Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 963	0.00% covered (danger)	0.00%	0 / 9	CRAP	0.00% covered (danger)	0.00%	0 / 1
acp_attachments	0.00% covered (danger)	0.00%	0 / 961	0.00% covered (danger)	0.00%	0 / 9	67340	0.00% covered (danger)	0.00%	0 / 1
main	0.00% covered (danger)	0.00%	0 / 759	0.00% covered (danger)	0.00%	0 / 1	38612
get_attachment_stats	0.00% covered (danger)	0.00%	0 / 10	0.00% covered (danger)	0.00%	0 / 1	2
set_attachment_stats	0.00% covered (danger)	0.00%	0 / 2	0.00% covered (danger)	0.00%	0 / 1	6
check_stats_accuracy	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	12
handle_stats_resync	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	6
category_select	0.00% covered (danger)	0.00%	0 / 27	0.00% covered (danger)	0.00%	0 / 1	20
group_select	0.00% covered (danger)	0.00%	0 / 28	0.00% covered (danger)	0.00%	0 / 1	30
perform_site_list	0.00% covered (danger)	0.00%	0 / 93	0.00% covered (danger)	0.00%	0 / 1	2070
max_filesize	0.00% covered (danger)	0.00%	0 / 20	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17
18	use phpbb\attachment\attachment_category;
19	use phpbb\attachment\manager;
20	use phpbb\config\config;
21	use phpbb\controller\helper;
22	use phpbb\db\driver\driver_interface;
23	use phpbb\filesystem\filesystem_interface;
24	use phpbb\language\language;
25	use phpbb\template\template;
26	use phpbb\user;
27
28	if (!defined('IN_PHPBB'))
29	{
30	exit;
31	}
32
33	class acp_attachments
34	{
35	/** @var driver_interface */
36	protected $db;
37
38	/** @var config */
39	protected $config;
40
41	/** @var language */
42	protected $language;
43
44	/** @var ContainerBuilder */
45	protected $phpbb_container;
46
47	/** @var template */
48	protected $template;
49
50	/** @var user */
51	protected $user;
52
53	/** @var filesystem_interface */
54	protected $filesystem;
55
56	/** @var manager */
57	protected $attachment_manager;
58
59	/** @var helper */
60	protected $controller_helper;
61
62	public $id;
63	public $u_action;
64	protected $new_config;
65
66	function main($id, $mode)
67	{
68	global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_filesystem, $phpbb_dispatcher;
69	global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $phpbb_log, $request;
70
71	$this->id = $id;
72	$this->db = $db;
73	$this->config = $config;
74	$this->language = $phpbb_container->get('language');
75	$this->template = $template;
76	$this->user = $user;
77	$this->phpbb_container = $phpbb_container;
78	$this->filesystem = $phpbb_filesystem;
79	$this->attachment_manager = $phpbb_container->get('attachment.manager');
80	$this->controller_helper = $phpbb_container->get('controller.helper');
81
82	$user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
83
84	$error = $notify = array();
85	$submit = (isset($_POST['submit'])) ? true : false;
86	$action = $request->variable('action', '');
87
88	$form_key = 'acp_attach';
89	add_form_key($form_key);
90
91	if ($submit && !check_form_key($form_key))
92	{
93	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
94	}
95
96	switch ($mode)
97	{
98	case 'attach':
99	$l_title = 'ACP_ATTACHMENT_SETTINGS';
100	break;
101
102	case 'extensions':
103	$l_title = 'ACP_MANAGE_EXTENSIONS';
104	break;
105
106	case 'ext_groups':
107	$l_title = 'ACP_EXTENSION_GROUPS';
108	break;
109
110	case 'orphan':
111	$l_title = 'ACP_ORPHAN_ATTACHMENTS';
112	break;
113
114	case 'manage':
115	$l_title = 'ACP_MANAGE_ATTACHMENTS';
116	break;
117
118	default:
119	trigger_error('NO_MODE', E_USER_ERROR);
120	break;
121	}
122
123	$this->tpl_name = 'acp_attachments';
124	$this->page_title = $l_title;
125
126	$template->assign_vars(array(
127	'L_TITLE' => $user->lang[$l_title],
128	'L_TITLE_EXPLAIN' => $user->lang[$l_title . '_EXPLAIN'],
129	'U_ACTION' => $this->u_action)
130	);
131
132	switch ($mode)
133	{
134	case 'attach':
135
136	if (!function_exists('get_supported_image_types'))
137	{
138	include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
139	}
140
141	$allowed_pm_groups = [];
142	$allowed_post_groups = [];
143	$s_assigned_groups = [];
144
145	$sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
146	FROM ' . EXTENSION_GROUPS_TABLE . '
147	WHERE cat_id > 0
148	ORDER BY cat_id';
149	$result = $db->sql_query($sql);
150	while ($row = $db->sql_fetchrow($result))
151	{
152	$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
153	$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
154
155	if ($row['allow_group'])
156	{
157	$allowed_post_groups[] = $row['group_id'];
158	}
159
160	if ($row['allow_in_pm'])
161	{
162	$allowed_pm_groups[] = $row['group_id'];
163	}
164	}
165	$db->sql_freeresult($result);
166
167	$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((!empty($s_assigned_groups[attachment_category::IMAGE])) ? implode($user->lang['COMMA_SEPARATOR'], $s_assigned_groups[attachment_category::IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
168
169	$display_vars = array(
170	'title' => 'ACP_ATTACHMENT_SETTINGS',
171	'vars' => array(
172	'legend1' => 'ACP_ATTACHMENT_SETTINGS',
173
174	'img_max_width' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
175	'img_max_height' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
176	'img_link_width' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
177	'img_link_height' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false,),
178
179	'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
180	'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
181	'max_attachments' => array('lang' => 'MAX_ATTACHMENTS', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false),
182	'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => false),
183	'display_order' => array('lang' => 'DISPLAY_ORDER', 'validate' => 'bool', 'type' => 'radio', 'function' => 'phpbb_build_radio', 'params' => ['{CONFIG_VALUE}', '{KEY}', ['DESCENDING', 'ASCENDING']], 'explain' => true),
184	'attachment_quota' => array('lang' => 'ATTACH_QUOTA', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
185	'max_filesize' => array('lang' => 'ATTACH_MAX_FILESIZE', 'validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
186	'max_filesize_pm' => array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string', 'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
187	'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
188	'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'radio', 'function' => 'phpbb_build_radio', 'params' => ['{CONFIG_VALUE}', '{KEY}', [1 => 'ORDER_ALLOW_DENY', 0 => 'ORDER_DENY_ALLOW']], 'explain' => true),
189	'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
190	'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
191
192	'legend2' => $l_legend_cat_images,
193	'img_display_inlined' => array('lang' => 'DISPLAY_INLINED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
194	'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
