Location: PHPKode > projects > PBBoard > PBBoard_v2.1.4/Upload/modules/attachments.module.php
<?php

// ##############################################################################||
// #
// #   PowerBB Version 2.0.0
// #   http://www.PBBoard.com
// #   Copyright (c) 2009 by Abu.Rakan
// #
// #   filename : attachments.module.php
// #   download and show attachment files
// #
// ##############################################################################||

(!defined('IN_PowerBB')) ? die() : '';

$CALL_SYSTEM					=	array();
$CALL_SYSTEM['SUBJECT'] 		= 	true;
$CALL_SYSTEM['SECTION'] 		= 	true;
$CALL_SYSTEM['TOOLBOX'] 		= 	true;
$CALL_SYSTEM['ICONS'] 			= 	true;
$CALL_SYSTEM['REPLY'] 			= 	true;
$CALL_SYSTEM['CACHE'] 			= 	true;
$CALL_SYSTEM['USERTITLE'] 		= 	true;
$CALL_SYSTEM['MODERATORS'] 		= 	true;
$CALL_SYSTEM['FILESEXTENSION'] 	= 	true;
$CALL_SYSTEM['ATTACH'] 			= 	true;

define('JAVASCRIPT_PowerCode',true);

include('common.php');

define('CLASS_NAME','PowerBBAttachAddMOD');

class PowerBBAttachAddMOD
{

	function run()
	{
		global $PowerBB;

        /*
		if (!$PowerBB->_CONF['group_info']['download_attach'])
		{
               $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['error_permission']);
		}
       */

 		$SubjectArr = array();
		$SubjectArr['where'] = array('id',$PowerBB->_GET['subject_id']);

		$SubjectInfo = $PowerBB->subject->GetSubjectInfo($SubjectArr);

        $SectionInfo = $SubjectInfo['section'].$PowerBB->_GET['section'];

		/** Get section's group information and make some checks **/
		$SecGroupArr 						= 	array();
		$SecGroupArr['where'] 				= 	array();

		$SecGroupArr['where'][0]			=	array();
		$SecGroupArr['where'][0]['name'] 	= 	'section_id';
		$SecGroupArr['where'][0]['oper']	=	'=';
		$SecGroupArr['where'][0]['value'] 	= 	$SectionInfo;

		$SecGroupArr['where'][1]			=	array();
		$SecGroupArr['where'][1]['con']		=	'AND';
		$SecGroupArr['where'][1]['name']	=	'group_id';
		$SecGroupArr['where'][1]['oper']	=	'=';
		$SecGroupArr['where'][1]['value']	=	$PowerBB->_CONF['group_info']['id'];

		// Finally get the permissions of group
		$this->SectionGroup = $PowerBB->group->GetSectionGroupInfo($SecGroupArr);
			if ($PowerBB->_GET['nocheck'])
			{
				// donot any thing
			}
          else
          {
			if (!$this->SectionGroup['view_section']
				or !$this->SectionGroup['write_subject']
				or !$this->SectionGroup['upload_attach'])
			{

	         $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['error_permission'].'');
			}
		}
		/** **/

		/** Action to uplud and Edit and Delete **/

            /** Show a nice form in Subject :) **/
			if ($PowerBB->_GET['edit_attach'])
			{
				$this->_Edit_attach_Subject();
			}
			/** **/
			/** Start uplud and Edit attach in Subject **/
			elseif ($PowerBB->_GET['edit_start'])
			{
				$this->_Start_Edit_Subject();
			}
			/** **/
			/** Start delete attach In Subject **/
			elseif ($PowerBB->_GET['delete_attach_subject'])
			{
				$this->_Delete_Attach_Subject();
			}

			/** Show a nice form in reply :) **/
			if ($PowerBB->_GET['index'])
			{
				$this->_Edit_attach_Reply();
			}
			/** **/
			/** Start uplud and Edit attach in reply **/
			elseif ($PowerBB->_GET['start'])
			{
				$this->_Start_Edit_Reply();
			}
			/** **/
			/** Start delete attach in reply **/
			elseif ($PowerBB->_GET['delete_attach'])
			{
				$this->_Delete_Attach_Reply();
			}

