This article is aimed to solve 2 problems. First, Seditio is in the need of a gentle way to resize avatar/photo/signature image on upload. Second, default Seditio user profile script strangely forces all images to be GIF, although they can be in JPEG/PNG format.
One solution of the first problem is suggested
here and is included in v122 beta. It has a few drawbacks: it can't handle transparent and animated gifs and it uses rare
pnmscale tool from netpbm package. We will solve them by using a state-of-art image manipulation tool
ImageMagick which is found on most distributions. The only puzzle left is that we still use system() calls to do it, so we'll leave system()-less solution for GD library freaks.
The second problem is solved by handling image extensions correctly.
You can apply the patch by following instructions below, or simply by replacing your default
system/core/users/users.profile.inc.php with one available from the link at the bottom.
1. Find this:
Kod:
$profile_form_avatar = "<a name=\"avatar\" id=\"avatar\"></a>";
$profile_form_photo = "<a name=\"photo\" id=\"photo\"></a>";
$profile_form_signature = "<a name=\"signature\" id=\"signature\"></a>";
Replace with:
Kod:
$profile_form_avatar = "<a name=\"avatar\" id=\"avatar\"></a>";
$profile_form_photo = "<a name=\"photo\" id=\"photo\"></a>";
$profile_form_signature = "<a name=\"signature\" id=\"signature\"></a>";
$valid_exts = array('gif', 'jpg', 'jpeg', 'png');
2. Find this:
Kod:
sed_check_xg();
$avatar = $usr['id']."-avatar.gif";
$avatarpath = $cfg['pfs_dir'].$avatar;
if (file_exists($avatarpath))
{ unlink($avatarpath); }
Replace with:
Kod:
sed_check_xg();
// Custom extension fix
$avatar = $usr['id']."-avatar.gif";
$avatarpath = $cfg['av_dir'].$avatar;
foreach($valid_exts as $f_ext)
{
$av = $usr['id']."-avatar.$f_ext";
$avp = $cfg['av_dir'].$av;
if (file_exists($avp))
{
unlink($avp);
$avatar = $av;
$avatarpath = $avp;
break;
}
}
3. Find this:
Kod:
sed_check_xg();
$photo = $usr['id']."-photo.gif";
$photopath = $cfg['pfs_dir'].$photo;
if (file_exists($photopath))
{ unlink($photopath); }
Replace with:
Kod:
sed_check_xg();
// Custom extension fix
$photo = $usr['id']."-photo.gif";
$photopath = $cfg['photos_dir'].$photo;
foreach($valid_exts as $f_ext)
{
$ph = $usr['id']."-photo.$f_ext";
$phpath = $cfg['photos_dir'].$ph;
if (file_exists($phpath))
{
unlink($phpath);
$photo = $ph;
$photopath = $phpath;
}
}
4. Find this:
Kod:
sed_check_xg();
$signature = $usr['id']."-signature.gif";
$signaturepath = $cfg['pfs_dir'].$signature;
if (file_exists($signaturepath))
{ unlink($signaturepath); }
Replace with:
Kod:
sed_check_xg();
$signature = $usr['id']."-signature.gif";
$signaturepath = $cfg['sig_dir'].$signature;
foreach($valid_exts as $f_ext)
{
$sig = $usr['id']."-signature.$f_ext";
$sigpath = $cfg['sig_dir'].$sig;
if (file_exists($sigpath))
{
unlink($sigpath);
$signature = $sig;
$signaturepath = $sigpath;
}
}
5. Find this:
Kod:
if (is_uploaded_file($uav_tmp_name) && $uav_size>0 && $uav_size<=$cfg['av_maxsize'] && ($f_extension=='jpeg' || $f_extension=='jpg' || $f_extension=='gif' || $f_extension=='png'))
{
list($w, $h) = @getimagesize($uav_tmp_name);
if ($w<=$cfg['av_maxx'] && $h<=$cfg['av_maxy'] )
{
$avatar = $usr['id']."-avatar.gif";
$avatarpath = $cfg['av_dir'].$avatar;
if (file_exists($avatarpath))
{ unlink($avatarpath); }
move_uploaded_file($uav_tmp_name, $avatarpath);
$uav_size = filesize($avatarpath);
$sql = sed_sql_query("UPDATE $db_users SET user_avatar='$avatarpath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$avatar'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$avatar', '$f_extension', -1, '', ".(int)$uav_size.", 0)");
@chmod($avatarpath, 0666);
}
}
Replace with:
Kod:
if (is_uploaded_file($uav_tmp_name) && $uav_size>0 /*&& $uav_size<=$cfg['av_maxsize']*/ && in_array($f_extension, $valid_exts))
{
$avatar = $usr['id'].'-avatar.'.$f_extension;
$avatarpath = $cfg['av_dir'].$avatar;
$old_avatar = '';
$old_avatarpath = '';
foreach($valid_exts as $f_ext)
{
$old_avatar = $usr['id'].'-avatar.'.$f_ext;
$old_avatarpath = $cfg['av_dir'].$old_avatar;
if (file_exists($old_avatarpath))
{
unlink($old_avatarpath);
break;
}
}
