
-
- }
- if ($action == "update_attach_type") {
- //edit the attach type
- $group_id = getIntFromRequest("group_id");
- $extension = getStringFromRequest("extension");
-
- $this->PrintAdminOptions();
- if ($extension) {
- //output modify form
- $type = db_query("SELECT * FROM forum_attachment_type where extension='$extension'");
- $type = db_fetch_array($type);
- if ($type['mimetype']) {
- $type['mimetype'] = implode("\n", unserialize($type['mimetype']));
- }
-
- }
- echo '
- <form action="attachments.php" method="post">
- <input type="hidden" name="action" value="make_update_attach_type" />
- <input type="hidden" name="extension" value="'. $extension .'" />
- <input type="hidden" name="group_id" value="' . $group_id . '" />
- <input type="hidden" name="form_key" value="' . form_generate_key() . '">
- ';
-
- echo $this->AttachTypeManagerAM($type);
- }
- if ($action == "add_newattachtype") {
- //add new attach type form
- $this->PrintAdminOptions();
- echo '
- <form action="attachments.php" method="post">
- <input type="hidden" name="action" value="make_update_attach_type" />
- <input type="hidden" name="group_id" value="' . getIntFromRequest("group_id") . '" />
- <input type="hidden" name="form_key" value="' . form_generate_key() . '">
- ';
-
- echo $this->AttachTypeManagerAM($type);
- }
- if ($action == "make_update_attach_type") {
- //actually add/update -> add or update attach type
- global $Language;
- $group_id = getIntFromRequest("group_id");
- $extension = getStringFromRequest("extension");
- $type = getArrayFromRequest('type');
-
- if (!form_key_is_valid(getStringFromRequest('form_key'))) {
- exit_form_double_submit();
- }
-
- $type['extension'] = strtolower($type['extension']);
-
- if (empty($type['extension'])) {
- form_release_key(getStringFromRequest("form_key"));
- exit_error($Language->getText('people_editprofile','all_fields_required'));
- }
-
- if ( ($extension) && ($extension != $type['extension'] AND db_numrows($test = db_query("SELECT extension FROM forum_attachment_type WHERE extension = '" . addslashes($type['extension']) . "'")) > 0) ) {
- form_release_key(getStringFromRequest("form_key"));
- exit_error($Language->getText('forum_admin_attachs','extension_exists'));
- } elseif ( (!$extension) AND db_numrows($test = db_query("SELECT extension FROM forum_attachment_type WHERE extension = '" . addslashes($type['extension']) . "'")) > 0) {
- form_release_key(getStringFromRequest("form_key"));
- exit_error($Language->getText('forum_admin_attachs','extension_exists'));
- }
-
- if ($type['mimetype']) {
- $mimetype = explode("\n", $type['mimetype']);
- foreach($mimetype AS $index => $value) {
- $mimetype["$index"] = trim($value);
- }
- } else {
- $mimetype = array('Content-type: unknown/unknown');
- }
-
- $type['mimetype'] = serialize($mimetype);
-
- if ($extension) {
- //update
- $sql = "UPDATE forum_attachment_type SET extension='" . $type['extension'] . "' , size='" . $type['size'] . "' , height='" . $type['height'] . "' , width='" . $type['width'] . "' , mimetype='" . addslashes($type['mimetype']) . "' , enabled='" . $type['enabled'] . "' where extension='$extension'";
- $res = db_query($sql);
- $this->PrintAdminOptions();
- if (!$res) {
- echo db_error();
- echo "<p><p><span class=\"error\">" . $Language->getText('forum_admin_attachs','updatenot_ok') . "</span>";
- } else {
- echo "<p><p><span class=\"feedback\">" . $Language->getText('forum_admin_attachs','updateok') . "</span>";
- }
-
-
- } else {
- //add new one
- $sql = "
- INSERT INTO forum_attachment_type (extension, size, height, width, mimetype, enabled)
- VALUES
