Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 12	CRAP	0.00% covered (danger)	0.00%	0 / 1300
acp_attachments	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 12	76452.00	0.00% covered (danger)	0.00%	0 / 1296
main				0.00% covered (danger)	0.00%	0 / 1	39402.00	0.00% covered (danger)	0.00%	0 / 988
get_attachment_stats				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 13
set_attachment_stats				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 6
check_stats_accuracy				0.00% covered (danger)	0.00%	0 / 1	12.00	0.00% covered (danger)	0.00%	0 / 17
handle_stats_resync				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 16
category_select				0.00% covered (danger)	0.00%	0 / 1	42.00	0.00% covered (danger)	0.00%	0 / 28
group_select				0.00% covered (danger)	0.00%	0 / 1	72.00	0.00% covered (danger)	0.00%	0 / 32
test_upload				0.00% covered (danger)	0.00%	0 / 1	56.00	0.00% covered (danger)	0.00%	0 / 32
perform_site_list				0.00% covered (danger)	0.00%	0 / 1	2162.00	0.00% covered (danger)	0.00%	0 / 150
display_order				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 4
max_filesize				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 6
select_allow_deny				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 4

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_attachments
23	{
24	/** @var \phpbb\db\driver\driver_interface */
25	protected $db;
26
27	/** @var \phpbb\config\config */
28	protected $config;
29
30	/** @var \phpbb\language\language */
31	protected $language;
32
33	/** @var ContainerBuilder */
34	protected $phpbb_container;
35
36	/** @var \phpbb\template\template */
37	protected $template;
38
39	/** @var \phpbb\user */
40	protected $user;
41
42	/** @var \phpbb\filesystem\filesystem_interface */
43	protected $filesystem;
44
45	/** @var \phpbb\attachment\manager */
46	protected $attachment_manager;
47
48	public $id;
49	public $u_action;
50	protected $new_config;
51
52	function main($id, $mode)
53	{
54	global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem, $phpbb_dispatcher;
55	global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request;
56
57	$this->id = $id;
58	$this->db = $db;
59	$this->config = $config;
60	$this->language = $phpbb_container->get('language');
61	$this->template = $template;
62	$this->user = $user;
63	$this->phpbb_container = $phpbb_container;
64	$this->filesystem = $phpbb_filesystem;
65	$this->attachment_manager = $phpbb_container->get('attachment.manager');
66
67	$user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
68
69	$error = $notify = array();
70	$submit = (isset($_POST['submit'])) ? true : false;
71	$action = $request->variable('action', '');
72
73	$form_key = 'acp_attach';
74	add_form_key($form_key);
75
76	if ($submit && !check_form_key($form_key))
77	{
78	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
79	}
80
81	switch ($mode)
82	{
83	case 'attach':
84	$l_title = 'ACP_ATTACHMENT_SETTINGS';
85	break;
86
87	case 'extensions':
88	$l_title = 'ACP_MANAGE_EXTENSIONS';
89	break;
90
91	case 'ext_groups':
92	$l_title = 'ACP_EXTENSION_GROUPS';
93	break;
94
95	case 'orphan':
96	$l_title = 'ACP_ORPHAN_ATTACHMENTS';
97	break;
98
99	case 'manage':
100	$l_title = 'ACP_MANAGE_ATTACHMENTS';
101	break;
102
103	default:
104	trigger_error('NO_MODE', E_USER_ERROR);
105	break;
106	}
107
108	$this->tpl_name = 'acp_attachments';
109	$this->page_title = $l_title;
110
111	$template->assign_vars(array(
112	'L_TITLE' => $user->lang[$l_title],
113	'L_TITLE_EXPLAIN' => $user->lang[$l_title . '_EXPLAIN'],
114	'U_ACTION' => $this->u_action)
115	);
116
117	switch ($mode)
118	{
119	case 'attach':
120
121	if (!function_exists('get_supported_image_types'))
122	{
123	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
124	}
125
126	$allowed_pm_groups = [];
127	$allowed_post_groups = [];
128	$s_assigned_groups = [];
129
130	$sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
131	FROM ' . EXTENSION_GROUPS_TABLE . '
132	WHERE cat_id > 0
133	ORDER BY cat_id';
134	$result = $db->sql_query($sql);
135	while ($row = $db->sql_fetchrow($result))
136	{
137	$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
138	$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
139
140	if ($row['allow_group'])
141	{
142	$allowed_post_groups[] = $row['group_id'];
143	}
144
145	if ($row['allow_in_pm'])
146	{
147	$allowed_pm_groups[] = $row['group_id'];
148	}
149	}
150	$db->sql_freeresult($result);
151
152	$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((!empty($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
153
154	$display_vars = array(
155	'title' => 'ACP_ATTACHMENT_SETTINGS',
156	'vars' => array(
157	'legend1' => 'ACP_ATTACHMENT_SETTINGS',
158
159	'img_max_width' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
160	'img_max_height' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
161	'img_link_width' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
162	'img_link_height' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
163
164	'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
165	'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
166	'max_attachments' => array('lang' => 'MAX_ATTACHMENTS', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false),
167	'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false),
168	'upload_path' => array('lang' => 'UPLOAD_DIR', 'validate' => 'wpath', 'type' => 'text:25:100', 'explain' => true),
169	'display_order' => array('lang' => 'DISPLAY_ORDER', 'validate' => 'bool', 'type' => 'custom', 'method' => 'display_order', 'explain' => true),
170	'attachment_quota' => array('lang' => 'ATTACH_QUOTA', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
171	'max_filesize' => array('lang' => 'ATTACH_MAX_FILESIZE', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
172	'max_filesize_pm' => array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
173	'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
174	'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
175	'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
176	'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
177
178	'legend2' => $l_legend_cat_images,
179	'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
180	'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
181	'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
182	'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
183	'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
184	'img_strip_metadata' => array('lang' => 'IMAGE_STRIP_METADATA', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