move_uploaded_file($uav_tmp_name, $avatarpath);
// auto-resize with ImageMagick:
system("convert $avatarpath -resize {$cfg['av_maxx']}x{$cfg['av_maxy']}\> $avatarpath");
$uav_size = filesize($avatarpath);
$sql = sed_sql_query("UPDATE $db_users SET user_avatar='$avatarpath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$old_avatar'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$avatar', '$f_extension', -1, '', ".(int)$uav_size.", 0)");
@chmod($avatarpath, 0666);
}
6. Find this:
Kod:
if (is_uploaded_file($uph_tmp_name) && $uph_size>0 && $uph_size<=$cfg['ph_maxsize'] && ($f_extension=='jpeg' || $f_extension=='jpg' || $f_extension=='gif' || $f_extension=='png'))
{
list($w, $h) = @getimagesize($uph_tmp_name);
if ($w<=$cfg['ph_maxx'] && $h<=$cfg['ph_maxy'] )
{
$photo = $usr['id']."-photo.gif";
$photopath = $cfg['photos_dir'].$photo;
if (file_exists($photopath))
{ unlink($photopath); }
move_uploaded_file($uph_tmp_name, $photopath);
$uph_size = filesize($photopath);
$sql = sed_sql_query("UPDATE $db_users SET user_photo='$photopath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$photo'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$photo', '$f_extension', -1, '', ".(int)$uph_size.", 0)");
@chmod($photopath, 0666);
}
}
Replace with:
Kod:
if (is_uploaded_file($uph_tmp_name) && $uph_size>0 /*&& $uph_size<=$cfg['ph_maxsize']*/ && in_array($f_extension, $valid_exts))
{
$photo = $usr['id'].'-photo.'.$f_extension;
$photopath = $cfg['photos_dir'].$photo;
$old_photo = '';
$old_photopath = '';
foreach($valid_exts as $f_ext)
{
$old_photo = $usr['id'].'-photo.'.$f_ext;
$old_photopath = $cfg['photos_dir'].$old_photo;
if (file_exists($old_photopath))
{
unlink($old_photopath);
break;
}
}
move_uploaded_file($uph_tmp_name, $photopath);
// auto-resize with ImageMagick:
system("convert $photopath -resize {$cfg['ph_maxx']}x{$cfg['ph_maxy']}\> $photopath");
$uph_size = filesize($photopath);
$sql = sed_sql_query("UPDATE $db_users SET user_photo='$photopath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$old_photo'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$photo', '$f_extension', -1, '', ".(int)$uph_size.", 0)");
@chmod($photopath, 0666);
}
7. Find this:
Kod:
if (is_uploaded_file($usig_tmp_name) && $usig_size>0 && $usig_size<=$cfg['sig_maxsize'] && ($f_extension=='jpeg' || $f_extension=='jpg' || $f_extension=='gif' || $f_extension=='png'))
{
list($w, $h) = @getimagesize($usig_tmp_name);
if ($w<=$cfg['sig_maxx'] && $h<=$cfg['sig_maxy'] )
{
$signature = $usr['id']."-signature.gif";
$signaturepath = $cfg['sig_dir'].$signature;
if (file_exists($signaturepath))
{ unlink($signaturepath); }
move_uploaded_file($usig_tmp_name, $signaturepath);
$usig_size = filesize($signaturepath);
$sql = sed_sql_query("UPDATE $db_users SET user_signature='$signaturepath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$signature'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$signature', '$f_extension', -1, '', ".(int)$usig_size.", 0)");
@chmod($signaturepath, 0666);
}
}
Replace with:
Kod:
if (is_uploaded_file($usig_tmp_name) && $usig_size>0 /*&& $usig_size<=$cfg['sig_maxsize']*/ && in_array($valid_exts, $f_extension))
{
$signature = $usr['id'].'-signature.'.$f_extension;
$signaturepath = $cfg['sig_dir'].$signature;
$old_signature = '';
$old_signaturepath = '';
foreach($valid_exts as $f_ext)
{
$old_signature = $usr['id'].'-signature.'.$f_ext;
$old_signaturepath = $cfg['sig_dir'].$old_signature;
if (file_exists($old_signaturepath))
{
unlink($old_signaturepath);
break;
}
}
move_uploaded_file($usig_tmp_name, $signaturepath);
// auto-resize with ImageMagick:
system("convert $signaturepath -resize {$cfg['sig_maxx']}x{$cfg['sig_maxy']}\> $signaturepath");
$usig_size = filesize($signaturepath);
$sql = sed_sql_query("UPDATE $db_users SET user_signature='$signaturepath' WHERE user_id='".$usr['id']."'");
$sql = sed_sql_query("DELETE FROM $db_pfs WHERE pfs_file='$old_signature'");
$sql = sed_sql_query("INSERT INTO $db_pfs (pfs_userid, pfs_file, pfs_extension, pfs_folderid, pfs_desc, pfs_size, pfs_count) VALUES (".(int)$usr['id'].", '$signature', '$f_extension', -1, '', ".(int)$usig_size.", 0)");
@chmod($signaturepath, 0666);
}
(0)