- ('" . addslashes($type['extension']) . "', " . intval($type['size']) . ", " . intval($type['height']) . ", " . intval($type['width']) . ", '" . addslashes($type['mimetype']) . "', " . intval($type['enabled']) . " )";
- $res = db_query($sql);
- $this->PrintAdminOptions();
- if (!$res) {
- echo db_error();
- echo "<p><p><span class=\"error\">" . $Language->getText('forum_admin_attachs','updatenot_ok') . "</span>";
- } else {
- echo "<p><p><span class=\"feedback\">" . $Language->getText('forum_admin_attachs','updateok') . "</span>";
- }
-
- }
- }
- if ($action == "remove_attach_type") {
- //delete attachment type
- $extension = getStringFromRequest("extension");
-
- $sql = "DELETE from forum_attachment_type WHERE extension='" . $extension . "'";
- $res = db_query($sql);
- $this->PrintAdminOptions();
- if (!$res) {
- echo db_error();
- echo "<p><p><span class=\"error\">" . $Language->getText('forum_admin_attachs','deletenot_ok') . "</span>";
- } else {
- echo "<p><p><span class=\"feedback\">" . $Language->getText('forum_admin_attachs','deleteok') . "</span>";
- }
-
- }
if ($action == "change_status") { //change a forum
$forum_name = getStringFromRequest('forum_name');
$description = getStringFromRequest('description');
$visible = db_result($res2,0,"visible");
$msg_id = db_result($res2,0,"msg_id");
$filehash = db_result($res2,0,"filehash");
- $am->AddToDBOnly($userid, $dateline, $filename, $filedata, $filesize, $visible, $filehash);
+ $mimetype = db_result($res2,0,"mimetype");
+ $am->AddToDBOnly($userid, $dateline, $filename, $filedata, $filesize, $visible, $filehash, $mimetype);
foreach ($am->Getmessages() as $item) {
$feedback .= "$msg_id - " . $item . "<br>";
}
*
*
*/
- function AddToDBOnly($userid, $dateline, $filename, $filedata, $filesize, $visible, $filehash) {
+ function AddToDBOnly($userid, $dateline, $filename, $filedata, $filesize, $visible, $filehash, $mimetype) {
global $Language;
$result=db_query("SELECT max(msg_id) AS id FROM forum");
$this->messages[] = $Language->getText('forum_attachmngr','err_msgid');
} else {
$this->msg_id = db_result($result,0,0);
- $sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash)
+ $sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
VALUES
( $userid , " . $dateline . ", '" . $filename . "',
- '" . $filedata . "', $filesize, $visible, $this->msg_id, '" . $filehash . "')";
+ '" . $filedata . "', $filesize, $visible, $this->msg_id, '" . $filehash . "', '" . $mimetype . "')";
if (db_query($sql)) {
$this->messages[] = $Language->getText('forum_attachmngr','uploadok');
} else {
function attach($attach,$group_id,$update=0,$msg_id=0) {
global $Language;
global $_FILES;
-
- $sql = "SELECT * FROM forum_attachment_type"; //we get the attach types
- $res = db_query($sql);
- $attachtypes = array();
-
- //fill the datastore array with the supported filetypes
- global $sys_db_row_pointer;
- for ($i=0;$i<db_numrows($res);$i++) {
- $aux = db_fetch_array($res);
- $attachtypes[$aux[0]] = $aux;
- }
-
+
$attachment = trim($attach['tmp_name']);
$attachment_name = trim($attach['name']);
$attachment_size = trim($attach['size']);
+ $attachment_type = trim($attach['type']);
if ($attachment == 'none' OR empty($attachment) OR empty($attachment_name))
{
$attachment_name2 = strtolower($attachment_name);
$extension = substr(strrchr($attachment_name2, '.'), 1);
- if (!$attachtypes["$extension"] OR !$attachtypes["$extension"]['enabled'])
+ if ($extension == 'exe')
{
// invalid extension
$this->messages[] = $Language->getText('forum_attachmngr','err_inv_ext');
- foreach ($attachtypes as $attachtype) {
- if ($attachtype['enabled']) {
