inline attachments that can be posted out of band and loaded from urls like http://volition:8000/index.php?action=dlattach;attach=14;type=inline;hash=aef07afc7f3742afec74d009af8f2ea7b2ac7f8f. not working: js to actually send the attachment, attachment management in admin panel.

.gitignore

@@ -1 +1,2 @@
 cache
+attachments

Settings_bak.php

@@ -20,30 +20,43 @@ $mmessage = 'Okay faithful users...we\'re attempting to restore an older backup
 ########## Forum Info ##########
 $mbname = 'My Community';		# The name of your forum.
 $language = 'english';		# The default language file set for the forum.
-$boardurl = 'http://127.0.0.1/smf';		# URL to your forum's folder. (without the trailing /!)
-$webmaster_email = 'noreply@myserver.com';		# Email address to send emails from. (like noreply@yourdomain.com.)
-$cookiename = 'SMFCookie11';		# Name of the cookie to set for authentication.
+$boardurl = 'http://volition:8000';		# URL to your forum's folder. (without the trailing /!)
+$webmaster_email = 'vivlim@pm.me';		# Email address to send emails from. (like noreply@yourdomain.com.)
+$cookiename = 'SMFCookie466';		# Name of the cookie to set for authentication.
 
 ########## Database Info ##########
 $db_type = 'mysql';
-$db_server = 'localhost';
-$db_name = 'smf';
-$db_user = 'root';
-$db_passwd = '';
+$db_server = 'db';
+$db_name = 'smfdb';
+$db_user = 'smfuser';
+$db_passwd = 'smfpass';
 $ssi_db_user = '';
 $ssi_db_passwd = '';
-$db_prefix = 'smf_';
+$db_prefix = 'rpe_';
 $db_persist = 0;
 $db_error_send = 1;
 
 ########## Directories/Files ##########
 # Note: These directories do not have to be changed unless you move things.
-$boarddir = dirname(__FILE__);		# The absolute path to the forum's folder. (not just '.'!)
-$sourcedir = dirname(__FILE__) . '/Sources';		# Path to the Sources directory.
-$cachedir = dirname(__FILE__) . '/cache';		# Path to the cache directory.
+$boarddir = '/var/www/html';		# The absolute path to the forum's folder. (not just '.'!)
+$sourcedir = '/var/www/html/Sources';		# Path to the Sources directory.
+$cachedir = '/var/www/html/cache';		# Path to the cache directory.
 
 ########## Error-Catching ##########
 # Note: You shouldn't touch these settings.
 $db_last_error = 0;
 
+
+# Make sure the paths are correct... at least try to fix them.
+if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
+	$boarddir = dirname(__FILE__);
+if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
+	$sourcedir = $boarddir . '/Sources';
+if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
+	$cachedir = $boarddir . '/cache';
+
+$image_proxy_secret = '6c9bbacd93a9965b71f8';
+$image_proxy_maxsize = '5190';
+$image_proxy_enabled = '0';
+$auth_secret = '2a70230be5bddc2ce8c1690a03dbd2cf1a0722b00a89107e28b27e66c4217d43';
 ?>

Sources/Display.php

@@ -1225,21 +1225,38 @@ function Download()
 	if (!isset($_REQUEST['attach']) && !isset($_REQUEST['id']))
 		fatal_lang_error('no_access', false);
 
