attachments stored in a folder rather than db

[auto]

I know this has been discussed in the past.. but I feel the need to bring this up again [I wasn't involved in the previous discussion of this, so I have the right ]

I remember how great the hack was that converted the storage of avatars from db to folder...

The cons of doing the same to attachments is that if a person can upload an executable file and then executes it on the server, poop could happen. But what if I don't allow anything executable to be attached? these are the file types I allow on my site: gif jpg png txt zip bmp jpeg. This can in no way put the server in jeopardy [as far as I know, feel free to correct me if I am wrong ]
As a safety measure, we could also have a script such as this one included in this hack:

PHP Code:

 <?php

$folder="samplefolderfile";
$filename=stripslashes(urldecode($QUERY_STRING));

if ($filename=="") {
  die("<h1>Invalid File Request...</h1>");
}

//your domain
$domains="www.automotiveforums.com,automotiveforums.com,
            www.automotivecritics.com,automotivecritics.com";

$domainids = explode(",",$domains);
$numdomain = count($domainids);

//home domain information
$refr=getenv("HTTP_REFERER");
list($remove,$stuff)=split('//',$refr,2);
list($home,$stuff)=split('/',$stuff,2);

 // print "home = $home<br>\n";

$good = 0;
$counter = 0;
$savecounter = 0;

while ($counter<$numdomain) {

 // print "domains = $domainids[$counter]<br>\n";

  if ($home!=$domainids[$counter]) {

  }
  if ($home==$domainids[$counter]) {
     $savecount = $counter;
     $good = 1;
  }
  $counter++;
}

if ($good == 0) {
  die("<h1>Leecher!</h1>This file is from $domainids[$savecounter]");
}
else {

  $fp=@fopen("http://".$domainids[$savecounter]."/".$folder."/".$filename,"r");

     if($fp) {
        if (ereg(".mp3",$filename)) {
          $xtype="audio/mpeg";
        }
        elseif(ereg(".jpg",$filename)) {
          $xtype="image/pjpeg";
        }
        elseif(ereg(".zip",$filename)) {
          $xtype="application/x-zip-compressed";
        }
        elseif(ereg(".exe",$filename)) {
          $xtype="application/x-msdownload";
        }
        else {
          $xtype="application/octet-stream";
        }

        Header("Content-Type: $xtype");
        Header("Accept-Ranges: bytes");
        Header("Content-Disposition: ; Filename=$filename");
        readfile("http://".$domainids[$savecounter]."/".$folder."/".$filename);
     }
     else {
        die("file not found");
     }
}

?>

so all the attachments will be called not as a direct URL, but something like http://www.siteurl.com/vbulletin/attach.php?image.gif
this way, it will also serve as an anti-leech [that's the main function for the script above] and will keep the location of attachments unknown.


The reason I am asking for this hack is because some of my members are nuts and are attaching HUNDREDS, yes, HUNDREDS of images They are all quality and appropriate, and I have no problem with them.. but I just don't see why it should be in the database... lots of pain in the arse.

Thanks guys.

[auto]

anybody?

[webhost]

We Have this working on our site read about it Here

Real Web Host Has written this script tested on 5 sites without problems.

[auto]

vBulletin is $160 and this hack is $75?

[webhost]

Auto

Did you get my PM?

[dirgotronix]

Maybe someone could write up a free hack for this, or, maybe make it an option in the next release, database versus file storage.

I dunno about you, but my forum's database is huge, my nightly backup and gzip takes forever because of all the files in there, and for god sakes my server is only a p200. More strain taken off of the database, the better.

I can't justify spending almost as much for a hack as I paid for the software itself. Not to mention money doesn't come easy to me as it is, my lawyer eats all my funding.

[auto]

RealWebHost: Yes I did

So, is anyone willing to create this hack?
I am thinking that simply converting the avatar db to file hack might work...

thanks guys.

[eva2000]

actually i'm looking for something similar for part of a hack request i posted here https://vborg.vbsupport.ru/showthrea...threadid=32024

[LancerForums]

I'm also interested in this hack. Anyone willing to do it? Also, what would happen to the images that are currently stored in the db?

Mark