195	'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
196	'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
197	'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
198	'img_strip_metadata' => array('lang' => 'IMAGE_STRIP_METADATA', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
199	'img_quality' => array('lang' => 'IMAGE_QUALITY', 'validate' => 'int:50:90', 'type' => 'number:50:90', 'explain' => true, 'append' => ' &percnt;'),
200	'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
201	)
202	);
203
204	/**
205	* Event to add and/or modify acp_attachement configurations
206	*
207	* @event core.acp_attachments_config_edit_add
208	* @var array display_vars Array of config values to display and process
209	* @var string mode Mode of the config page we are displaying
210	* @var boolean submit Do we display the form or process the submission
211	* @since 3.1.11-RC1
212	*/
213	$vars = array('display_vars', 'mode', 'submit');
214	extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
215
216	$this->new_config = $config;
217	$cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => '')) : $this->new_config;
218	$error = array();
219
220	// We validate the complete config if whished
221	validate_config_vars($display_vars['vars'], $cfg_array, $error);
222
223	// Do not write values if there is an error
224	if (count($error))
225	{
226	$submit = false;
227	}
228
229	// We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
230	foreach ($display_vars['vars'] as $config_name => $null)
231	{
232	if (!isset($cfg_array[$config_name]) \|\| strpos($config_name, 'legend') !== false)
233	{
234	continue;
235	}
236
237	$this->new_config[$config_name] = $config_value = $cfg_array[$config_name];
238
239	if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
240	{
241	$size_var = $request->variable($config_name, '');
242
243	$config_value = (int) $config_value;
244
245	$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
246	}
247
248	if ($submit)
249	{
250	$config->set($config_name, $config_value);
251	}
252	}
253
254	$this->perform_site_list();
255
256	if ($submit)
257	{
258	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_CONFIG_ATTACH');
259
260	if (!count($error))
261	{
262	trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
263	}
264	}
265
266	$template->assign_var('S_ATTACHMENT_SETTINGS', true);
267
268	// Secure Download Options - Same procedure as with banning
269	$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
270
271	$sql = 'SELECT *
272	FROM ' . SITELIST_TABLE;
273	$result = $db->sql_query($sql);
274
275	$defined_ips = '';
276
277	while ($row = $db->sql_fetchrow($result))
278	{
279	$value = $row['site_ip'] ?: $row['site_hostname'];
280	if ($value)
281	{
282	$defined_ips .= '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>';
283	}
284	}
285	$db->sql_freeresult($result);
286
287	$template->assign_vars(array(
288	'S_EMPTY_PM_GROUPS' => empty($allowed_pm_groups),
289	'S_EMPTY_POST_GROUPS' => empty($allowed_post_groups),
290	'S_SECURE_DOWNLOADS' => $this->new_config['secure_downloads'],
291	'S_DEFINED_IPS' => ($defined_ips != '') ? true : false,
292	'S_WARNING' => (count($error)) ? true : false,
293
294	'U_EXTENSION_GROUPS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=ext_groups"),
295
296	'WARNING_MSG' => implode('<br />', $error),
297	'DEFINED_IPS' => $defined_ips,
298
299	'L_SECURE_TITLE' => $user->lang['DEFINE_' . $allow_deny . '_IPS'],
300	'L_IP_EXCLUDE' => $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP'],
301	'L_REMOVE_IPS' => $user->lang['REMOVE_' . $allow_deny . '_IPS'])
302	);
303
304	// Output relevant options
305	foreach ($display_vars['vars'] as $config_key => $vars)
306	{
307	if (!is_array($vars) && strpos($config_key, 'legend') === false)
308	{
309	continue;
310	}
311
312	if (strpos($config_key, 'legend') !== false)
313	{
314	$template->assign_block_vars('options', array(
315	'S_LEGEND' => true,
316	'LEGEND' => (isset($user->lang[$vars])) ? $user->lang[$vars] : $vars)
317	);
318
319	continue;
320	}
321
322	$type = explode(':', $vars['type']);
323
324	$l_explain = '';
325	if ($vars['explain'] && isset($vars['lang_explain']))
326	{
327	$l_explain = (isset($user->lang[$vars['lang_explain']])) ? $user->lang[$vars['lang_explain']] : $vars['lang_explain'];
328	}
329	else if ($vars['explain'])
330	{
331	$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
332	}
333
334	$content = phpbb_build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
335	if (empty($content))
336	{
337	continue;
338	}
339
340	$template->assign_block_vars('options', array(
341	'KEY' => $config_key,
342	'TITLE' => $user->lang[$vars['lang']],
343	'S_EXPLAIN' => $vars['explain'],
344	'TITLE_EXPLAIN' => $l_explain,
345	'CONTENT' => $content,
346	)
347	);
348
349	unset($display_vars['vars'][$config_key]);
350	}
351
352	break;
353
354	case 'extensions':
355	if ($submit \|\| isset($_POST['add_extension_check']))
356	{
357	if ($submit)
358	{
359	// Change Extensions ?
360	$extension_change_list = $request->variable('extension_change_list', array(0));
361	$group_select_list = $request->variable('group_select', array(0));
362
363	// Generate correct Change List
364	$extensions = array();
365
366	for ($i = 0, $size = count($extension_change_list); $i < $size; $i++)
367	{
368	$extensions[$extension_change_list[$i]]['group_id'] = $group_select_list[$i];
369	}
370
371	$sql = 'SELECT *
372	FROM ' . EXTENSIONS_TABLE . '
373	ORDER BY extension_id';
374	$result = $db->sql_query($sql);
375
376	while ($row = $db->sql_fetchrow($result))
377	{
378	if ($row['group_id'] != $extensions[$row['extension_id']]['group_id'])
379	{
380	$sql = 'UPDATE ' . EXTENSIONS_TABLE . '
381	SET group_id = ' . (int) $extensions[$row['extension_id']]['group_id'] . '
382	WHERE extension_id = ' . $row['extension_id'];
383	$db->sql_query($sql);
384
385	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_UPDATE', false, array($row['extension']));
386	}
387	}
388	$db->sql_freeresult($result);
389
390	// Delete Extension?
391	$extension_id_list = $request->variable('extension_id_list', array(0));
392
393	if (count($extension_id_list))
394	{
395	$sql = 'SELECT extension
396	FROM ' . EXTENSIONS_TABLE . '
397	WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
398	$result = $db->sql_query($sql);
399
400	$extension_list = '';
401	while ($row = $db->sql_fetchrow($result))
402	{
403	$extension_list .= ($extension_list == '') ? $row['extension'] : ', ' . $row['extension'];
404	}
405	$db->sql_freeresult($result);
406
407	$sql = 'DELETE
408	FROM ' . EXTENSIONS_TABLE . '
409	WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
410	$db->sql_query($sql);
411
412	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_DEL', false, array($extension_list));
413	}
414	}
415
416	// Add Extension?
