Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 12
CRAP
0.00% covered (danger)
0.00%
0 / 1287
acp_attachments
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 12
75900
0.00% covered (danger)
0.00%
0 / 1283
 main
0.00% covered (danger)
0.00%
0 / 1
39006
0.00% covered (danger)
0.00%
0 / 974
 get_attachment_stats
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 13
 set_attachment_stats
0.00% covered (danger)
0.00%
0 / 1
6
0.00% covered (danger)
0.00%
0 / 6
 check_stats_accuracy
0.00% covered (danger)
0.00%
0 / 1
12
0.00% covered (danger)
0.00%
0 / 17
 handle_stats_resync
0.00% covered (danger)
0.00%
0 / 1
6
0.00% covered (danger)
0.00%
0 / 16
 category_select
0.00% covered (danger)
0.00%
0 / 1
42
0.00% covered (danger)
0.00%
0 / 29
 group_select
0.00% covered (danger)
0.00%
0 / 1
72
0.00% covered (danger)
0.00%
0 / 32
 test_upload
0.00% covered (danger)
0.00%
0 / 1
56
0.00% covered (danger)
0.00%
0 / 32
 perform_site_list
0.00% covered (danger)
0.00%
0 / 1
2162
0.00% covered (danger)
0.00%
0 / 150
 display_order
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 4
 max_filesize
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 6
 select_allow_deny
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 4
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
    exit;
}
class acp_attachments
{
    /** @var \phpbb\db\driver\driver_interface */
    protected $db;
    /** @var \phpbb\config\config */
    protected $config;
    /** @var \phpbb\language\language */
    protected $language;
    /** @var ContainerBuilder */
    protected $phpbb_container;
    /** @var \phpbb\template\template */
    protected $template;
    /** @var \phpbb\user */
    protected $user;
    /** @var  \phpbb\filesystem\filesystem_interface */
    protected $filesystem;
    /** @var \phpbb\attachment\manager */
    protected $attachment_manager;
    public $id;
    public $u_action;
    protected $new_config;
    function main($id, $mode)
    {
        global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem, $phpbb_dispatcher;
        global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request;
        $this->id = $id;
        $this->db = $db;
        $this->config = $config;
        $this->language = $phpbb_container->get('language');
        $this->template = $template;
        $this->user = $user;
        $this->phpbb_container = $phpbb_container;
        $this->filesystem = $phpbb_filesystem;
        $this->attachment_manager = $phpbb_container->get('attachment.manager');
        $user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
        $error = $notify = array();
        $submit = (isset($_POST['submit'])) ? true : false;
        $action = $request->variable('action', '');
        $form_key = 'acp_attach';
        add_form_key($form_key);
        if ($submit && !check_form_key($form_key))
        {
            trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
        }
        switch ($mode)
        {
            case 'attach':
                $l_title = 'ACP_ATTACHMENT_SETTINGS';
            break;
            case 'extensions':
                $l_title = 'ACP_MANAGE_EXTENSIONS';
            break;
            case 'ext_groups':
                $l_title = 'ACP_EXTENSION_GROUPS';
            break;
            case 'orphan':
                $l_title = 'ACP_ORPHAN_ATTACHMENTS';
            break;
            case 'manage':
                $l_title = 'ACP_MANAGE_ATTACHMENTS';
            break;
            default:
                trigger_error('NO_MODE', E_USER_ERROR);
            break;
        }
        $this->tpl_name = 'acp_attachments';
        $this->page_title = $l_title;
        $template->assign_vars(array(
            'L_TITLE'            => $user->lang[$l_title],
            'L_TITLE_EXPLAIN'    => $user->lang[$l_title . '_EXPLAIN'],
            'U_ACTION'            => $this->u_action)
        );
        switch ($mode)
        {
            case 'attach':
                if (!function_exists('get_supported_image_types'))
                {
                    include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
                }
                $allowed_pm_groups = [];
                $allowed_post_groups = [];
                $s_assigned_groups = [];
                $sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
                    FROM ' . EXTENSION_GROUPS_TABLE . '
                    WHERE cat_id > 0
                    ORDER BY cat_id';
                $result = $db->sql_query($sql);
                while ($row = $db->sql_fetchrow($result))
                {
                    $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
                    $s_assigned_groups[$row['cat_id']][] = $row['group_name'];
                    if ($row['allow_group'])
                    {
                        $allowed_post_groups[] = $row['group_id'];
                    }
                    if ($row['allow_in_pm'])
                    {
                        $allowed_pm_groups[] = $row['group_id'];
                    }
                }
                $db->sql_freeresult($result);
                $l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((!empty($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
                $display_vars = array(
                    'title'    => 'ACP_ATTACHMENT_SETTINGS',
                    'vars'    => array(
                        'legend1'                => 'ACP_ATTACHMENT_SETTINGS',
                        'img_max_width'            => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
                        'img_max_height'        => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
                        'img_link_width'        => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
                        'img_link_height'        => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
                        'allow_attachments'        => array('lang' => 'ALLOW_ATTACHMENTS',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => false),
                        'allow_pm_attach'        => array('lang' => 'ALLOW_PM_ATTACHMENTS',    'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => false),
                        'max_attachments'        => array('lang' => 'MAX_ATTACHMENTS',        'validate' => 'int:0:999',    'type' => 'number:0:999', 'explain' => false),
                        'max_attachments_pm'    => array('lang' => 'MAX_ATTACHMENTS_PM',    'validate' => 'int:0:999',    'type' => 'number:0:999', 'explain' => false),
                        'upload_path'            => array('lang' => 'UPLOAD_DIR',            'validate' => 'wpath',    'type' => 'text:25:100', 'explain' => true),
                        'display_order'            => array('lang' => 'DISPLAY_ORDER',            'validate' => 'bool',    'type' => 'custom', 'method' => 'display_order', 'explain' => true),
                        'attachment_quota'        => array('lang' => 'ATTACH_QUOTA',            'validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
                        'max_filesize'            => array('lang' => 'ATTACH_MAX_FILESIZE',    'validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
                        'max_filesize_pm'        => array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string',    'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
                        'secure_downloads'        => array('lang' => 'SECURE_DOWNLOADS',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'secure_allow_deny'        => array('lang' => 'SECURE_ALLOW_DENY',        'validate' => 'int',    'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
                        'secure_allow_empty_referer'    => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'check_attachment_content'         => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'legend2'                    => $l_legend_cat_images,
                        'img_display_inlined'        => array('lang' => 'DISPLAY_INLINED',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'img_create_thumbnail'        => array('lang' => 'CREATE_THUMBNAIL',        'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'img_max_thumb_width'        => array('lang' => 'MAX_THUMB_WIDTH',        'validate' => 'int:0:999999999999999',    'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
                        'img_min_thumb_filesize'    => array('lang' => 'MIN_THUMB_FILESIZE',    'validate' => 'int:0:999999999999999',    'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
                        'img_max'                    => array('lang' => 'MAX_IMAGE_SIZE',        'validate' => 'int:0:9999',    'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
