[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'attachment.php');
  14  
  15  require_once  "./global.php";
  16  
  17  // Find the AID we're looking for
  18  if($mybb->input['thumbnail'])
  19  {
  20      $aid = intval($mybb->input['thumbnail']);
  21  }
  22  else
  23  {
  24      $aid = intval($mybb->input['aid']);
  25  }
  26  
  27  $plugins->run_hooks("attachment_start");
  28  
  29  $pid = intval($mybb->input['pid']);
  30  
  31  // Select attachment data from database
  32  if($aid)
  33  {
  34      $query = $db->simple_select("attachments", "*", "aid='{$aid}'");
  35  }
  36  else
  37  {
  38      $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
  39  }
  40  $attachment = $db->fetch_array($query);
  41  $pid = $attachment['pid'];
  42  
  43  $post = get_post($pid);
  44  $thread = get_thread($post['tid']);
  45  
  46  if(!$thread['tid'] && !$mybb->input['thumbnail'])
  47  {
  48      error($lang->error_invalidthread);
  49  }
  50  $fid = $thread['fid'];
  51  
  52  // Get forum info
  53  $forum = get_forum($fid);
  54  
  55  // Permissions
  56  $forumpermissions = forum_permissions($fid);
  57  
  58  if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || ($forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
  59  {
  60      error_no_permission();
  61  }
  62  
  63  // Error if attachment is invalid or not visible
  64  if(!$attachment['aid'] || !$attachment['attachname'] || (!is_moderator($fid) && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
  65  {
  66      error($lang->error_invalidattachment);
  67  }
  68  
  69  if(!$mybb->input['thumbnail']) // Only increment the download count if this is not a thumbnail
  70  {
  71      $attachupdate = array(
  72          "downloads" => $attachment['downloads']+1,
  73      );
  74      $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
  75  }
  76  
  77  // basename isn't UTF-8 safe. This is a workaround.
  78  $attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
  79  
  80  $plugins->run_hooks("attachment_end");
  81  
  82  if($mybb->input['thumbnail'])
  83  {
  84      $ext = get_extension($attachment['thumbnail']);
  85      switch($ext)
  86      {
  87          case "gif":
  88              $type = "image/gif";
  89              break;
  90          case "bmp":
  91              $type = "image/bmp";
  92              break;
  93          case "png":
  94              $type = "image/png";
  95              break;
  96          case "jpg":
  97          case "jpeg":
  98          case "jpe":
  99              $type = "image/jpeg";
 100              break;
 101          default:
 102              $type = "image/unknown";
 103              break;
 104      }
 105      
 106      header("Content-disposition: filename=\"{$attachment['filename']}\"");
 107      header("Content-type: ".$type);
 108      $thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
 109      header("Content-length: ".@filesize($thumb));
 110      $handle = fopen($thumb, 'rb');
 111      while(!feof($handle))
 112      {
 113          echo fread($handle, 8192);
 114      }
 115      fclose($handle);
 116  }
 117  else
 118  {
 119      $ext = get_extension($attachment['filename']);
 120      
 121      switch($attachment['filetype'])
 122      {
 123          case "application/pdf":
 124          case "image/bmp":
 125          case "image/gif":
 126          case "image/jpeg":
 127          case "image/pjpeg":
 128          case "image/png":
 129          case "text/plain":
 130              header("Content-type: {$attachment['filetype']}");
 131              $disposition = "inline";
 132              break;
 133  
 134          default:
 135              $filetype = $attachment['filetype'];
 136  
 137              if(!$filetype)
 138              {
 139                  $filetype = 'application/force-download';
 140              }
 141  
 142              header("Content-type: {$filetype}");
 143              $disposition = "attachment";
 144      }
 145  
 146      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
 147      {
 148          header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
 149      }
 150      else
 151      {
 152          header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
 153      }
 154      
 155      if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
 156      {
 157          header("Expires: -1");
 158      }
 159      
 160      header("Content-length: {$attachment['filesize']}");
 161      header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
 162      $handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
 163      while(!feof($handle))
 164      {
 165          echo fread($handle, 8192);
 166      }
 167      fclose($handle);
 168  }
 169  ?>