-	$_REQUEST['attach'] = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : (int) $_REQUEST['id'];
-
-	if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'avatar')
+	if (isset($_REQUEST['type']))
 	{
-		$request = $smcFunc['db_query']('', '
-			SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
-			FROM {db_prefix}attachments
-			WHERE id_attach = {int:id_attach}
-				AND id_member > {int:blank_id_member}
-			LIMIT 1',
-			array(
-				'id_attach' => $_REQUEST['attach'],
-				'blank_id_member' => 0,
-			)
-		);
+		if ($_REQUEST['type'] == 'avatar')
+		{
+			$request = $smcFunc['db_query']('', '
+				SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
+				FROM {db_prefix}attachments
+				WHERE id_attach = {int:id_attach}
+					AND id_member > {int:blank_id_member}
+				LIMIT 1',
+				array(
+					'id_attach' => $_REQUEST['attach'],
+					'blank_id_member' => 0,
+				)
+			);
+		}
+		elseif ($_REQUEST['type'] == 'inline' && isset($_REQUEST['hash'])) // Inline attachments require passing the file hash, so you can't get them just by guessing ids
+		{
+			$request = $smcFunc['db_query']('', '
+				SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
+				FROM {db_prefix}attachments
+				WHERE id_attach = {int:id_attach}
+					AND file_hash = {string:hash}
+					AND attachment_type = {int:inline_attachment_type}
+				LIMIT 1',
+				array(
+					'id_attach' => $_REQUEST['attach'],
+					'hash' => $_REQUEST['hash'],
+					'inline_attachment_type' => 4,
+				)
+			);
+		}
 		$_REQUEST['image'] = true;
 	}
 	// This is just a regular attachment...
@@ -1724,4 +1741,4 @@ function QuickInTopicModeration()
 	redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']);
 }
 
-?>
+?>

Sources/ManageAttachments.php

@@ -299,7 +299,7 @@ function BrowseFiles()
 	$context['sub_template'] = 'browse';
 
 	// Attachments or avatars?
-	$context['browse_type'] = isset($_REQUEST['avatars']) ? 'avatars' : (isset($_REQUEST['thumbs']) ? 'thumbs' : 'attachments');
+	$context['browse_type'] = isset($_REQUEST['avatars']) ? 'avatars' : (isset($_REQUEST['thumbs']) ? 'thumbs' : (isset($_REQUEST['inline'])) ? 'inline' : 'attachments');
 
 	// Set the options for the list component.
 	$listOptions = array(
@@ -506,6 +506,27 @@ function list_getFiles($start, $items_per_page, $sort, $browse_type)
 				'per_page' => $items_per_page,
 			)
 		);
+    elseif ($browse_type === 'inline')
+		$request = $smcFunc['db_query']('', '
+			SELECT
+				{string:blank_text} AS id_msg, IFNULL(mem.real_name, {string:not_applicable_text}) AS poster_name,
+				mem.last_login AS poster_time, 0 AS id_topic, a.id_member, a.id_attach, a.filename, a.file_hash, a.attachment_type,
+				a.size, a.width, a.height, a.downloads, {string:blank_text} AS subject, 0 AS id_board
+			FROM {db_prefix}attachments AS a
+				LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = a.id_member)
+			WHERE a.id_member != {int:guest_id} AND a.attachment_type = {int:inline_attachment_type}
+			ORDER BY {raw:sort}
+			LIMIT {int:start}, {int:per_page}',
+			array(
+				'guest_id' => 0,
+				'inline_attachment_type' => 4,
+				'blank_text' => '',
+				'not_applicable_text' => $txt['not_applicable'],
+				'sort' => $sort,
+				'start' => $start,
+				'per_page' => $items_per_page,
+			)
+		);
 	else
 		$request = $smcFunc['db_query']('', '
 			SELECT
@@ -1832,4 +1853,4 @@ function attachDirStatus($dir, $expected_files)
 		return array('ok', false, $dir_size);
 }
 
-?>
+?>

Sources/Subs-Post.php

@@ -2226,17 +2226,20 @@ function createAttachment(&$attachmentOptions)
 			$attachmentOptions['fileext'] = '';
 	}
 
+	$attachment_type = !empty($attachmentOptions['attachment_type']) ? $attachmentOptions['attachment_type'] : 0;
+
 	$smcFunc['db_insert']('',
 		'{db_prefix}attachments',
 		array(
 			'id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8',
 			'size' => 'int', 'width' => 'int', 'height' => 'int',
-			'mime_type' => 'string-20', 'approved' => 'int',
+			'mime_type' => 'string-20', 'approved' => 'int', 'attachment_type' => 'int'
 		),
 		array(
 			$id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['file_hash'], $attachmentOptions['fileext'],
 			(int) $attachmentOptions['size'], (empty($attachmentOptions['width']) ? 0 : (int) $attachmentOptions['width']), (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']),
 			(!empty($attachmentOptions['mime_type']) ? $attachmentOptions['mime_type'] : ''), (int) $attachmentOptions['approved'],
+			$attachment_type,
 		),
 		array('id_attach')
 	);
@@ -3325,4 +3328,4 @@ function time_format__preg_callback($matches)
 {
 	return '[time]' . timeformat($matches[1], false) . '[/time]';
 }
-?>
+?>