                        'img_strip_metadata'        => array('lang' => 'IMAGE_STRIP_METADATA',    'validate' => 'bool',    'type' => 'radio:yes_no', 'explain' => true),
                        'img_quality'                => array('lang' => 'IMAGE_QUALITY',            'validate' => 'int:50:90',    'type' => 'number:50:90', 'explain' => true, 'append' => ' &percnt;'),
                        'img_link'                    => array('lang' => 'IMAGE_LINK_SIZE',        'validate' => 'int:0:9999',    'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
                    )
                );
                /**
                * Event to add and/or modify acp_attachement configurations
                *
                * @event core.acp_attachments_config_edit_add
                * @var    array    display_vars    Array of config values to display and process
                * @var    string    mode            Mode of the config page we are displaying
                * @var    boolean    submit            Do we display the form or process the submission
                * @since 3.1.11-RC1
                */
                $vars = array('display_vars', 'mode', 'submit');
                extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
                $this->new_config = $config;
                $cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => '')) : $this->new_config;
                $error = array();
                // We validate the complete config if whished
                validate_config_vars($display_vars['vars'], $cfg_array, $error);
                // Do not write values if there is an error
                if (count($error))
                {
                    $submit = false;
                }
                // We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
                foreach ($display_vars['vars'] as $config_name => $null)
                {
                    if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
                    {
                        continue;
                    }
                    $this->new_config[$config_name] = $config_value = $cfg_array[$config_name];
                    if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
                    {
                        $size_var = $request->variable($config_name, '');
                        $config_value = (int) $config_value;
                        $this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
                    }
                    if ($submit)
                    {
                        $config->set($config_name, $config_value);
                    }
                }
                $this->perform_site_list();
                if ($submit)
                {
                    $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH');
                    // Check Settings
                    $this->test_upload($error, $this->new_config['upload_path'], false);
                    if (!count($error))
                    {
                        trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
                    }
                }
                $template->assign_var('S_ATTACHMENT_SETTINGS', true);
                // Secure Download Options - Same procedure as with banning
                $allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
                $sql = 'SELECT *
                    FROM ' . SITELIST_TABLE;
                $result = $db->sql_query($sql);
                $defined_ips = '';
                $ips = array();
                while ($row = $db->sql_fetchrow($result))
                {
                    $value = ($row['site_ip']) ? $row['site_ip'] : $row['site_hostname'];
                    if ($value)
                    {
                        $defined_ips .= '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>';
                        $ips[$row['site_id']] = $value;
                    }
                }
                $db->sql_freeresult($result);
                $template->assign_vars(array(
                    'S_EMPTY_PM_GROUPS'        => empty($allowed_pm_groups),
                    'S_EMPTY_POST_GROUPS'    => empty($allowed_post_groups),
                    'S_SECURE_DOWNLOADS'    => $this->new_config['secure_downloads'],
                    'S_DEFINED_IPS'            => ($defined_ips != '') ? true : false,
                    'S_WARNING'                => (count($error)) ? true : false,
                    'U_EXTENSION_GROUPS'    => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=ext_groups"),
                    'WARNING_MSG'            => implode('<br />', $error),
                    'DEFINED_IPS'            => $defined_ips,
                    'L_SECURE_TITLE'        => $user->lang['DEFINE_' . $allow_deny . '_IPS'],
                    'L_IP_EXCLUDE'            => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'],
                    'L_REMOVE_IPS'            => $user->lang['REMOVE_' . $allow_deny . '_IPS'])
                );
                // Output relevant options
                foreach ($display_vars['vars'] as $config_key => $vars)
                {
                    if (!is_array($vars) && strpos($config_key, 'legend') === false)
                    {
                        continue;
                    }
                    if (strpos($config_key, 'legend') !== false)
                    {
                        $template->assign_block_vars('options', array(
                            'S_LEGEND'        => true,
                            'LEGEND'        => (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars)
                        );
                        continue;
                    }
                    $type = explode(':', $vars['type']);
                    $l_explain = '';
                    if ($vars['explain'] && isset($vars['lang_explain']))
                    {
                        $l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain'];
                    }
                    else if ($vars['explain'])
                    {
                        $l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
                    }
                    $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
                    if (empty($content))
                    {
                        continue;
                    }
                    $template->assign_block_vars('options', array(
                        'KEY'            => $config_key,
                        'TITLE'            => $user->lang[$vars['lang']],
                        'S_EXPLAIN'        => $vars['explain'],
                        'TITLE_EXPLAIN'    => $l_explain,
                        'CONTENT'        => $content,
                        )
                    );
                    unset($display_vars['vars'][$config_key]);
                }
            break;
            case 'extensions':
                if ($submit || isset($_POST['add_extension_check']))
                {
                    if ($submit)
                    {
                        // Change Extensions ?
                        $extension_change_list    = $request->variable('extension_change_list', array(0));
                        $group_select_list        = $request->variable('group_select', array(0));
                        // Generate correct Change List
                        $extensions = array();
                        for ($i = 0, $size = count($extension_change_list); $i < $size; $i++)
                        {
                            $extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i];
                        }
                        $sql = 'SELECT *
                            FROM ' . EXTENSIONS_TABLE . '
                            ORDER BY extension_id';
                        $result = $db->sql_query($sql);
                        while ($row = $db->sql_fetchrow($result))
                        {
                            if ($row['group_id'] != $extensions[$row['extension_id']]['group_id'])
                            {
                                $sql = 'UPDATE ' . EXTENSIONS_TABLE . '
                                    SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . '
                                    WHERE extension_id = ' . $row['extension_id'];
                                $db->sql_query($sql);
                                $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension']));
                            }
                        }
                        $db->sql_freeresult($result);
                        // Delete Extension?