417	$add_extension = strtolower($request->variable('add_extension', ''));
418	$add_extension_group = $request->variable('add_group_select', 0);
419	$add = (isset($_POST['add_extension_check'])) ? true : false;
420
421	if ($add_extension && $add)
422	{
423	$sql = 'SELECT extension_id
424	FROM ' . EXTENSIONS_TABLE . "
425	WHERE extension = '" . $db->sql_escape($add_extension) . "'";
426	$result = $db->sql_query($sql);
427
428	if ($row = $db->sql_fetchrow($result))
429	{
430	$error[] = sprintf($user->lang['EXTENSION_EXIST'], $add_extension);
431	}
432	$db->sql_freeresult($result);
433
434	if (!count($error))
435	{
436	$sql_ary = array(
437	'group_id' => $add_extension_group,
438	'extension' => $add_extension
439	);
440
441	$db->sql_query('INSERT INTO ' . EXTENSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
442
443	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXT_ADD', false, array($add_extension));
444	}
445	}
446
447	if (!count($error))
448	{
449	$notify[] = $user->lang['EXTENSIONS_UPDATED'];
450	}
451
452	$cache->destroy('_extensions');
453	}
454
455	$template->assign_vars([
456	'S_EXTENSIONS' => true,
457	'ADD_EXTENSION' => (isset($add_extension)) ? $add_extension : '',
458	'GROUP_SELECT_OPTIONS' => $this->group_select('add_group_select', $request->is_set_post('add_extension_check') ? $add_extension_group : false, 'extension_group'),
459	]);
460
461	$sql = 'SELECT *
462	FROM ' . EXTENSIONS_TABLE . '
463	ORDER BY group_id, extension';
464	$result = $db->sql_query($sql);
465
466	if ($row = $db->sql_fetchrow($result))
467	{
468	$old_group_id = $row['group_id'];
469	do
470	{
471	$s_spacer = false;
472
473	$current_group_id = $row['group_id'];
474	if ($old_group_id != $current_group_id)
475	{
476	$s_spacer = true;
477	$old_group_id = $current_group_id;
478	}
479
480	$template->assign_block_vars('extensions', array(
481	'S_SPACER' => $s_spacer,
482	'EXTENSION_ID' => $row['extension_id'],
483	'EXTENSION' => $row['extension'],
484	'GROUP_OPTIONS' => $this->group_select('group_select[]', $row['group_id']))
485	);
486	}
487	while ($row = $db->sql_fetchrow($result));
488	}
489	$db->sql_freeresult($result);
490
491	break;
492
493	case 'ext_groups':
494
495	$template->assign_var('S_EXTENSION_GROUPS', true);
496
497	if ($submit)
498	{
499	$action = $request->variable('action', '');
500	$group_id = $request->variable('g', 0);
501
502	if ($action != 'add' && $action != 'edit')
503	{
504	trigger_error('NO_MODE', E_USER_ERROR);
505	}
506
507	if (!$group_id && $action == 'edit')
508	{
509	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
510	}
511
512	if ($group_id)
513	{
514	$sql = 'SELECT *
515	FROM ' . EXTENSION_GROUPS_TABLE . "
516	WHERE group_id = $group_id";
517	$result = $db->sql_query($sql);
518	$ext_row = $db->sql_fetchrow($result);
519	$db->sql_freeresult($result);
520
521	if (!$ext_row)
522	{
523	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
524	}
525	}
526	else
527	{
528	$ext_row = array();
529	}
530
531	$group_name = $request->variable('group_name', '', true);
532	$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
533
534	if (!$group_name)
535	{
536	$error[] = $user->lang['NO_EXT_GROUP_NAME'];
537	}
538
539	// Check New Group Name
540	if ($new_group_name)
541	{
542	$sql = 'SELECT group_id
543	FROM ' . EXTENSION_GROUPS_TABLE . "
544	WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'";
545	if ($group_id)
546	{
547	$sql .= ' AND group_id <> ' . $group_id;
548	}
549	$result = $db->sql_query($sql);
550
551	if ($db->sql_fetchrow($result))
552	{
553	$error[] = sprintf($user->lang['EXTENSION_GROUP_EXIST'], $new_group_name);
554	}
555	$db->sql_freeresult($result);
556	}
557
558	if (!count($error))
559	{
560	// Ok, build the update/insert array
561	$upload_icon = $request->variable('upload_icon', 'no_image');
562	$size_select = $request->variable('size_select', 'b');
563	$forum_select = $request->variable('forum_select', false);
564	$allowed_forums = $request->variable('allowed_forums', array(0));
565	$allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false;
566	$max_filesize = $request->variable('max_filesize', 0);
567	$max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
568	$allow_group = (isset($_POST['allow_group'])) ? true : false;
569
570	if ($max_filesize == $config['max_filesize'])
571	{
572	$max_filesize = 0;
573	}
574
575	if (!count($allowed_forums))
576	{
577	$forum_select = false;
578	}
579
580	$group_ary = array(
581	'group_name' => $group_name,
582	'cat_id' => $request->variable('special_category', attachment_category::NONE),
583	'allow_group' => ($allow_group) ? 1 : 0,
584	'upload_icon' => ($upload_icon == 'no_image') ? '' : $upload_icon,
585	'max_filesize' => $max_filesize,
586	'allowed_forums'=> ($forum_select) ? serialize($allowed_forums) : '',
587	'allow_in_pm' => ($allow_in_pm) ? 1 : 0,
588	);
589
590	$sql = ($action == 'add') ? 'INSERT INTO ' . EXTENSION_GROUPS_TABLE . ' ' : 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET ';
591	$sql .= $db->sql_build_array((($action == 'add') ? 'INSERT' : 'UPDATE'), $group_ary);
592	$sql .= ($action == 'edit') ? " WHERE group_id = $group_id" : '';
593
594	$db->sql_query($sql);
595
596	if ($action == 'add')
597	{
598	$group_id = $db->sql_nextid();
599	}
600
601	$group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
602	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
603	}
604
605	$extension_list = $request->variable('extensions', array(0));
606
607	if ($action == 'edit' && count($extension_list))
608	{
609	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
610	SET group_id = 0
611	WHERE group_id = $group_id";
612	$db->sql_query($sql);
613	}
614
615	if (count($extension_list))
616	{
617	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
618	SET group_id = $group_id
619	WHERE " . $db->sql_in_set('extension_id', $extension_list);
620	$db->sql_query($sql);
621	}
622
623	$cache->destroy('_extensions');
624
625	if (!count($error))
626	{
627	$notify[] = $user->lang['SUCCESS_EXTENSION_GROUP_' . strtoupper($action)];
628	}
629	}
630
631	$cat_lang = array(
632	attachment_category::NONE => $user->lang['NO_FILE_CAT'],
633	attachment_category::IMAGE => $user->lang['CAT_IMAGES'],
634	attachment_category::AUDIO => $user->lang('CAT_AUDIO_FILES'),
635	attachment_category::VIDEO => $user->lang('CAT_VIDEO_FILES'),
636	);
637
638	$group_id = $request->variable('g', 0);
639	$action = (isset($_POST['add'])) ? 'add' : $action;
640
641	switch ($action)
642	{
643	case 'delete':
644
645	if (confirm_box(true))
646	{
647	$sql = 'SELECT group_name
648	FROM ' . EXTENSION_GROUPS_TABLE . "
649	WHERE group_id = $group_id";
650	$result = $db->sql_query($sql);
651	$group_name = (string) $db->sql_fetchfield('group_name');
652	$db->sql_freeresult($result);
653
654	$sql = 'DELETE
655	FROM ' . EXTENSION_GROUPS_TABLE . "
656	WHERE group_id = $group_id";
657	$db->sql_query($sql);
658
659	// Set corresponding Extensions to a pending Group
660	$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
661	SET group_id = 0
662	WHERE group_id = $group_id";
663	$db->sql_query($sql);
664
