Allow various media file uploads (flv, f4v, mov, avi), code (almost) auto-formatted

2025-08-11 17:14:42 +02:00 · 2009-10-16 21:15:56 +00:00
parent d1758cce36
commit a251ab6bab
1 changed files with 739 additions and 707 deletions
--- a/e107_handlers/upload_handler.php
+++ b/e107_handlers/upload_handler.php
@@ -1,53 +1,53 @@
 <?php 
 /*
-+---------------------------------------------------------------+
+ * e107 website system
-|        e107 website system
+ *
-|        /classes/upload_class.php
+ * Copyright (C) 2001-2008 e107 Inc (e107.org)
-|
+ * Released under the terms and conditions of the
-|        <20>Steve Dunstan 2001-2002
+ * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
-|        http://e107.org
+ *
-|        jalist@e107.org
+ * File Upload Handler
-|
+ *
-|        Released under the terms and conditions of the
+ * $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $
-|        GNU General Public License (http://gnu.org).
+ * $Revision: 1.21 $
-|
+ * $Date: 2009-10-16 21:15:56 $
-|   $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $
+ * $Author: secretr $
-|   $Revision: 1.20 $
+ */
 |   $Date: 2009-10-13 20:50:39 $
 |   $Author: e107steved $
 +---------------------------------------------------------------+
 */
-if (!defined('e107_INIT')) { exit; }
+if (!defined('e107_INIT'))
 {
 	exit;
 }
 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_upload_handler.php");
 //define("UH_DEBUG",TRUE);
-define("UH_DEBUG",FALSE);
+define("UH_DEBUG", FALSE);
 define('e_UPLOAD_TEMP_DIR', e_FILE.'temp/'); // Temporary directory
-define('e_READ_FILETYPES','filetypes.xml');				// Upload permissions
+define('e_READ_FILETYPES', 'filetypes.xml'); // Upload permissions
-define('e_SAVE_FILETYPES','filetypes_.xml');
+define('e_SAVE_FILETYPES', 'filetypes_.xml');
 /*
-File upload handler - this is the preferred interface for new code
+ File upload handler - this is the preferred interface for new code
-------------------
+ -------------------
-function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = array())
+ 	function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = array())
-
+	Parameters:
 Parameters:
 		$uploaddir - target directory (checked that it exists, but path not otherwise changed)
 		$fileinfo - determines any special handling of file name (combines previous $fileinfo and $avatar parameters):
 			FALSE - default option; no processing
 			"attachment+extra_text" - indicates an attachment (related to forum post or PM), and specifies some optional text which is
 				incorporated into the final file name (the original $fileinfo parameter).
 		$file_name = time()."_".USERID."_".'extra_text'.$name;
 			"prefix+extra_text" - indicates an attachment or file, and specifies some optional text which is prefixed to the file name
-			"unique"		- if the proposed destination file doesn't exist, saved under given name
+ 			"unique"		
 				- if the proposed destination file doesn't exist, saved under given name
 				- if the proposed destination file does exist, prepends time() to the file name to make it unique
-			'avatar'		- indicates an avatar is being uploaded (not used - options must be set elsewhere)
+ 			'avatar'		
 				- indicates an avatar is being uploaded (not used - options must be set elsewhere)
 		$options - an array of supplementary options, all of which will be given appropriate defaults if not defined:
 			'filetypes' - name of file containing list of valid file types
 				- Always looks in the admin directory
@@ -70,9 +70,9 @@ Parameters:
 			'overwrite' - if TRUE, existing file of the same name is overwritten; otherwise returns 'duplicate file' error (default FALSE)
 			'save_to_db' - storage type - if set and TRUE, uploaded files are saved in the database (rhater than as flat files) (default FALSE)
-
+		Returns FALSE if the upload directory doesn't exist, or various other errors occurred which restrict the amount of meaningful information.
-Returns FALSE if the upload directory doesn't exist, or various other errors occurred which restrict the amount of meaningful information.
+		Returns an array, with one set of entries per uploaded file, regardless of whether saved or 
-Returns an array, with one set of entries per uploaded file, regardless of whether saved or discarded (not all fields always present) - $c is array index:
+		discarded (not all fields always present) - $c is array index:
 		 	$uploaded[$c]['name'] - file name - as saved to disc or in database
 			$uploaded[$c]['rawname'] - original file name, prior to any addition of identifiers etc (useful for display purposes)
 			$uploaded[$c]['type'] - mime type (if set - as returned by browser)
@@ -82,24 +82,23 @@ Returns an array, with one set of entries per uploaded file, regardless of wheth
 			$uploaded[$c]['message'] - text of displayed message relating to file
 			$uploaded[$c]['line'] - only if an error occurred, has line number (from __LINE__)
 			$uploaded[$c]['file'] - only if an error occurred, has file name (from __FILE__)
 On exit, uploaded files should all have been removed from the temporary directory.
 No messages displayed - its caller's responsibility to handle errors and display info to user (or can use handle_upload_messages() from this module)
-
+	On exit, uploaded files should all have been removed from the temporary directory.
-Details of uploaded files are in $_FILES['file_userfile'] (or other array name as set) on entry.