                        $extension_id_list = $request->variable('extension_id_list', array(0));
                        if (count($extension_id_list))
                        {
                            $sql = 'SELECT extension
                                FROM ' . EXTENSIONS_TABLE . '
                                WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
                            $result = $db->sql_query($sql);
                            $extension_list = '';
                            while ($row = $db->sql_fetchrow($result))
                            {
                                $extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension'];
                            }
                            $db->sql_freeresult($result);
                            $sql = 'DELETE
                                FROM ' . EXTENSIONS_TABLE . '
                                WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
                            $db->sql_query($sql);
                            $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list));
                        }
                    }
                    // Add Extension?
                    $add_extension            = strtolower($request->variable('add_extension', ''));
                    $add_extension_group    = $request->variable('add_group_select', 0);
                    $add                    = (isset($_POST['add_extension_check'])) ? true : false;
                    if ($add_extension && $add)
                    {
                        if (!count($error))
                        {
                            $sql = 'SELECT extension_id
                                FROM ' . EXTENSIONS_TABLE . "
                                WHERE extension = '" . $db->sql_escape($add_extension) . "'";
                            $result = $db->sql_query($sql);
                            if ($row = $db->sql_fetchrow($result))
                            {
                                $error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
                            }
                            $db->sql_freeresult($result);
                            if (!count($error))
                            {
                                $sql_ary = array(
                                    'group_id'    =>    $add_extension_group,
                                    'extension'    =>    $add_extension
                                );
                                $db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
                                $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension));
                            }
                        }
                    }
                    if (!count($error))
                    {
                        $notify[] = $user->lang['EXTENSIONS_UPDATED'];
                    }
                    $cache->destroy('_extensions');
                }
                $template->assign_vars(array(
                    'S_EXTENSIONS'            => true,
                    'ADD_EXTENSION'            => (isset($add_extension)) ? $add_extension : '',
                    'GROUP_SELECT_OPTIONS'    => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
                );
                $sql = 'SELECT *
                    FROM ' . EXTENSIONS_TABLE . '
                    ORDER BY group_id, extension';
                $result = $db->sql_query($sql);
                if ($row = $db->sql_fetchrow($result))
                {
                    $old_group_id = $row['group_id'];
                    do
                    {
                        $s_spacer = false;
                        $current_group_id = $row['group_id'];
                        if ($old_group_id != $current_group_id)
                        {
                            $s_spacer = true;
                            $old_group_id = $current_group_id;
                        }
                        $template->assign_block_vars('extensions', array(
                            'S_SPACER'        => $s_spacer,
                            'EXTENSION_ID'    => $row['extension_id'],
                            'EXTENSION'        => $row['extension'],
                            'GROUP_OPTIONS'    => $this->group_select('group_select[]', $row['group_id']))
                        );
                    }
                    while ($row = $db->sql_fetchrow($result));
                }
                $db->sql_freeresult($result);
            break;
            case 'ext_groups':
                $template->assign_var('S_EXTENSION_GROUPS', true);
                if ($submit)
                {
                    $action = $request->variable('action', '');
                    $group_id = $request->variable('g', 0);
                    if ($action != 'add' && $action != 'edit')
                    {
                        trigger_error('NO_MODE', E_USER_ERROR);
                    }
                    if (!$group_id && $action == 'edit')
                    {
                        trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
                    }
                    if ($group_id)
                    {
                        $sql = 'SELECT *
                            FROM ' . EXTENSION_GROUPS_TABLE . "
                            WHERE group_id = $group_id";
                        $result = $db->sql_query($sql);
                        $ext_row = $db->sql_fetchrow($result);
                        $db->sql_freeresult($result);
                        if (!$ext_row)
                        {
                            trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
                        }
                    }
                    else
                    {
                        $ext_row = array();
                    }
                    $group_name = $request->variable('group_name', '', true);
                    $new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
                    if (!$group_name)
                    {
                        $error[] = $user->lang['NO_EXT_GROUP_NAME'];
                    }
                    // Check New Group Name
                    if ($new_group_name)
                    {
                        $sql = 'SELECT group_id
                            FROM ' . EXTENSION_GROUPS_TABLE . "
                            WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
                        if ($group_id)
                        {
                            $sql .= ' AND group_id <> ' . $group_id;
                        }
                        $result = $db->sql_query($sql);
                        if ($db->sql_fetchrow($result))
                        {
                            $error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name);
                        }
                        $db->sql_freeresult($result);
                    }
                    if (!count($error))
                    {
                        // Ok, build the update/insert array
                        $upload_icon    = $request->variable('upload_icon', 'no_image');
                        $size_select    = $request->variable('size_select', 'b');
                        $forum_select    = $request->variable('forum_select', false);
                        $allowed_forums    = $request->variable('allowed_forums', array(0));
                        $allow_in_pm    = (isset($_POST['allow_in_pm'])) ? true : false;
                        $max_filesize    = $request->variable('max_filesize', 0);
                        $max_filesize    = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
                        $allow_group    = (isset($_POST['allow_group'])) ? true : false;
                        if ($max_filesize == $config['max_filesize'])
                        {
                            $max_filesize = 0;
                        }
                        if (!count($allowed_forums))
                        {
                            $forum_select = false;
                        }
                        $group_ary = array(
                            'group_name'    => $group_name,
                            'cat_id'        => $request->variable('special_category', ATTACHMENT_CATEGORY_NONE),
                            'allow_group'    => ($allow_group) ? 1 : 0,
                            'upload_icon'    => ($upload_icon == 'no_image') ? '' : $upload_icon,
                            'max_filesize'    => $max_filesize,
                            'allowed_forums'=> ($forum_select) ? serialize($allowed_forums) : '',
                            'allow_in_pm'    => ($allow_in_pm) ? 1 : 0,
                        );
                        if ($action == 'add')
                        {
                            $group_ary['download_mode'] = INLINE_LINK;
                        }
                        $sql = ($action == 'add') ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET ';