Sources/UploadAttachment.php

@@ -0,0 +1,187 @@
+<?php
+
+/**
+ * Simple Machines Forum (SMF)
+ *
+ * @package SMF
+ * @author viviridian
+ * @copyright 2020 viviridian
+ * @license http://www.simplemachines.org/about/smf/license.php BSD
+ *
+ * @version 2.0.16
+ */
+
+if (!defined('SMF'))
+	die('Hacking attempt...');
+
+/*	Adds a simple api allowing users to post attachments programmatically.
+	I'm using this to enable pasting images into posts.
+ */
+
+function UploadAttachment()
+{
+	global $txt, $scripturl, $topic, $modSettings, $board;
+	global $user_info, $sc, $board_info, $context, $settings;
+	global $sourcedir, $options, $smcFunc, $language;
+
+	if (!allowedTo('post_attachment') && !allowedTo('post_unapproved_attachments')){
+		//die('not allowed to upload attachment');
+	}
+
+	/*
+	if (empty($_SESSION['temp_attachments']))
+		$_SESSION['temp_attachments'] = array();
+
+	if (!empty($modSettings['currentAttachmentUploadDir']))
+	{
+		if (!is_array($modSettings['attachmentUploadDir']))
+			$modSettings['attachmentUploadDir'] = safe_unserialize($modSettings['attachmentUploadDir']);
+
+		// Just use the current path for temp files.
+		$current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
+	}
+	else
+		$current_attach_dir = $modSettings['attachmentUploadDir'];
+
+	$temp_start = 0;
+
+	if (empty($_FILES['attachment'])){
+		die('no file to upload');
+	}
+
+	if ($_FILES['attachment']['name'] == '')
+	{
+		die('no name');
+		continue;
+	}
+	print("a"); // remove
+	if (!is_uploaded_file($_FILES['attachment']['tmp_name']) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['attachment']['tmp_name'])))
+		fatal_lang_error('attach_timeout', 'critical');
+
+	print("b"); // remove
+	if (!empty($modSettings['attachmentSizeLimit']) && $_FILES['attachment']['size'] > $modSettings['attachmentSizeLimit'] * 1024)
+		fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit']));
+
+	print("c"); // remove
+	if (!empty($modSettings['attachmentCheckExtensions']))
+	{
+		if (!in_array(strtolower(substr(strrchr($_FILES['attachment']['name'], '.'), 1)), explode(',', strtolower($modSettings['attachmentExtensions']))))
+			fatal_error($_FILES['attachment']['name'] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
+	}
+
+	print("d"); // remove
+	if (!empty($modSettings['attachmentDirSizeLimit']))
+	{
+	print("e"); // remove
+		// Make sure the directory isn't full.
+		$dirSize = 0;
+		$dir = @opendir($current_attach_dir) or fatal_lang_error('cant_access_upload_path', 'critical');
+		while ($file = readdir($dir))
+		{
+			if ($file == '.' || $file == '..')
+				continue;
+
+			if (preg_match('~^post_tmp_\d+_\d+$~', $file) != 0)
+			{
+				// Temp file is more than 5 hours old!
+				if (filemtime($current_attach_dir . '/' . $file) < time() - 18000)
+					@unlink($current_attach_dir . '/' . $file);
+				continue;
+			}
+
+			$dirSize += filesize($current_attach_dir . '/' . $file);
+		}
+		closedir($dir);
+
+		// Too big!  Maybe you could zip it or something...
+		if ($_FILES['attachment']['size'] + $dirSize > $modSettings['attachmentDirSizeLimit'] * 1024)
+			fatal_lang_error('ran_out_of_space');
+	}
+
+	print("f"); // remove
+	if (!is_writable($current_attach_dir))
+		fatal_lang_error('attachments_no_write', 'critical');
+
+	print("g"); // remove
+	$attachID = 'post_tmp_' . $user_info['id'] . '_' . $temp_start++;
+	$_SESSION['temp_attachments'][$attachID] = basename($_FILES['attachment']['name']);
+	$context['current_attachments'][] = array(
+		'name' => htmlspecialchars(basename($_FILES['attachment']['name'])),
+		'id' => $attachID,
+		'approved' => 1,
+	);
+
+	print("h"); // remove
+	$destName = $current_attach_dir . '/' . $attachID;
+
+	if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $destName))
+		fatal_lang_error('attach_timeout', 'critical');
+	print($destName);
+	print("i"); // remove
+	@chmod($destName, 0644);
+
+	// use subs-post createAttachment?
+*/
+
+	require_once($sourcedir . '/Subs-Post.php');
+
+	$attachmentOptions = array(
+		'post' => 0,
+		'poster' => $user_info['id'],
+		'name' => $_FILES['attachment']['name'],
+		'tmp_name' => $_FILES['attachment']['tmp_name'],
+		'size' => $_FILES['attachment']['size'],
+		'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'),
+		'attachment_type' => 4, // to denote inline-uploaded attachments.
+		'skip_thumbnail' => true,
+	);
+
+	if (createAttachment($attachmentOptions))
+	{
+		print("cool");
+		print($attachmentOptions);
+		$attachIDs[] = $attachmentOptions['id'];
+		if (!empty($attachmentOptions['thumb']))
+			$attachIDs[] = $attachmentOptions['thumb'];
+	}
+	else
+	{
+		print("no");
+		if (in_array('could_not_upload', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_lang_error('attach_timeout', 'critical');
+		}
+		if (in_array('too_large', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit']));
+		}
+		if (in_array('bad_extension', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_error($attachmentOptions['name'] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
+		}
+		if (in_array('directory_full', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_lang_error('ran_out_of_space', 'critical');
+		}
+		if (in_array('bad_filename', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['restricted_filename'] . '.', 'critical');
+		}
+		if (in_array('taken_filename', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_lang_error('filename_exists');
+		}
+		if (in_array('bad_attachment', $attachmentOptions['errors']))
+		{
+			checkSubmitOnce('free');
+			fatal_lang_error('bad_attachment');
+		}
+	}
+}
+?>

