You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
517 lines
15 KiB
517 lines
15 KiB
<?php
|
|
/***************************************************************************
|
|
* uacp.php
|
|
* -------------------
|
|
* begin : Oct 30, 2002
|
|
* copyright : (C) 2002 Meik Sievertsen
|
|
* email : acyd.burn@gmx.de
|
|
*
|
|
* $Id: uacp.php,v 1.9 2005/01/04 15:04:12 saraj Exp $
|
|
*
|
|
*
|
|
***************************************************************************/
|
|
|
|
/***************************************************************************
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
***************************************************************************/
|
|
|
|
/**
|
|
* User Attachment Control Panel
|
|
*
|
|
* From this 'Control Panel' the user is able to view/delete his Attachments.
|
|
*/
|
|
|
|
define('IN_PHPBB', true);
|
|
$phpbb_root_path = './';
|
|
include($phpbb_root_path . 'extension.inc');
|
|
include($phpbb_root_path . 'common.'.$phpEx);
|
|
|
|
// session id check
|
|
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
|
|
{
|
|
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
|
|
}
|
|
else
|
|
{
|
|
$sid = '';
|
|
}
|
|
|
|
//
|
|
// Start session management
|
|
//
|
|
$userdata = session_pagestart($user_ip, PAGE_PROFILE);
|
|
init_userprefs($userdata);
|
|
//
|
|
// End session management
|
|
//
|
|
|
|
// session id check
|
|
if ($sid == '' || $sid != $userdata['session_id'])
|
|
{
|
|
message_die(GENERAL_ERROR, 'Invalid_session');
|
|
}
|
|
|
|
//
|
|
// Obtain initial var settings
|
|
//
|
|
if(isset($HTTP_GET_VARS[POST_USERS_URL]) || isset($HTTP_POST_VARS[POST_USERS_URL]))
|
|
{
|
|
$user_id = (isset($HTTP_POST_VARS[POST_USERS_URL])) ? $HTTP_POST_VARS[POST_USERS_URL] : $HTTP_GET_VARS[POST_USERS_URL];
|
|
}
|
|
else
|
|
{
|
|
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
|
|
}
|
|
|
|
$user_id = ($user_id == '-1') ? ANONYMOUS : intval($user_id);
|
|
|
|
$profiledata = get_userdata($user_id);
|
|
|
|
if ($user_id == ANONYMOUS)
|
|
{
|
|
$profiledata['user_id'] = ANONYMOUS;
|
|
$profiledata['username'] = $lang['Guest'];
|
|
}
|
|
else
|
|
{
|
|
$profiledata['user_id'] = intval($profiledata['user_id']);
|
|
}
|
|
|
|
if ($profiledata['user_id'] != $userdata['user_id'] && $userdata['user_level'] != ADMIN)
|
|
{
|
|
message_die(GENERAL_MESSAGE, $lang['Not_Authorised']);
|
|
}
|
|
|
|
$page_title = $lang['User_acp_title'];
|
|
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
|
|
|
|
$language = $board_config['default_lang'];
|
|
|
|
if( !@file_exists(@amod_realpath($phpbb_root_path . 'language/lang_' . $language . '/lang_admin_attach.'.$phpEx)) )
|
|
{
|
|
$language = $attach_config['board_lang'];
|
|
}
|
|
|
|
include($phpbb_root_path . 'language/lang_' . $language . '/lang_admin_attach.' . $phpEx);
|
|
|
|
$start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
|
|
|
|
if(isset($HTTP_POST_VARS['order']))
|
|
{
|
|
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
|
|
}
|
|
else if(isset($HTTP_GET_VARS['order']))
|
|
{
|
|
$sort_order = ($HTTP_GET_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
|
|
}
|
|
else
|
|
{
|
|
$sort_order = '';
|
|
}
|
|
|
|
if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
|
|
{
|
|
$mode = (isset($HTTP_POST_VARS['mode'])) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
|
|
}
|
|
else
|
|
{
|
|
$mode = '';
|
|
}
|
|
|
|
$mode_types_text = array($lang['Sort_Filename'], $lang['Sort_Comment'], $lang['Sort_Extension'], $lang['Sort_Size'], $lang['Sort_Downloads'], $lang['Sort_Posttime'], /*$lang['Sort_Posts']*/);
|
|
$mode_types = array('real_filename', 'comment', 'extension', 'filesize', 'downloads', 'post_time'/*, 'posts'*/);
|
|
|
|
if (empty($mode))
|
|
{
|
|
$mode = 'real_filename';
|
|
$sort_order = 'ASC';
|
|
}
|
|
|
|
//
|
|
// Pagination ?
