1 (edited by Frank H 2005-01-16 09:41)

Topic: Attachment Mod 1.0.1 by Frank H

##
##
##        Mod title:  Attachment Mod
##
##      Mod version:  1.0.1
##   Works on PunBB:  1.1.1
##     Release date:  2004-01-21
##           Author:  Frank Hagstrom (frank_n05pam@hotmail.com)
##
##      Description:  This mod will add the ability for attachments beeing
##                    posted in PunBB 1.1.1
##
##   Affected files:  admin_forums.php
##                    delete.php
##                    edit.php
##                    post.php
##                    viewtopic.php
##                    commonadmin.php
##
##       Affects DB:  Yes
##
##            Notes:  This mod stores the files in the database, thus you must
##                    configure it to accept large querys. You must set this
##                    alittle larger than the files you accept. Settings for
##                    mysql can be found in my.cnf (or in windows my.ini).
##                    Furthermore you also need to let php accept large posts,
##                    and files attached. Set this in php.ini.
##
##                    The attachment mod can be configured by altering the
##                    /include/attach.php file, in there you will find the
##                    following variables:
##
##                    $attach_use_icon    - Set this to false if you don't
##                                          want icons next to your
##                                          attachments. Users that don't want
##                                          to view images, don't see icons.
##                    $attach_max_size    - Set this to the max allowed
##                                          filesize you want to be uploaded.
##                                          Will be dependent on what you have
##                                          set in the configuration of PHP
##                                          and SQL. This is for the whole mod
##                                          and each forum is then configured
##                                          with it's own max size, that cannot
##                                          be larger than this.
##                    $attach_always_deny - These are the files the attachment
##                                          mod will deny from everyone but
##                                          the Administrators. So if you 
##                                          allow all files on a forum, these
##                                          will still be rejected, and it's
##                                          impossible to override by setting
##                                          the forum to allow them. Good for
##                                          the forum owner that he has the
##                                          control, and not the admins.
##                    $attach_mime_types  - This holds different mime types if
##                                          the browser fail to supply them.
##                    $attach_icon_mime   - This array links each mime to an
##                                          icon. Option to link to extentions
##                                          might be added at a later version.
##
##                    Generated with ModGenerator (http://modgen.cactuz.nu/)
##                    on: 2003-09-06 20:26:03
##                    Modified manually to comply with PunBB update 
##                    on: 2004-01-21 15:12:15
##
##       DISCLAIMER:  Please note that "mods" are not officially supported by
##                    PunBB. Installation of this modification is done at your
##                    own risk. Backup your forum database and any and all
##                    applicable files before proceeding.
##
##

Download the mod here

If you use another language you need to copy en_attachments.php into that language directory and rename the two first letters to match. And then you can edit the language file and if you'd like, e-mail it to me and I will post in on the download page.

On that same link, you will also find a zip containing more colors for the icons, and it also has a template for your own board if you want something other.

Have fun, and remember to make backups smile

IF YOU UPDATE:
Then you should skip step "2. RUN" when you run the install_mod.php, this is only needed for fresh installs!, sorry all for not making a test if it was already there. Thanks to JohnS for noticing this.

BUG! IMPORTANT!!!!
Guests are recognized as registered users, and can thus post and download attachments that normal registered users are allowed to!!! This is a security risk, and you should update some files according to this post I did a little bit down this thread.  I will replace the code and make a version update, as this is an important bug to be ironed out... but if you have installed it, do this fix ASAP!
Sorry all, but the fix is quite simple to perform. And thanks JohnS for bringing this to my attention!

More tweaks to do for later versions
* To get filenames with spaces work better on some browsers (not all), this script change renames some characters to url format.
* For 1.1.5 you need to do a modification in attachment.php. Read this post by me, for information about how you get it to run.
* Furthermore, you need to modify install_mod.php and set 1.1.5 as version number, or whatever the version you're installing it on is. (seems to work with these fixes up to 1.1.5)

When will the new version be released?
I'm not going to rewrite the mod before PunBB1.2 is released. I have come to this conclusion after starting to rewrite it for 1.1.5, but there would just be too much work for nothing, as 1.2 seems to have modifications more or less everywhere, a group system, other output to browser etc.
So, the big rewrite will happen after 1.2 is released, and will take a little while aswell (lots of code to do)
(The rewrite has begun, not much will be the same between the two mods, as rights handling has changed, and I will no longer store files in the database, so pretty much everything is changed...therefore next release will be 2.0)

IIS users!
Important! If you're installing this on an IIS machine, there has once been a problem where the admins are the only ones allowed to post files. So you therefore may ge tthis problem aswell. I have no idea what's wrong, and why it does this. So I haven't come up with a fix for this.
The files that work fully on an apache machine fail on an IIS machine. I'm sorry to say this, but I haven't a clue what's wrong. When I write the new version I'll try to figure out what may have caused it and how to bypass it.
Either way, uploads and downloads still work for administrators.