185	'img_quality' => array('lang' => 'IMAGE_QUALITY', 'validate' => 'int:50:90', 'type' => 'number:50:90', 'explain' => true, 'append' => ' &percnt;'),
186	'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
187	)
188	);
189
190	/**
191	* Event to add and/or modify acp_attachement configurations
192	*
193	* @event core.acp_attachments_config_edit_add
194	* @var array display_vars Array of config values to display and process
195	* @var string mode Mode of the config page we are displaying
196	* @var boolean submit Do we display the form or process the submission
197	* @since 3.1.11-RC1
198	*/
199	$vars = array('display_vars', 'mode', 'submit');
200	extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
201
202	$this->new_config = $config;
203	$cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => '')) : $this->new_config;
204	$error = array();
205
206	// We validate the complete config if whished
207	validate_config_vars($display_vars['vars'], $cfg_array, $error);
208
209	// Do not write values if there is an error
210	if (count($error))
211	{
212	$submit = false;
213	}
214
215	// We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
216	foreach ($display_vars['vars'] as $config_name => $null)
217	{
218	if (!isset($cfg_array[$config_name]) \|\| strpos($config_name, 'legend') !== false)
219	{
220	continue;
221	}
222
223	$this->new_config[$config_name] = $config_value = $cfg_array[$config_name];
224
225	if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
226	{
227	$size_var = $request->variable($config_name, '');
228
229	$config_value = (int) $config_value;
230
231	$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
232	}
233
234	if ($submit)
235	{
236	$config->set($config_name, $config_value);
237	}
238	}
239
240	$this->perform_site_list();
241
242	if ($submit)
243	{
244	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH');
245
246	// Check Settings
247	$this->test_upload($error, $this->new_config['upload_path'], false);
248
249	if (!count($error))
250	{
251	trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
252	}
253	}
254
255	$template->assign_var('S_ATTACHMENT_SETTINGS', true);
256
257	// Secure Download Options - Same procedure as with banning
258	$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
259
260	$sql = 'SELECT *
261	FROM ' . SITELIST_TABLE;
262	$result = $db->sql_query($sql);
263
264	$defined_ips = '';
265	$ips = array();
266
267	while ($row = $db->sql_fetchrow($result))
268	{
269	$value = ($row['site_ip']) ? $row['site_ip'] : $row['site_hostname'];
270	if ($value)
271	{
272	$defined_ips .= '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>';
273	$ips[$row['site_id']] = $value;
274	}
275	}
276	$db->sql_freeresult($result);
277
278	$template->assign_vars(array(
279	'S_EMPTY_PM_GROUPS' => empty($allowed_pm_groups),
280	'S_EMPTY_POST_GROUPS' => empty($allowed_post_groups),
281	'S_SECURE_DOWNLOADS' => $this->new_config['secure_downloads'],
282	'S_DEFINED_IPS' => ($defined_ips != '') ? true : false,
283	'S_WARNING' => (count($error)) ? true : false,
284
285	'U_EXTENSION_GROUPS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=ext_groups"),
286
287	'WARNING_MSG' => implode('<br />', $error),
288	'DEFINED_IPS' => $defined_ips,
289
290	'L_SECURE_TITLE' => $user->lang['DEFINE_' . $allow_deny . '_IPS'],
291	'L_IP_EXCLUDE' => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'],
292	'L_REMOVE_IPS' => $user->lang['REMOVE_' . $allow_deny . '_IPS'])
293	);
294
295	// Output relevant options
296	foreach ($display_vars['vars'] as $config_key => $vars)
297	{
298	if (!is_array($vars) && strpos($config_key, 'legend') === false)
299	{
300	continue;
301	}
302
303	if (strpos($config_key, 'legend') !== false)
304	{
305	$template->assign_block_vars('options', array(
306	'S_LEGEND' => true,
307	'LEGEND' => (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars)
308	);
309
310	continue;
311	}
312
313	$type = explode(':', $vars['type']);
314
315	$l_explain = '';
316	if ($vars['explain'] && isset($vars['lang_explain']))
317	{
318	$l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain'];
319	}
320	else if ($vars['explain'])
321	{
322	$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
323	}
324
325	$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
326	if (empty($content))
327	{
328	continue;
329	}
330
331	$template->assign_block_vars('options', array(
332	'KEY' => $config_key,
333	'TITLE' => $user->lang[$vars['lang']],
334	'S_EXPLAIN' => $vars['explain'],
335	'TITLE_EXPLAIN' => $l_explain,
336	'CONTENT' => $content,
337	)
338	);
339
340	unset($display_vars['vars'][$config_key]);
341	}
342
343	break;
344
345	case 'extensions':
346
347	if ($submit \|\| isset($_POST['add_extension_check']))
348	{
349	if ($submit)
350	{
351	// Change Extensions ?
352	$extension_change_list = $request->variable('extension_change_list', array(0));
353	$group_select_list = $request->variable('group_select', array(0));
354
355	// Generate correct Change List
356	$extensions = array();
357
358	for ($i = 0, $size = count($extension_change_list); $i < $size; $i++)
359	{
360	$extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i];
361	}
362
363	$sql = 'SELECT *
364	FROM ' . EXTENSIONS_TABLE . '
365	ORDER BY extension_id';
366	$result = $db->sql_query($sql);
367
368	while ($row = $db->sql_fetchrow($result))
369	{
370	if ($row['group_id'] != $extensions[$row['extension_id']]['group_id'])
371	{
372	$sql = 'UPDATE ' . EXTENSIONS_TABLE . '
373	SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . '
374	WHERE extension_id = ' . $row['extension_id'];
375	$db->sql_query($sql);
376
377	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension']));
378	}
379	}
380	$db->sql_freeresult($result);
381
382	// Delete Extension?
383	$extension_id_list = $request->variable('extension_id_list', array(0));
384
385	if (count($extension_id_list))
386	{
387	$sql = 'SELECT extension
388	FROM ' . EXTENSIONS_TABLE . '
389	WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
390	$result = $db->sql_query($sql);
391
392	$extension_list = '';
393	while ($row = $db->sql_fetchrow($result))
394	{
395	$extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension'];
396	}
397	$db->sql_freeresult($result);
398
399	$sql = 'DELETE
400	FROM ' . EXTENSIONS_TABLE . '
401	WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
402	$db->sql_query($sql);
403
404	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list));
405	}
406	}
407
408	// Add Extension?