			/** ADD A New attach in New Subject :) **/
			if ($PowerBB->_GET['add_attach'])
			{
				$this->_Add_attach_Subject();
			}
			/** Start uplud and Add attach in New Subject **/
			elseif ($PowerBB->_GET['add_start'])
			{
				$this->_Star_Add_Subject();
			}
			/** Start delete attach In Subject **/
			elseif ($PowerBB->_GET['delete_attach_new_subject'])
			{
				$this->_Delete_Attach_New_Subject();
			}

			/** ADD A New attach in New reply :) **/
			if ($PowerBB->_GET['add_attach_reply'])
			{
				$this->_Add_attach_Reply();
			}
			/** Start uplud and Add attach in New Reply **/
			elseif ($PowerBB->_GET['add_start_reply'])
			{
				$this->_Star_Add_Reply();
			}
			/** Start delete attach In Reply **/
			elseif ($PowerBB->_GET['delete_attach_new_reply'])
			{
				$this->_Delete_Attach_New_Reply();
			}

		  /** **/

	}


    function _Edit_attach_Subject()
	{
		global $PowerBB;

        $PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
        $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

		if (empty($PowerBB->_GET['subject_id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

		$ReplyArr = array();
		$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);

		$SubjectArr1 = array();
		$SubjectArr1['where'] = array('id',$PowerBB->_GET['subject_id']);

		$PowerBB->_CONF['template']['SubjectInfo'] = $PowerBB->subject->GetSubjectInfo($SubjectArr1);
		$SubjectInfo1 = $PowerBB->subject->GetSubjectInfo($SubjectArr1);

		if ($PowerBB->functions->ModeratorCheck($SubjectInfo1['section'])
	        or $PowerBB->_CONF['member_row']['username'] == $SubjectInfo1['writer'])
		{



		// Get the attachment information

			$AttachArr 							= 	array();
			$AttachArr['where']					= 	array();
			$AttachArr['where'][0] 				=	array();
			$AttachArr['where'][0]['name'] 		=	'subject_id';
			$AttachArr['where'][0]['oper'] 		=	'=';
			$AttachArr['where'][0]['value'] 	=	$PowerBB->_GET['subject_id'];
			$AttachArr['where'][1] 				=	array();
			$AttachArr['where'][1]['con']		=	'AND';
			$AttachArr['where'][1]['name'] 		=	'reply';
			$AttachArr['where'][1]['oper'] 		=	'=';
			$AttachArr['where'][1]['value'] 	=	'0';

			$PowerBB->_CONF['template']['while']['SubjectAttachList'] = $PowerBB->attach->GetAttachList($AttachArr);

		////////

		$ExArr 						= 	array();
		$ExArr['order']				=	array();
		$ExArr['order']['field']	=	'id';
		$ExArr['order']['type']		=	'DESC';
		$ExArr['proc'] 				= 	array();
		$ExArr['proc']['*'] 		= 	array('method'=>'clean','param'=>'html');

		$PowerBB->_CONF['template']['while']['ExList'] = $PowerBB->extension->GetExtensionList($ExArr);

		// Finally , show the form :)
		$PowerBB->template->display('add_edit_attach_subject');

		}
		else
		{
		$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['error_permission']);
		}
	}


	function _Start_Edit_Subject()
	{
		global $PowerBB;


         $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

     				$files_error	=	array();
     				$files_success	=	array();
     				$files_number 	= 	sizeof($PowerBB->_FILES['files']['name']);
     				$stop			=	false;

     					// All of these variables use for loop and arrays
     					$x = 0; // For the main loop
     					$y = 0; // For error array
     					$z = 0; // For success array


     			while ($files_number > $x)
     			{
			         if ($files_number == '1')
					{
				         if (empty($PowerBB->_FILES['files']['name'][$x]))
						{
							$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
						}
					}

				// Check if the extenstion is allowed or not
				$ext = $PowerBB->functions->GetFileExtension($PowerBB->_FILES['files']['name'][$x]);

		        // Get the extension of the file
				$ExtArr 			= 	array();
				$ExtArr['where'] 	= 	array('Ex',$ext);

				$extension = $PowerBB->extension->GetExtensionInfo($ExtArr);

           		 if (!empty($PowerBB->_FILES['files']['name'][$x]))
				{
					if (!$PowerBB->extension->IsExtension(array('where' => array('Ex',$ext))))
					{
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension'].'('. $ext .')');
					}