+	No messages displayed - its caller's responsibility to handle errors and display info to 
-
+	user (or can use handle_upload_messages() from this module)
-Elements passed (from PHP) relating to each file:
+	Details of uploaded files are in $_FILES['file_userfile'] (or other array name as set) on entry.
 	Elements passed (from PHP) relating to each file:
 		['name']	- the original name
 		['type']	- mime type (if provided - not checked by PHP)
 		['size']	- file size in bytes
 		['tmp_name'] - temporary file name on server
 		['error']	- error code. 0 = 'good'. 1..4 main others, although up to 8 defined for later PHP versions
-Files stored in server's temporary directory, unless another set
+	Files stored in server's temporary directory, unless another set
 */
 function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 {
-	global $pref, $sql, $tp;
+	global $pref,$sql,$tp;
 	global $admin_log;
@@ -112,26 +111,27 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 		$ul_temp_dir = '';
 	}
-	if (UH_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Upload Handler test","Process uploads to {$uploaddir}, fileinfo  ".$fileinfo,FALSE,LOG_TO_ROLLING);
+	if (UH_DEBUG)
-//	$admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Intermediate directory: {$ul_temp_dir} ",FALSE,LOG_TO_ROLLING);
+		$admin_log->
-	
+			e_log_event(10, debug_backtrace(), "DEBUG", "Upload Handler test", "Process uploads to {$uploaddir}, fileinfo  ".$fileinfo, FALSE, LOG_TO_ROLLING);
-
+	//	$admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Intermediate directory: {$ul_temp_dir} ",FALSE,LOG_TO_ROLLING);
 	$overwrite = varset($options['overwrite'],FALSE);
 	$save_to_db = varset($options['save_to_db'],FALSE);
 	$overwrite = varset($options['overwrite'], FALSE);
 	$save_to_db = varset($options['save_to_db'], FALSE);
 	$uploaddir = realpath($uploaddir); // Mostly to get rid of the grot that might be passed in from legacy code. Also strips any trailing '/'
 	if (!is_dir($uploaddir))
 	{
-	  if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Invalid directory: ".$uploaddir,FALSE,FALSE);
+		if (UH_DEBUG)
 			$admin_log->
 				e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Invalid directory: ".$uploaddir, FALSE, FALSE);
 		return FALSE; // Need a valid directory
 	}
-	if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Destination directory: ".$uploaddir,FALSE,FALSE);
+	if (UH_DEBUG)
-
+		$admin_log->
-
+			e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Destination directory: ".$uploaddir, FALSE, FALSE);
 	$final_chmod = varset($options['final_chmod'],0644);
 	$final_chmod = varset($options['final_chmod'], 0644);
 	if (isset($options['file_array_name']))
 	{
@@ -142,32 +142,31 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 		$files = $_FILES['file_userfile'];
 	}
-
+	$max_file_count = varset($options['max_file_count'], 0);
 	$max_file_count = varset($options['max_file_count'],0);
 	if (!is_array($files))
 	{
-	  if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","No files uploaded",FALSE,FALSE);
+		if (UH_DEBUG)
 			$admin_log->
 				e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "No files uploaded", FALSE, FALSE);
 		return FALSE;
 	}
 	$uploaded = array(
 	);
-	$uploaded = array();
+	$max_upload_size = calc_max_upload_size(varset($options['max_upload_size'], -1)); // Find overriding maximum upload size
-	
+	$allowed_filetypes = get_filetypes(varset($options['file_mask'], ''), varset($options['filetypes'], ''));
 	$max_upload_size = calc_max_upload_size(varset($options['max_upload_size'],-1));		// Find overriding maximum upload size
 	$allowed_filetypes = get_filetypes(varset($options['file_mask'],''), varset($options['filetypes'],''));
 	$max_upload_size = set_max_size($allowed_filetypes, $max_upload_size);
 	// That's the basics set up - we can start processing files now
-// That's the basics set up - we can start processing files now
+	if (UH_DEBUG)
-
+		$admin_log->
-	if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Start individual files: ".count($files['name'])." Max upload: ".$max_upload_size,FALSE,FALSE);
+			e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Start individual files: ".count($files['name'])." Max upload: ".$max_upload_size, FALSE, FALSE);
 	$c = 0;
-	foreach ($files['name'] as $key => $name)
+	foreach ($files['name'] as $key=>$name)
 	{
 		$first_error = FALSE; // Clear error flag
 		if (($name != '') || $files['size'][$key]) // Need this check for things like file manager which allow multiple possible uploads
@@ -176,9 +175,12 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 			$raw_name = $name; // Save 'proper' file name - useful for display
 			$file_ext = trim(strtolower(substr(strrchr($name, "."), 1))); // File extension
-		if (!trim($files['type'][$key])) $files['type'][$key] = 'Unknowm mime-type';
+			if (!trim($files['type'][$key]))
 				$files['type'][$key] = 'Unknowm mime-type';
-		if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Process file {$name}, size ".$files['size'][$key],FALSE,FALSE);
+			if (UH_DEBUG)
 				$admin_log->
 					e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Process file {$name}, size ".$files['size'][$key], FALSE, FALSE);
 			if ($max_file_count && ($c > $max_file_count))
 			{
@@ -208,20 +210,21 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 			if (!$first_error)
 			{
 				$uploadfile = $files['tmp_name'][$key]; // Name in temporary directory
-		  if (!$uploadfile) $first_error = 253;
+				if (!$uploadfile)
 					$first_error = 253;
 			}
 			if (!$first_error)
 			{
 				// Need to support multiple files with the same 'real' name in some cases
-		  if (strpos($fileinfo,"attachment") === 0) 
+				if (strpos($fileinfo, "attachment") === 0)