409	$add_extension = strtolower($request->variable('add_extension', ''));
410	$add_extension_group = $request->variable('add_group_select', 0);
411	$add = (isset($_POST['add_extension_check'])) ? true : false;
412
413	if ($add_extension && $add)
414	{
415	if (!count($error))
416	{
417	$sql = 'SELECT extension_id
418	FROM ' . EXTENSIONS_TABLE . "
419	WHERE extension = '" . $db->sql_escape($add_extension) . "'";
420	$result = $db->sql_query($sql);
421
422	if ($row = $db->sql_fetchrow($result))
423	{
424	$error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
425	}
426	$db->sql_freeresult($result);
427
428	if (!count($error))
429	{
430	$sql_ary = array(
431	'group_id' => $add_extension_group,
432	'extension' => $add_extension
433	);
434
435	$db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
436
437	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension));
438	}
439	}
440	}
441
442	if (!count($error))
443	{
444	$notify[] = $user->lang['EXTENSIONS_UPDATED'];
445	}
446
447	$cache->destroy('_extensions');
448	}
449
450	$template->assign_vars(array(
451	'S_EXTENSIONS' => true,
452	'ADD_EXTENSION' => (isset($add_extension)) ? $add_extension : '',
453	'GROUP_SELECT_OPTIONS' => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
454	);
455
456	$sql = 'SELECT *
457	FROM ' . EXTENSIONS_TABLE . '
458	ORDER BY group_id, extension';
459	$result = $db->sql_query($sql);
460
461	if ($row = $db->sql_fetchrow($result))
462	{
463	$old_group_id = $row['group_id'];
464	do
465	{
466	$s_spacer = false;
467
468	$current_group_id = $row['group_id'];
469	if ($old_group_id != $current_group_id)
470	{
471	$s_spacer = true;
472	$old_group_id = $current_group_id;
473	}
474
475	$template->assign_block_vars('extensions', array(
476	'S_SPACER' => $s_spacer,
477	'EXTENSION_ID' => $row['extension_id'],
478	'EXTENSION' => $row['extension'],
479	'GROUP_OPTIONS' => $this->group_select('group_select[]', $row['group_id']))
480	);
481	}
482	while ($row = $db->sql_fetchrow($result));
483	}
484	$db->sql_freeresult($result);
485
486	break;
487
488	case 'ext_groups':
489
490	$template->assign_var('S_EXTENSION_GROUPS', true);
491
492	if ($submit)
493	{
494	$action = $request->variable('action', '');
495	$group_id = $request->variable('g', 0);
496
497	if ($action != 'add' && $action != 'edit')
498	{
499	trigger_error('NO_MODE', E_USER_ERROR);
500	}
501
502	if (!$group_id && $action == 'edit')
503	{
504	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
505	}
506
507	if ($group_id)
508	{
509	$sql = 'SELECT *
510	FROM ' . EXTENSION_GROUPS_TABLE . "
511	WHERE group_id = $group_id";
512	$result = $db->sql_query($sql);
513	$ext_row = $db->sql_fetchrow($result);
514	$db->sql_freeresult($result);
515
516	if (!$ext_row)
517	{
518	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
519	}
520	}
521	else
522	{
523	$ext_row = array();
524	}
525
526	$group_name = $request->variable('group_name', '', true);
527	$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
528
529	if (!$group_name)
530	{
531	$error[] = $user->lang['NO_EXT_GROUP_NAME'];
532	}
533
534	// Check New Group Name
535	if ($new_group_name)
536	{
537	$sql = 'SELECT group_id
538	FROM ' . EXTENSION_GROUPS_TABLE . "
539	WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
540	if ($group_id)
541	{
542	$sql .= ' AND group_id <> ' . $group_id;
543	}
544	$result = $db->sql_query($sql);
545
546	if ($db->sql_fetchrow($result))
547	{
548	$error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name);
549	}
550	$db->sql_freeresult($result);
551	}
552
553	if (!count($error))
554	{
555	// Ok, build the update/insert array
556	$upload_icon = $request->variable('upload_icon', 'no_image');
557	$size_select = $request->variable('size_select', 'b');
558	$forum_select = $request->variable('forum_select', false);
559	$allowed_forums = $request->variable('allowed_forums', array(0));
560	$allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false;
561	$max_filesize = $request->variable('max_filesize', 0);
562	$max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
563	$allow_group = (isset($_POST['allow_group'])) ? true : false;
564
565	if ($max_filesize == $config['max_filesize'])
566	{
567	$max_filesize = 0;
568	}
569
570	if (!count($allowed_forums))
571	{
572	$forum_select = false;
573	}
574
575	$group_ary = array(
576	'group_name' => $group_name,
577	'cat_id' => $request->variable('special_category', ATTACHMENT_CATEGORY_NONE),
578	'allow_group' => ($allow_group) ? 1 : 0,
579	'upload_icon' => ($upload_icon == 'no_image') ? '' : $upload_icon,
580	'max_filesize' => $max_filesize,
581	'allowed_forums'=> ($forum_select) ? serialize($allowed_forums) : '',
582	'allow_in_pm' => ($allow_in_pm) ? 1 : 0,
583	);
584
585	if ($action == 'add')
586	{
587	$group_ary['download_mode'] = INLINE_LINK;
588	}
589
590	$sql = ($action == 'add') ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET ';
591	$sql .= $db->sql_build_array((($action == 'add') ? 'INSERT' : 'UPDATE'), $group_ary);
592	$sql .= ($action == 'edit') ? " WHERE group_id = $group_id" : '';
593
594	$db->sql_query($sql);
595
596	if ($action == 'add')
597	{
598	$group_id = $db->sql_nextid();
599	}
600
601	$group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
602	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
603	}
604
605	$extension_list = $request->variable('extensions', array(0));
606
607	if ($action == 'edit' && count($extension_list))
608	{
609	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
610	SET group_id = 0
611	WHERE group_id = $group_id";
612	$db->sql_query($sql);
613	}
614
615	if (count($extension_list))
616	{
617	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
618	SET group_id = $group_id
619	WHERE " . $db->sql_in_set('extension_id', $extension_list);
620	$db->sql_query($sql);
621	}
622
623	$cache->destroy('_extensions');
624
625	if (!count($error))
626	{
627	$notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)];
628	}
629	}
630
631	$cat_lang = array(
632	ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
633	ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
634	);
635
636	$group_id = $request->variable('g', 0);
637	$action = (isset($_POST['add'])) ? 'add' : $action;
638
639	switch ($action)
640	{
641	case 'delete':
642
643	if (confirm_box(true))
644	{
645	$sql = 'SELECT group_name
646	FROM ' . EXTENSION_GROUPS_TABLE . "
647	WHERE group_id = $group_id";
648	$result = $db->sql_query($sql);
649	$group_name = (string) $db->sql_fetchfield('group_name');
650	$db->sql_freeresult($result);
651
652	$sql = 'DELETE
653	FROM ' . EXTENSION_GROUPS_TABLE . "
654	WHERE group_id = $group_id";
655	$db->sql_query($sql);
656
657	// Set corresponding Extensions to a pending Group
658	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
659	SET group_id = 0
660	WHERE group_id = $group_id";
661	$db->sql_query($sql);