			        // Check if the extenstion max size is allowed or not
			        $size = ceil(($PowerBB->_FILES['files']['size'][$x] / 1024));


					if ($size > $extension['max_size'])
					{
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['max_size_extension1'].'('. $ext .')'.$PowerBB->_CONF['template']['lang']['max_size_extension2'].$extension['max_size'].$PowerBB->_CONF['template']['lang']['max_size_extension3']);
					}


		            if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php3') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.phtml') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.pl') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.cgi') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.asp') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}
					if ( stristr($PowerBB->_FILES['files']['name'][$x],'.3gp') )
		             {
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
					}



		             $Random = $PowerBB->functions->RandomCode() .$PowerBB->_FILES['files']['name'][$x];

	                     $ext = str_replace('.','',$ext);


	                // Insert attachment to the database
					$AttachArr 							= 	array();
					$AttachArr['field'] 				= 	array();
					$AttachArr['field']['filename'] 	= 	$PowerBB->_FILES['files']['name'][$x];
					$AttachArr['field']['filepath'] 	= 	$PowerBB->_CONF['info_row']['download_path'] . '/' . $Random;
					$AttachArr['field']['filesize'] 	= 	$PowerBB->_FILES['files']['size'][$x];
					$AttachArr['field']['subject_id'] 	= 	$PowerBB->_GET['subject_id'];
					$AttachArr['field']['extension'] 	= 	$ext;
					$AttachArr['field']['reply']		=	'0';
					$AttachArr['field']['u_id']		    =	$PowerBB->_CONF['member_row']['id'];

					$InsertAttach = $PowerBB->attach->InsertAttach($AttachArr);



					if ($InsertAttach)
					{

						// Kill XSS
						$PowerBB->functions->CleanVariable($InsertAttach,'html');
						// Kill SQL Injection
						$PowerBB->functions->CleanVariable($InsertAttach,'sql');


						$SubjectArr 							= 	array();
						$SubjectArr['field'] 					= 	array();
						$SubjectArr['field']['attach_subject'] 	= 	'1';
						$SubjectArr['where'] 					= 	array('id',$PowerBB->_GET['subject_id']);

					  $update = $PowerBB->subject->UpdateSubject($SubjectArr);

				         move_uploaded_file($PowerBB->_FILES['files']['tmp_name'][$x] , $PowerBB->_CONF['info_row']['download_path'] . '/' . $Random);


	                }
	            }
                  $x += 1;
              }

			if (!$InsertAttach)
			{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
			}
			else
			{
			$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_downloaded_successfully']);
			$PowerBB->functions->redirect('index.php?page=attachments&amp;edit_attach=1&amp;subject_id=' . $PowerBB->_GET['subject_id']);
			}

	 }


	 function _Delete_Attach_Subject()
	{
		global $PowerBB;

       	$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
        $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

       		$ReplyArr = array();
		$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);

		$SubjectArr = array();
		$SubjectArr['where'] = array('id',$PowerBB->_GET['subject_id']);

		$PowerBB->_CONF['template']['SubjectInfo'] = $PowerBB->subject->GetSubjectInfo($SubjectArr);
		$SubjectInfo = $PowerBB->subject->GetSubjectInfo($SubjectArr);

		if ($PowerBB->functions->ModeratorCheck($SubjectInfo['section'])
	        or $PowerBB->_CONF['member_row']['username'] == $SubjectInfo['writer'])
		{
			$ReplyArr = array();
			$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

			$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);


			$SubjectArr = array();
			$SubjectArr['where'] = array('id',$PowerBB->_GET['subject_id']);

			$PowerBB->_CONF['template']['SubjectInfo'] = $PowerBB->subject->GetSubjectInfo($SubjectArr);

              /*
	            // Delete attachment to the database
				$SubjectArr 							= 	array();
				$SubjectArr['field'] 					= 	array();
				$SubjectArr['field']['attach_subject'] 	= 	'0';
				$SubjectArr['where'] 					= 	array('id',$PowerBB->_GET['subject_id']);

			 $update = $PowerBB->subject->UpdateSubject($SubjectArr);
           */

		   $GetAttachArr 					= 	array();
		   $GetAttachArr['where'] 			= 	array('id',$PowerBB->_GET['id']);
		   $Attachinfo = $PowerBB->attach->GetAttachInfo($GetAttachArr);

		   	 if (file_exists($Attachinfo['filepath']))
		      {
			   $del = unlink($Attachinfo['filepath']);
              }