 				{ // For attachments, add in a prefix plus time and date to give a unique file name
-			$addbit = explode('+',$fileinfo,2);
+					$addbit = explode('+', $fileinfo, 2);
 					$name = time()."_".USERID."_".trim($addbit[1]).$name;
 				}
-		  elseif (strpos($fileinfo,"prefix") === 0) 
+				elseif (strpos($fileinfo, "prefix") === 0)
 				{ // For attachments, avatars, photos etc alternatively just add a prefix we've been passed
-			$addbit = explode('+',$fileinfo,2);
+					$addbit = explode('+', $fileinfo, 2);
 					$name = trim($addbit[1]).$name;
 				}
@@ -233,7 +236,8 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 					$destination_file = $uploaddir."/".$name;
 				}
-		  if (file_exists($destination_file) && !$overwrite)  $first_error = 250;			// Invent our own error number - duplicate file
+				if (file_exists($destination_file) && !$overwrite)
 					$first_error = 250; // Invent our own error number - duplicate file
 			}
 			if (!$first_error)
@@ -245,10 +249,12 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 					{ // Need to move file to our own temporary directory
 						$tempfilename = $uploadfile;
 						$uploadfile = $ul_temp_dir.basename($uploadfile);
-			  if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Move {$tempfilename} to {$uploadfile} ",FALSE,LOG_TO_ROLLING);
+						if (UH_DEBUG)
-			  @move_uploaded_file($tempfilename,$uploadfile);		// This should work on all hosts
+							$admin_log->
 								e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Move {$tempfilename} to {$uploadfile} ", FALSE, LOG_TO_ROLLING);
 						@move_uploaded_file($tempfilename, $uploadfile); // This should work on all hosts
 					}
-			$tpos = (($file_status = vet_file($uploadfile, $name, $allowed_filetypes, varset($options['extra_file_types'],FALSE))) === TRUE);
+					$tpos = (($file_status = vet_file($uploadfile, $name, $allowed_filetypes, varset($options['extra_file_types'], FALSE))) === TRUE);
 				}
 				if ($tpos === FALSE)
 				{
@@ -257,7 +263,6 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 				}
 			}
 			if (!$first_error)
 			{ // All tests passed - can store it somewhere
 				$uploaded[$c]['name'] = $name;
@@ -266,15 +271,17 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 				$uploaded[$c]['size'] = 0;
 				$uploaded[$c]['index'] = $key; // Store the actual index from the file_userfile array
 				if ($save_to_db)
 				{ // Store binary files in the database if selected. Maximum two files this way
 					// This is really legacy stuff - not seriously changed from the original apart from using the newer file vetting routines
-			if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Save to DB {$c}: ".$uploaded[$c]['name'],FALSE,LOG_TO_ROLLING);
+					if (UH_DEBUG)
 						$admin_log->
 							e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Save to DB {$c}: ".$uploaded[$c]['name'], FALSE, LOG_TO_ROLLING);
 					set_magic_quotes_runtime(0);
 					$data = mysql_real_escape_string(fread(fopen($files['tmp_name'][$c], "rb"), filesize($uploadfile)));
 					set_magic_quotes_runtime(get_magic_quotes_gpc());
-			if ($sql->db_Insert("rbinary", "0, '".$tp -> toDB($name, true)."', '".$tp -> toDB($files['type'][$c], true)."', '{$data}' "))
+					if ($sql->
 						db_Insert("rbinary", "0, '".$tp->toDB($name, true)."', '".$tp->toDB($files['type'][$c], true)."', '{$data}' "))
 					{
 						$uploaded[$c]['name'] = "Binary ".mysql_insert_id()."/".$name;
 						$uploaded[$c]['size'] = $files['size'][$c];
@@ -286,15 +293,19 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 				}
 				else
 				{ // Store as flat file
-//		  $method = (OPEN_BASEDIR == FALSE ? "copy" : "move_uploaded_file");
+					//		  $method = (OPEN_BASEDIR == FALSE ? "copy" : "move_uploaded_file");
-//		  if (@$method($uploadfile, $destination_file))
+					//		  if (@$method($uploadfile, $destination_file))
 					if ((!$ul_temp_dir && @move_uploaded_file($uploadfile, $destination_file)) || ($ul_temp_dir && @rename($uploadfile, $destination_file))) // This should work on all hosts
 					{
 						@chmod($destination_file, $final_chmod);
-			if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Final chmod() file {$destination_file} to {$final_chmod} ",FALSE,FALSE);
+						if (UH_DEBUG)
 							$admin_log->
 								e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final chmod() file {$destination_file} to {$final_chmod} ", FALSE, FALSE);
 						$uploaded[$c]['size'] = $files['size'][$key];
-			if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Saved file {$c} OK: ".$uploaded[$c]['name'],FALSE,FALSE);
+						if (UH_DEBUG)
 							$admin_log->
 								e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Saved file {$c} OK: ".$uploaded[$c]['name'], FALSE, FALSE);
 					}
 					else
 					{
@@ -303,7 +314,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 				}
 			}
-	  if(!$first_error)
+			if (!$first_error)
 			{ // This file succeeded
 				$uploaded[$c]['message'] = LANUPLOAD_3." '".$raw_name."'";
 				$uploaded[$c]['error'] = 0;
@@ -347,7 +358,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 					case 251: // File type not allowed (our error code)
 						$error = LANUPLOAD_1." ".$files['type'][$key]." ".LANUPLOAD_2." ({$file_status})";
 					break;
-		  case 252 :			// File uploaded OK, but couldn't save it
+					case 252: // File uploaded OK, but couldn't save it
 						$error = LANUPLOAD_4." [".str_replace("../", "", $uploaddir)."]";
 					break;
 					case 253: // Bad name for uploaded file (our error code)
@@ -356,103 +367,100 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
 					case 254: // file size exceeds allowable limits (our error code)
 						$error = LANUPLOAD_18;
 					break;
-		  default :			// Shouldn't happen - but at least try and make it obvious if it does!