|
|
//
|
|
$do_pagination = TRUE;
|
|
|
|
//
|
|
// Set Order
|
|
//
|
|
$order_by = '';
|
|
|
|
switch($mode)
|
|
{
|
|
case 'filename':
|
|
$order_by = 'ORDER BY a.real_filename ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
case 'comment':
|
|
$order_by = 'ORDER BY a.comment ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
case 'extension':
|
|
$order_by = 'ORDER BY a.extension ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
case 'filesize':
|
|
$order_by = 'ORDER BY a.filesize ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
case 'downloads':
|
|
$order_by = 'ORDER BY a.download_count ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
case 'post_time':
|
|
$order_by = 'ORDER BY a.filetime ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
default:
|
|
$mode = 'a.real_filename';
|
|
$sort_order = 'ASC';
|
|
$order_by = 'ORDER BY a.real_filename ' . $sort_order . ' LIMIT ' . $start . ', ' . $board_config['topics_per_page'];
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Set select fields
|
|
//
|
|
if (count($mode_types_text) > 0)
|
|
{
|
|
$select_sort_mode = '<select name="mode">';
|
|
|
|
for($i = 0; $i < count($mode_types_text); $i++)
|
|
{
|
|
$selected = ($mode == $mode_types[$i]) ? ' selected="selected"' : '';
|
|
$select_sort_mode .= '<option value="' . $mode_types[$i] . '"' . $selected . '>' . $mode_types_text[$i] . '</option>';
|
|
}
|
|
$select_sort_mode .= '</select>';
|
|
}
|
|
|
|
if (!empty($sort_order))
|
|
{
|
|
$select_sort_order = '<select name="order">';
|
|
if($sort_order == 'ASC')
|
|
{
|
|
$select_sort_order .= '<option value="ASC" selected="selected">' . $lang['Sort_Ascending'] . '</option><option value="DESC">' . $lang['Sort_Descending'] . '</option>';
|
|
}
|
|
else
|
|
{
|
|
$select_sort_order .= '<option value="ASC">' . $lang['Sort_Ascending'] . '</option><option value="DESC" selected="selected">' . $lang['Sort_Descending'] . '</option>';
|
|
}
|
|
$select_sort_order .= '</select>';
|
|
}
|
|
|
|
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : FALSE;
|
|
$delete_id_list = ( isset($HTTP_POST_VARS['delete_id_list']) ) ? $HTTP_POST_VARS['delete_id_list'] : array();
|
|
|
|
$confirm = ( $HTTP_POST_VARS['confirm'] ) ? TRUE : FALSE;
|
|
|
|
if ( ($confirm) && (count($delete_id_list) > 0) )
|
|
{
|
|
$attachments = array();
|
|
|
|
for ($i = 0; $i < count($delete_id_list); $i++)
|
|
{
|
|
$sql = "SELECT post_id
|
|
FROM " . ATTACHMENTS_TABLE . "
|
|
WHERE attach_id = " . $delete_id_list[$i];
|
|
$result = $db->sql_query($sql);
|
|
if ($result)
|
|
{
|
|
$row = $db->sql_fetchrow($result);
|
|
if ($row['post_id'] != 0)
|
|
{
|
|
delete_attachment(-1, $delete_id_list[$i]);
|
|
}
|
|
else
|
|
{
|
|
delete_attachment(-1, $delete_id_list[$i], PAGE_PRIVMSGS, intval($profiledata['user_id']));
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
else if ($delete && count($delete_id_list) > 0)
|
|
{
|
|
// Not confirmed, show confirmation message
|
|
$hidden_fields = '<input type="hidden" name="view" value="' . $view . '" />';
|
|
$hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
|
|
$hidden_fields .= '<input type="hidden" name="order" value="' . $sort_order . '" />';
|
|
$hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $profiledata['user_id'] . '" />';
|
|
$hidden_fields .= '<input type="hidden" name="start" value="' . $start . '" />';
|
|
$hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
|
|
|
|
for($i = 0; $i < count($delete_id_list); $i++)
|
|
{
|
|
$hidden_fields .= '<input type="hidden" name="delete_id_list[]" value="' . $delete_id_list[$i] . '" />';
|
|
}
|
|
|
|
$template->set_filenames(array(
|
|
'confirm' => 'confirm_body.tpl')
|
|
);
|
|
|
|
$template->assign_vars(array(
|
|
'MESSAGE_TITLE' => $lang['Confirm'],
|
|
'MESSAGE_TEXT' => $lang['Confirm_delete_attachments'],
|
|
|
|
'L_YES' => $lang['Yes'],
|
|
'L_NO' => $lang['No'],
|
|
|
|
'S_CONFIRM_ACTION' => append_sid($phpbb_root_path . 'uacp.' . $phpEx),
|
|
'S_HIDDEN_FIELDS' => $hidden_fields)
|
|
);
|
|
|
|
$template->pparse('confirm');
|
|
|
|
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
|
|
|
|
exit;
|
|
}
|
|
|
|
$hidden_fields = '';
|
|
|
|
$template->set_filenames(array(
|
|
'body' => 'uacp_body.tpl')
|
|
);
|
|
|
|
$total_rows = 0;
|
|
|
|
$username = $profiledata['username'];
|
|
|
|
$s_hidden = '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $profiledata['user_id'] . '">';
|
|
$s_hidden .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
|
|
|
|
//
|
|
// Assign Template Vars
|
|
//
|
|
$template->assign_vars(array(
|
|
'L_SUBMIT' => $lang['Submit'],
|
|
'L_UACP' => $lang['UACP'],
|
|
'L_SELECT_SORT_METHOD' => $lang['Select_sort_method'],
|
|
'L_ORDER' => $lang['Order'],
|
|
'L_FILENAME' => $lang['File_name'],
|
|
'L_FILECOMMENT' => $lang['File_comment_cp'],
|
|
'L_EXTENSION' => $lang['Extension'],
|
|
'L_SIZE' => $lang['Size_in_kb'],
|
|
'L_DOWNLOADS' => $lang['Downloads'],
|
|
'L_POST_TIME' => $lang['Post_time'],
|
|
'L_POSTED_IN_TOPIC' => $lang['Posted_in_topic'],
|
|
'L_DELETE' => $lang['Delete'],
|
|
'L_DELETE_MARKED' => $lang['Delete_marked'],
|
|
'L_MARK_ALL' => $lang['Mark_all'],
|
|
'L_UNMARK_ALL' => $lang['Unmark_all'],
|
|
|
|
'USERNAME' => $profiledata['username'],
|
|
|
|
'S_USER_HIDDEN' => $s_hidden,
|
|
'S_MODE_ACTION' => append_sid('uacp.' . $phpEx),
|
|
'S_MODE_SELECT' => $select_sort_mode,
|
|
'S_ORDER_SELECT' => $select_sort_order)
|
|
);
|
|
|
|
$sql = "SELECT attach_id
|
|
FROM " . ATTACHMENTS_TABLE . "
|
|
WHERE user_id_1 = " . $profiledata['user_id'] . " OR user_id_2 = " . $profiledata['user_id'] . "
|
|
GROUP BY attach_id";
|
|
|
|
if ( !($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$attach_ids = $db->sql_fetchrowset($result);
|
|
$num_attach_ids = $db->sql_numrows($result);
|
|
$total_rows = $num_attach_ids;
|
|
|
|
if ($num_attach_ids > 0)
|
|
{
|
|
$attach_id = array();
|
|
|
|
for ($j = 0; $j < $num_attach_ids; $j++)
|
|
{
|
|
$attach_id[] = $attach_ids[$j]['attach_id'];
|
|
}
|
|
|
|
$sql = "SELECT a.*
|
|
FROM " . ATTACHMENTS_DESC_TABLE . " a
|
|
WHERE a.attach_id IN (" . implode(', ', $attach_id) . ") " .