	        // Delete attachment to the database
			$AttachArr 							= 	array();
			$AttachArr['name'] 	        		=  	'id';
	        $AttachArr['where'] 		    	= 	array('id',$PowerBB->_GET['id']);

			$DeleteAttach = $PowerBB->attach->DeleteAttach($AttachArr);

			if($DeleteAttach)
		  {

			       // Finally , Delete the Attach
	        $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_deleted_successfully']);
			$PowerBB->functions->redirect('index.php?page=attachments&amp;edit_attach=1&amp;subject_id=' . $PowerBB->_GET['subject_id']);
		  }


				}
		else
		{
		$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['File_was_deleted_successfully']);
		}

	}


	function _Edit_attach_Reply()
	{
		global $PowerBB;


        $PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
       	$PowerBB->_GET['reply_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['reply_id'],'intval');
        $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

		if (empty($PowerBB->_GET['reply_id'])
		or empty($PowerBB->_GET['subject_id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

		$ReplyArr = array();
		$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);
       $ReplyInfo = $PowerBB->reply->GetReplyInfo($ReplyArr);

         // Get the attachment information

		$ReplyAttachArr 					= 	array();
		$ReplyAttachArr['where'] 			= 	array('subject_id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['while']['ReplyAttachList'] = $PowerBB->attach->GetattachList($ReplyAttachArr);

				if ($PowerBB->functions->ModeratorCheck($ReplyInfo['section'])
	        or $PowerBB->_CONF['member_row']['username'] == $ReplyInfo['writer'])
		{

		////////

		$ExArr 						= 	array();
		$ExArr['order']				=	array();
		$ExArr['order']['field']	=	'id';
		$ExArr['order']['type']		=	'DESC';
		$ExArr['proc'] 				= 	array();
		$ExArr['proc']['*'] 		= 	array('method'=>'clean','param'=>'html');

		$PowerBB->_CONF['template']['while']['ExList'] = $PowerBB->extension->GetExtensionList($ExArr);


		// Finally , show the form :)
		$PowerBB->template->display('add_edit_attach_reply');

		}
		else
		{
		$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['error_permission']);
		}
	}


	function _Start_Edit_Reply()
	{
		global $PowerBB;

         $PowerBB->_GET['reply_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['reply_id'],'intval');
         $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

   				    $files_error	=	array();
     				$files_success	=	array();
     				$files_number 	= 	sizeof($PowerBB->_FILES['files']['name']);
     				$stop			=	false;

     					// All of these variables use for loop and arrays
     					$x = 0; // For the main loop
     					$y = 0; // For error array
     					$z = 0; // For success array


      			while ($files_number > $x)
     			{
			         if ($files_number == '1')
					{
				         if (empty($PowerBB->_FILES['files']['name'][$x]))
						{
							$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
						}
					}

						// Check if the extenstion is allowed or not
						$ext = $PowerBB->functions->GetFileExtension($PowerBB->_FILES['files']['name'][$x]);

				        // Get the extension of the file
						$ExtArr 			= 	array();
						$ExtArr['where'] 	= 	array('Ex',$ext);

						$extension = $PowerBB->extension->GetExtensionInfo($ExtArr);

				        // Check if the extenstion max size is allowed or not
				        $size = ceil(($PowerBB->_FILES['files']['size'][$x] / 1024));

						if ($size > $extension['max_size'])
						{
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['max_size_extension1'].'('. $ext .')'.$PowerBB->_CONF['template']['lang']['max_size_extension2'].$extension['max_size'].$PowerBB->_CONF['template']['lang']['max_size_extension3']);
						}


	           		 if (!empty($PowerBB->_FILES['files']['name'][$x]))
					{
						if (!$PowerBB->extension->IsExtension(array('where' => array('Ex',$ext))))
						{
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension'].'('. $ext .')');
						}


			              if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php3') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.phtml') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.pl') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.cgi') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.asp') )
			             {
			             $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}
						if ( stristr($PowerBB->_FILES['files']['name'][$x],'.3gp') )
			             {
			              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
						}

			             $Random = $PowerBB->functions->RandomCode() .$PowerBB->_FILES['files']['name'][$x];

			                     $ext = str_replace('.','',$ext);