+					default: // Shouldn't happen - but at least try and make it obvious if it does!
 						$error = LANUPLOAD_16;
 				}
 				$uploaded[$c]['message'] = LANUPLOAD_11." '".$name."' <br />".LANUPLOAD_12.": ".$error;
-		$uploaded[$c]['line'] = __LINE__ ;
+				$uploaded[$c]['line'] = __LINE__;
 				$uploaded[$c]['file'] = __FILE__;
-		if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Main routine error {$first_error} file {$c}: ".$uploaded[$c]['message'],FALSE,FALSE);
+				if (UH_DEBUG)
 					$admin_log->
 						e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Main routine error {$first_error} file {$c}: ".$uploaded[$c]['message'], FALSE, FALSE);
 				// If we need to abort on first error, do so here - could check for specific error codes
 			}
-	  if (is_file($uploadfile)) @unlink($uploadfile);				// Don't leave the file on the server if error (although should be auto-deleted)
+			if (is_file($uploadfile))
 				@unlink($uploadfile); // Don't leave the file on the server if error (although should be auto-deleted)
 			$c++;
 		}
 	}
 	return $uploaded;
 }
 /*
-Utility routine to handle the messages returned by process_uploaded_files().
+ Utility routine to handle the messages returned by process_uploaded_files().
-$upload_array is the list of uploaded files
+ $upload_array is the list of uploaded files
-$errors_only - if TRUE, no message is shown for a successful upload.
+ $errors_only - if TRUE, no message is shown for a successful upload.
-$use_handler - if TRUE, message_handler is used to display the message.
+ $use_handler - if TRUE, message_handler is used to display the message.
 Returns - a list of all accumulated messages. (Non-destructive call, so can be called several times with different options).
 */
 Returns - a list of all accumulated messages. (Non-destructive call, so can be called several times with different options).
 */
 function handle_upload_messages(&$upload_array, $errors_only = TRUE, $use_handler = FALSE)
 {
-// Display error messages, accumulate FMESSAGE
+	// Display error messages, accumulate FMESSAGE
-// Write as a separate routine - returns all messages displayed. Option to only display failures.
+	// Write as a separate routine - returns all messages displayed. Option to only display failures.
 	$f_message = '';
-	foreach($upload_array as $k => $r)
+	foreach ($upload_array as $k=>$r)
 	{
 		if (!$errors_only || $r['error'])
 		{
 			if ($use_handler)
 			{
-		  require_once(e_HANDLER."message_handler.php");
+				require_once (e_HANDLER."message_handler.php");
-		  message_handler("MESSAGE",$r['message'], $r['line'], $r['file']);
+				message_handler("MESSAGE", $r['message'], $r['line'], $r['file']);
 			}
 			$f_message[] = $r['message'];
 		}
 	}
-	return implode("<br />",$f_message);
+	return implode("<br />", $f_message);
 }
 /*
-====================================================================
+ ====================================================================
 LEGACY FILE UPLOAD HANDLER
-====================================================================
+ ====================================================================
-This is the 'legacy' interface, which handles various special cases etc.
+ This is the 'legacy' interface, which handles various special cases etc.
-It was the only option in E107 0.7.8 and earlier, and is still used in some places in core.
+ It was the only option in E107 0.7.8 and earlier, and is still used in some places in core.
-It also attempts to return in the same way as the original, especially when any errors occur
+ It also attempts to return in the same way as the original, especially when any errors occur
-
+ Parameters for file_upload():
-Parameters for file_upload():
+ $uploaddir - target directory for file. Defaults to e_FILE/public
-$uploaddir - target directory for file. Defaults to e_FILE/public
+ $avatar - sets the 'type' or destination of the file:
 $avatar - sets the 'type' or destination of the file:
 FALSE 			- its a 'general' file
 'attachment'	- indicates an attachment (related to forum post or PM)
 'unique' 		- indicates that file name must be unique - new name given (prefixed with time()_ )
 'avatar'		- indicates an avatar is being uploaded
-
+ $fileinfo			- included within the name of the saved file with attachments - can be an identifier of some sort
 $fileinfo			- included within the name of the saved file with attachments - can be an identifier of some sort
 (Forum adds 'FT{$tid}_' - where $tid is the thread ID.
