Viewing file:  upload.php (5.67 KB) -rw-rw-r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/**
*
* @copyright (c) 2009 Quoord Systems Limited
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
define('IN_PHPBB', true);
define('IN_MOBIQUO', true);
include('./include/xmlrpc.inc');
include('./include/xmlrpcs.inc');
require('./error_code.php');
require('./mobiquo_common.php');
require('./server_define.php');
require('./config/config.php');
$mobiquo_config = get_mobiquo_config();
$phpEx = $mobiquo_config['php_extension'];
$phpbb_root_path = dirname(dirname(__FILE__)).'/';
error_reporting(0);
if ($_POST['method_name'] == 'upload_attach')
{
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('posting');
$forum_id = request_var('forum_id', 0);
$_POST['attachment_data'] = $_POST['group_id'] ? unserialize(urldecode($_POST['group_id'])) : array();
$new_attach_position = count($_POST['attachment_data']);
// Forum does not exist
if (!$forum_id)
{
return get_error(3);
}
$sql = "SELECT f.* FROM " . FORUMS_TABLE . " f WHERE f.forum_id = $forum_id";
$result = $db->sql_query($sql);
$forum_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$errors = array();
if (!$forum_data || $forum_data['forum_type'] != FORUM_POST) $errors[] = $mobiquo_error_code[3];
if (empty($errors) && !$auth->acl_gets('f_read', $forum_id)) $errors[] = $mobiquo_error_code[17];
if (empty($errors) && $forum_data['forum_password'] && !check_forum_password($forum_id)) $errors[] = $mobiquo_error_code[6];
// Check permissions
if (empty($errors)
&& ($user->data['is_bot'] || !$auth->acl_get('f_attach', $forum_id) || !$auth->acl_get('u_attach') || !$config['allow_attachments'] || @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off'))
{
$errors[] = $mobiquo_error_code[2];
}
if (empty($errors)
&& (!$user->data['is_registered']
|| (!$auth->acl_get('f_post', $forum_id) && !$auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$auth->acl_get('f_reply', $forum_id))))
{
$errors[] = $mobiquo_error_code[2];
}
if (empty($errors)) {
$_POST['add_file'] = 'Add the file';
$message_parser = new parse_message();
$message_parser->get_submitted_attachment_data();
$message_parser->parse_attachments('fileupload', 'post', $forum_id, false, false, true);
$attachment_id = isset($message_parser->attachment_data[$new_attach_position]) ? $message_parser->attachment_data[0]['attach_id'] : '';
$group_id = serialize($message_parser->attachment_data);
$warn_msg = join("\n", $message_parser->warn_msg);
} else {
$attachment_id = '';
$group_id = '';
$warn_msg = join("\n", $errors);
}
} elseif ($_POST['method_name'] == 'upload_avatar')
{
require($phpbb_root_path . 'common.' . $phpEx);
require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$user->add_lang('posting');
$status = true;
$error = array();
if (!$user->data['is_registered']) {
$status = false;
$error[] = $mobiquo_error_code[9];
} else {
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
if (!avatar_process_user($error))
{
$status = false;
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
if (!$config['allow_avatar'] && $user->data['user_avatar_type'])
{
$error[] = $user->lang['AVATAR_NOT_ALLOWED'];
}
else if ((($user->data['user_avatar_type'] == AVATAR_UPLOAD) && !$config['allow_avatar_upload']) ||
(($user->data['user_avatar_type'] == AVATAR_REMOTE) && !$config['allow_avatar_remote']) ||
(($user->data['user_avatar_type'] == AVATAR_GALLERY) && !$config['allow_avatar_local']))
{
$error[] = $user->lang['AVATAR_TYPE_NOT_ALLOWED'];
}
}
}
$warn_msg = strip_tags(join("\n", $error));
}
$rpcServer = new xmlrpc_server($server_param, false);
$rpcServer->setDebug(1);
$rpcServer->compress_response = 'true';
$rpcServer->response_charset_encoding = 'UTF-8';
$raw_data = '<?xml version="1.0"?><methodCall><methodName>' . $_POST['method_name'] . '</methodName><params></params></methodCall>';
$response = $rpcServer->service($raw_data);
function upload_attach_func() {
global $attachment_id, $group_id, $warn_msg;
$xmlrpc_result = new xmlrpcval(array(
'attachment_id' => new xmlrpcval($attachment_id),
'group_id' => new xmlrpcval($group_id),
'result' => new xmlrpcval($attachment_id ? true : false, 'boolean'),
'result_text' => new xmlrpcval(strip_tags($warn_msg), 'base64'),
), 'struct');
return new xmlrpcresp($xmlrpc_result);
}
function upload_avatar_func() {
global $status, $warn_msg;
$xmlrpc_result = new xmlrpcval(array(
'result' => new xmlrpcval($status, 'boolean'),
'result_text' => new xmlrpcval($warn_msg, 'base64'),
), 'struct');
return new xmlrpcresp($xmlrpc_result);
}
|