			                // Insert attachment to the database
							$AttachArr 							= 	array();
							$AttachArr['field'] 				= 	array();
							$AttachArr['field']['filename'] 	= 	$PowerBB->_FILES['files']['name'][$x];
							$AttachArr['field']['filepath'] 	= 	$PowerBB->_CONF['info_row']['download_path'] . '/' . $Random;
							$AttachArr['field']['filesize'] 	= 	$PowerBB->_FILES['files']['size'][$x];
							$AttachArr['field']['extension'] 	= 	$ext;
							$AttachArr['field']['subject_id'] 	= 	$PowerBB->_GET['reply_id'];
							$AttachArr['field']['reply']		=	1;
							$AttachArr['field']['u_id']		    =	$PowerBB->_CONF['member_row']['id'];

							$InsertAttach = $PowerBB->attach->InsertAttach($AttachArr);



							if ($InsertAttach)
							{

								// Kill XSS
								$PowerBB->functions->CleanVariable($InsertAttach,'html');
								// Kill SQL Injection
								$PowerBB->functions->CleanVariable($InsertAttach,'sql');


								$ReplyArr 							= 	array();
								$ReplyArr['field'] 					= 	array();
								$ReplyArr['field']['attach_reply'] 	= 	'1';
								$ReplyArr['where'] 					= 	array('id',$PowerBB->_GET['reply_id']);

							  $update = $PowerBB->reply->UpdateReply($ReplyArr);

						         move_uploaded_file($PowerBB->_FILES['files']['tmp_name'][$x] , $PowerBB->_CONF['info_row']['download_path'] . '/' . $Random);


			                }
                      }
			                $x += 1;
              }

        $ReplyArr = array();
		$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

		$ReplyInfo = $PowerBB->reply->GetReplyInfo($ReplyArr);



			if (!$InsertAttach)
			{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
			}
			else
			{
			$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_downloaded_successfully']);
			$PowerBB->functions->redirect('index.php?page=attachments&amp;index=1&amp;subject_id=' . $ReplyInfo['subject_id'] . '&amp;reply_id=' . $PowerBB->_GET['reply_id']);
			}

	 }


	 function _Delete_Attach_Reply()
	{
		global $PowerBB;

		$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');
       	$PowerBB->_GET['reply_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['reply_id'],'intval');
        $PowerBB->_GET['subject_id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['subject_id'],'intval');

		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}
       		$ReplyArr = array();
		$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);
       $ReplyInfo = $PowerBB->reply->GetReplyInfo($ReplyArr);

         // Get the attachment information

		$ReplyAttachArr 					= 	array();
		$ReplyAttachArr['where'] 			= 	array('subject_id',$PowerBB->_GET['reply_id']);

		$PowerBB->_CONF['template']['while']['ReplyAttachList'] = $PowerBB->attach->GetattachList($ReplyAttachArr);

		if ($PowerBB->functions->ModeratorCheck($ReplyInfo['section'])
        or $PowerBB->_CONF['member_row']['username'] == $ReplyInfo['writer'])
		{
				$ReplyArr = array();
				$ReplyArr['where'] = array('id',$PowerBB->_GET['reply_id']);

				$PowerBB->_CONF['template']['ReplyInfo'] = $PowerBB->reply->GetReplyInfo($ReplyArr);

		         $ReplyInfo = $PowerBB->reply->GetReplyInfo($ReplyArr);


		            // Delete attachment to the database
					$ReplyArr 							= 	array();
					$ReplyArr['field'] 					= 	array();
					$ReplyArr['field']['attach_reply'] 	= 	'0';
					$ReplyArr['where'] 					= 	array('id',$PowerBB->_GET['reply_id']);

				 $update = $PowerBB->reply->UpdateReply($ReplyArr);

			   $GetAttachArr 					= 	array();
			   $GetAttachArr['where'] 			= 	array('id',$PowerBB->_GET['id']);
			   $Attachinfo = $PowerBB->attach->GetAttachInfo($GetAttachArr);

			  if (file_exists($Attachinfo['filepath']))
		      {
			   $del = unlink($Attachinfo['filepath']);
              }

		        // Delete attachment to the database
				$AttachArr 							= 	array();
				$AttachArr['name'] 	        		=  	'id';
		        $AttachArr['where'] 		    	= 	array('id',$PowerBB->_GET['id']);

				$DeleteAttach = $PowerBB->attach->DeleteAttach($AttachArr);

				if($DeleteAttach)
			  {

				       // Finally , Delete the Attach
		        $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_deleted_successfully']);
				$PowerBB->functions->redirect('index.php?page=attachments&amp;index=1&amp;subject_id=' . $ReplyInfo['subject_id'] . '&amp;reply_id=' . $PowerBB->_GET['reply_id']);
			  }