-
+ $overwrite 			- if true, an uploaded file can overwrite an existing file of the same name (not used in 0.7 core)
-$overwrite 			- if true, an uploaded file can overwrite an existing file of the same name (not used in 0.7 core)
+ Preference used:
 Preference used:
 $pref['upload_storagetype'] = 1 for files, 2 for database
-
+ On exit, F_MESSAGE is defined with the success/failure message(s) that have been displayed - one file per line
-On exit, F_MESSAGE is defined with the success/failure message(s) that have been displayed - one file per line
+ For backward compatibility, returns FALSE if only one file uploaded and an error; otherwise returns an array with per-file error codes as appropriate.
-
+ */
 For backward compatibility, returns FALSE if only one file uploaded and an error; otherwise returns an array with per-file error codes as appropriate.
 */
 function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "")
 {
 	global $admin_log;
-	$options = array('extra_file_types' => TRUE);		// As default, allow any filetype enabled in filetypes.php
+	$options = array(
 		'extra_file_types'=>TRUE
 	); // As default, allow any filetype enabled in filetypes.php
 	if (!$uploaddir)
 	{
 		$uploaddir = e_FILE."public/";
 	}
-	if (!$uploaddir) {$uploaddir = e_FILE."public/";}
+	// Compute storage type - 1 is file, 2 is DB
-
+	$upload_storagetype = varset($pref['upload_storagetype'], 1);
-// Compute storage type - 1 is file, 2 is DB
+	if ($uploaddir == e_THEME)
-	$upload_storagetype = varset($pref['upload_storagetype'],1);
+	{
-	if($uploaddir == e_THEME) {$upload_storagetype = 1;}
+		$upload_storagetype = 1;
 	}
 	$options['save_to_db'] = ($upload_storagetype == "2" && $avatar == FALSE);
-	if (strpos($avatar,'=') !== FALSE)
+	if (strpos($avatar, '=') !== FALSE)
 	{
-	  list($avatar,$param) = explode('=',$avatar,2);
+		list($avatar, $param) = explode('=', $avatar, 2);
 	}
 	else
 	{
@@ -460,134 +468,149 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
 	}
 	switch ($avatar)
 	{
-	  case 'attachment' :
+		case 'attachment':
 			$avatar = "attachment+".$fileinfo;
 		break;
-	  case 'avatar' :
+		case 'avatar':
 			$avatar = 'prefix+ap_'.$param.'_'; // Prefix unique to user
 			$options['overwrite'] = TRUE; // Allow update of avatar with same file name
 		break;
 	}
-	if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Legacy call, directory ".$uploaddir,FALSE,FALSE);
+	if (UH_DEBUG)
 		$admin_log->
 			e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy call, directory ".$uploaddir, FALSE, FALSE);
 	$ret = process_uploaded_files(getcwd()."/".$uploaddir, $avatar, $options); // Well, that's the way it was done before
 	$ret = process_uploaded_files(getcwd()."/".$uploaddir, 					// Well, that's the way it was done before
 			$avatar,$options);
 	if ($ret === FALSE)
 	{
-	  if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Legacy return FALSE",FALSE,FALSE);
+		if (UH_DEBUG)
 			$admin_log->
 				e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return FALSE", FALSE, FALSE);
 		return FALSE;
 	}
-	if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Legacy return with ".count($ret)." files",FALSE,FALSE);
+	if (UH_DEBUG)
 		$admin_log->
 			e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return with ".count($ret)." files", FALSE, FALSE);
 	$messages = handle_upload_messages($ret, FALSE, TRUE); // Show all the error and acknowledgment messages
 	define(F_MESSAGE, $messages);
 	if (count($ret) == 1)
 	{
-	  if ($ret[0]['error'] != 0) return FALSE;		// Special case if errors
+		if ($ret[0]['error'] != 0)
 			return FALSE; // Special case if errors
 	}
 	return $ret;
 }
 /*
-====================================================================
+ ====================================================================
 VETTING AND UTILITY ROUTINES
-====================================================================
+ ====================================================================
 // Check uploaded file to try and identify dodgy content.
 // Return TRUE if appears OK.
 // Return a numeric reason code 1..9 if unacceptable
 // $filename is the full path+name to the uploaded file on the server
 // $target_name is the intended name of the file once transferred
 // $allowed_filetypes is an array of permitted file extensions, in lower case, no leading '.'
 //		(usually generated from filetypes.php)
 // if $unknown is FALSE, rejects totally unknown file extensions (even if in $allowed_filetypes).
 // if $unknown is TRUE, accepts totally unknown file extensions.
 // otherwise $unknown is a comma-separated list of additional permitted file extensions
 */
 // Check uploaded file to try and identify dodgy content.
 // Return TRUE if appears OK.
 // Return a numeric reason code 1..9 if unacceptable
 // $filename is the full path+name to the uploaded file on the server
 // $target_name is the intended name of the file once transferred
 // $allowed_filetypes is an array of permitted file extensions, in lower case, no leading '.'