665	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_DEL', false, array($group_name));
666
667	$cache->destroy('_extensions');
668
669	trigger_error($user->lang['EXTENSION_GROUP_DELETED'] . adm_back_link($this->u_action));
670	}
671	else
672	{
673	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
674	'i' => $id,
675	'mode' => $mode,
676	'group_id' => $group_id,
677	'action' => 'delete',
678	)));
679	}
680
681	break;
682
683	case 'edit':
684
685	if (!$group_id)
686	{
687	trigger_error($user->lang['NO_EXT_GROUP_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
688	}
689
690	$sql = 'SELECT *
691	FROM ' . EXTENSION_GROUPS_TABLE . "
692	WHERE group_id = $group_id";
693	$result = $db->sql_query($sql);
694	$ext_group_row = $db->sql_fetchrow($result);
695	$db->sql_freeresult($result);
696
697	$forum_ids = (!$ext_group_row['allowed_forums']) ? array() : unserialize(trim($ext_group_row['allowed_forums']));
698
699	// no break;
700
701	case 'add':
702
703	if ($action == 'add')
704	{
705	$ext_group_row = array(
706	'group_name' => $request->variable('group_name', '', true),
707	'cat_id' => 0,
708	'allow_group' => 1,
709	'allow_in_pm' => 1,
710	'upload_icon' => '',
711	'max_filesize' => 0,
712	);
713
714	$forum_ids = array();
715	}
716
717	$sql = 'SELECT *
718	FROM ' . EXTENSIONS_TABLE . "
719	WHERE group_id = $group_id
720	OR group_id = 0
721	ORDER BY extension";
722	$result = $db->sql_query($sql);
723	$extensions = $db->sql_fetchrowset($result);
724	$db->sql_freeresult($result);
725
726	if ($ext_group_row['max_filesize'] == 0)
727	{
728	$ext_group_row['max_filesize'] = (int) $config['max_filesize'];
729	}
730
731	$max_filesize = get_formatted_filesize($ext_group_row['max_filesize'], false, array('mb', 'kb', 'b'));
732	$size_format = $max_filesize['si_identifier'];
733	$ext_group_row['max_filesize'] = $max_filesize['value'];
734
735	$img_path = $config['upload_icons_path'];
736
737	$filename_list = '';
738	$no_image_select = false;
739
740	$imglist = filelist($phpbb_root_path . $img_path);
741
742	if (!empty($imglist['']))
743	{
744	$imglist = array_values($imglist);
745	$imglist = $imglist[0];
746
747	foreach ($imglist as $img)
748	{
749	if (!$ext_group_row['upload_icon'])
750	{
751	$no_image_select = true;
752	$selected = '';
753	}
754	else
755	{
756	$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
757	}
758
759	if (strlen($img) > 255)
760	{
761	continue;
762	}
763
764	$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
765	}
766	}
767
768	$i = 0;
769	$assigned_extensions = '';
770	foreach ($extensions as $row)
771	{
772	if ($row['group_id'] == $group_id && $group_id)
773	{
774	$assigned_extensions .= ($i) ? ', ' . $row['extension'] : $row['extension'];
775	$i++;
776	}
777	}
778
779	$s_extension_options = '';
780	foreach ($extensions as $row)
781	{
782	$s_extension_options .= '<option' . ((!$row['group_id']) ? ' class="disabled"' : '') . ' value="' . $row['extension_id'] . '"' . (($row['group_id'] == $group_id && $group_id) ? ' selected="selected"' : '') . '>' . $row['extension'] . '</option>';
783	}
784
785	$template->assign_vars(array(
786	'IMG_PATH' => $img_path,
787	'ACTION' => $action,
788	'GROUP_ID' => $group_id,
789	'GROUP_NAME' => $ext_group_row['group_name'],
790	'ALLOW_GROUP' => $ext_group_row['allow_group'],
791	'ALLOW_IN_PM' => $ext_group_row['allow_in_pm'],
792	'UPLOAD_ICON_SRC' => $phpbb_root_path . $img_path . '/' . $ext_group_row['upload_icon'],
793	'EXTGROUP_FILESIZE' => $ext_group_row['max_filesize'],
794	'ASSIGNED_EXTENSIONS' => $assigned_extensions,
795
796	'S_CATEGORY_SELECT' => $this->category_select('special_category', $group_id, 'category'),
797	'EXT_GROUP_SIZE_OPTIONS' => [
798	'name' => 'size_select',
799	'options' => size_select_options($size_format),
800	],
801	'S_EXTENSION_OPTIONS' => $s_extension_options,
802	'S_FILENAME_LIST' => $filename_list,
803	'S_EDIT_GROUP' => true,
804	'S_NO_IMAGE' => $no_image_select,
805	'S_FORUM_IDS' => (count($forum_ids)) ? true : false,
806
807	'U_EXTENSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=extensions"),
808	'U_BACK' => $this->u_action,
809
810	'L_LEGEND' => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'])
811	);
812
813	$s_forum_id_options = '';
814
815	/ @todo use in-built function /
816
817	$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
818	FROM ' . FORUMS_TABLE . '
819	ORDER BY left_id ASC';
820	$result = $db->sql_query($sql, 600);
821
822	$right = $cat_right = 0;
823	$padding = $holding = '';
824	$padding_store = array('0' => '');
825
826	while ($row = $db->sql_fetchrow($result))
827	{
828	if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
829	{
830	// Non-postable forum with no subforums, don't display
831	continue;
832	}
833
834	if (!$auth->acl_get('f_list', $row['forum_id']))
835	{
836	// if the user does not have permissions to list this forum skip
837	continue;
838	}
839
840	if ($row['left_id'] < $right)
841	{
842	$padding .= '   ';
843	$padding_store[$row['parent_id']] = $padding;
844	}
845	else if ($row['left_id'] > $right + 1)
846	{
847	$padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
848	}
849
850	$right = $row['right_id'];
851
852	$selected = (in_array($row['forum_id'], $forum_ids)) ? ' selected="selected"' : '';
853
854	if ($row['left_id'] > $cat_right)
855	{
856	// make sure we don't forget anything
857	$s_forum_id_options .= $holding;
858	$holding = '';
859	}
860
861	if ($row['right_id'] - $row['left_id'] > 1)
862	{
863	$cat_right = max($cat_right, $row['right_id']);
864
865	$holding .= '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
866	}
867	else
868	{
869	$s_forum_id_options .= $holding . '<option value="' . $row['forum_id'] . '"' . (($row['forum_type'] == FORUM_POST) ? ' class="sep"' : '') . $selected . '>' . $padding . $row['forum_name'] . '</option>';
870	$holding = '';
871	}
872	}
873
874	if ($holding)
875	{
876	$s_forum_id_options .= $holding;
877	}
878
879	$db->sql_freeresult($result);
880	unset($padding_store);
881
882	$template->assign_vars(array(
883	'S_FORUM_ID_OPTIONS' => $s_forum_id_options)
884	);
885
886	break;
887	}
888
889	$sql = 'SELECT *
890	FROM ' . EXTENSION_GROUPS_TABLE . '
891	ORDER BY allow_group DESC, allow_in_pm DESC, group_name';
892	$result = $db->sql_query($sql);
893
894	$old_allow_group = $old_allow_pm = 1;
895	while ($row = $db->sql_fetchrow($result))
896	{
897	$s_add_spacer = ($old_allow_group != $row['allow_group'] \|\| $old_allow_pm != $row['allow_in_pm']) ? true : false;
898
899	$template->assign_block_vars('groups', array(
900	'S_ADD_SPACER' => $s_add_spacer,
901	'S_ALLOWED_IN_PM' => ($row['allow_in_pm']) ? true : false,
902	'S_GROUP_ALLOWED' => ($row['allow_group']) ? true : false,
903
904	'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}",
905	'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}",
906
907	'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
908	'CATEGORY' => $cat_lang[$row['cat_id']],
909	)
910	);
911
912	$old_allow_group = $row['allow_group'];
913	$old_allow_pm = $row['allow_in_pm'];
914	}
915	$db->sql_freeresult($result);
916
917	break;
918
919	case 'orphan':
920
921	/* @var $pagination \phpbb\pagination */