Themes/default/ManageAttachments.template.php

@@ -47,7 +47,8 @@ function template_browse()
 			<div class="content">
 				<a href="', $scripturl, '?action=admin;area=manageattachments;sa=browse">', $context['browse_type'] === 'attachments' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt="&gt;" /> ' : '', $txt['attachment_manager_attachments'], '</a> |
 				<a href="', $scripturl, '?action=admin;area=manageattachments;sa=browse;avatars">', $context['browse_type'] === 'avatars' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt="&gt;" /> ' : '', $txt['attachment_manager_avatars'], '</a> |
-				<a href="', $scripturl, '?action=admin;area=manageattachments;sa=browse;thumbs">', $context['browse_type'] === 'thumbs' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt="&gt;" /> ' : '', $txt['attachment_manager_thumbs'], '</a>
+				<a href="', $scripturl, '?action=admin;area=manageattachments;sa=browse;thumbs">', $context['browse_type'] === 'thumbs' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt="&gt;" /> ' : '', $txt['attachment_manager_thumbs'], '</a> |
+				<a href="', $scripturl, '?action=admin;area=manageattachments;sa=browse;inline">', $context['browse_type'] === 'inline' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt="&gt;" /> ' : '', 'Inline</a>
 			</div>
 			<span class="botslice"><span></span></span>
 		</div>
@@ -212,4 +213,4 @@ function template_attachment_paths()
 	template_show_list('attach_paths');
 }
 
-?>
+?>

index.php

@@ -350,6 +350,7 @@ function smf_main()
 		'about:unknown' => array('Karma.php', 'BookOfUnknown'),
 		'unread' => array('Recent.php', 'UnreadTopics'),
 		'unreadreplies' => array('Recent.php', 'UnreadTopics'),
+		'uploadattachment' => array('UploadAttachment.php', 'UploadAttachment'),
 		'verificationcode' => array('Register.php', 'VerificationCode'),
 		'viewprofile' => array('Profile.php', 'ModifyProfile'),
 		'vote' => array('Poll.php', 'Vote'),
@@ -383,4 +384,4 @@ function smf_main()
 	return $actionArray[$_REQUEST['action']][1];
 }
 
-?>
+?>