 //		(usually generated from filetypes.php)
 // if $unknown is FALSE, rejects totally unknown file extensions (even if in $allowed_filetypes).
 // if $unknown is TRUE, accepts totally unknown file extensions.
 // otherwise $unknown is a comma-separated list of additional permitted file extensions
 */
 function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = FALSE)
 {
-// 1. Start by checking against filetypes - that's the easy one!
+	// 1. Start by checking against filetypes - that's the easy one!
 	$file_ext = strtolower(substr(strrchr($target_name, "."), 1));
 	if (!isset($allowed_filetypes[$file_ext]))
 	{
-    if (is_bool($unknown)) return 1;	  // Reject out of hand if no possible alternative extensions
+		if (is_bool($unknown))
 			return 1; // Reject out of hand if no possible alternative extensions
 		// Otherwise, it could be in the supplementary list
 		$tmp = explode(',', $unknown);
-	for ($i = 0; $i < count($tmp); $i++) { $tmp[$i] = strtolower(trim(str_replace('.', '', $tmp[$i])));  }
+		for ($i = 0; $i < count($tmp); $i++)
-	if (!in_array($file_ext, $tmp)) return 6;
+		{
 			$tmp[$i] = strtolower(trim(str_replace('.', '', $tmp[$i])));
 		}
 		if (!in_array($file_ext, $tmp))
 			return 6;
 	}
-
+	// 2. For all files, read the first little bit to check for any flags etc
 // 2. For all files, read the first little bit to check for any flags etc
 	$res = fopen($filename, 'rb');
-  $tstr = fread($res,100);
+	$tstr = fread($res, 100);
 	fclose($res);
-  if ($tstr === FALSE) return 2;			// If can't read file, not much use carrying on!
+	if ($tstr === FALSE)
-  if (stristr($tstr,'<?php') !== FALSE) return 3;		// Pretty certain exploit
+		return 2; // If can't read file, not much use carrying on!
-  if (stristr($tstr,'<?') !== FALSE) return 7;			// Possible exploit - maybe allowable?
+	if (stristr($tstr, '<?php') !== FALSE)
 		return 3; // Pretty certain exploit
 	if (stristr($tstr, '<?') !== FALSE)
 		return 7; // Possible exploit - maybe allowable?
-  
+	// 3. Now do what we can based on file extension
 // 3. Now do what we can based on file extension
 	switch ($file_ext)
 	{
-    case 'jpg' :
+		case 'jpg':
-	case 'gif' :
+		case 'gif':
-	case 'png' :
+		case 'png':
-	case 'jpeg' :
+		case 'jpeg':
-	case 'pjpeg' :
+		case 'pjpeg':
-	case 'bmp' :
+		case 'bmp':
 			$ret = getimagesize($filename);
-	  if (!is_array($ret)) return 4;		// getimagesize didn't like something
+			if (!is_array($ret))
-	  if (($ret[0] == 0) || ($ret[1] == 0)) return 5;		// Zero size picture or bad file format
+				return 4; // getimagesize didn't like something
 			if (($ret[0] == 0) || ($ret[1] == 0))
 				return 5; // Zero size picture or bad file format
 		break;
-	case 'zip' :
+		case 'zip':
-	case 'gzip' :
+		case 'gzip':
-	case 'gz' :
+		case 'gz':
-	case 'tar' :
+		case 'tar':
-	case 'bzip' :
+		case 'bzip':
-	case 'pdf' :
+		case 'pdf':
-	case 'rar' :
+		case 'rar':
-	case '7z' :
+		case '7z':
-	case 'csv' :
+		case 'csv':
-	case 'wmv' :
+		case 'wmv':
-	case 'swf' :
+		case 'swf':
 		case 'flv': //Flash stream
 		case 'f4v': //Flash stream
 		case 'mov': //media
 		case 'avi': //media
 		break; // Just accept these
-	case 'php' :
+		case 'php':
-	case 'htm' :
+		case 'htm':
-	case 'html' :
+		case 'html':
-	case 'cgi' :
+		case 'cgi':
-	case 'pl' :
+		case 'pl':
 			return 9; // Never accept these! Whatever the user thinks!
-	default :
+		default:
-	  if (is_bool($unknown)) return ($unknown ? TRUE : 8);
+			if (is_bool($unknown))
 				return ($unknown ? TRUE : 8);
 		}
 		return TRUE; // Accepted here
-}
+	}
-
+	// Get array of file types (file extensions) which are permitted - reads a definition file.
-
+	// Key is the file type.
-// Get array of file types (file extensions) which are permitted - reads a definition file.
+	// If $file_mask is a comma-separated list of file types, only those types which are in both the definition file and in $file_mask are added
-// Key is the file type.
+	function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
-// If $file_mask is a comma-separated list of file types, only those types which are in both the definition file and in $file_mask are added
+	{
-function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
+		$ret = array(
-{
+		);
-  $ret = array();
+		if ($def_file === FALSE)
-  if ($def_file === FALSE) return $ret;
+			return $ret;
 		if ($file_mask)
 		{
 			$file_array = explode(',', $file_mask);
-	foreach ($file_array as $k => $f)
+			foreach ($file_array as $k=>$f)
 			{
 				$file_array[$k] = trim($f);
 			}
@@ -611,65 +634,69 @@ function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
 			}
 		}
 		return $ret;
-}
+	}
-
+	// Parse a file size string (e.g. 16M) and compute the simple numeric value.