922	$pagination = $this->phpbb_container->get('pagination');
923
924	if ($submit)
925	{
926	$delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
927	$add_files = (isset($_POST['add'])) ? array_keys($request->variable('add', array('' => 0))) : array();
928	$post_ids = $request->variable('post_id', array('' => 0));
929
930	if (count($delete_files))
931	{
932	$sql = 'SELECT *
933	FROM ' . ATTACHMENTS_TABLE . '
934	WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
935	AND is_orphan = 1';
936	$result = $db->sql_query($sql);
937
938	$delete_files = array();
939	while ($row = $db->sql_fetchrow($result))
940	{
941	$this->attachment_manager->unlink($row['physical_filename'], 'file');
942
943	if ($row['thumbnail'])
944	{
945	$this->attachment_manager->unlink($row['physical_filename'], 'thumbnail');
946	}
947
948	$delete_files[$row['attach_id']] = $row['real_filename'];
949	}
950	$db->sql_freeresult($result);
951	}
952
953	if (count($delete_files))
954	{
955	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
956	WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files));
957	$db->sql_query($sql);
958
959	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_ORPHAN_DEL', false, array(implode(', ', $delete_files)));
960	$notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode($user->lang['COMMA_SEPARATOR'], $delete_files));
961	}
962
963	$upload_list = array();
964	foreach ($add_files as $attach_id)
965	{
966	if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
967	{
968	$upload_list[$attach_id] = $post_ids[$attach_id];
969	}
970	}
971	unset($add_files);
972
973	if (count($upload_list))
974	{
975	$template->assign_var('S_UPLOADING_FILES', true);
976
977	$sql = 'SELECT forum_id, forum_name
978	FROM ' . FORUMS_TABLE;
979	$result = $db->sql_query($sql);
980
981	$forum_names = array();
982	while ($row = $db->sql_fetchrow($result))
983	{
984	$forum_names[$row['forum_id']] = $row['forum_name'];
985	}
986	$db->sql_freeresult($result);
987
988	$sql = 'SELECT forum_id, topic_id, post_id, poster_id
989	FROM ' . POSTS_TABLE . '
990	WHERE ' . $db->sql_in_set('post_id', $upload_list);
991	$result = $db->sql_query($sql);
992
993	$post_info = array();
994	while ($row = $db->sql_fetchrow($result))
995	{
996	$post_info[$row['post_id']] = $row;
997	}
998	$db->sql_freeresult($result);
999
1000	// Select those attachments we want to change...
1001	$sql = 'SELECT *
1002	FROM ' . ATTACHMENTS_TABLE . '
1003	WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . '
1004	AND is_orphan = 1';
1005	$result = $db->sql_query($sql);
1006
1007	$files_added = $space_taken = 0;
1008	$error_msg = '';
1009	$upload_row = [];
1010	while ($row = $db->sql_fetchrow($result))
1011	{
1012	$upload_row = [
1013	'FILE_INFO' => $user->lang('UPLOADING_FILE_TO', $row['real_filename'], $upload_list[$row['attach_id']]),
1014	];
1015
1016	if (isset($post_info[$upload_list[$row['attach_id']]]))
1017	{
1018	$post_row = $post_info[$upload_list[$row['attach_id']]];
1019	$upload_row = array_merge($upload_row, [
1020	'S_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']),
1021	'L_DENIED' => !$auth->acl_get('f_attach', $post_row['forum_id']) ? $user->lang('UPLOAD_DENIED_FORUM', $forum_names[$row['forum_id']]) : '',
1022	]);
1023	}
1024	else
1025	{
1026	$error_msg = $user->lang('UPLOAD_POST_NOT_EXIST', $row['real_filename'], $upload_list[$row['attach_id']]);
1027	$upload_row = array_merge($upload_row, [
1028	'ERROR_MSG' => $error_msg,
1029	]);
1030	};
1031
1032	$template->assign_block_vars('upload', $upload_row);
1033
1034	if ($error_msg \|\| !$auth->acl_get('f_attach', $post_row['forum_id']))
1035	{
1036	continue;
1037	}
1038
1039	// Adjust attachment entry
1040	$sql_ary = [
1041	'in_message' => 0,
1042	'is_orphan' => 0,
1043	'poster_id' => $post_row['poster_id'],
1044	'post_msg_id' => $post_row['post_id'],
1045	'topic_id' => $post_row['topic_id'],
1046	];
1047
1048	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
1049	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
1050	WHERE attach_id = ' . $row['attach_id'];
1051	$db->sql_query($sql);
1052
1053	$sql = 'UPDATE ' . POSTS_TABLE . '
1054	SET post_attachment = 1
1055	WHERE post_id = ' . $post_row['post_id'];
1056	$db->sql_query($sql);
1057
1058	$sql = 'UPDATE ' . TOPICS_TABLE . '
1059	SET topic_attachment = 1
1060	WHERE topic_id = ' . $post_row['topic_id'];
1061	$db->sql_query($sql);
1062
1063	$space_taken += $row['filesize'];
1064	$files_added++;
1065
1066	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_FILEUPLOAD', false, [$post_row['post_id'], $row['real_filename']]);
1067	}
1068	$db->sql_freeresult($result);
1069
1070	if ($files_added)
1071	{
1072	$config->increment('upload_dir_size', $space_taken, false);
1073	$config->increment('num_files', $files_added, false);
1074	}
1075	}
1076	}
1077
1078	$template->assign_vars([
1079	'S_ORPHAN' => true,
1080	]);
1081
1082	$attachments_per_page = (int) $config['topics_per_page'];
1083
1084	// Get total number or orphans older than 3 hours
1085	$sql = 'SELECT COUNT(attach_id) as num_files, SUM(filesize) as total_size
1086	FROM ' . ATTACHMENTS_TABLE . '
1087	WHERE is_orphan = 1
1088	AND filetime < ' . (time() - 36060);
1089	$result = $this->db->sql_query($sql);
1090	$row = $this->db->sql_fetchrow($result);
1091	$num_files = (int) $row['num_files'];
1092	$total_size = (int) $row['total_size'];
1093	$this->db->sql_freeresult($result);
1094
1095	$start = $request->variable('start', 0);
1096	$start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1097
1098	// Just get the files with is_orphan set and older than 3 hours
1099	$sql = 'SELECT *
1100	FROM ' . ATTACHMENTS_TABLE . '
1101	WHERE is_orphan = 1
1102	AND filetime < ' . (time() - 36060) . '
1103	ORDER BY filetime DESC';
1104	$result = $db->sql_query_limit($sql, $attachments_per_page, $start);
1105
1106	while ($row = $db->sql_fetchrow($result))
1107	{
1108	$template->assign_block_vars('orphan', [
1109	'FILESIZE' => get_formatted_filesize($row['filesize']),
1110	'FILETIME' => $user->format_date($row['filetime']),
1111	'REAL_FILENAME' => utf8_basename($row['real_filename']),
1112	'PHYSICAL_FILENAME' => utf8_basename($row['physical_filename']),
1113	'ATTACH_ID' => $row['attach_id'],
1114	'POST_ID' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
1115	'U_FILE' => $this->controller_helper->route(
1116	'phpbb_storage_attachment',
1117	[
1118	'id' => (int) $row['attach_id'],
1119	'filename' => $row['real_filename'],
1120	]
1121	),
1122	]);
1123	}
1124	$db->sql_freeresult($result);
1125
1126	$pagination->generate_template_pagination(
1127	$this->u_action,
1128	'pagination',
1129	'start',
1130	$num_files,
1131	$attachments_per_page,
1132	$start
1133	);
1134
1135	$template->assign_vars([
1136	'TOTAL_FILES' => $num_files,
1137	'TOTAL_SIZE' => get_formatted_filesize($total_size),
1138	]);
1139
1140	break;
1141
1142	case 'manage':
1143
1144	if ($submit)
1145	{
1146	$delete_files = (isset($_POST['delete'])) ? array_keys($request->variable('delete', array('' => 0))) : array();
1147
1148	if (count($delete_files))
1149	{
1150	// Select those attachments we want to delete...