|
|
$order_by;
|
|
|
|
if ( !($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, "Couldn't query attachments", '', __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$attachments = $db->sql_fetchrowset($result);
|
|
$num_attach = $db->sql_numrows($result);
|
|
}
|
|
else
|
|
{
|
|
$attachments = array();
|
|
}
|
|
|
|
if (count($attachments) > 0)
|
|
{
|
|
for ($i = 0; $i < count($attachments); $i++)
|
|
{
|
|
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
|
|
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
|
|
|
|
//
|
|
// Is the Attachment assigned to more than one post ?
|
|
// If it's not assigned to any post, it's an private message thingy. ;)
|
|
//
|
|
$post_titles = array();
|
|
|
|
$sql = "SELECT *
|
|
FROM " . ATTACHMENTS_TABLE . "
|
|
WHERE attach_id = " . $attachments[$i]['attach_id'];
|
|
|
|
if ( !($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, 'Couldn\'t query attachments', '', __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$ids = $db->sql_fetchrowset($result);
|
|
$num_ids = $db->sql_numrows($result);
|
|
|
|
for ($j = 0; $j < $num_ids; $j++)
|
|
{
|
|
if ($ids[$j]['post_id'] != 0)
|
|
{
|
|
$sql = "SELECT t.topic_title
|
|
FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p
|
|
WHERE p.post_id = " . $ids[$j]['post_id'] . " AND p.topic_id = t.topic_id
|
|
GROUP BY t.topic_id, t.topic_title";
|
|
|
|
if ( !($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, 'Couldn\'t query topic', '', __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
$row = $db->sql_fetchrow($result);
|
|
$post_title = $row['topic_title'];
|
|
|
|
if (strlen($post_title) > 32)
|
|
{
|
|
$post_title = substr($post_title, 0, 30) . '...';
|
|
}
|
|
|
|
$view_topic = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx . '?' . POST_POST_URL . '=' . $ids[$j]['post_id'] . '#' . $ids[$j]['post_id']);
|
|
|
|
$post_titles[] = '<a href="' . $view_topic . '" class="gen" target="_blank">' . $post_title . '</a>';
|
|
}
|
|
else
|
|
{
|
|
$desc = '';
|
|
|
|
$sql = "SELECT privmsgs_type, privmsgs_to_userid, privmsgs_from_userid
|
|
FROM " . PRIVMSGS_TABLE . "
|
|
WHERE privmsgs_id = " . $ids[$j]['privmsgs_id'];
|
|
|
|
if ( !($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, 'Couldn\'t get Privmsgs Type', '', __LINE__, __FILE__, $sql);
|
|
}
|
|
|
|
if ($db->sql_numrows($result) != 0)
|
|
{
|
|
$row = $db->sql_fetchrow($result);
|
|
$privmsgs_type = $row['privmsgs_type'];
|
|
|
|
if (($privmsgs_type == PRIVMSGS_READ_MAIL) || ($privmsgs_type == PRIVMSGS_NEW_MAIL) || ($privmsgs_type == PRIVMSGS_UNREAD_MAIL))
|
|
{
|
|
if ($row['privmsgs_to_userid'] == $profiledata['user_id'])
|
|
{
|
|
$desc = $lang['Private_Message'] . ' (' . $lang['Inbox'] . ')';
|
|
}
|
|
}
|
|
else if ($privmsgs_type == PRIVMSGS_SENT_MAIL)
|
|
{
|
|
if ($row['privmsgs_from_userid'] == $profiledata['user_id'])
|
|
{
|
|
$desc = $lang['Private_Message'] . ' (' . $lang['Sentbox'] . ')';
|
|
}
|
|
}
|
|
else if ( ($privmsgs_type == PRIVMSGS_SAVED_OUT_MAIL) )