                        $sql .= $db->sql_build_array((($action == 'add') ? 'INSERT' : 'UPDATE'), $group_ary);
                        $sql .= ($action == 'edit') ? " WHERE group_id = $group_id" : '';
                        $db->sql_query($sql);
                        if ($action == 'add')
                        {
                            $group_id = $db->sql_nextid();
                        }
                        $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
                        $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
                    }
                    $extension_list = $request->variable('extensions', array(0));
                    if ($action == 'edit' && count($extension_list))
                    {
                        $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
                            SET group_id = 0
                            WHERE group_id = $group_id";
                        $db->sql_query($sql);
                    }
                    if (count($extension_list))
                    {
                        $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
                            SET group_id = $group_id
                            WHERE " . $db->sql_in_set('extension_id', $extension_list);
                        $db->sql_query($sql);
                    }
                    $cache->destroy('_extensions');
                    if (!count($error))
                    {
                        $notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)];
                    }
                }
                $cat_lang = array(
                    ATTACHMENT_CATEGORY_NONE        => $user->lang['NO_FILE_CAT'],
                    ATTACHMENT_CATEGORY_IMAGE        => $user->lang['CAT_IMAGES'],
                    ATTACHMENT_CATEGORY_FLASH        => $user->lang['CAT_FLASH_FILES'],
                );
                $group_id = $request->variable('g', 0);
                $action = (isset($_POST['add'])) ? 'add' : $action;
                switch ($action)
                {
                    case 'delete':
                        if (confirm_box(true))
                        {
                            $sql = 'SELECT group_name
                                FROM ' . EXTENSION_GROUPS_TABLE . "
                                WHERE group_id = $group_id";
                            $result = $db->sql_query($sql);
                            $group_name = (string) $db->sql_fetchfield('group_name');
                            $db->sql_freeresult($result);
                            $sql = 'DELETE
                                FROM ' . EXTENSION_GROUPS_TABLE . "
                                WHERE group_id = $group_id";
                            $db->sql_query($sql);
                            // Set corresponding Extensions to a pending Group
                            $sql = 'UPDATE ' . EXTENSIONS_TABLE . "
                                SET group_id = 0
                                WHERE group_id = $group_id";
                            $db->sql_query($sql);
                            $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name));
                            $cache->destroy('_extensions');
                            trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action));
                        }
                        else
                        {
                            confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
                                'i'            => $id,
                                'mode'        => $mode,
                                'group_id'    => $group_id,
                                'action'    => 'delete',
                            )));
                        }
                    break;
                    case 'edit':
                        if (!$group_id)
                        {
                            trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
                        }
                        $sql = 'SELECT *
                            FROM ' . EXTENSION_GROUPS_TABLE . "
                            WHERE group_id = $group_id";
                        $result = $db->sql_query($sql);
                        $ext_group_row = $db->sql_fetchrow($result);
                        $db->sql_freeresult($result);
                        $forum_ids = (!$ext_group_row['allowed_forums']) ? array() : unserialize(trim($ext_group_row['allowed_forums']));
                    // no break;
                    case 'add':
                        if ($action == 'add')
                        {
                            $ext_group_row = array(
                                'group_name'    => $request->variable('group_name', '', true),
                                'cat_id'        => 0,
                                'allow_group'    => 1,
                                'allow_in_pm'    => 1,
                                'upload_icon'    => '',
                                'max_filesize'    => 0,
                            );
                            $forum_ids = array();
                        }
                        $sql = 'SELECT *
                            FROM ' . EXTENSIONS_TABLE . "
                            WHERE group_id = $group_id
                                OR group_id = 0
                            ORDER BY extension";
                        $result = $db->sql_query($sql);
                        $extensions = $db->sql_fetchrowset($result);
                        $db->sql_freeresult($result);
                        if ($ext_group_row['max_filesize'] == 0)
                        {
                            $ext_group_row['max_filesize'] = (int) $config['max_filesize'];
                        }
                        $max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b'));
                        $size_format = $max_filesize['si_identifier'];
                        $ext_group_row['max_filesize'] = $max_filesize['value'];
                        $img_path = $config['upload_icons_path'];
                        $filename_list = '';
                        $no_image_select = false;
                        $imglist = filelist($phpbb_root_path . $img_path);
                        if (!empty($imglist['']))
                        {
                            $imglist = array_values($imglist);
                            $imglist = $imglist[0];
                            foreach ($imglist as $key => $img)
                            {
                                if (!$ext_group_row['upload_icon'])
                                {
                                    $no_image_select = true;
                                    $selected = '';
                                }
                                else
                                {
                                    $selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
                                }
                                if (strlen($img) > 255)
                                {
                                    continue;
                                }
                                $filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
                            }
                        }
                        $i = 0;
                        $assigned_extensions = '';
                        foreach ($extensions as $num => $row)
                        {
                            if ($row['group_id'] == $group_id && $group_id)
                            {
                                $assigned_extensions .= ($i) ? ', ' . $row['extension'] : $row['extension'];
                                $i++;
                            }
                        }
                        $s_extension_options = '';
                        foreach ($extensions as $row)
                        {
                            $s_extension_options .= '<option' . ((!$row['group_id']) ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . (($row['group_id'] == $group_id && $group_id) ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>';
                        }
                        $template->assign_vars(array(
                            'IMG_PATH'                => $img_path,
                            'ACTION'                => $action,
                            'GROUP_ID'                => $group_id,
                            'GROUP_NAME'            => $ext_group_row['group_name'],
                            'ALLOW_GROUP'            => $ext_group_row['allow_group'],
                            'ALLOW_IN_PM'            => $ext_group_row['allow_in_pm'],
                            'UPLOAD_ICON_SRC'        => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'],
                            'EXTGROUP_FILESIZE'        => $ext_group_row['max_filesize'],
                            'ASSIGNED_EXTENSIONS'    => $assigned_extensions,