1151	$sql = 'SELECT real_filename
1152	FROM ' . ATTACHMENTS_TABLE . '
1153	WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
1154	AND is_orphan = 0';
1155	$result = $db->sql_query($sql);
1156
1157	$deleted_filenames = [];
1158	while ($row = $db->sql_fetchrow($result))
1159	{
1160	$deleted_filenames[] = $row['real_filename'];
1161	}
1162	$db->sql_freeresult($result);
1163
1164	if ($num_deleted = $this->attachment_manager->delete('attach', $delete_files))
1165	{
1166	if (count($delete_files) != $num_deleted)
1167	{
1168	$error[] = $user->lang['FILES_GONE'];
1169	}
1170
1171	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACHMENTS_DELETED', false, array(implode(', ', $deleted_filenames)));
1172	$notify[] = sprintf($user->lang['LOG_ATTACHMENTS_DELETED'], implode($user->lang['COMMA_SEPARATOR'], $deleted_filenames));
1173	}
1174	else
1175	{
1176	$error[] = $user->lang['NO_FILES_TO_DELETE'];
1177	}
1178	}
1179	}
1180
1181	if ($action == 'stats')
1182	{
1183	$this->handle_stats_resync();
1184	}
1185
1186	$stats_error = $this->check_stats_accuracy();
1187
1188	if ($stats_error)
1189	{
1190	$error[] = $stats_error;
1191	}
1192
1193	$template->assign_vars(array(
1194	'S_MANAGE' => true,
1195	));
1196
1197	$start = $request->variable('start', 0);
1198
1199	// Sort keys
1200	$sort_days = $request->variable('st', 0);
1201	$sort_key = $request->variable('sk', 't');
1202	$sort_dir = $request->variable('sd', 'd');
1203
1204	// Sorting
1205	$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
1206	$sort_by_text = array('f' => $user->lang['FILENAME'], 't' => $user->lang['FILEDATE'], 's' => $user->lang['FILESIZE'], 'x' => $user->lang['EXTENSION'], 'd' => $user->lang['DOWNLOADS'],'p' => $user->lang['ATTACH_POST_TYPE'], 'u' => $user->lang['AUTHOR']);
1207	$sort_by_sql = array('f' => 'a.real_filename', 't' => 'a.filetime', 's' => 'a.filesize', 'x' => 'a.extension', 'd' => 'a.download_count', 'p' => 'a.in_message', 'u' => 'u.username');
1208
1209	$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
1210	gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
1211
1212	$min_filetime = ($sort_days) ? (time() - ($sort_days * 86400)) : '';
1213	$limit_filetime = ($min_filetime) ? " AND a.filetime >= $min_filetime " : '';
1214	$start = ($sort_days && isset($_POST['sort'])) ? 0 : $start;
1215
1216	$attachments_per_page = (int) $config['topics_per_page'];
1217
1218	$stats = $this->get_attachment_stats($limit_filetime);
1219	$num_files = $stats['num_files'];
1220	$total_size = $stats['upload_dir_size'];
1221
1222	// Make sure $start is set to the last page if it exceeds the amount
1223	/* @var $pagination \phpbb\pagination */
1224	$pagination = $phpbb_container->get('pagination');
1225	$start = $pagination->validate_start($start, $attachments_per_page, $num_files);
1226
1227	// If the user is trying to reach the second half of the attachments list, fetch it starting from the end
1228	$store_reverse = false;
1229	$sql_limit = $attachments_per_page;
1230
1231	if ($start > $num_files / 2)
1232	{
1233	$store_reverse = true;
1234
1235	// Select the sort order. Add time sort anchor for non-time sorting cases
1236	$sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') : '';
1237	$sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'ASC' : 'DESC') . $sql_sort_anchor;
1238	$sql_limit = $pagination->reverse_limit($start, $sql_limit, $num_files);
1239	$sql_start = $pagination->reverse_start($start, $sql_limit, $num_files);
1240	}
1241	else
1242	{
1243	// Select the sort order. Add time sort anchor for non-time sorting cases
1244	$sql_sort_anchor = ($sort_key != 't') ? ', a.filetime ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') : '';
1245	$sql_sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC') . $sql_sort_anchor;
1246	$sql_start = $start;
1247	}
1248
1249	$attachments_list = array();
1250
1251	// Just get the files
1252	$sql = 'SELECT a.*, u.username, u.user_colour, t.topic_title
1253	FROM ' . ATTACHMENTS_TABLE . ' a
1254	LEFT JOIN ' . USERS_TABLE . ' u ON (u.user_id = a.poster_id)
1255	LEFT JOIN ' . TOPICS_TABLE . " t ON (a.topic_id = t.topic_id)
1256	WHERE a.is_orphan = 0
1257	$limit_filetime
1258	ORDER BY $sql_sort_order";
1259	$result = $db->sql_query_limit($sql, $sql_limit, $sql_start);
1260
1261	$i = ($store_reverse) ? $sql_limit - 1 : 0;
1262
1263	// Store increment value in a variable to save some conditional calls
1264	$i_increment = ($store_reverse) ? -1 : 1;
1265	while ($attachment_row = $db->sql_fetchrow($result))
1266	{
1267	$attachments_list[$i] = $attachment_row;
1268	$i = $i + $i_increment;
1269	}
1270	$db->sql_freeresult($result);
1271
1272	$base_url = $this->u_action . "&$u_sort_param";
1273	$pagination->generate_template_pagination($base_url, 'pagination', 'start', $num_files, $attachments_per_page, $start);
1274
1275	$template->assign_vars(array(
1276	'TOTAL_FILES' => $num_files,
1277	'TOTAL_SIZE' => get_formatted_filesize($total_size),
1278
1279	'S_LIMIT_DAYS' => $s_limit_days,
1280	'S_SORT_KEY' => $s_sort_key,
1281	'S_SORT_DIR' => $s_sort_dir)
1282	);
1283
1284	// Grab extensions
1285	$extensions = $cache->obtain_attach_extensions(true);
1286
1287	for ($i = 0, $end = count($attachments_list); $i < $end; ++$i)
1288	{
1289	$row = $attachments_list[$i];
1290
1291	$row['extension'] = strtolower(trim((string) $row['extension']));
1292	$comment = ($row['attach_comment'] && !$row['in_message']) ? str_replace(array("\n", "\r"), array('<br />', "\n"), $row['attach_comment']) : '';
1293	$display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : attachment_category::NONE;
1294	$l_downloaded_viewed = ($display_cat == attachment_category::NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS';
1295
1296	$template->assign_block_vars('attachments', array(
1297	'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
1298	'FILESIZE' => get_formatted_filesize((int) $row['filesize']),
1299	'FILETIME' => $user->format_date((int) $row['filetime']),
1300	'REAL_FILENAME' => utf8_basename((string) $row['real_filename']),
1301	'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
1302	'COMMENT' => $comment,
1303	'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '',
1304	'ATTACH_ID' => (int) $row['attach_id'],
1305
1306	'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']),
1307
1308	'S_IN_MESSAGE' => (bool) $row['in_message'],