-
+	// If $action is empty, return this value.
-// Parse a file size string (e.g. 16M) and compute the simple numeric value.
+	// If $source evaluates to zero, return the compare value instead
-// If $action is empty, return this value.
+	// If $action == 'gt', return the larger of this value and $compare
-// If $source evaluates to zero, return the compare value instead
+	// If $action == 'lt', return the smaller of this value and $compare
-// If $action == 'gt', return the larger of this value and $compare
+	function file_size_decode($source, $compare = 0, $action = '')
-// If $action == 'lt', return the smaller of this value and $compare
+	{
 function file_size_decode($source, $compare = 0, $action = '')
 {
 		$source = trim($source);
-  if (strtolower(substr($source,-1,1)) == 'b') $source = substr($source,0,-1);		// Trim a trailing byte indicator
+		if (strtolower(substr($source, -1, 1)) == 'b')
 			$source = substr($source, 0, -1); // Trim a trailing byte indicator
 		$mult = 1;
-  if (strlen($source) && (strtoupper(substr($source,-1,1)) == 'B')) $source = substr($source,0,-1);
+		if (strlen($source) && (strtoupper(substr($source, -1, 1)) == 'B'))
 			$source = substr($source, 0, -1);
 		if (!$source || is_numeric($source))
 		{
 			$val = $source;
 		}
 		else
 		{
-    $val = substr($source,0,-1);
+			$val = substr($source, 0, -1);
-    switch (substr($source,-1,1))
+			switch (substr($source, -1, 1))
 			{
-	  case 'T' :  
+				case 'T':
 					$val = $val * 1024;
-	  case 'G' :  
+				case 'G':
 					$val = $val * 1024;
-	  case 'M' :
+				case 'M':
 					$val = $val * 1024;
-	  case 'K' :
+				case 'K':
-	  case 'k' :
+				case 'k':
 					$val = $val * 1024;
 				break;
 			}
 		}
-  if ($val == 0) return $compare;
+		if ($val == 0)
 			return $compare;
 		switch ($action)
 		{
-    case 'lt' : return min($val, $compare);
+			case 'lt':
-	case 'gt' : return max($val, $compare);
+				return min($val, $compare);
-	default   : return $val;
+			case 'gt':
 				return max($val, $compare);
 			default:
 				return $val;
 		}
 		return 0;
-}
+	}
-
+	// Similar to get_allowed_filetypes(), but expects an XML file
-
+	// Returns an array where key is the file extension; value is max upload size
-// Similar to get_allowed_filetypes(), but expects an XML file
+	function get_XML_filetypes($def_file = FALSE, $file_mask = '')
-// Returns an array where key is the file extension; value is max upload size
+	{
-function get_XML_filetypes($def_file = FALSE, $file_mask = '')
+		$ret = array(
-{
+		);
-  $ret = array();
+		if ($def_file === FALSE)
-  if ($def_file === FALSE) return $ret;
+			return $ret;
 		if ($file_mask)
 		{
 			$file_array = explode(',', $file_mask);
-	foreach ($file_array as $k => $f)
+			foreach ($file_array as $k=>$f)
 			{
 				$file_array[$k] = trim($f);
 			}
@@ -677,7 +704,7 @@ function get_XML_filetypes($def_file = FALSE, $file_mask = '')
 		if ($def_file && is_readable(e_ADMIN.$def_file))
 		{
-	require_once(e_HANDLER.'xml_class.php');
+			require_once (e_HANDLER.'xml_class.php');
 			$xml = new xmlClass;
 			$temp_vars = $xml->loadXMLfile(e_ADMIN.$def_file, true, false);
 			if ($temp_vars === FALSE)
@@ -687,14 +714,18 @@ function get_XML_filetypes($def_file = FALSE, $file_mask = '')
 			}
 			if (count($temp_vars['class']) == 1)
 			{
-		$temp_vars['class'] = array($temp_vars['class']);
+				$temp_vars['class'] = array(
 					$temp_vars['class']
 				);
 			}
 			foreach ($temp_vars['class'] as $v1)
 			{
 				$v = $v1['@attributes'];
 				if (check_class($v['name']))
 				{
-	  $current_perms[$v['name']] = array('type' => $v['type'],'maxupload' => $v['maxupload']);
+					$current_perms[$v['name']] = array(
 						'type'=>$v['type'], 'maxupload'=>$v['maxupload']
 					);
 					$a_filetypes = explode(',', $v['type']);
 					foreach ($a_filetypes as $ftype)
 					{
@@ -703,7 +734,7 @@ function get_XML_filetypes($def_file = FALSE, $file_mask = '')
 						{ // We can load this extension
 							if (isset($ret[$ftype]))
 							{
-			  $ret[$ftype] = file_size_decode($v['maxupload'],$ret[$ftype], 'gt');	// Use largest value
+								$ret[$ftype] = file_size_decode($v['maxupload'], $ret[$ftype], 'gt'); // Use largest value
 							}
 							else
 							{
@@ -714,22 +745,21 @@ function get_XML_filetypes($def_file = FALSE, $file_mask = '')
 				}
 			}
 		}
-//  echo '<pre>';
+		//  echo '<pre>';
-//  var_dump($ret);
+		//  var_dump($ret);