2

Re: Attachment Mod 1.0.1 by Frank H

Hi
I've installed this version and everything works fine but you may wish to know the following.

I had previous version installed and mod installer failed because database tables are alredy created. I had to go into MySQL and delete tables before I could complete installation. Would be good if existing tables were recognised and left alone so as not to lose any info.

regards
JohnS

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

oh ... totally missed this, thanks!

(actually if you're updating, you don't need to do anything in the database, ie ... you don't need to run install_mod.php)

Re: Attachment Mod 1.0.1 by Frank H

And now the install_mod.php has the fix ... and the zip is replaced (not like there's a need for a version update, as it's just something if ppl doesn't look at my bold text wink)

5 (edited by JohnS 2004-02-11 12:40)

Re: Attachment Mod 1.0.1 by Frank H

Frank
I have attachment mod installed and it allows users to place attachments without a problem. Only thing is, when someone else logs in to forum they can't see anything to allow them to download the attachment.

This link demonstrates what I mean. If I log in as admin I can download file but other users can't see it. Login as PunBB password PunBB to see what I mean.

http://www.xtracad.com/forum/viewtopic.php?pid=130#130

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

how are the attachment rules set?
(a guess is that you haven't set people to be allowed to download attachments)

go into Admin - Forums ... and for the forums you want attachments, make sure you click on the rules for that forum, and assign who may up/down load, and what files are allowed and what max size you allow.

Administrator always override these settings (except the max size defined in attach.php)

7

Re: Attachment Mod 1.0.1 by Frank H

Forum was set to allow Admins,Moderators and registered users to upload/download.
Allowed files was left empty (i.e. All but always denied). I've changed this and added the file extensions which were submitted (bmp & dvb) and even tried entering them as bmp and .bmp, etc but they still dont show up.

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

strange, and for you as admin you can up and download files without trouble?

Edit: sounds like there could be a step that has been missed, or a file that was uploaded incorrectly ... but I must look into it...

9

Re: Attachment Mod 1.0.1 by Frank H

Frank H wrote:

strange, and for you as admin you can up and download files without trouble?


Yes - but only by going into Admin/Attachments

Even when logged in as admin I can't see any files when I view the topics

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

ok, then there's probably something that's missed in the installation or upload of scripts ... it's 50 steps, so the possibility for errors is not that small wink

in viewtopic.php
or that the securitycheck isn't functional as it should (include\attach.php)

if you want to I can zip the testforum I made for when I remade the script for PunBB 1.1.1, so you can compare (if you have modded the forum)

11

Re: Attachment Mod 1.0.1 by Frank H

Frank H wrote:

ok, then there's probably something that's missed in the installation or upload of scripts ... it's 50 steps, so the possibility for errors is not that small wink

in viewtopic.php
or that the securitycheck isn't functional as it should (include\attach.php)

if you want to I can zip the testforum I made for when I remade the script for PunBB 1.1.1, so you can compare (if you have modded the forum)

Please. Send to:

xtracad@btinternet.com

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

email sent, hope it will solve the problem, my guess is that some rows are missing in viewtopic.php

13

Re: Attachment Mod 1.0.1 by Frank H

Thanks Frank.

I think the problem in viewtopic may have been because I have attachment mod and punpoll mod installed. Both require viewtopic.php amending and it gets confusing because line numbers change when the first mod is installed. Anyway, I've now got attachments to display and download.

My next problem is when attachment rules are set to 'deny guest' it still allows a guest to download. Which file do I need to check to resolve this?

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

nice, I guess it could have been something like that smile

hmm... do the guests see the attachment in viewtopic.php?
can they download the attachment through attachment.php?
even though they aren't allowed to?

if you feel like, you can check in the table 'forum_rules' that the columns for the forums haven been corrupt or something ... to manually check the rules, use this calculation smile

    /*********************************

    This function is used to check if one is allowed to upload or
    download attachments.
  
  
    rules are like follows:    
    
    0 = no attachments allowed

    1 = download allowed by guests

    2 = download allowed by registered users

    4 = download allowed by moderators

    8 = download allowed by admins (obsolete!)

    16 = upload allowed by guests (oooh, dangerous, but someone perhaps want it? , defenetly not default)

    32 = upload allowed by registered users

    64 = upload allowed by moderators

    128 = upload allowed by admins (obsolete!)


    Example: 1+2+4+8+64+128 = 207, will allow moderators and admins to upload files in that forum
                               and let everyone download them.   