      	}
		else
		{
		$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['error_permission']);
		}

	}

    function _Add_attach_Subject()
	{
		global $PowerBB;

		// Get the attachment information

			$AttachArr 							= 	array();
			$AttachArr['where']					= 	array();
			$AttachArr['where'][0] 				=	array();
			$AttachArr['where'][0]['name'] 		=	'subject_id';
			$AttachArr['where'][0]['oper'] 		=	'=';
			$AttachArr['where'][0]['value'] 	=	'-'.$PowerBB->_CONF['member_row']['id'];
			$AttachArr['where'][1] 				=	array();
			$AttachArr['where'][1]['con']		=	'AND';
			$AttachArr['where'][1]['name'] 		=	'reply';
			$AttachArr['where'][1]['oper'] 		=	'=';
			$AttachArr['where'][1]['value'] 	=	'0';

			$PowerBB->_CONF['template']['while']['SubjectAttachList'] = $PowerBB->attach->GetAttachList($AttachArr);

		////////

		$ExArr 						= 	array();
		$ExArr['order']				=	array();
		$ExArr['order']['field']	=	'id';
		$ExArr['order']['type']		=	'DESC';
		$ExArr['proc'] 				= 	array();
		$ExArr['proc']['*'] 		= 	array('method'=>'clean','param'=>'html');

		$PowerBB->_CONF['template']['while']['ExList'] = $PowerBB->extension->GetExtensionList($ExArr);

		// Finally , show the form :)
		$PowerBB->template->assign('section',$PowerBB->_GET['section']);
		$PowerBB->template->display('add_attach_subject');


	}

	function _Star_Add_Subject()
	{
		global $PowerBB;

     				$files_error	=	array();
     				$files_success	=	array();
     				$files_number 	= 	sizeof($PowerBB->_FILES['files']['name']);
     				$stop			=	false;

     					// All of these variables use for loop and arrays
     					$x = 0; // For the main loop
     					$y = 0; // For error array
     					$z = 0; // For success array


     	 while ($files_number > $x)
     	 {

	         if ($files_number == '1')
			{
		         if (empty($PowerBB->_FILES['files']['name'][$x]))
				{
					$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
				}
			}

			// Check if the extenstion is allowed or not
			$ext = $PowerBB->functions->GetFileExtension($PowerBB->_FILES['files']['name'][$x]);

	        // Get the extension of the file
			$ExtArr 			= 	array();
			$ExtArr['where'] 	= 	array('Ex',$ext);

			$extension = $PowerBB->extension->GetExtensionInfo($ExtArr);

	        // Check if the extenstion max size is allowed or not
	        $size = ceil(($PowerBB->_FILES['files']['size'][$x] / 1024));

			if ($size > $extension['max_size'])
			{
              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['max_size_extension1'].'('. $ext .')'.$PowerBB->_CONF['template']['lang']['max_size_extension2'].$extension['max_size'].$PowerBB->_CONF['template']['lang']['max_size_extension3']);
			}

           		 if (!empty($PowerBB->_FILES['files']['name'][$x]))
				{
					if (!$PowerBB->extension->IsExtension(array('where' => array('Ex',$ext))))
					{
		              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension'].'('. $ext .')');
					}


	            if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php3') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.phtml') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.pl') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.cgi') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.asp') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.3gp') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}



              $Random = $PowerBB->functions->RandomCode() .$PowerBB->_FILES['files']['name'][$x];

                     $ext = str_replace('.','',$ext);


                // Insert attachment to the database
				$AttachArr 							= 	array();
				$AttachArr['field'] 				= 	array();
				$AttachArr['field']['filename'] 	= 	$PowerBB->_FILES['files']['name'][$x];
				$AttachArr['field']['filepath'] 	= 	$PowerBB->_CONF['info_row']['download_path'] . '/' . $Random;
				$AttachArr['field']['filesize'] 	= 	$PowerBB->_FILES['files']['size'][$x];
				$AttachArr['field']['subject_id'] 	= 	'-'.$PowerBB->_CONF['member_row']['id'];
				$AttachArr['field']['extension'] 	= 	$ext;
				$AttachArr['field']['reply']		=	'0';
				$AttachArr['field']['u_id']		    =	$PowerBB->_CONF['member_row']['id'];