662
663	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name));
664
665	$cache->destroy('_extensions');
666
667	trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action));
668	}
669	else
670	{
671	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
672	'i' => $id,
673	'mode' => $mode,
674	'group_id' => $group_id,
675	'action' => 'delete',
676	)));
677	}
678
679	break;
680
681	case 'edit':
682
683	if (!$group_id)
684	{
685	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
686	}
687
688	$sql = 'SELECT *
689	FROM ' . EXTENSION_GROUPS_TABLE . "
690	WHERE group_id = $group_id";
691	$result = $db->sql_query($sql);
692	$ext_group_row = $db->sql_fetchrow($result);
693	$db->sql_freeresult($result);
694
695	$forum_ids = (!$ext_group_row['allowed_forums']) ? array() : unserialize(trim($ext_group_row['allowed_forums']));
696
697	// no break;
698
699	case 'add':
700
701	if ($action == 'add')
702	{
703	$ext_group_row = array(
704	'group_name' => $request->variable('group_name', '', true),
705	'cat_id' => 0,
706	'allow_group' => 1,
707	'allow_in_pm' => 1,
708	'upload_icon' => '',
709	'max_filesize' => 0,
710	);
711
712	$forum_ids = array();
713	}
714
715	$sql = 'SELECT *
716	FROM ' . EXTENSIONS_TABLE . "
717	WHERE group_id = $group_id
718	OR group_id = 0
719	ORDER BY extension";
720	$result = $db->sql_query($sql);
721	$extensions = $db->sql_fetchrowset($result);
722	$db->sql_freeresult($result);
723
724	if ($ext_group_row['max_filesize'] == 0)
725	{
726	$ext_group_row['max_filesize'] = (int) $config['max_filesize'];
727	}
728
729	$max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b'));
730	$size_format = $max_filesize['si_identifier'];
731	$ext_group_row['max_filesize'] = $max_filesize['value'];
732
733	$img_path = $config['upload_icons_path'];
734
735	$filename_list = '';
736	$no_image_select = false;
737
738	$imglist = filelist($phpbb_root_path . $img_path);
739
740	if (!empty($imglist['']))
741	{
742	$imglist = array_values($imglist);
743	$imglist = $imglist[0];
744
745	foreach ($imglist as $key => $img)
746	{
747	if (!$ext_group_row['upload_icon'])
748	{
749	$no_image_select = true;
750	$selected = '';
751	}
752	else
753	{
754	$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
755	}
756
757	if (strlen($img) > 255)
758	{
759	continue;
760	}
761
762	$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
763	}
764	}
765
766	$i = 0;
767	$assigned_extensions = '';
768	foreach ($extensions as $num => $row)
769	{
770	if ($row['group_id'] == $group_id && $group_id)
771	{
772	$assigned_extensions .= ($i) ? ', ' . $row['extension'] : $row['extension'];
773	$i++;
774	}
775	}
776
777	$s_extension_options = '';
778	foreach ($extensions as $row)
779	{
780	$s_extension_options .= '<option' . ((!$row['group_id']) ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . (($row['group_id'] == $group_id && $group_id) ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>';
781	}
782
783	$template->assign_vars(array(
784	'IMG_PATH' => $img_path,
785	'ACTION' => $action,
786	'GROUP_ID' => $group_id,
787	'GROUP_NAME' => $ext_group_row['group_name'],
788	'ALLOW_GROUP' => $ext_group_row['allow_group'],
789	'ALLOW_IN_PM' => $ext_group_row['allow_in_pm'],
790	'UPLOAD_ICON_SRC' => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'],
791	'EXTGROUP_FILESIZE' => $ext_group_row['max_filesize'],
792	'ASSIGNED_EXTENSIONS' => $assigned_extensions,
793
794	'S_CATEGORY_SELECT' => $this->category_select('special_category', $group_id, 'category'),
795	'S_EXT_GROUP_SIZE_OPTIONS' => size_select_options($size_format),
796	'S_EXTENSION_OPTIONS' => $s_extension_options,
797	'S_FILENAME_LIST' => $filename_list,
798	'S_EDIT_GROUP' => true,
799	'S_NO_IMAGE' => $no_image_select,
800	'S_FORUM_IDS' => (count($forum_ids)) ? true : false,
801
802	'U_EXTENSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=extensions"),
803	'U_BACK' => $this->u_action,
804
805	'L_LEGEND' => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'])
806	);
807
808	$s_forum_id_options = '';
809
810	/ @todo use in-built function /
811
812	$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
813	FROM ' . FORUMS_TABLE . '
814	ORDER BY left_id ASC';
815	$result = $db->sql_query($sql, 600);
816
817	$right = $cat_right = $padding_inc = 0;
818	$padding = $forum_list = $holding = '';
819	$padding_store = array('0' => '');
820
821	while ($row = $db->sql_fetchrow($result))
822	{
823	if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
824	{
825	// Non-postable forum with no subforums, don't display
826	continue;
827	}
828
829	if (!$auth->acl_get('f_list', $row['forum_id']))
830	{
831	// if the user does not have permissions to list this forum skip
832	continue;
833	}
834
835	if ($row['left_id'] < $right)
836	{
837	$padding .= '   ';
838	$padding_store[$row['parent_id']] = $padding;
839	}
840	else if ($row['left_id'] > $right + 1)
841	{
842	$padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
843	}
844
845	$right = $row['right_id'];
846
847	$selected = (in_array($row['forum_id'], $forum_ids)) ? ' selected="selected"' : '';
848
849	if ($row['left_id'] > $cat_right)
850	{
851	// make sure we don't forget anything
852	$s_forum_id_options .= $holding;
853	$holding = '';
854	}
855
856	if ($row['right_id'] - $row['left_id'] > 1)
857	{
858	$cat_right = max($cat_right, $row['right_id']);
859
860	$holding .= '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
861	}
862	else
863	{
864	$s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
865	$holding = '';
866	}
867	}
868
869	if ($holding)
870	{
871	$s_forum_id_options .= $holding;
872	}
873
874	$db->sql_freeresult($result);
875	unset($padding_store);
876
877	$template->assign_vars(array(
878	'S_FORUM_ID_OPTIONS' => $s_forum_id_options)
879	);
880
881	break;
882	}
883
884	$sql = 'SELECT *
885	FROM ' . EXTENSION_GROUPS_TABLE . '
886	ORDER BY allow_group DESC, allow_in_pm DESC, group_name';
887	$result = $db->sql_query($sql);
888
889	$old_allow_group = $old_allow_pm = 1;
890	while ($row = $db->sql_fetchrow($result))
891	{
892	$s_add_spacer = ($old_allow_group != $row['allow_group'] \|\| $old_allow_pm != $row['allow_in_pm']) ? true : false;
893
894	$template->assign_block_vars('groups', array(
895	'S_ADD_SPACER' => $s_add_spacer,
896	'S_ALLOWED_IN_PM' => ($row['allow_in_pm']) ? true : false,
897	'S_GROUP_ALLOWED' => ($row['allow_group']) ? true : false,
898
899	'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}",
900	'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}",
901
902	'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
903	'CATEGORY' => $cat_lang[$row['cat_id']],
904	)
905	);
906
907	$old_allow_group = $row['allow_group'];
908	$old_allow_pm = $row['allow_in_pm'];
909	}
910	$db->sql_freeresult($result);
911
912	break;
913
914	case 'orphan':
915
916	/* @var $pagination \phpbb\pagination */