                            'S_CATEGORY_SELECT'            => $this->category_select('special_category', $group_id, 'category'),
                            'S_EXT_GROUP_SIZE_OPTIONS'    => size_select_options($size_format),
                            'S_EXTENSION_OPTIONS'        => $s_extension_options,
                            'S_FILENAME_LIST'            => $filename_list,
                            'S_EDIT_GROUP'                => true,
                            'S_NO_IMAGE'                => $no_image_select,
                            'S_FORUM_IDS'                => (count($forum_ids)) ? true : false,
                            'U_EXTENSIONS'        => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=extensions"),
                            'U_BACK'            => $this->u_action,
                            'L_LEGEND'            => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'])
                        );
                        $s_forum_id_options = '';
                        /** @todo use in-built function **/
                        $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
                            FROM ' . FORUMS_TABLE . '
                            ORDER BY left_id ASC';
                        $result = $db->sql_query($sql, 600);
                        $right = $cat_right = $padding_inc = 0;
                        $padding = $forum_list = $holding = '';
                        $padding_store = array('0' => '');
                        while ($row = $db->sql_fetchrow($result))
                        {
                            if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
                            {
                                // Non-postable forum with no subforums, don't display
                                continue;
                            }
                            if (!$auth->acl_get('f_list', $row['forum_id']))
                            {
                                // if the user does not have permissions to list this forum skip
                                continue;
                            }
                            if ($row['left_id'] < $right)
                            {
                                $padding .= '&nbsp; &nbsp;';
                                $padding_store[$row['parent_id']] = $padding;
                            }
                            else if ($row['left_id'] > $right + 1)
                            {
                                $padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
                            }
                            $right = $row['right_id'];
                            $selected = (in_array($row['forum_id'], $forum_ids)) ? ' selected="selected"' : '';
                            if ($row['left_id'] > $cat_right)
                            {
                                // make sure we don't forget anything
                                $s_forum_id_options .= $holding;
                                $holding = '';
                            }
                            if ($row['right_id'] - $row['left_id'] > 1)
                            {
                                $cat_right = max($cat_right, $row['right_id']);
                                $holding .= '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
                            }
                            else
                            {
                                $s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
                                $holding = '';
                            }
                        }
                        if ($holding)
                        {
                            $s_forum_id_options .= $holding;
                        }
                        $db->sql_freeresult($result);
                        unset($padding_store);
                        $template->assign_vars(array(
                            'S_FORUM_ID_OPTIONS'    => $s_forum_id_options)
                        );
                    break;
                }
                $sql = 'SELECT *
                    FROM ' . EXTENSION_GROUPS_TABLE . '
                    ORDER BY allow_group DESC, allow_in_pm DESC, group_name';
                $result = $db->sql_query($sql);
                $old_allow_group = $old_allow_pm = 1;
                while ($row = $db->sql_fetchrow($result))
                {
                    $s_add_spacer = ($old_allow_group != $row['allow_group'] || $old_allow_pm != $row['allow_in_pm']) ? true : false;
                    $template->assign_block_vars('groups', array(
                        'S_ADD_SPACER'        => $s_add_spacer,
                        'S_ALLOWED_IN_PM'    => ($row['allow_in_pm']) ? true : false,
                        'S_GROUP_ALLOWED'    => ($row['allow_group']) ? true : false,
                        'U_EDIT'        => $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
                        'U_DELETE'        => $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",
                        'GROUP_NAME'    => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
                        'CATEGORY'        => $cat_lang[$row['cat_id']],
                        )
                    );
                    $old_allow_group = $row['allow_group'];
                    $old_allow_pm = $row['allow_in_pm'];
                }
                $db->sql_freeresult($result);
            break;
            case 'orphan':
                /* @var $pagination \phpbb\pagination */
                $pagination = $this->phpbb_container->get('pagination');
                if ($submit)
                {
                    $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
                    $add_files = (isset($_POST['add'])) ? array_keys($request->variable('add', array('' => 0))) : array();
                    $post_ids = $request->variable('post_id', array('' => 0));
                    if (count($delete_files))
                    {
                        $sql = 'SELECT *
                            FROM ' . ATTACHMENTS_TABLE . '
                            WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
                                AND is_orphan = 1';
                        $result = $db->sql_query($sql);
                        $delete_files = array();
                        while ($row = $db->sql_fetchrow($result))
                        {
                            $this->attachment_manager->unlink($row['physical_filename'], 'file');
                            if ($row['thumbnail'])
                            {
                                $this->attachment_manager->unlink($row['physical_filename'], 'thumbnail');
                            }
                            $delete_files[$row['attach_id']] = $row['real_filename'];
                        }
                        $db->sql_freeresult($result);
                    }
                    if (count($delete_files))
                    {
                        $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
                            WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files));
                        $db->sql_query($sql);
                        $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files)));
                        $notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files));
                    }
                    $upload_list = array();
                    foreach ($add_files as $attach_id)
                    {
                        if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
                        {
                            $upload_list[$attach_id] = $post_ids[$attach_id];
                        }
                    }
                    unset($add_files);
                    if (count($upload_list))
                    {
                        $template->assign_var('S_UPLOADING_FILES', true);
                        $sql = 'SELECT forum_id, forum_name
                            FROM ' . FORUMS_TABLE;
                        $result = $db->sql_query($sql);
                        $forum_names = array();
                        while ($row = $db->sql_fetchrow($result))
                        {
                            $forum_names[$row['forum_id']] = $row['forum_name'];
                        }
                        $db->sql_freeresult($result);
                        $sql = 'SELECT forum_id, topic_id, post_id, poster_id
                            FROM ' . POSTS_TABLE . '
                            WHERE ' . $db->sql_in_set('post_id', $upload_list);
                        $result = $db->sql_query($sql);
                        $post_info = array();
                        while ($row = $db->sql_fetchrow($result))
                        {
                            $post_info[$row['post_id']] = $row;
                        }
                        $db->sql_freeresult($result);
                        // Select those attachments we want to change...
