Admin Attachment

[snakes1100]

the affected block code you asked for.

this is from my functions.php, this also has the member must have a certain amount of posts to upload hack in it(in bold).

PHP Code:

 ###################### Start acceptupload #######################
function acceptupload($moderate=0) {
  global $DB_site,$attachment,$attachment_size,$attachment_name;
  global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight;
  global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure;

  $attachment_name = strtolower($attachment_name);
  $extension=getextension($attachment_name);

  if (strpos("  $attachextensions  "," $extension ")==0) {
    // invalid extension
    eval("standarderror(\"".gettemplate("error_attachbadtype")."\");");
    exit;
  }


  if (is_uploaded_file($attachment)) {
    if ($safeupload) {
      $path = "$tmppath/$attachment_name";
      move_uploaded_file($attachment, "$path");
      $attachment = $path;
    }

    $filesize=filesize($attachment);
    if ($maxattachsize!=0 and $filesize>$maxattachsize and $bbuserinfo[usergroupid]!=5) {
      // too big!
      eval("standarderror(\"".gettemplate("error_attachtoobig")."\");");
      exit;
    }
    if ($filesize!=$attachment_size and $bbuserinfo[usergroupid]!=5) {
      // security error
      eval("standarderror(\"".gettemplate("error_attacherror")."\");");
      exit;
    }
    if (strstr($attachment,"..")!="") {
      //security error
      eval("standarderror(\"".gettemplate("error_attacherror")."\");");
      exit;
    }
    if ($bbuserinfo["posts"] < 200) {
      //No Posting Attachments
      eval("standarderror(\"You don't have enough posts to post attachments.\");");
      exit;
    }
    if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file
      if ($imginfo=@getimagesize($attachment)) {
        if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) {
          eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");");
        }
        if (!$imginfo[2]) {
           eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
        }
      } elseif (!$allowimgsizefailure) {
          eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
      }
    }

    // read file
    $filenum = fopen($attachment,"rb");
    $filestuff = fread($filenum,$filesize);
    fclose($filenum);
    unlink($attachment);
    $visible = iif($moderate,0,1);
    // add to db
    if (!$allowduplicates) {
      if ($result=$DB_site->query_first("SELECT attachmentid
                                         FROM attachment
                                         WHERE userid = '$bbuserinfo[userid]'
                                           AND filedata = '".addslashes($filestuff)."'")) {
         $threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post
                                             LEFT JOIN thread ON (thread.threadid = post.threadid)
                                             WHERE post.attachmentid=$result[attachmentid]");
        $threadresult['title'] = htmlspecialchars($threadresult['title']);
        eval("standarderror(\"".gettemplate("error_attachexists")."\");");
        exit;
      }
    }
    $DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')");
    $attachmentid=$DB_site->insert_id();
  }
  return $attachmentid;
}