				$InsertAttach = $PowerBB->attach->InsertAttach($AttachArr);

				if ($InsertAttach)
				{

					// Kill XSS
					$PowerBB->functions->CleanVariable($InsertAttach,'html');
					// Kill SQL Injection
					$PowerBB->functions->CleanVariable($InsertAttach,'sql');


			         move_uploaded_file($PowerBB->_FILES['files']['tmp_name'][$x] , $PowerBB->_CONF['info_row']['download_path'] . '/' . $Random);
              }
             }

                 $x += 1;
         }



			if (!$InsertAttach)
			{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
			}
			else
			{
			$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_downloaded_successfully']);
			$PowerBB->functions->redirect('index.php?page=attachments&amp;add_attach=1&amp;nocheck=1&amp;section='.$PowerBB->_GET['section'].'');
			}

	 }

	 function _Delete_Attach_New_Subject()
	{
		global $PowerBB;

       	$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');

		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

		  $GetAttachArr 					= 	array();
		  $GetAttachArr['where'] 			= 	array('id',$PowerBB->_GET['id']);
		   $Attachinfo = $PowerBB->attach->GetAttachInfo($GetAttachArr);

		   	if (file_exists($Attachinfo['filepath']))
		      {
			   $del = unlink($Attachinfo['filepath']);
              }


	        // Delete attachment to the database
			$AttachArr 							= 	array();
			$AttachArr['name'] 	        		=  	'id';
	        $AttachArr['where'] 		    	= 	array('id',$PowerBB->_GET['id']);

			$DeleteAttach = $PowerBB->attach->DeleteAttach($AttachArr);

		 if($DeleteAttach)
		  {
			// Finally , Delete the Attach
	        $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_deleted_successfully']);
		    $PowerBB->functions->redirect('index.php?page=attachments&amp;add_attach=1&amp;nocheck=1&amp;section='.$PowerBB->_GET['section'].'');
		  }




	}

    function _Add_attach_Reply()
	{
		global $PowerBB;

		// Get the attachment information

			$AttachArr 							= 	array();
			$AttachArr['where']					= 	array();
			$AttachArr['where'][0] 				=	array();
			$AttachArr['where'][0]['name'] 		=	'subject_id';
			$AttachArr['where'][0]['oper'] 		=	'=';
			$AttachArr['where'][0]['value'] 	=	$PowerBB->_GET['subject_id'];
			$AttachArr['where'][1] 				=	array();
			$AttachArr['where'][1]['con']		=	'AND';
			$AttachArr['where'][1]['name'] 		=	'reply';
			$AttachArr['where'][1]['oper'] 		=	'=';
			$AttachArr['where'][1]['value'] 	=	'-'.$PowerBB->_CONF['member_row']['id'];

			$PowerBB->_CONF['template']['while']['SubjectAttachList'] = $PowerBB->attach->GetAttachList($AttachArr);


		////////

		$ExArr 						= 	array();
		$ExArr['order']				=	array();
		$ExArr['order']['field']	=	'id';
		$ExArr['order']['type']		=	'DESC';
		$ExArr['proc'] 				= 	array();
		$ExArr['proc']['*'] 		= 	array('method'=>'clean','param'=>'html');

		$PowerBB->_CONF['template']['while']['ExList'] = $PowerBB->extension->GetExtensionList($ExArr);

		// Finally , show the form :)
		$PowerBB->template->assign('subject_id',$PowerBB->_GET['subject_id']);
		$PowerBB->template->display('add_attach_reply');


	}

	function _Star_Add_Reply()
	{
		global $PowerBB;

		if (empty($PowerBB->_FILES['files']['name']))
		{
		$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
		}

		$files_error	=	array();
		$files_success	=	array();
		$files_number 	= 	sizeof($PowerBB->_FILES['files']['name']);
		$stop			=	false;

		// All of these variables use for loop and arrays
		$x = 0; // For the main loop
		$y = 0; // For error array
		$z = 0; // For success array

     	 while ($files_number > $x)
     	 {

	         if ($files_number == '1')
			{
		         if (empty($PowerBB->_FILES['files']['name'][$x]))
				{
					$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
				}
			}


			// Check if the extenstion is allowed or not
			$ext = $PowerBB->functions->GetFileExtension($PowerBB->_FILES['files']['name'][$x]);

	        // Get the extension of the file
			$ExtArr 			= 	array();
			$ExtArr['where'] 	= 	array('Ex',$ext);