917	$pagination = $this->phpbb_container->get('pagination');
918
919	if ($submit)
920	{
921	$delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
922	$add_files = (isset($_POST['add'])) ? array_keys($request->variable('add', array('' => 0))) : array();
923	$post_ids = $request->variable('post_id', array('' => 0));
924
925	if (count($delete_files))
926	{
927	$sql = 'SELECT *
928	FROM ' . ATTACHMENTS_TABLE . '
929	WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
930	AND is_orphan = 1';
931	$result = $db->sql_query($sql);
932
933	$delete_files = array();
934	while ($row = $db->sql_fetchrow($result))
935	{
936	$this->attachment_manager->unlink($row['physical_filename'], 'file');
937
938	if ($row['thumbnail'])
939	{
940	$this->attachment_manager->unlink($row['physical_filename'], 'thumbnail');
941	}
942
943	$delete_files[$row['attach_id']] = $row['real_filename'];
944	}
945	$db->sql_freeresult($result);
946	}
947
948	if (count($delete_files))
949	{
950	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
951	WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files));
952	$db->sql_query($sql);
953
954	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files)));
955	$notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files));
956	}
957
958	$upload_list = array();
959	foreach ($add_files as $attach_id)
960	{
961	if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
962	{
963	$upload_list[$attach_id] = $post_ids[$attach_id];
964	}
965	}
966	unset($add_files);
967
968	if (count($upload_list))
969	{
970	$template->assign_var('S_UPLOADING_FILES', true);
971
972	$sql = 'SELECT forum_id, forum_name
973	FROM ' . FORUMS_TABLE;
974	$result = $db->sql_query($sql);
975
976	$forum_names = array();
977	while ($row = $db->sql_fetchrow($result))
978	{
979	$forum_names[$row['forum_id']] = $row['forum_name'];
980	}
981	$db->sql_freeresult($result);
982
983	$sql = 'SELECT forum_id, topic_id, post_id, poster_id
984	FROM ' . POSTS_TABLE . '
985	WHERE ' . $db->sql_in_set('post_id', $upload_list);
986	$result = $db->sql_query($sql);
987
988	$post_info = array();
989	while ($row = $db->sql_fetchrow($result))
990	{
991	$post_info[$row['post_id']] = $row;
992	}
993	$db->sql_freeresult($result);
994
995	// Select those attachments we want to change...
996	$sql = 'SELECT *
997	FROM ' . ATTACHMENTS_TABLE . '
998	WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . '
999	AND is_orphan = 1';
1000	$result = $db->sql_query($sql);
1001
1002	$files_added = $space_taken = 0;
1003	$error_msg = '';
1004	$upload_row = [];
1005	while ($row = $db->sql_fetchrow($result))
1006	{
1007	$upload_row = [
1008	'FILE_INFO' => $user->lang('UPLOADING_FILE_TO', $row['real_filename'], $upload_list[$row['attach_id']]),
1009	];
1010
1011	if (isset($post_info[$upload_list[$row['attach_id']]]))
1012	{
1013	$post_row = $post_info[$upload_list[$row['attach_id']]];
1014	$upload_row = array_merge($upload_row, [
1015	'S_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']),
1016	'L_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']) ? $user->lang('UPLOAD_DENIED_FORUM', $forum_names[$row['forum_id']]) : '',
1017	]);
1018	}
1019	else
1020	{
1021	$error_msg = $user->lang('UPLOAD_POST_NOT_EXIST', $row['real_filename'], $upload_list[$row['attach_id']]);
1022	$upload_row = array_merge($upload_row, [
1023	'ERROR_MSG' => $error_msg,
1024	]);
1025	};
1026
1027	$template->assign_block_vars('upload', $upload_row);
1028
1029	if ($error_msg \|\| !$auth->acl_get('f_attach', $post_row['forum_id']))
1030	{
1031	continue;
1032	}
1033
1034	// Adjust attachment entry
1035	$sql_ary = [
1036	'in_message' => 0,
1037	'is_orphan' => 0,
1038	'poster_id' => $post_row['poster_id'],
1039	'post_msg_id' => $post_row['post_id'],
1040	'topic_id' => $post_row['topic_id'],
1041	];
1042
1043	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
1044	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1045	WHERE attach_id = ' . $row['attach_id'];
1046	$db->sql_query($sql);
1047
1048	$sql = 'UPDATE ' . POSTS_TABLE . '
1049	SET post_attachment = 1
1050	WHERE post_id = ' . $post_row['post_id'];
1051	$db->sql_query($sql);
1052
1053	$sql = 'UPDATE ' . TOPICS_TABLE . '
1054	SET topic_attachment = 1
1055	WHERE topic_id = ' . $post_row['topic_id'];
1056	$db->sql_query($sql);
1057
1058	$space_taken += $row['filesize'];
1059	$files_added++;
1060
1061	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, [$post_row['post_id'], $row['real_filename']]);
1062	}
1063	$db->sql_freeresult($result);
1064
1065	if ($files_added)
1066	{
1067	$config->increment('upload_dir_size', $space_taken, false);
1068	$config->increment('num_files', $files_added, false);
1069	}
1070	}
1071	}
1072
1073	$template->assign_vars([
1074	'S_ORPHAN' => true,
1075	]);
1076
1077	$attachments_per_page = (int) $config['topics_per_page'];
1078
1079	// Get total number or orphans older than 3 hours
1080	$sql = 'SELECT COUNT(attach_id) as num_files, SUM(filesize) as total_size
1081	FROM ' . ATTACHMENTS_TABLE . '
1082	WHERE is_orphan = 1
1083	AND filetime < ' . (time() - 36060);
1084	$result = $this->db->sql_query($sql);
1085	$row = $this->db->sql_fetchrow($result);
1086	$num_files = (int) $row['num_files'];
1087	$total_size = (int) $row['total_size'];
1088	$this->db->sql_freeresult($result);
1089
1090	$start = $request->variable('start', 0);
1091	$start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1092
1093	// Just get the files with is_orphan set and older than 3 hours
1094	$sql = 'SELECT *
1095	FROM ' . ATTACHMENTS_TABLE . '
1096	WHERE is_orphan = 1
1097	AND filetime < ' . (time() - 36060) . '
1098	ORDER BY filetime DESC';
1099	$result = $db->sql_query_limit($sql, $attachments_per_page, $start);
1100
1101	while ($row = $db->sql_fetchrow($result))
1102	{
1103	$template->assign_block_vars('orphan', [
1104	'FILESIZE' => get_formatted_filesize($row['filesize']),
1105	'FILETIME' => $user->format_date($row['filetime']),
1106	'REAL_FILENAME' => utf8_basename($row['real_filename']),
1107	'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']),
1108	'ATTACH_ID' => $row['attach_id'],
1109	'POST_ID' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
1110	'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']),
1111	]);
1112	}
1113	$db->sql_freeresult($result);
1114
1115	$pagination->generate_template_pagination(
1116	$this->u_action,
1117	'pagination',
1118	'start',
1119	$num_files,
1120	$attachments_per_page,
1121	$start
1122	);
1123
1124	$template->assign_vars([
1125	'TOTAL_FILES' => $num_files,
1126	'TOTAL_SIZE' => get_formatted_filesize($total_size),
1127	]);
1128
1129	break;
1130
1131	case 'manage':
1132
1133	if ($submit)
1134	{
1135	$delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
1136
1137	if (count($delete_files))
1138	{
1139	// Select those attachments we want to delete...