   *********************************/  

so ... check the boxes you've set and these values so they are correct, then we probably can rule out some stuff ...  smile

15

Re: Attachment Mod 1.0.1 by Frank H

16 = upload allowed by guests (oooh, dangerous, but someone perhaps want it? , defenetly not default)

Thats dangerous... i had at least 7guests post G0atSE pics when i had a forum like 2 years ago :\ lil b@$t@r4$

---------> PLEASE REMEMBER I GOT THE FIRST EVER POST OF PUNBB 1.1! <---------
---------> PLEASE REMEMBER I GOT THE FIRST EVER POST OF PUNBB 1.1! <---------

16

Re: Attachment Mod 1.0.1 by Frank H

Frank H wrote:

do the guests see the attachment in viewtopic.php?
can they download the attachment through attachment.php?
even though they aren't allowed to?

... check the boxes you've set and these values so they are correct, then we probably can rule out some stuff ...  smile

Guests can see attachments in viewtopic and they can download.

In table 'punbb_attach_rules' all values are set to 238 which is correct (allow upload/download by all except guests)

What next?

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

hmm... next, check include/attach.php ... so that the file is identical to the one in the zip I sent you ... (ecpecially the function for checking rights... )

Re: Attachment Mod 1.0.1 by Frank H

Crap ... I just noticed something ... the validation doesn't work as it should (set it to only allow admin + moderators to make sure guests cannot read, (guests are somehow identified as registered users))

This has top priority! sad

(and I had tested so much but must have missed this ... tongue   ... sorry! )

19 (edited by Frank H 2004-02-12 14:52)

Re: Attachment Mod 1.0.1 by Frank H

Ok here's the fix, Thanks JohnS for finding this bug!

will include it in the script later...



in viewtopic.php

 FIND (line 377) 

        if($cur_user['status'] < 1) // Normal users


REPLACE WITH
        if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users

in attachment.php

FIND (line 68)

    if($cur_user['status'] < 1) // Normal users

REPLACE WITH

    if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users

in edit.php

FIND (line 175)

            if($cur_user['status'] < 1) // Normal users

REPLACE WITH

            if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users


FIND (line 268)

        if($cur_user['status'] < 1) // Normal users

REPLACE WITH

        if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users

in post.php

FIND (line 333)

        if($cur_user['status'] < 1) // Normal users

REPLACE WITH

        if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users


FIND (line 581)

    if($cur_user['status'] < 1) // Normal users

REPLACE WITH

    if($cur_user['status'] < 1 && !($cookie['is_guest'])) // Normal users

Sorry for this ... hope it will work allright now   (a tip for you when searching, look for the string "$cur_user['status'] < 1" smile

Edit: have tested it now on my install, and everything seems to work as it should (I did set up forums for each of the things ... and now guests no longer can read the attachments they're not allowed to ... phew  ... sorry again for this ... and this was all my fault ... with too little beta testing smile

20

Re: Attachment Mod 1.0.1 by Frank H

Thanks Frank
I've modified files and everything works fine now.
Guests cannot now see attachments.

Well done. Imagine how the guys at Microsoft feel with all their problems !!

I've been down so long it's beginning to look like up..

Re: Attachment Mod 1.0.1 by Frank H

nice smile

Re: Attachment Mod 1.0.1 by Frank H

Er... One thing: How can I determine the maximum qeuery size of mysql and how can I change it? I don't find any my.ini on my webserver...

Thank you,

Looking for a good game?
Do it yourself - GLBasic, you can do!

23 (edited by Frank H 2004-03-15 21:56)

Re: Attachment Mod 1.0.1 by Frank H

if you have a unix server, it's probably called my.cnf

is it your own server, or are you using a service provided by someone else?


Edit: If you have phpmysqladmin or similar, try running this "SHOW VARIABLES LIKE 'max_allowed_packet'" ... I think that's the value that shows the query max size


Edit2: gone a couple of days ... I guess it solved it wink

Re: Attachment Mod 1.0.1 by Frank H

No clue what to do...
My site is hosted at strato.de. Well, at least they provide my webspace. More, my php runs in "protected mode" or something similar...
Can you give me a short php script that shows the size and gives the opportunity to change it?

Looking for a good game?
Do it yourself - GLBasic, you can do!

Re: Attachment Mod 1.0.1 by Frank H

put this code into an empty file and call it test.php
upload it, and run it ... it should say the values you have ... hopefully ... afterwards ... delete it ...

<?php
$pun_root = './';
require $pun_root.'include/common.php';

$result = $db->query('SHOW VARIABLES LIKE \'max_allowed_packet\'') or error('Unable to fetch variables',__FILE__,__LINE__, $db->error());
while (list($label, $max_size)=$db->fetch_row($result)){
    echo $label . ' = ' .$max_size . ' bytes<br>';
}

echo 'PHP post_max_size = ' . get_cfg_var('post_max_size') . '<br>';
?>

you might need to alter pun_root ... but I'm not sure ...

you most certainly cannot alter these values, but that must be made by the owners of the server, at least the mysql max size ...