-//  echo '</pre>';
+		//  echo '</pre>';
 		return $ret;
-}
+	}
-
+	// Calculate 'global' maximum upload size - the maximum before extension-specific restrictions taken into account
-// Calculate 'global' maximum upload size - the maximum before extension-specific restrictions taken into account
+	function calc_max_upload_size($max_up = -1)
-function calc_max_upload_size($max_up = -1)
+	{
-{
+		global $pref,$admin_log;
  global $pref, $admin_log;
 		// Work out maximum allowable file size
 		if (UH_DEBUG)
 		{
-	$admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test",
+			$admin_log->
-	  "File size limits - user set: ".$pref['upload_maxfilesize']." Post_max_size: ".ini_get('post_max_size')." upload_max_size: ".ini_get('upload_max_size'),FALSE,FALSE);
+				e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "File size limits - user set: ".$pref['upload_maxfilesize']." Post_max_size: ".ini_get('post_max_size')." upload_max_size: ".ini_get('upload_max_size'), FALSE, FALSE);
 		}
 		$max_upload_size = file_size_decode(ini_get('post_max_size'));
 		$max_upload_size = file_size_decode(ini_get('upload_max_filesize'), $max_upload_size, 'lt');
@@ -739,22 +769,23 @@ function calc_max_upload_size($max_up = -1)
 		}
 		else
 		{
-	if (varset($pref['upload_maxfilesize'],0) > 0) $max_upload_size = file_size_decode($pref['upload_maxfilesize'], $max_upload_size, 'lt');
+			if (varset($pref['upload_maxfilesize'], 0) > 0)
 				$max_upload_size = file_size_decode($pref['upload_maxfilesize'], $max_upload_size, 'lt');
 		}
-  if ($save_to_db) $max_upload_size = min($max_upload_size, 512000);		// Approx 500k limit for database saves
+		if ($save_to_db)
-  if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Final max upload size: {$max_upload_size}",FALSE,FALSE);
+			$max_upload_size = min($max_upload_size, 512000); // Approx 500k limit for database saves
 		if (UH_DEBUG)
 			$admin_log->
 				e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final max upload size: {$max_upload_size}", FALSE, FALSE);
 		return $max_upload_size;
-}
+	}
-
+	// Get an array of permitted filetypes according to a set hierarchy.
-
+	function get_filetypes($file_mask = FALSE, $filename = '')
-
+	{
 // Get an array of permitted filetypes according to a set hierarchy.
 function get_filetypes($file_mask = FALSE, $filename = '')
 {
 		if ($filename != '')
 		{
-	if (strtolower(substr($filename,-4) == '.xml'))
+			if (strtolower(substr($filename, -4) == '.xml'))
 			{
 				return get_XML_filetypes($filename, $file_mask);
 			}
@@ -775,37 +806,38 @@ function get_filetypes($file_mask = FALSE, $filename = '')
 		{
 			return get_allowed_filetypes('filetypes.php', $file_mask);
 		}
-  return array();			// Just an empty array
+		return array(
-}
+		); // Just an empty array
 	}
-
+	// Scans the array of allowed file types, updates allowed max size as appropriate.
-// Scans the array of allowed file types, updates allowed max size as appropriate.
+	// Returns largest allowed file size
-// Returns largest allowed file size
+	function set_max_size(&$allowed_filetypes, $max_upload_size)
-function set_max_size(&$allowed_filetypes, $max_upload_size)
+	{
 {
 		$new_max = 0;
-  foreach ($allowed_filetypes as $t => $s)
+		foreach ($allowed_filetypes as $t=>$s)
 		{
 			if ($s < 0)
 			{ // Unspecified max - use the global value
 				$allowed_filetypes[$t] = $max_upload_size;
 			}
-	elseif ($allowed_filetypes[$t] > $max_upload_size) $allowed_filetypes[$t] = $max_upload_size;
+			elseif ($allowed_filetypes[$t] > $max_upload_size)
-	if ($allowed_filetypes[$t] > $new_max) $new_max = $allowed_filetypes[$t];
+				$allowed_filetypes[$t] = $max_upload_size;
 			if ($allowed_filetypes[$t] > $new_max)
 				$new_max = $allowed_filetypes[$t];
 		}
 		return $new_max;
-}
+	}
-
+	// Quick routine if all we want is the size of the largest file the current user can upload
-
+	function get_user_max_upload()
-// Quick routine if all we want is the size of the largest file the current user can upload
+	{
 function get_user_max_upload()
 {
 		$a_filetypes = get_filetypes();
-  if (count($a_filetypes) == 0) return 0;			// Return if no upload allowed
+		if (count($a_filetypes) == 0)
 			return 0; // Return if no upload allowed
 		$max_upload_size = calc_max_upload_size(-1); // Find overriding maximum upload size
 		$max_upload_size = set_max_size($a_filetypes, $max_upload_size);
 		return $max_upload_size;
-}
+	}
 ?>