Version: 1.00, by Scott MacVicar
Developer Last Online: Mar 2016
Version: 2.2.x
Rating:
Released: 01-20-2002
Last Update: Never
Installs: 12
Is in Beta Stage
No support by the author.
This is a hack which allows you to save the attachments as files and not within the database. The main problem with this was the fact that it posed certain security issues, these have been tackled by doing the following
Placing the folder below document root
Using random hashes to name the file
Changing the file extension to .file
Never divulging the path to the file
This is a beta hack, it has been tested on a development board. I have had insufficent time to fully complete the attachment importer, this removes the files from the database and creates them as physical files in the attachment folder. I will post this as soon as possible.
Looking forward to your feedback.
Scott
To install this hack upload this file to the admin directory and then view it in your browser.
All the changes that Jawelin suggested have been applied, thanks man
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Originally posted by PPN epic you are using an old version of this hack which had some problems, if you had read the reply to your post it says please download the new file and install the hack again, I'll remind you that this is a beta hack so the format is constantly changing.
Its at a semi stable version just not, when you edit posts you can change attachment and it alters the files as well as the moderation of attachment is allowed.
Just installed and trying it !!!
I plan to use the installer to extract from db about 11 megs of attachments (a hundred files). First of all, of course, backupped the table and the entire database.
Well, now, just before uploading new modified files, my question are:
- attachment.php: there's a file open $fp = fopen($path, "rb");, but no fclose() ...
- editpost.php: there are two ccurrances of
PHP Code:
$DB_site->query("DELETE FROM attachment WHERE attachmentid=$postinfo[attachmentid]");
What do you refer to ?
- It would be possible to switch on or off the attachment destination with an (im/ex)porter at AdminCP level ? This way an Admin could decide any time to save into db rather than to file, and so on. I mean, a stand-alone db<->file switcher selectable from CP. This reason I renamed the old function acceptupload( into acceptupload2db( instead of overwriting it into functions.php
- My web directories aren't browsable: could I make a slight modification to be able to recognize myself (with ftp) the stored files ? I mean changing the name which still would include the same hash of the table, but also the original filename and extension. As a first saw, I think I should change only the ways filename.ext are builded and retrieved (attachment.php & functions.php), shouldn't I ?
Thanks a lot for your hard work (I know as tried myself...) and for answering me all the time..
P.S.: just a typo correction to the installer: file name moderate.php should be mod/moderate.php ...
both refrences in editpost.php require to have the function above it
changing between database and flatfile defeats the purpose of why the hack was created, it was to stop the /var folder being filled up as my attachment table is 50mb and it caused problems dumping the table and if the tables crashed it got corrupted among other things.
I think i missed out some files now that i think about it. The moderate feature in the admin panel and the simply /moderator.php file as well as the /mod/moderate.php
Details »»
About Developer
Visit Web Site
Is in Beta Stage 
01-23-2002, 10:18 AM