                        $sql = 'SELECT *
                            FROM ' . ATTACHMENTS_TABLE . '
                            WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . '
                                AND is_orphan = 1';
                        $result = $db->sql_query($sql);
                        $files_added = $space_taken = 0;
                        while ($row = $db->sql_fetchrow($result))
                        {
                            $post_row = $post_info[$upload_list[$row['attach_id']]];
                            $template->assign_block_vars('upload', array(
                                'FILE_INFO'        => sprintf($user->lang['UPLOADING_FILE_TO'], $row['real_filename'], $post_row['post_id']),
                                'S_DENIED'        => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? true : false,
                                'L_DENIED'        => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '')
                            );
                            if (!$auth->acl_get('f_attach', $post_row['forum_id']))
                            {
                                continue;
                            }
                            // Adjust attachment entry
                            $sql_ary = array(
                                'in_message'    => 0,
                                'is_orphan'        => 0,
                                'poster_id'        => $post_row['poster_id'],
                                'post_msg_id'    => $post_row['post_id'],
                                'topic_id'        => $post_row['topic_id'],
                            );
                            $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
                                SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
                                WHERE attach_id = ' . $row['attach_id'];
                            $db->sql_query($sql);
                            $sql = 'UPDATE ' . POSTS_TABLE . '
                                SET post_attachment = 1
                                WHERE post_id = ' . $post_row['post_id'];
                            $db->sql_query($sql);
                            $sql = 'UPDATE ' . TOPICS_TABLE . '
                                SET topic_attachment = 1
                                WHERE topic_id = ' . $post_row['topic_id'];
                            $db->sql_query($sql);
                            $space_taken += $row['filesize'];
                            $files_added++;
                            $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, array($post_row['post_id'], $row['real_filename']));
                        }
                        $db->sql_freeresult($result);
                        if ($files_added)
                        {
                            $config->increment('upload_dir_size', $space_taken, false);
                            $config->increment('num_files', $files_added, false);
                        }
                    }
                }
                $template->assign_vars(array(
                    'S_ORPHAN'        => true)
                );
                $attachments_per_page = (int) $config['topics_per_page'];
                // Get total number or orphans older than 3 hours
                $sql = 'SELECT COUNT(attach_id) as num_files, SUM(filesize) as total_size
                    FROM ' . ATTACHMENTS_TABLE . '
                    WHERE is_orphan = 1
                        AND filetime < ' . (time() - 3*60*60);
                $result = $this->db->sql_query($sql);
                $row = $this->db->sql_fetchrow($result);
                $num_files = (int) $row['num_files'];
                $total_size = (int) $row['total_size'];
                $this->db->sql_freeresult($result);
                $start = $request->variable('start', 0);
                $start = $pagination->validate_start($start, $attachments_per_page, $num_files);
                // Just get the files with is_orphan set and older than 3 hours
                $sql = 'SELECT *
                    FROM ' . ATTACHMENTS_TABLE . '
                    WHERE is_orphan = 1
                        AND filetime < ' . (time() - 3*60*60) . '
                    ORDER BY filetime DESC';
                $result = $db->sql_query_limit($sql, $attachments_per_page, $start);
                while ($row = $db->sql_fetchrow($result))
                {
                    $template->assign_block_vars('orphan', array(
                        'FILESIZE'            => get_formatted_filesize($row['filesize']),
                        'FILETIME'            => $user->format_date($row['filetime']),
                        'REAL_FILENAME'        => utf8_basename($row['real_filename']),
                        'PHYSICAL_FILENAME'    => utf8_basename($row['physical_filename']),
                        'ATTACH_ID'            => $row['attach_id'],
                        'POST_IDS'            => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
                        'U_FILE'            => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
                    );
                }
                $db->sql_freeresult($result);
                $pagination->generate_template_pagination(
                    $this->u_action,
                    'pagination',
                    'start',
                    $num_files,
                    $attachments_per_page,
                    $start
                );
                $template->assign_vars(array(
                    'TOTAL_FILES'        => $num_files,
                    'TOTAL_SIZE'        => get_formatted_filesize($total_size),
                ));
            break;
            case 'manage':
                if ($submit)
                {
                    $delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
                    if (count($delete_files))
                    {
                        // Select those attachments we want to delete...
                        $sql = 'SELECT real_filename
                            FROM ' . ATTACHMENTS_TABLE . '
                            WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
                                AND is_orphan = 0';
                        $result = $db->sql_query($sql);
                        while ($row = $db->sql_fetchrow($result))
                        {
                            $deleted_filenames[] = $row['real_filename'];
                        }
                        $db->sql_freeresult($result);
                        if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files))
                        {
                            if (count($delete_files) != $num_deleted)
                            {
                                $error[] = $user->lang['FILES_GONE'];
                            }
                            $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames)));
                            $notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames));
                        }
                        else
                        {
                            $error[] = $user->lang['NO_FILES_TO_DELETE'];
                        }
                    }
                }
                if ($action == 'stats')
                {
                    $this->handle_stats_resync();
                }
                $stats_error = $this->check_stats_accuracy();
                if ($stats_error)
                {
                    $error[] = $stats_error;
                }
                $template->assign_vars(array(
                    'S_MANAGE'        => true,
                ));
                $start        = $request->variable('start', 0);
                // Sort keys
                $sort_days    = $request->variable('st', 0);
                $sort_key    = $request->variable('sk', 't');
                $sort_dir    = $request->variable('sd', 'd');
                // Sorting
                $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
                $sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']);
                $sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username');
                $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
                gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
                $min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : '';
                $limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : '';
                $start = ($sort_days && isset($_POST['sort'])) ? 0 : $start;
                $attachments_per_page = (int) $config['topics_per_page'];
                $stats = $this->get_attachment_stats($limit_filetime);
                $num_files = $stats['num_files'];
                $total_size = $stats['upload_dir_size'];
                // Make sure $start is set to the last page if it exceeds the amount
                /* @var $pagination \phpbb\pagination */
                $pagination = $phpbb_container->get('pagination');
                $start = $pagination->validate_start($start, $attachments_per_page, $num_files);
                // If the user is trying to reach the second half of the attachments list, fetch it starting from the end
                $store_reverse = false;
                $sql_limit = $attachments_per_page;
                if ($start > $num_files / 2)
                {
                    $store_reverse = true;
                    // Select the sort order. Add time sort anchor for non-time sorting cases
                    $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : '';
                    $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor;
                    $sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files);
                    $sql_start = $pagination->reverse_start($start, $sql_limit, $num_files);
                }
                else
                {
                    // Select the sort order. Add time sort anchor for non-time sorting cases
                    $sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : '';
                    $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor;
                    $sql_start = $start;
                }
                $attachments_list = array();
                // Just get the files
                $sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title
                    FROM ' . ATTACHMENTS_TABLE . ' a
                    LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id)
                    LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)
                    WHERE a.is_orphan = 0
                        $limit_filetime
                    ORDER BY $sql_sort_order";
                $result = $db->sql_query_limit($sql, $sql_limit, $sql_start);
                $i = ($store_reverse) ? $sql_limit - 1 : 0;
                // Store increment value in a variable to save some conditional calls
                $i_increment = ($store_reverse) ? -1 : 1;
                while ($attachment_row = $db->sql_fetchrow($result))
                {
                    $attachments_list[$i] = $attachment_row;
                    $i = $i + $i_increment;
                }
                $db->sql_freeresult($result);
                $base_url = $this->u_action . "&amp;$u_sort_param";
                $pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start);
                $template->assign_vars(array(
                    'TOTAL_FILES'        => $num_files,
                    'TOTAL_SIZE'        => get_formatted_filesize($total_size),
                    'S_LIMIT_DAYS'        => $s_limit_days,
                    'S_SORT_KEY'        => $s_sort_key,
                    'S_SORT_DIR'        => $s_sort_dir)
                );
                // Grab extensions
                $extensions = $cache->obtain_attach_extensions(true);
                for ($i = 0, $end = count($attachments_list); $i < $end; ++$i)
                {
                    $row = $attachments_list[$i];
                    $row['extension'] = strtolower(trim((string) $row['extension']));
                    $comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : '';
                    $display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
                    $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS';
                    $template->assign_block_vars('attachments', array(
                        'ATTACHMENT_POSTER'    => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
                        'FILESIZE'            => get_formatted_filesize((int) $row['filesize']),
                        'FILETIME'            => $user->format_date((int) $row['filetime']),
                        'REAL_FILENAME'        => utf8_basename((string) $row['real_filename']),
                        'EXT_GROUP_NAME'    => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ?  $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
                        'COMMENT'            => $comment,
                        'TOPIC_TITLE'        => (!$row['in_message']) ? (string) $row['topic_title'] : '',
                        'ATTACH_ID'            => (int) $row['attach_id'],
                        'L_DOWNLOAD_COUNT'    => $user->lang($l_downloaded_viewed, (int) $row['download_count']),
                        'S_IN_MESSAGE'        => (bool) $row['in_message'],
                        'U_VIEW_TOPIC'        => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
                        'U_FILE'            => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
                    );
                }
            break;
        }
        if (count($error))
        {
            $template->assign_vars(array(
                'S_WARNING'        => true,
                'WARNING_MSG'    => implode('<br />', $error))
            );
        }
        if (count($notify))
        {
            $template->assign_vars(array(
                'S_NOTIFY'        => true,
                'NOTIFY_MSG'    => implode('<br />', $notify))
            );
        }
    }
    /**
    * Get attachment file count and size of upload directory
    *
    * @param $limit string    Additional limit for WHERE clause to filter stats by.
