file/attachment storage api with revision control - needs a bit more testing but the framework is in place

1 files changed, 9 insertions, 26 deletions

diff --git a/mod/attach.php b/mod/attach.php
index f300ec6fb..b94c02c19 100644
--- a/mod/attach.php
+++ b/mod/attach.php
@@ -1,42 +1,25 @@
 <?php
 
 require_once('include/security.php');
+require_once('include/attach.php');
 
 function attach_init(&$a) {
 
-	if(argc() != 2) {
+	if(argc() < 2) {
 		notice( t('Item not available.') . EOL);
 		return;
 	}
 
-	$hash = argv(1);
+	$r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0));
 
-	// Check for existence, which will also provide us the owner uid
-
-	$r = q("SELECT * FROM `attach` WHERE `hash` = '%s' LIMIT 1",
-		dbesc($hash)
-	);
-	if(! count($r)) {
-		notice( t('Item was not found.'). EOL);
-		return;
-	}
-
-	$sql_extra = permissions_sql($r[0]['uid']);
-
-	// Now we'll see if we can access the attachment
-
-	$r = q("SELECT * FROM `attach` WHERE hash = '%s' $sql_extra LIMIT 1",
-		dbesc($hash)
-	);
-
-	if(! count($r)) {
-		notice( t('Permission denied.') . EOL);
+	if(! $r['success']) {
+		notice( $r['message'] . EOL);
 		return;
 	}
 
-	header('Content-type: ' . $r[0]['filetype']);
-	header('Content-disposition: attachment; filename=' . $r[0]['filename']);
-	echo $r[0]['data'];
+	header('Content-type: ' . $r['data']['filetype']);
+	header('Content-disposition: attachment; filename=' . $r['data']['filename']);
+	echo $r['data']['data'];
 	killme();
-	// NOTREACHED
+
 }
\ No newline at end of file