1140	$sql = 'SELECT real_filename
1141	FROM ' . ATTACHMENTS_TABLE . '
1142	WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
1143	AND is_orphan = 0';
1144	$result = $db->sql_query($sql);
1145	while ($row = $db->sql_fetchrow($result))
1146	{
1147	$deleted_filenames[] = $row['real_filename'];
1148	}
1149	$db->sql_freeresult($result);
1150
1151	if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files))
1152	{
1153	if (count($delete_files) != $num_deleted)
1154	{
1155	$error[] = $user->lang['FILES_GONE'];
1156	}
1157
1158	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames)));
1159	$notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames));
1160	}
1161	else
1162	{
1163	$error[] = $user->lang['NO_FILES_TO_DELETE'];
1164	}
1165	}
1166	}
1167
1168	if ($action == 'stats')
1169	{
1170	$this->handle_stats_resync();
1171	}
1172
1173	$stats_error = $this->check_stats_accuracy();
1174
1175	if ($stats_error)
1176	{
1177	$error[] = $stats_error;
1178	}
1179
1180	$template->assign_vars(array(
1181	'S_MANAGE' => true,
1182	));
1183
1184	$start = $request->variable('start', 0);
1185
1186	// Sort keys
1187	$sort_days = $request->variable('st', 0);
1188	$sort_key = $request->variable('sk', 't');
1189	$sort_dir = $request->variable('sd', 'd');
1190
1191	// Sorting
1192	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1193	$sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']);
1194	$sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username');
1195
1196	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1197	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1198
1199	$min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : '';
1200	$limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : '';
1201	$start = ($sort_days && isset($_POST['sort'])) ? 0 : $start;
1202
1203	$attachments_per_page = (int) $config['topics_per_page'];
1204
1205	$stats = $this->get_attachment_stats($limit_filetime);
1206	$num_files = $stats['num_files'];
1207	$total_size = $stats['upload_dir_size'];
1208
1209	// Make sure $start is set to the last page if it exceeds the amount
1210	/* @var $pagination \phpbb\pagination */
1211	$pagination = $phpbb_container->get('pagination');
1212	$start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1213
1214	// If the user is trying to reach the second half of the attachments list, fetch it starting from the end
1215	$store_reverse = false;
1216	$sql_limit = $attachments_per_page;
1217
1218	if ($start > $num_files / 2)
1219	{
1220	$store_reverse = true;
1221
1222	// Select the sort order. Add time sort anchor for non-time sorting cases
1223	$sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : '';
1224	$sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor;
1225	$sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files);
1226	$sql_start = $pagination->reverse_start($start, $sql_limit, $num_files);
1227	}
1228	else
1229	{
1230	// Select the sort order. Add time sort anchor for non-time sorting cases
1231	$sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : '';
1232	$sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor;
1233	$sql_start = $start;
1234	}
1235
1236	$attachments_list = array();
1237
1238	// Just get the files
1239	$sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title
1240	FROM ' . ATTACHMENTS_TABLE . ' a
1241	LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id)
1242	LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)
1243	WHERE a.is_orphan = 0
1244	$limit_filetime
1245	ORDER BY $sql_sort_order";
1246	$result = $db->sql_query_limit($sql, $sql_limit, $sql_start);
1247
1248	$i = ($store_reverse) ? $sql_limit - 1 : 0;
1249
1250	// Store increment value in a variable to save some conditional calls
1251	$i_increment = ($store_reverse) ? -1 : 1;
1252	while ($attachment_row = $db->sql_fetchrow($result))
1253	{
1254	$attachments_list[$i] = $attachment_row;
1255	$i = $i + $i_increment;
1256	}
1257	$db->sql_freeresult($result);
1258
1259	$base_url = $this->u_action . "&$u_sort_param";
1260	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start);
1261
1262	$template->assign_vars(array(
1263	'TOTAL_FILES' => $num_files,
1264	'TOTAL_SIZE' => get_formatted_filesize($total_size),
1265
1266	'S_LIMIT_DAYS' => $s_limit_days,
1267	'S_SORT_KEY' => $s_sort_key,
1268	'S_SORT_DIR' => $s_sort_dir)
1269	);
1270
1271	// Grab extensions
1272	$extensions = $cache->obtain_attach_extensions(true);
1273
1274	for ($i = 0, $end = count($attachments_list); $i < $end; ++$i)
1275	{
1276	$row = $attachments_list[$i];
1277
1278	$row['extension'] = strtolower(trim((string) $row['extension']));
1279	$comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : '';
1280	$display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
1281	$l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS';
1282
1283	$template->assign_block_vars('attachments', array(
1284	'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
1285	'FILESIZE' => get_formatted_filesize((int) $row['filesize']),
1286	'FILETIME' => $user->format_date((int) $row['filetime']),
1287	'REAL_FILENAME' => utf8_basename((string) $row['real_filename']),
1288	'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
1289	'COMMENT' => $comment,
1290	'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '',
1291	'ATTACH_ID' => (int) $row['attach_id'],
1292
1293	'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']),
1294
1295	'S_IN_MESSAGE' => (bool) $row['in_message'],
1296
1297	'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
1298	'U_FILE' => append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&id=' . $row['attach_id']))
1299	);
1300	}
1301
1302	break;
1303	}
1304
1305	if (count($error))
1306	{
1307	$template->assign_vars(array(
1308	'S_WARNING' => true,
1309	'WARNING_MSG' => implode('<br />', $error))
1310	);
1311	}
1312
1313	if (count($notify))
1314	{
1315	$template->assign_vars(array(
1316	'S_NOTIFY' => true,
1317	'NOTIFY_MSG' => implode('<br />', $notify))
1318	);
1319	}
1320	}
1321
1322	/**
1323	* Get attachment file count and size of upload directory
1324	*
1325	* @param $limit string Additional limit for WHERE clause to filter stats by.