			$extension = $PowerBB->extension->GetExtensionInfo($ExtArr);

	        // Check if the extenstion max size is allowed or not
	        $size = ceil(($PowerBB->_FILES['files']['size'][$x] / 1024));

			if ($size > $extension['max_size'])
			{
              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['max_size_extension1'].'('. $ext .')'.$PowerBB->_CONF['template']['lang']['max_size_extension2'].$extension['max_size'].$PowerBB->_CONF['template']['lang']['max_size_extension3']);
			}


           if (!empty($PowerBB->_FILES['files']['name'][$x]))
			{
				if (!$PowerBB->extension->IsExtension(array('where' => array('Ex',$ext))))
				{
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension'].'('. $ext .')');
				}


	            if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.php3') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.phtml') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.pl') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.cgi') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.asp') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}
				if ( stristr($PowerBB->_FILES['files']['name'][$x],'.3gp') )
	             {
	              $PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['Can_you_raise_file_extension']);
				}



             $Random = $PowerBB->functions->RandomCode() .$PowerBB->_FILES['files']['name'][$x];

                     $ext = str_replace('.','',$ext);


                // Insert attachment to the database
				$AttachArr 							= 	array();
				$AttachArr['field'] 				= 	array();
				$AttachArr['field']['filename'] 	= 	$PowerBB->_FILES['files']['name'][$x];
				$AttachArr['field']['filepath'] 	= 	$PowerBB->_CONF['info_row']['download_path'] . '/' . $Random;
				$AttachArr['field']['filesize'] 	= 	$PowerBB->_FILES['files']['size'][$x];
				$AttachArr['field']['subject_id'] 	= 	$PowerBB->_GET['subject_id'];
				$AttachArr['field']['extension'] 	= 	$ext;
				$AttachArr['field']['reply']		=	'-'.$PowerBB->_CONF['member_row']['id'];
				$AttachArr['field']['u_id']		    =	$PowerBB->_CONF['member_row']['id'];

				$InsertAttach = $PowerBB->attach->InsertAttach($AttachArr);

				if ($InsertAttach)
				{

					// Kill XSS
					$PowerBB->functions->CleanVariable($InsertAttach,'html');
					// Kill SQL Injection
					$PowerBB->functions->CleanVariable($InsertAttach,'sql');


			         move_uploaded_file($PowerBB->_FILES['files']['tmp_name'][$x] , $PowerBB->_CONF['info_row']['download_path'] . '/' . $Random);


                }

             }

			$x += 1;
			}

			if (!$InsertAttach)
			{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['You_do_not_choose_any_file']);
			}
			else
			{
			$PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_downloaded_successfully']);
			$PowerBB->functions->redirect('index.php?page=attachments&amp;add_attach_reply=1&amp;subject_id='.$PowerBB->_GET['subject_id'].'');
			}

	 }

	 function _Delete_Attach_New_Reply()
	{
		global $PowerBB;

       	$PowerBB->_GET['id'] = $PowerBB->functions->CleanVariable($PowerBB->_GET['id'],'intval');

		if (empty($PowerBB->_GET['id']))
		{
			$PowerBB->functions->error_no_foot($PowerBB->_CONF['template']['lang']['path_not_true']);
		}

		  $GetAttachArr 					= 	array();
		  $GetAttachArr['where'] 			= 	array('id',$PowerBB->_GET['id']);
		   $Attachinfo = $PowerBB->attach->GetAttachInfo($GetAttachArr);

		   	if (file_exists($Attachinfo['filepath']))
		      {
			   $del = unlink($Attachinfo['filepath']);
              }


	        // Delete attachment to the database
			$AttachArr 							= 	array();
			$AttachArr['name'] 	        		=  	'id';
	        $AttachArr['where'] 		    	= 	array('id',$PowerBB->_GET['id']);

			$DeleteAttach = $PowerBB->attach->DeleteAttach($AttachArr);

		 if($DeleteAttach)
		  {
			// Finally , Delete the Attach
	        $PowerBB->functions->msg($PowerBB->_CONF['template']['lang']['File_was_deleted_successfully']);
		    $PowerBB->functions->redirect('index.php?page=attachments&amp;add_attach_reply=1&amp;subject_id='.$PowerBB->_GET['subject_id'].'');
		  }




	}



}
?>

Return current item: PBBoard