1309
1310	'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
1311	'U_FILE' => $this->controller_helper->route(
1312	'phpbb_storage_attachment',
1313	[
1314	'id' => (int) $row['attach_id'],
1315	'filename' => $row['real_filename'],
1316	]
1317	)
1318	));
1319	}
1320
1321	break;
1322	}
1323
1324	if (count($error))
1325	{
1326	$template->assign_vars(array(
1327	'S_WARNING' => true,
1328	'WARNING_MSG' => implode('<br />', $error))
1329	);
1330	}
1331
1332	if (count($notify))
1333	{
1334	$template->assign_vars(array(
1335	'S_NOTIFY' => true,
1336	'NOTIFY_MSG' => implode('<br />', $notify))
1337	);
1338	}
1339	}
1340
1341	/**
1342	* Get attachment file count and size of upload directory
1343	*
1344	* @param $limit string Additional limit for WHERE clause to filter stats by.
1345	* @return array Returns array with stats: num_files and upload_dir_size
1346	*/
1347	public function get_attachment_stats($limit = '')
1348	{
1349	$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
1350	FROM ' . ATTACHMENTS_TABLE . " a
1351	WHERE a.is_orphan = 0
1352	$limit";
1353	$result = $this->db->sql_query($sql);
1354	$row = $this->db->sql_fetchrow($result);
1355	$this->db->sql_freeresult($result);
1356
1357	return array(
1358	'num_files' => (int) $row['num_files'],
1359	'upload_dir_size' => (float) $row['upload_dir_size'],
1360	);
1361	}
1362
1363	/**
1364	* Set config attachment stat values
1365	*
1366	* @param $stats array Array of config key => value pairs to set.
1367	* @return void
1368	*/
1369	public function set_attachment_stats($stats)
1370	{
1371	foreach ($stats as $key => $value)
1372	{
1373	$this->config->set($key, $value, true);
1374	}
1375	}
1376
1377	/**
1378	* Check accuracy of attachment statistics.
1379	*
1380	* @return bool\|string Returns false if stats are correct or error message
1381	* otherwise.
1382	*/
1383	public function check_stats_accuracy()
1384	{
1385	// Get fresh stats.
1386	$stats = $this->get_attachment_stats();
1387
1388	// Get current files stats
1389	$num_files = (int) $this->config['num_files'];
1390	$total_size = (float) $this->config['upload_dir_size'];
1391
1392	if (($num_files != $stats['num_files']) \|\| ($total_size != $stats['upload_dir_size']))
1393	{
1394	$u_resync = $this->u_action . '&action=stats';
1395
1396	return $this->user->lang(
1397	'FILES_STATS_WRONG',
1398	(int) $stats['num_files'],
1399	get_formatted_filesize($stats['upload_dir_size']),
1400	'<a href="' . $u_resync . '">',
1401	'</a>'
1402	);
1403	}
1404	return false;
1405	}
1406
1407	/**
1408	* Handle stats resync.
1409	*
1410	* @return void
1411	*/
1412	public function handle_stats_resync()
1413	{
1414	if (!confirm_box(true))
1415	{
1416	confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array(
1417	'i' => $this->id,
1418	'mode' => 'manage',
1419	'action' => 'stats',
1420	)));
1421	}
1422	else
1423	{
1424	$this->set_attachment_stats($this->get_attachment_stats());
1425
1426	/* @var $log \phpbb\log\log_interface */
1427	$log = $this->phpbb_container->get('log');
1428	$log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS');
1429	}
1430
1431	}
1432
1433	/**
1434	* Build Select for category items
1435	*/
1436	function category_select($select_name, $group_id = false, $key = '')
1437	{
1438	global $db, $user;
1439
1440	$types = array(
1441	attachment_category::NONE => $user->lang['NO_FILE_CAT'],
1442	attachment_category::IMAGE => $user->lang['CAT_IMAGES'],
1443	attachment_category::AUDIO => $user->lang('CAT_AUDIO_FILES'),
1444	attachment_category::VIDEO => $user->lang('CAT_VIDEO_FILES'),
1445	);
1446
1447	if ($group_id)
1448	{
1449	$sql = 'SELECT cat_id
1450	FROM ' . EXTENSION_GROUPS_TABLE . '
1451	WHERE group_id = ' . (int) $group_id;
1452	$result = $db->sql_query($sql);
1453
1454	$cat_type = (!($row = $db->sql_fetchrow($result))) ? attachment_category::NONE : $row['cat_id'];
1455
1456	$db->sql_freeresult($result);
1457	}
1458	else
1459	{
1460	$cat_type = attachment_category::NONE;
1461	}
1462
1463	$group_select = [
1464	'name' => $select_name,
1465	'id' => $key,
1466	'options' => [],
1467	];
1468
1469	foreach ($types as $type => $mode)
1470	{
1471	$group_select['options'][] = [
1472	'value' => $type,
1473	'selected' => $type == $cat_type,
1474	'label' => $mode,
1475	];
1476	}
1477
1478	return $group_select;
1479	}
1480
1481	/**
1482	* Extension group select
1483	*/
1484	function group_select($select_name, $default_group = false, $key = '')
1485	{
1486	global $db, $user;
1487
1488	$sql = 'SELECT group_id, group_name
1489	FROM ' . EXTENSION_GROUPS_TABLE . '
1490	ORDER BY group_name';
1491	$result = $db->sql_query($sql);
1492
1493	$group_name = array();
1494	while ($row = $db->sql_fetchrow($result))
1495	{
1496	$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
1497	$group_name[] = $row;
1498	}
1499	$db->sql_freeresult($result);
1500
1501	$row['group_id'] = 0;
1502	$row['group_name'] = $user->lang['NOT_ASSIGNED'];
1503	$group_name[] = $row;
1504
1505	$group_select = [
1506	'name' => $select_name,
1507	'id' => $key,
1508	'options' => [],
1509	];
1510
1511	for ($i = 0, $groups_size = count($group_name); $i < $groups_size; $i++)
1512	{
1513	if ($default_group === false)
1514	{
1515	$selected = $i == 0;
1516	}
1517	else
1518	{
1519	$selected = $group_name[$i]['group_id'] == $default_group;
1520	}
1521
1522	$group_select['options'][] = [
1523	'value' => $group_name[$i]['group_id'],
1524	'selected' => $selected,
1525	'label' => $group_name[$i]['group_name'],
1526	];
1527	}
1528
1529	return $group_select;
1530	}
1531
1532	/**
1533	* Perform operations on sites for external linking
1534	*/
1535	function perform_site_list()
1536	{
1537	global $db, $user, $request, $phpbb_log;
1538
1539	if (isset($_REQUEST['securesubmit']))
1540	{
1541	// Grab the list of entries
1542	$ips = $request->variable('ips', '');
1543	$ip_list = array_unique(explode("\n", $ips));
1544	$ip_list_log = implode(', ', $ip_list);
1545
1546	$ip_exclude = (int) $request->variable('ipexclude', false, false, \phpbb\request\request_interface::POST);
1547
1548	$iplist = array();
1549	$hostlist = array();
1550
1551	foreach ($ip_list as $item)
1552	{
1553	if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]\-[ ]([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode))
1554	{
1555	// Don't ask about all this, just don't ask ... !