- $validexts .= $attachtype[0] . " ";
- }
- }
- $this->messages[] = $Language->getText('forum_attachmngr','valid_ext_are',$validexts);
- @unlink($attachment);
- return false;
- }
-
- $maxattachsize = $attachtypes["$extension"]['size'];
- $filesize = filesize($attachment);
-
- if ($maxattachsize != 0 AND $filesize > $maxattachsize)
- {
- // too big
+
@unlink($attachment);
- $this->messages[] = $Language->getText('forum_attachmngr','err_toobig');
- $this->messages[] = $Language->getText('forum_attachmngr','maximum_size',$maxattachsize);
return false;
}
return false;
}
- //i´ll check now that if the atatch is an image, it complies with the width+height restrictions
- $extensions = array(
- 'gif' => '1',
- 'jpg' => '2',
- 'jpe' => '2',
- 'jpeg'=> '2',
- 'png' => '3',
- 'swf' => '4',
- 'psd' => '5',
- 'bmp' => '6',
- 'tiff' => '7',
- 'tif' => '7',
- );
-
- if (!empty($extensions["$extension"])) { //if it´s an image, we have to check it´s attributes
- if ($imageinfo = @getimagesize($attachment)) {
- $max_attachwidth = $attachtypes["$extension"]['width'];
- $max_attachheight = $attachtypes["$extension"]['height'];
- if (($max_attachwidth > 0 AND $imageinfo[0] > $max_attachwidth) OR ($max_attachheight > 0 AND $imageinfo[1] > $max_attachheight)) {
- @unlink($attachment);
- $this->messages[] = $Language->getText('forum_attachmngr','bad_dimension');
- $this->messages[] = $Language->getText('forum_attachmngr','maximum_dimension',array($max_attachwidth,$max_attachheight));
- return false;
- }
- if (!$imageinfo[2]) {
- @unlink($attachment);
- $this->messages[] = $Language->getText('forum_attachmngr','not_image');
- return false;
- }
- }
- }
-
if (!session_loggedin()) {
$user_id = 100;
} else {
$this->msg_id = db_result($result,0,0);
}
}
- $sql = "INSERT INTO forum_pending_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash)
+ $sql = "INSERT INTO forum_pending_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
VALUES
( $user_id , " . time() . ", '" . addslashes($attachment_name) . "',
- '" . base64_encode($filestuff) . "', $filesize, 1, $this->msg_id, '" . addslashes(md5($filestuff)) . "')";
+ '" . base64_encode($filestuff) . "', $attachment_size, 1, $this->msg_id, '" . addslashes(md5($filestuff)) . "', '". addslashes($attachment_type) ."')";
$res = db_query($sql);
if ($res) {
$this->messages[] = $Language->getText('forum_attachmngr','uploadok');
$sql = "UPDATE forum_attachment SET dateline = '" . time() . "' , filedata = '" . base64_encode($filestuff) . "' ,
filename = '" . addslashes($attachment_name) . "' ,
filehash = '" . addslashes(md5($filestuff)) . "' ,
+ mimetype = '" . addslashes($attachment_type) . "' ,
counter = '0' ,
- filesize = '" . $filesize . "' where attachmentid=$update";
+ filesize = '" . $attachment_size . "' where attachmentid=$update";
if (db_query($sql)) {
$this->messages[] = $Language->getText('forum_attachmngr','uploadok');
$this->messages[] = $Language->getText('forum_attachmngr','updateok');
$this->msg_id = db_result($result,0,0);
}
}
- $sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash)
+ $sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
VALUES
( $user_id , " . time() . ", '" . addslashes($attachment_name) . "',
- '" . base64_encode($filestuff) . "', $filesize, 1, $this->msg_id, '" . addslashes(md5($filestuff)) . "')";
+ '" . base64_encode($filestuff) . "', $attachment_size, 1, $this->msg_id, '" . addslashes(md5($filestuff)) . "', '" . addslashes($attachment_type) . "')";
$res = db_query($sql);
if ($res) {
$this->messages[] = $Language->getText('forum_attachmngr','uploadok');
}
-?>
\ No newline at end of file
+?>