|
|
{
|
|
if ($row['privmsgs_from_userid'] == $profiledata['user_id'])
|
|
{
|
|
$desc = $lang['Private_Message'] . ' (' . $lang['Savebox'] . ')';
|
|
}
|
|
}
|
|
else if ( ($privmsgs_type == PRIVMSGS_SAVED_IN_MAIL) )
|
|
{
|
|
if ($row['privmsgs_to_userid'] == $profiledata['user_id'])
|
|
{
|
|
$desc = $lang['Private_Message'] . ' (' . $lang['Savebox'] . ')';
|
|
}
|
|
}
|
|
|
|
if ($desc != '')
|
|
{
|
|
$post_titles[] = $desc;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Iron out those Attachments assigned to us, but not more controlled by us. ;) (PM's)
|
|
if (count($post_titles) > 0)
|
|
{
|
|
$delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" />';
|
|
|
|
for ($j = 0; $j < count($delete_id_list); $j++)
|
|
{
|
|
if ($delete_id_list[$j] == $attachments[$i]['attach_id'])
|
|
{
|
|
$delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" checked />';
|
|
break;
|
|
}
|
|
}
|
|
|
|
$post_titles = implode('<br />', $post_titles);
|
|
|
|
$hidden_field = '<input type="hidden" name="attach_id_list[]" value="' . $attachments[$i]['attach_id'] . '">';
|
|
$hidden_field .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
|
|
|
|
$template->assign_block_vars('attachrow', array(
|
|
'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ),
|
|
'ROW_COLOR' => '#' . $row_color,
|
|
'ROW_CLASS' => $row_class,
|
|
|
|
'FILENAME' => $attachments[$i]['real_filename'],
|
|
'COMMENT' => stripslashes(trim(nl2br($attachments[$i]['comment']))),
|
|
'EXTENSION' => $attachments[$i]['extension'],
|
|
'SIZE' => round(($attachments[$i]['filesize'] / MEGABYTE), 2),
|
|
'DOWNLOAD_COUNT' => $attachments[$i]['download_count'],
|
|
'POST_TIME' => create_date($board_config['default_dateformat'], $attachments[$i]['filetime'], $board_config['board_timezone']),
|
|
'POST_TITLE' => $post_titles,
|
|
|
|
'S_DELETE_BOX' => $delete_box,
|
|
'S_HIDDEN' => $hidden_field,
|
|
'U_VIEW_ATTACHMENT' => append_sid($phpbb_root_path . 'download.' . $phpEx . '?id=' . $attachments[$i]['attach_id']))
|
|
// 'U_VIEW_POST' => ($attachments[$i]['post_id'] != 0) ? append_sid("../viewtopic." . $phpEx . "?" . POST_POST_URL . "=" . $attachments[$i]['post_id'] . "#" . $attachments[$i]['post_id']) : '')
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Generate Pagination
|
|
//
|
|
if ( ($do_pagination) && ($total_rows > $board_config['topics_per_page']) )
|
|
{
|
|
$pagination = generate_pagination($phpbb_root_path . 'uacp.' . $phpEx . '?mode=' . $mode . '&order=' . $sort_order . '&' . POST_USERS_URL . '=' . $profiledata['user_id'] . '&sid=' . $userdata['session_id'], $total_rows, $board_config['topics_per_page'], $start).' ';
|
|
|
|
$template->assign_vars(array(
|
|
'PAGINATION' => $pagination,
|
|
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $total_rows / $board_config['topics_per_page'] )),
|
|
|
|
'L_GOTO_PAGE' => $lang['Goto_page'])
|
|
);
|
|
}
|
|
|
|
$template->pparse('body');
|
|
|
|
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
|
|
|
|
?>
|