    * @return array Returns array with stats: num_files and upload_dir_size
    */
    public function get_attachment_stats($limit = '')
    {
        $sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
            FROM ' . ATTACHMENTS_TABLE . " a
            WHERE a.is_orphan = 0
                $limit";
        $result = $this->db->sql_query($sql);
        $row = $this->db->sql_fetchrow($result);
        $this->db->sql_freeresult($result);
        return array(
            'num_files'            => (int) $row['num_files'],
            'upload_dir_size'    => (float) $row['upload_dir_size'],
        );
    }
    /**
    * Set config attachment stat values
    *
    * @param $stats array    Array of config key => value pairs to set.
    * @return null
    */
    public function set_attachment_stats($stats)
    {
        foreach ($stats as $key => $value)
        {
            $this->config->set($key, $value, true);
        }
    }
    /**
    * Check accuracy of attachment statistics.
    *
    * @return bool|string    Returns false if stats are correct or error message
    *    otherwise.
    */
    public function check_stats_accuracy()
    {
        // Get fresh stats.
        $stats = $this->get_attachment_stats();
        // Get current files stats
        $num_files = (int) $this->config['num_files'];
        $total_size = (float) $this->config['upload_dir_size'];
        if (($num_files != $stats['num_files']) || ($total_size != $stats['upload_dir_size']))
        {
            $u_resync = $this->u_action . '&amp;action=stats';
            return $this->user->lang(
                'FILES_STATS_WRONG',
                (int) $stats['num_files'],
                get_formatted_filesize($stats['upload_dir_size']),
                '<a href="' . $u_resync . '">',
                '</a>'
            );
        }
        return false;
    }
    /**
    * Handle stats resync.
    *
    * @return null
    */
    public function handle_stats_resync()
    {
        if (!confirm_box(true))
        {
            confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array(
                'i'            => $this->id,
                'mode'        => 'manage',
                'action'    => 'stats',
            )));
        }
        else
        {
            $this->set_attachment_stats($this->get_attachment_stats());
            /* @var $log \phpbb\log\log_interface */
            $log = $this->phpbb_container->get('log');
            $log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS');
        }
    }
    /**
    * Build Select for category items
    */
    function category_select($select_name, $group_id = false, $key = '')
    {
        global $db, $user;
        $types = array(
            ATTACHMENT_CATEGORY_NONE        => $user->lang['NO_FILE_CAT'],
            ATTACHMENT_CATEGORY_IMAGE        => $user->lang['CAT_IMAGES'],
            ATTACHMENT_CATEGORY_FLASH        => $user->lang['CAT_FLASH_FILES'],
        );
        if ($group_id)
        {
            $sql = 'SELECT cat_id
                FROM ' . EXTENSION_GROUPS_TABLE . '
                WHERE group_id = ' . (int) $group_id;
            $result = $db->sql_query($sql);
            $cat_type = (!($row = $db->sql_fetchrow($result))) ? ATTACHMENT_CATEGORY_NONE : $row['cat_id'];
            $db->sql_freeresult($result);
        }
        else
        {
            $cat_type = ATTACHMENT_CATEGORY_NONE;
        }
        $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
        foreach ($types as $type => $mode)
        {
            $selected = ($type == $cat_type) ? ' selected="selected"' : '';
            $group_select .= '<option value="' . $type . '"' . $selected . '>' . $mode . '</option>';
        }
        $group_select .= '</select>';
        return $group_select;
    }
    /**
    * Extension group select
    */
    function group_select($select_name, $default_group = false, $key = '')
    {
        global $db, $user;
        $group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
        $sql = 'SELECT group_id, group_name
            FROM ' . EXTENSION_GROUPS_TABLE . '
            ORDER BY group_name';
        $result = $db->sql_query($sql);
        $group_name = array();
        while ($row = $db->sql_fetchrow($result))
        {
            $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
            $group_name[] = $row;
        }
        $db->sql_freeresult($result);
        $row['group_id'] = 0;
        $row['group_name'] = $user->lang['NOT_ASSIGNED'];
        $group_name[] = $row;
        for ($i = 0, $groups_size = count($group_name); $i < $groups_size; $i++)
        {
            if ($default_group === false)
            {
                $selected = ($i == 0) ? ' selected="selected"' : '';
            }
            else
            {
                $selected = ($group_name[$i]['group_id'] == $default_group) ? ' selected="selected"' : '';
            }
            $group_select .= '<option value="' . $group_name[$i]['group_id'] . '"' . $selected . '>' . $group_name[$i]['group_name'] . '</option>';
        }
        $group_select .= '</select>';
        return $group_select;
    }
    /**
    * Test Settings
    */
    function test_upload(&$error, $upload_dir, $create_directory = false)
    {
        global $user, $phpbb_root_path;
        // Does the target directory exist, is it a directory and writable.
