Attachments Not in Database

This is a hack which allows you to save the attachments as files and not within the database. The main problem with this was the fact that it posed certain security issues, these have been tackled by doing the following

• Placing the folder below document root
• Using random hashes to name the file
• Changing the file extension to .file
• Never divulging the path to the file

This is a beta hack, it has been tested on a development board. I have had insufficent time to fully complete the attachment importer, this removes the files from the database and creates them as physical files in the attachment folder. I will post this as soon as possible.

Looking forward to your feedback.

Scott

To install this hack upload this file to the admin directory and then view it in your browser.

All the changes that Jawelin suggested have been applied, thanks man

[Jawelin]

I have a LOT of problems with the importer. :cry: :cry:
First of all, in attachment_install.php there's the line:

PHP Code:

$DB_site->query("UPDATE attachment SET hash='$hash'"); 


which updates at once ALL THE table, not only the fetched row.
I think that query should be added of WHERE attachmentid='$files[attachmentid]' ...
Do you agree ?

Second, each file I get the error

Quote:

Warning: Supplied argument is not a valid File-Handle resource in /home/...... /admin/attachment_install.php on line 330

I have about 70 files. What should be the right per-number to insert ?

Last, I saw fortunately the importer doesn't delete the filedata from the table. Should I do manually after a successful export ?

Thanks a lot.
Hope in your quick answer.
Bye

[Jawelin]

Besides, the directory couldn't be chmoded to 0666 as no file could be red or written.
I think should be better CHMOD 0777 attachments directory and replace in admin/functions.php:

PHP Code:

    move_uploaded_file($attachment, "$path"); 


with:

PHP Code:

    move_uploaded_file($attachment, "$path");
    chmod ("$path", 0666); 


Infact, otherwise any uploaded file should have 0755, i.e. executabe but not deletable.

What do you think ?
Thanks

[Jawelin]

Another slight question.
editpost.php?action=deletepost :
if the post contains an attachment, the row into db is deleted, not the file as itsn't explicitly called your removeattachment() function.

Solution:
In admin/functions.php add :

PHP Code:

removeattachment($postinfo[attachmentid]); 


just before the line:

PHP Code:

$DB_site->query("DELETE FROM attachment WHERE attachmentid=$postinfo[attachmentid]"); 


Thanks.
Bye

[Scott MacVicar]

i'll look into this tonight and go over the importer again.

[Scott MacVicar]

At most the files should be 0666 never chmod a file to 777 or 755. As they should never require to be executed.

I've installed this on my boards without any problems with attachments. The importer has been updated to correct the has problem. Regarding your file problem I would try to ensure that your directory is chmod'd to 666 and that is set correctly within the admin panel.

Thanks for pointing out the missing delete from attachment part with the deletepost, I have updated the installer.

If I remember correctly though the file will automatically have permissions to read and thats all you need as it only reads the files and it deletes it using the unlink function.

[Jawelin]

I tried many and many times (Linux shared server....)

both /home/user/public_html/attachment & /home/user/attachment ...
The only way I don't get an error downloading or uploading attachment is that dir chmoded to 0777.
Because the user owns the files is 'nobody', who otherwise couldn't access the directory itself, if not executable.
This way, the uploaded file moved from /tmp to here is moded to 0755. So to make it not executable, i changed permissions within php code, right after the move_uploaded...., to 0666 (tried 0644 but the file couldn't deletable, as not writable...)

Now it works to me, only this way, on that linux server ...
Thnx

[Scott MacVicar]

i suppose i can make those modifications to the files.

I tested the script without the permission modifications on a Win2k and a linux server though i was running it under root.

Will do the final modifications you suggested then ponder moving it into the full releases.

[Ninth Dimension]

Hi, I just wanted to check the latest on this hack, is the file on the front page of this thread the latest verson, and if not, would you be able to upload a more up to date verson please?

I'm desprate to use this hack because although i've got lots of HHD memory available, i've only got 20MB is MySQL space (and the forum is already taking up 10MB's of that space.

Please let me know, thank you

[Ninth Dimension]

I have just installed this hack, however i'm getting some errors, first off I tried the importer and got a page full of errors, like this:

Quote:

Warning: Supplied argument is not a valid File-Handle resource in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/attachment_install.php on line 332

Imported pool1.jpg


Warning: Supplied argument is not a valid File-Handle resource in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/attachment_install.php on line 332

Imported diablo.gif


Warning: Supplied argument is not a valid File-Handle resource in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/attachment_install.php on line 332

Imported cap_026.jpg

Ignoring this for a moment I then tested uploading a file, and got this error

Quote:

Warning: Unable to create '/hsphere/local/home/ofdan/bbs.ofdan.net.attachments/4b7be3dffed063f1b35f072d3f5dfecf.file': Permission denied in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/functions.php on line 1681

Warning: Unable to move '/tmp/phpKqRzkG' to '/hsphere/local/home/ofdan/bbs.ofdan.net.attachments/4b7be3dffed063f1b35f072d3f5dfecf.file' in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/functions.php on line 1681

Warning: stat failed for /hsphere/local/home/ofdan/bbs.ofdan.net.attachments/4b7be3dffed063f1b35f072d3f5dfecf.file (errno=13 - Permission denied) in /hsphere/local/home/ofdan/bbs.ofdan.net/admin/functions.php on line 1684

[Ninth Dimension]

Problem number 2, I think i've solved my first problem, i've chmod'd my attachments dir to 777 (when i done it to 666, it prevented me form accessing it), and this allowed me to upload the attachments without a problem.

Now i can't download them again, I get the following error:

Quote:

Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 30

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 58

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 59

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 60

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 61

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 62

Warning: Cannot add header information - headers already sent by (output started at /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php:30) in /hsphere/local/home/ofdan/bbs.ofdan.net/attachment.php on line 66
GIF89a?JJcJJkRRkZZscc{kk?kk?kk?ss?{{?{{????????? ???ƥ????έ?ƭ?έ?ֵ????ֵ?޽?ֽ?????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ????????????????????????,?
H? A?4d? ??†f?` Z܈????&X?$? J?4?r?H"??P0?̂&x0sÆ @
????gМ ?,?S Q?M%T ?'JU?BX?
V?(?VE?? ?D?? ??= @?ݹ(?68A??=??/???? 0`?ǎ#Cf?? ??

;