I'm using attachment.php to display thumbnails for attachments. This is being used in a custom script which resides within the AdminCP and it's called in the same manner in which it's used in postbit to display thumbs:

http://www.mysite.com/forum/attachment.php?attachmentid=130&thumb=1&d=1189977330

The thumbnails display properly when any menber views their own attachments, however when they attempt to view another member's attachments, the image is not displayed (i get the box with red X in it).

You can see the result of the query which is called within the script in attached "query.gif"

The issue which i feel might be the problem is that there's no forumid passed into $attachmentinfo and therefore no $forumperms to view the attachment? I think that's the issue, but not sure because when I comment out the following block of code (taken from attachment.php) the image still doesn't show, however when i run the script to call the same exact imageid but while logged in as the user who posted the attachment, it does show.


if ($attachmentinfo['postid'] == 0)
{ // Attachment that is in progress but hasn't been finalized
if ($vbulletin->userinfo['userid'] != $attachmentinfo['userid'] AND !can_moderate($attachmentinfo['forumid'], 'caneditposts'))
{ // Person viewing did not upload it
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
// else allow user to view the attachment (from the attachment manager for example)
}
else
{
$forumperms = fetch_permissions($attachmentinfo['forumid']);

$threadinfo = array('threadid' => $attachmentinfo['threadid']); // used for session.inthread
$foruminfo = array('forumid' => $attachmentinfo['forumid']); // used for session.inforum

# Block attachments belonging to soft deleted posts and threads
if (!can_moderate($attachmentinfo['forumid']) AND ($attachmentinfo['post_visible'] == 2 OR $attachmentinfo['thread_visible'] == 2))
{
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}

# Block attachments belonging to moderated posts and threads
if (!can_moderate($attachmentinfo['forumid'], 'canmoderateposts') AND ($attachmentinfo['post_visible'] == 0 OR $attachmentinfo['thread_visible'] == 0))
{
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}

if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']) OR (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) AND ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] OR $vbulletin->userinfo['userid'] == 0)))
{
print_no_permission();
}

// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($attachmentinfo['forumid'], $vbulletin->forumcache["$attachmentinfo[forumid]"]['password']);

if (!$attachmentinfo['visible'] AND !can_moderate($attachmentinfo['forumid'], 'canmoderateattachments') AND $attachmentinfo['userid'] != $vbulletin->userinfo['userid'])
{
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
}


How can I bypass this issue? I can't seem to narrow down what the problem is really. I even tried editing the attachment.php file and adding the following just before the block above but it didnt work either:


// assign a forumid in which all users have all permissions assigned
$attachmentinfo['forumid'] = 1;


Any ideas? I've been stumped on this for 2 days now. :(

bump - can anyone help? :o

I'm so sad, this is killing me. Still can't figure this out.

It would probably be useful to see what the source code in the page looks like for the img tags. Also, have you tried doing a query in the attachment.php page to find out what forum the attachment is in and using that variable in the rest of the code? At least that way you can find out if the forumid is the problem.

The code which is creating the thumbnails is as follows:

while ($attachment = $db->fetch_array($attachments))
{
if (!$attachment['build_thumbnail'])
{
$attachment['hasthumbnail'] = false;
}
$feedback['attachments']["$attachment[attachmentid]"] = $attachment;

if ($attachment['hasthumbnail'])
{
$thumbcount++;
if ($vbulletin->options['attachrow'] AND $thumbcount >= $vbulletin->options['attachrow'])
{
$thumbcount = 0;
$show['br'] = true;
}
else
{
$show['br'] = false;
}

// ... define transparency for attachments with visible = 0
if ($attachment['visible'])
{
$transparency = '';
}
else
{
$transparency = '-moz-opacity:0.2; filter:alpha(opacity=20)';
}

// ... display each thumbnail
$thumbs .=
'<a href="../attachment.php?' . $vbulletin->session->vars['sessionurl'] . "attachmentid=$attachment[attachmentid]&amp;stc=1&amp;d=$attachment[thumbnail_dateline]\" target=\"_blank\"><img src=\"../attachment.php?" . $vbulletin->session->vars['sessionurl'] . "attachmentid=$attachment[attachmentid]&amp;thumb=1&amp;d=$attachment[dateline]\" border=\"0\" style=\"$transparency\" class=\"thumbnail\" alt=\"Attachment id: $attachment[attachmentid]\" /></a><a href=\"attachment.php" . $vbulletin->session->vars['sessionurl'] . "?do=edit&amp;attachmentid=$attachment[attachmentid]\" target=\"_blank\"><img src=\"../images/statusicon/icon_editimage.gif\" border=\"0\" alt=\"Edit Image\" /></a>
&nbsp;" . iif($show['br'], "<br /><br />") . "
";
$show['thumbnailattachment'] = true;
}

}


I don't think that's the issue as it works just fine for generating thumbs for attachments posted by myself, the problem occurrs when viewing thumbs for any other member.

It's probably relevant that these thumbnails for attachments are NOT associated with posts, threads or forums. they are associated with Feedback reports. Therefore the query which gathers the attachment data from the database returns no forumid. (please see attached "query_result_attachment-php.gif" ).

I thought since there's no forumid returned, the following code in attachment.php is unable to generate the $forumperms needed and it's the reason for the error:


$forumperms = fetch_permissions($attachmentinfo['forumid']);

$threadinfo = array('threadid' => $attachmentinfo['threadid']); // used for session.inthread
$foruminfo = array('forumid' => $attachmentinfo['forumid']); // used for session.inforum



But that can't be it, since there's no forum id returned either when viewing my own attachment thumbnail.

If the thumb is clisked on to view the attachment in a full size window, I get a NO PERMISSION error. Now the interesting thing is, the no permission error ( print_no_permission(); ) is only located in the following part of the attachment.php script:


if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']) OR (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) AND ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] OR $vbulletin->userinfo['userid'] == 0)))
{
print_no_permission();
}


But if i comment that part out in attachment php, the thumbnail still doesn't display, and i still get the nopermission error when opening the full wondow.

It baffles my mind. Please anyone help, i will be eternally grateful.

I was actually wondering about what was being printed out in the source code for the page. I always like to see what is actually being parsed from the code. In fact, it sometimes helps to hide variables in there so you can see what is being fed to the page.

When you click on the thumbnail, you get a new window that is supposed to have the large image, correct? It would be useful to see what the source code is for that. Perhaps try to hide some variables in there in order to see what is being passed.

(Sorry I can't be more help specifically, I'm still running vB 3.0 - I'm just throwing out suggestions on how I troubleshoot things like this.)

Thanks Lynne. I actually was able (finally) to solve this by assigning the missing $forumperms within hook location attachment_start.