1556	$ip_1_counter = $ip_range_explode[1];
1557	$ip_1_end = $ip_range_explode[5];
1558
1559	while ($ip_1_counter <= $ip_1_end)
1560	{
1561	$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
1562	$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
1563
1564	if ($ip_2_counter == 0 && $ip_2_end == 254)
1565	{
1566	$ip_2_counter = 256;
1567
1568	$iplist[] = "'$ip_1_counter.*'";
1569	}
1570
1571	while ($ip_2_counter <= $ip_2_end)
1572	{
1573	$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
1574	$ip_3_end = ($ip_2_counter < $ip_2_end \|\| $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
1575
1576	if ($ip_3_counter == 0 && $ip_3_end == 254)
1577	{
1578	$ip_3_counter = 256;
1579
1580	$iplist[] = "'$ip_1_counter.$ip_2_counter.*'";
1581	}
1582
1583	while ($ip_3_counter <= $ip_3_end)
1584	{
1585	$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
1586	$ip_4_end = ($ip_3_counter < $ip_3_end \|\| $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
1587
1588	if ($ip_4_counter == 0 && $ip_4_end == 254)
1589	{
1590	$ip_4_counter = 256;
1591
1592	$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
1593	}
1594
1595	while ($ip_4_counter <= $ip_4_end)
1596	{
1597	$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
1598	$ip_4_counter++;
1599	}
1600	$ip_3_counter++;
1601	}
1602	$ip_2_counter++;
1603	}
1604	$ip_1_counter++;
1605	}
1606	}
1607	else if (preg_match('#^([0-9]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})$#', trim($item)) \|\| preg_match('#^[a-f0-9:]+\?$#i', trim($item)))
1608	{
1609	$iplist[] = "'" . trim($item) . "'";
1610	}
1611	else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item)))
1612	{
1613	$hostlist[] = "'" . trim($item) . "'";
1614	}
1615	else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item)))
1616	{
1617	$hostlist[] = "'" . trim($item) . "'";
1618	}
1619	}
1620
1621	$sql = 'SELECT site_ip, site_hostname
1622	FROM ' . SITELIST_TABLE . "
1623	WHERE ip_exclude = $ip_exclude";
1624	$result = $db->sql_query($sql);
1625
1626	if ($row = $db->sql_fetchrow($result))
1627	{
1628	$iplist_tmp = array();
1629	$hostlist_tmp = array();
1630	do
1631	{
1632	if ($row['site_ip'])
1633	{
1634	if (strlen($row['site_ip']) > 40)
1635	{
1636	continue;
1637	}
1638
1639	$iplist_tmp[] = "'" . $row['site_ip'] . "'";
1640	}
1641	else if ($row['site_hostname'])
1642	{
1643	if (strlen($row['site_hostname']) > 255)
1644	{
1645	continue;
1646	}
1647
1648	$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
1649	}
1650	// break;
1651	}
1652	while ($row = $db->sql_fetchrow($result));
1653
1654	$iplist = array_unique(array_diff($iplist, $iplist_tmp));
1655	$hostlist = array_unique(array_diff($hostlist, $hostlist_tmp));
1656	unset($iplist_tmp);
1657	unset($hostlist_tmp);
1658	}
1659	$db->sql_freeresult($result);
1660
1661	if (count($iplist))
1662	{
1663	foreach ($iplist as $ip_entry)
1664	{
1665	$sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude)
1666	VALUES ($ip_entry, $ip_exclude)";
1667	$db->sql_query($sql);
1668	}
1669	}
1670
1671	if (count($hostlist))
1672	{
1673	foreach ($hostlist as $host_entry)
1674	{
1675	$sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_hostname, ip_exclude)
1676	VALUES ($host_entry, $ip_exclude)";
1677	$db->sql_query($sql);
1678	}
1679	}
1680
1681	if (!empty($ip_list_log))
1682	{
1683	// Update log
1684	$log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP';
1685	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry, false, array($ip_list_log));
1686	}
1687
1688	trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1689	}
1690	else if (isset($_POST['unsecuresubmit']))
1691	{
1692	$unip_sql = $request->variable('unip', array(0));
1693
1694	if (count($unip_sql))
1695	{
1696	$l_unip_list = '';
1697
1698	// Grab details of ips for logging information later
1699	$sql = 'SELECT site_ip, site_hostname
1700	FROM ' . SITELIST_TABLE . '
1701	WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1702	$result = $db->sql_query($sql);
1703
1704	while ($row = $db->sql_fetchrow($result))
1705	{
1706	$l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']);
1707	}
1708	$db->sql_freeresult($result);
1709
1710	$sql = 'DELETE FROM ' . SITELIST_TABLE . '
1711	WHERE ' . $db->sql_in_set('site_id', $unip_sql);
1712	$db->sql_query($sql);
1713
1714	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DOWNLOAD_REMOVE_IP', false, array($l_unip_list));
1715	}
1716
1717	trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
1718	}
1719	}
1720
1721	/**
1722	* Adjust all three max_filesize config vars for display
1723	*/
1724	function max_filesize($value, $key = '')
1725	{
1726	// Determine size var and adjust the value accordingly
1727	$filesize = get_formatted_filesize($value, false, array('mb', 'kb', 'b'));
1728	$size_var = $filesize['si_identifier'];
1729	$value = $filesize['value'];
1730
1731	return [
1732	[
1733	'tag' => 'input',
1734	'id' => $key,
1735	'type' => 'number',
1736	'name' => 'config[' . $key . ']',
1737	'min' => 0,
1738	'max' => 999999999999999,
1739	'step' => 'any',
1740	'value' => $value,
1741	],
1742	[
1743	'tag' => 'select',
1744	'name' => $key,
1745	'options' => size_select_options($size_var),
1746	]
1747	];
1748	}
1749	}