        if ($create_directory)
        {
            if (!file_exists($phpbb_root_path . $upload_dir))
            {
                @mkdir($phpbb_root_path . $upload_dir, 0777);
                try
                {
                    $this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
                }
                catch (\phpbb\filesystem\exception\filesystem_exception $e)
                {
                    // Do nothing
                }
            }
        }
        if (!file_exists($phpbb_root_path . $upload_dir))
        {
            $error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $upload_dir);
            return;
        }
        if (!is_dir($phpbb_root_path . $upload_dir))
        {
            $error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $upload_dir);
            return;
        }
        if (!$this->filesystem->is_writable($phpbb_root_path . $upload_dir))
        {
            $error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
            return;
        }
    }
    /**
    * Perform operations on sites for external linking
    */
    function perform_site_list()
    {
        global $db, $user, $request, $phpbb_log;
        if (isset($_REQUEST['securesubmit']))
        {
            // Grab the list of entries
            $ips = $request->variable('ips', '');
            $ip_list = array_unique(explode("\n", $ips));
            $ip_list_log = implode(', ', $ip_list);
            $ip_exclude = (int) $request->variable('ipexclude', false, false, \phpbb\request\request_interface::POST);
            $iplist = array();
            $hostlist = array();
            foreach ($ip_list as $item)
            {
                if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode))
                {
                    // Don't ask about all this, just don't ask ... !
                    $ip_1_counter = $ip_range_explode[1];
                    $ip_1_end = $ip_range_explode[5];
                    while ($ip_1_counter <= $ip_1_end)
                    {
                        $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
                        $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
                        if ($ip_2_counter == 0 && $ip_2_end == 254)
                        {
                            $ip_2_counter = 256;
                            $iplist[] = "'$ip_1_counter.*'";
                        }
                        while ($ip_2_counter <= $ip_2_end)
                        {
                            $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
                            $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
                            if ($ip_3_counter == 0 && $ip_3_end == 254)
                            {
                                $ip_3_counter = 256;
                                $iplist[] = "'$ip_1_counter.$ip_2_counter.*'";
                            }
                            while ($ip_3_counter <= $ip_3_end)
                            {
                                $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
                                $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
                                if ($ip_4_counter == 0 && $ip_4_end == 254)
                                {
                                    $ip_4_counter = 256;
                                    $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
                                }
                                while ($ip_4_counter <= $ip_4_end)
                                {
                                    $iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
                                    $ip_4_counter++;
                                }
                                $ip_3_counter++;
                            }
                            $ip_2_counter++;
                        }
                        $ip_1_counter++;
                    }
                }
                else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($item)))
                {
                    $iplist[] = "'" . trim($item) . "'";
                }
                else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item)))
                {
                    $hostlist[] = "'" . trim($item) . "'";
                }
                else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item)))
                {
                    $hostlist[] = "'" . trim($item) . "'";
                }
            }
            $sql = 'SELECT site_ip, site_hostname
                FROM ' . SITELIST_TABLE . "
                WHERE ip_exclude = $ip_exclude";
            $result = $db->sql_query($sql);
            if ($row = $db->sql_fetchrow($result))
            {
                $iplist_tmp = array();
                $hostlist_tmp = array();
                do
                {
                    if ($row['site_ip'])
                    {
                        if (strlen($row['site_ip']) > 40)
                        {
                            continue;
                        }
                        $iplist_tmp[] = "'" . $row['site_ip'] . "'";
                    }
                    else if ($row['site_hostname'])
                    {
                        if (strlen($row['site_hostname']) > 255)
                        {
                            continue;
                        }
                        $hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
                    }
                    // break;
                }
                while ($row = $db->sql_fetchrow($result));
                $iplist = array_unique(array_diff($iplist, $iplist_tmp));
                $hostlist = array_unique(array_diff($hostlist, $hostlist_tmp));
                unset($iplist_tmp);
                unset($hostlist_tmp);
            }
            $db->sql_freeresult($result);
            if (count($iplist))
            {
                foreach ($iplist as $ip_entry)
                {
                    $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude)
                        VALUES ($ip_entry$ip_exclude)";
                    $db->sql_query($sql);
                }
            }
            if (count($hostlist))
            {
                foreach ($hostlist as $host_entry)
                {
                    $sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_hostname, ip_exclude)
                        VALUES ($host_entry$ip_exclude)";
                    $db->sql_query($sql);
                }
            }
            if (!empty($ip_list_log))
            {
                // Update log
                $log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP';
                $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry, false, array($ip_list_log));
            }
            trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
        }
        else if (isset($_POST['unsecuresubmit']))
        {
            $unip_sql = $request->variable('unip', array(0));
            if (count($unip_sql))
            {
                $l_unip_list = '';
                // Grab details of ips for logging information later
                $sql = 'SELECT site_ip, site_hostname
                    FROM ' . SITELIST_TABLE . '
                    WHERE ' . $db->sql_in_set('site_id', $unip_sql);
                $result = $db->sql_query($sql);
                while ($row = $db->sql_fetchrow($result))
                {
                    $l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']);
                }
                $db->sql_freeresult($result);
                $sql = 'DELETE FROM ' . SITELIST_TABLE . '
                    WHERE ' . $db->sql_in_set('site_id', $unip_sql);
                $db->sql_query($sql);
                $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DOWNLOAD_REMOVE_IP', false, array($l_unip_list));
            }
            trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
        }
    }
    /**
    * Write display_order config field
    */
    function display_order($value, $key = '')
    {
        $radio_ary = array(0 => 'DESCENDING', 1 => 'ASCENDING');
        return h_radio('config[display_order]', $radio_ary, $value, $key);
    }
    /**
    * Adjust all three max_filesize config vars for display
    */
    function max_filesize($value, $key = '')
    {
        // Determine size var and adjust the value accordingly
        $filesize = get_formatted_filesize($value, false, array('mb', 'kb', 'b'));
        $size_var = $filesize['si_identifier'];
        $value = $filesize['value'];
        // size and maxlength must not be specified for input of type number
        return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
    }
    /**
    * Write secure_allow_deny config field
    */
    function select_allow_deny($value, $key = '')
    {
        $radio_ary = array(1 => 'ORDER_ALLOW_DENY', 0 => 'ORDER_DENY_ALLOW');
        return h_radio('config[' . $key . ']', $radio_ary, $value, $key);
    }
}