1326	* @return array Returns array with stats: num_files and upload_dir_size
1327	*/
1328	public function get_attachment_stats($limit = '')
1329	{
1330	$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
1331	FROM ' . ATTACHMENTS_TABLE . " a
1332	WHERE a.is_orphan = 0
1333	$limit";
1334	$result = $this->db->sql_query($sql);
1335	$row = $this->db->sql_fetchrow($result);
1336	$this->db->sql_freeresult($result);
1337
1338	return array(
1339	'num_files' => (int) $row['num_files'],
1340	'upload_dir_size' => (float) $row['upload_dir_size'],
1341	);
1342	}
1343
1344	/**
1345	* Set config attachment stat values
1346	*
1347	* @param $stats array Array of config key => value pairs to set.
1348	* @return null
1349	*/
1350	public function set_attachment_stats($stats)
1351	{
1352	foreach ($stats as $key => $value)
1353	{
1354	$this->config->set($key, $value, true);
1355	}
1356	}
1357
1358	/**
1359	* Check accuracy of attachment statistics.
1360	*
1361	* @return bool\|string Returns false if stats are correct or error message
1362	* otherwise.
1363	*/
1364	public function check_stats_accuracy()
1365	{
1366	// Get fresh stats.
1367	$stats = $this->get_attachment_stats();
1368
1369	// Get current files stats
1370	$num_files = (int) $this->config['num_files'];
1371	$total_size = (float) $this->config['upload_dir_size'];
1372
1373	if (($num_files != $stats['num_files']) \|\| ($total_size != $stats['upload_dir_size']))
1374	{
1375	$u_resync = $this->u_action . '&action=stats';
1376
1377	return $this->user->lang(
1378	'FILES_STATS_WRONG',
1379	(int) $stats['num_files'],
1380	get_formatted_filesize($stats['upload_dir_size']),
1381	'<a href="' . $u_resync . '">',
1382	'</a>'
1383	);
1384	}
1385	return false;
1386	}
1387
1388	/**
1389	* Handle stats resync.
1390	*
1391	* @return null
1392	*/
1393	public function handle_stats_resync()
1394	{
1395	if (!confirm_box(true))
1396	{
1397	confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array(
1398	'i' => $this->id,
1399	'mode' => 'manage',
1400	'action' => 'stats',
1401	)));
1402	}
1403	else
1404	{
1405	$this->set_attachment_stats($this->get_attachment_stats());
1406
1407	/* @var $log \phpbb\log\log_interface */
1408	$log = $this->phpbb_container->get('log');
1409	$log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS');
1410	}
1411
1412	}
1413
1414	/**
1415	* Build Select for category items
1416	*/
1417	function category_select($select_name, $group_id = false, $key = '')
1418	{
1419	global $db, $user;
1420
1421	$types = array(
1422	ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
1423	ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
1424	);
1425
1426	if ($group_id)
1427	{
1428	$sql = 'SELECT cat_id
1429	FROM ' . EXTENSION_GROUPS_TABLE . '
1430	WHERE group_id = ' . (int) $group_id;
1431	$result = $db->sql_query($sql);
1432
1433	$cat_type = (!($row = $db->sql_fetchrow($result))) ? ATTACHMENT_CATEGORY_NONE : $row['cat_id'];
1434
1435	$db->sql_freeresult($result);
1436	}
1437	else
1438	{
1439	$cat_type = ATTACHMENT_CATEGORY_NONE;
1440	}
1441
1442	$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
1443
1444	foreach ($types as $type => $mode)
1445	{
1446	$selected = ($type == $cat_type) ? ' selected="selected"' : '';
1447	$group_select .= '<option value="' . $type . '"' . $selected . '>' . $mode . '</option>';
1448	}
1449
1450	$group_select .= '</select>';
1451
1452	return $group_select;
1453	}
1454
1455	/**
1456	* Extension group select
1457	*/
1458	function group_select($select_name, $default_group = false, $key = '')
1459	{
1460	global $db, $user;
1461
1462	$group_select = '<select name="' . $select_name . '"' . (($key) ? ' id="' . $key . '"' : '') . '>';
1463
1464	$sql = 'SELECT group_id, group_name
1465	FROM ' . EXTENSION_GROUPS_TABLE . '
1466	ORDER BY group_name';
1467	$result = $db->sql_query($sql);
1468
1469	$group_name = array();
1470	while ($row = $db->sql_fetchrow($result))
1471	{
1472	$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
1473	$group_name[] = $row;
1474	}
1475	$db->sql_freeresult($result);
1476
1477	$row['group_id'] = 0;
1478	$row['group_name'] = $user->lang['NOT_ASSIGNED'];
1479	$group_name[] = $row;
1480
1481	for ($i = 0, $groups_size = count($group_name); $i < $groups_size; $i++)
1482	{
1483	if ($default_group === false)
1484	{
1485	$selected = ($i == 0) ? ' selected="selected"' : '';
1486	}
1487	else
1488	{
1489	$selected = ($group_name[$i]['group_id'] == $default_group) ? ' selected="selected"' : '';
1490	}
1491
1492	$group_select .= '<option value="' . $group_name[$i]['group_id'] . '"' . $selected . '>' . $group_name[$i]['group_name'] . '</option>';
1493	}
1494
1495	$group_select .= '</select>';
1496
1497	return $group_select;
1498	}
1499
1500	/**
1501	* Test Settings
1502	*/
1503	function test_upload(&$error, $upload_dir, $create_directory = false)
1504	{
1505	global $user, $phpbb_root_path;
1506
1507	// Does the target directory exist, is it a directory and writable.
1508	if ($create_directory)
1509	{
1510	if (!file_exists($phpbb_root_path . $upload_dir))
1511	{
1512	@mkdir($phpbb_root_path . $upload_dir, 0777);
1513
1514	try
1515	{
1516	$this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ \| \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
1517	}
1518	catch (\phpbb\filesystem\exception\filesystem_exception $e)
1519	{
1520	// Do nothing
1521	}
1522	}
1523	}
1524
1525	if (!file_exists($phpbb_root_path . $upload_dir))
1526	{
1527	$error[] = sprintf($user->lang['NO_UPLOAD_DIR'], $upload_dir);
1528	return;
1529	}
1530
1531	if (!is_dir($phpbb_root_path . $upload_dir))
1532	{
1533	$error[] = sprintf($user->lang['UPLOAD_NOT_DIR'], $upload_dir);
1534	return;
1535	}
1536
1537	if (!$this->filesystem->is_writable($phpbb_root_path . $upload_dir))
1538	{
1539	$error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir);
1540	return;
1541	}
1542	}
1543
1544	/**
1545	* Perform operations on sites for external linking
1546	*/
1547	function perform_site_list()
1548	{
1549	global $db, $user, $request, $phpbb_log;
1550
1551	if (isset($_REQUEST['securesubmit']))
1552	{
1553	// Grab the list of entries
1554	$ips = $request->variable('ips', '');
1555	$ip_list = array_unique(explode("\n", $ips));
1556	$ip_list_log = implode(', ', $ip_list);
1557
1558	$ip_exclude = (int) $request->variable('ipexclude', false, false, \phpbb\request\request_interface::POST);
1559
1560	$iplist = array();
1561	$hostlist = array();
1562
1563	foreach ($ip_list as $item)
1564	{
1565	if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]\-[ ]([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode))
1566	{
1567	// Don't ask about all this, just don't ask ... !
1568	$ip_1_counter = $ip_range_explode[1];
1569	$ip_1_end = $ip_range_explode[5];
1570
1571	while ($ip_1_counter <= $ip_1_end)
1572	{
1573	$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
1574	$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
1575
1576	if ($ip_2_counter == 0 && $ip_2_end == 254)
1577	{
1578	$ip_2_counter = 256;
1579
1580	$iplist[] = "'$ip_1_counter.*'";
1581	}
1582
1583	while ($ip_2_counter <= $ip_2_end)
1584	{
1585	$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
1586	$ip_3_end = ($ip_2_counter < $ip_2_end \|\| $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
1587
1588	if ($ip_3_counter == 0 && $ip_3_end == 254)
1589	{
1590	$ip_3_counter = 256;
1591
1592	$iplist[] = "'$ip_1_counter.$ip_2_counter.*'";
1593	}
1594
1595	while ($ip_3_counter <= $ip_3_end)
1596	{
1597	$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
1598	$ip_4_end = ($ip_3_counter < $ip_3_end \|\| $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
1599
1600	if ($ip_4_counter == 0 && $ip_4_end == 254)
1601	{
1602	$ip_4_counter = 256;
1603
1604	$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
1605	}
1606
1607	while ($ip_4_counter <= $ip_4_end)
1608	{
1609	$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
1610	$ip_4_counter++;
1611	}
1612	$ip_3_counter++;
1613	}
1614	$ip_2_counter++;
1615	}
1616	$ip_1_counter++;
1617	}
1618	}
1619	else if (preg_match('#^([0-9]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})$#', trim($item)) \|\| preg_match('#^[a-f0-9:]+\?$#i', trim($item)))
1620	{
1621	$iplist[] = "'" . trim($item) . "'";
1622	}
1623	else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item)))
1624	{
1625	$hostlist[] = "'" . trim($item) . "'";
1626	}
1627	else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item)))
1628	{
1629	$hostlist[] = "'" . trim($item) . "'";
1630	}
1631	}
1632
1633	$sql = 'SELECT site_ip, site_hostname
1634	FROM ' . SITELIST_TABLE . "
1635	WHERE ip_exclude = $ip_exclude";
1636	$result = $db->sql_query($sql);
1637
1638	if ($row = $db->sql_fetchrow($result))
1639	{
1640	$iplist_tmp = array();
1641	$hostlist_tmp = array();
1642	do
1643	{
1644	if ($row['site_ip'])
1645	{
1646	if (strlen($row['site_ip']) > 40)
1647	{
1648	continue;
1649	}
1650
1651	$iplist_tmp[] = "'" . $row['site_ip'] . "'";
1652	}
1653	else if ($row['site_hostname'])
1654	{
1655	if (strlen($row['site_hostname']) > 255)
1656	{
1657	continue;
1658	}
1659
1660	$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
1661	}
1662	// break;
1663	}
1664	while ($row = $db->sql_fetchrow($result));
1665
1666	$iplist = array_unique(array_diff($iplist, $iplist_tmp));
1667	$hostlist = array_unique(array_diff($hostlist, $hostlist_tmp));
1668	unset($iplist_tmp);
1669	unset($hostlist_tmp);
1670	}
1671	$db->sql_freeresult($result);
1672
1673	if (count($iplist))
1674	{
1675	foreach ($iplist as $ip_entry)
1676	{
1677	$sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude)
1678	VALUES ($ip_entry, $ip_exclude)";
1679	$db->sql_query($sql);
1680	}
1681	}
1682
1683	if (count($hostlist))
1684	{
1685	foreach ($hostlist as $host_entry)
1686	{
1687	$sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_hostname, ip_exclude)
1688	VALUES ($host_entry, $ip_exclude)";
1689	$db->sql_query($sql);
1690	}
1691	}
1692
1693	if (!empty($ip_list_log))
1694	{
1695	// Update log
1696	$log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP';
1697	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry, false, array($ip_list_log));
1698	}
1699
1700	trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1701	}
1702	else if (isset($_POST['unsecuresubmit']))
1703	{
1704	$unip_sql = $request->variable('unip', array(0));
1705
1706	if (count($unip_sql))
1707	{
1708	$l_unip_list = '';
1709
1710	// Grab details of ips for logging information later
1711	$sql = 'SELECT site_ip, site_hostname
1712	FROM ' . SITELIST_TABLE . '
1713	WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1714	$result = $db->sql_query($sql);
1715
1716	while ($row = $db->sql_fetchrow($result))
1717	{
1718	$l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']);
1719	}
1720	$db->sql_freeresult($result);
1721
1722	$sql = 'DELETE FROM ' . SITELIST_TABLE . '
1723	WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1724	$db->sql_query($sql);
1725
1726	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DOWNLOAD_REMOVE_IP', false, array($l_unip_list));
1727	}
1728
1729	trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1730	}
1731	}
1732
1733	/**
1734	* Write display_order config field
1735	*/
1736	function display_order($value, $key = '')
1737	{
1738	$radio_ary = array(0 => 'DESCENDING', 1 => 'ASCENDING');
1739
1740	return h_radio('config[display_order]', $radio_ary, $value, $key);
1741	}
1742
1743	/**
1744	* Adjust all three max_filesize config vars for display
1745	*/
1746	function max_filesize($value, $key = '')
1747	{
1748	// Determine size var and adjust the value accordingly
1749	$filesize = get_formatted_filesize($value, false, array('mb', 'kb', 'b'));
1750	$size_var = $filesize['si_identifier'];
1751	$value = $filesize['value'];
1752
1753	// size and maxlength must not be specified for input of type number
1754	return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
1755	}
1756
1757	/**
1758	* Write secure_allow_deny config field
1759	*/
1760	function select_allow_deny($value, $key = '')
1761	{
1762	$radio_ary = array(1 => 'ORDER_ALLOW_DENY', 0 => 'ORDER_DENY_ALLOW');
1763
1764	return h_radio('config[' . $key . ']', $radio_ary, $value, $key);
1765	}
1766
1767	}