function profileSaveAvatarData(&$value)
{
global $modSettings, $sourcedir, $smcFunc, $profile_vars, $cur_profile, $context;
$memID = $context['id_member'];
if (empty($memID) && !empty($context['password_auth_failed'])) {
return false;
}
require_once $sourcedir . '/ManageAttachments.php';
// We need to know where we're going to be putting it..
if (!empty($modSettings['custom_avatar_enabled'])) {
$uploadDir = $modSettings['custom_avatar_dir'];
$id_folder = 1;
} elseif (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// Just use the current path for temp files.
$uploadDir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
$id_folder = $modSettings['currentAttachmentUploadDir'];
} else {
$uploadDir = $modSettings['attachmentUploadDir'];
$id_folder = 1;
}
$downloadedExternalAvatar = false;
if ($value == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external'])) {
if (!is_writable($uploadDir)) {
fatal_lang_error('attachments_no_write', 'critical');
}
require_once $sourcedir . '/Subs-Package.php';
$url = parse_url($_POST['userpicpersonal']);
$contents = fetch_web_data('http://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
if ($contents != false && ($tmpAvatar = fopen($uploadDir . '/avatar_tmp_' . $memID, 'wb'))) {
fwrite($tmpAvatar, $contents);
fclose($tmpAvatar);
$downloadedExternalAvatar = true;
$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
}
if ($value == 'none') {
$profile_vars['avatar'] = '';
// Reset the attach ID.
$cur_profile['id_attach'] = 0;
$cur_profile['attachment_type'] = 0;
$cur_profile['filename'] = '';
removeAttachments(array('id_member' => $memID));
} elseif ($value == 'server_stored' && allowedTo('profile_server_avatar')) {
$profile_vars['avatar'] = strtr(empty($_POST['file']) ? empty($_POST['cat']) ? '' : $_POST['cat'] : $_POST['file'], array('&' => '&'));
$profile_vars['avatar'] = preg_match('~^([\\w _!@%*=\\-#()\\[\\]&.,]+/)?[\\w _!@%*=\\-#()\\[\\]&.,]+$~', $profile_vars['avatar']) != 0 && preg_match('/\\.\\./', $profile_vars['avatar']) == 0 && file_exists($modSettings['avatar_directory'] . '/' . $profile_vars['avatar']) ? $profile_vars['avatar'] == 'blank.gif' ? '' : $profile_vars['avatar'] : '';
// Clear current profile...
$cur_profile['id_attach'] = 0;
$cur_profile['attachment_type'] = 0;
$cur_profile['filename'] = '';
// Get rid of their old avatar. (if uploaded.)
removeAttachments(array('id_member' => $memID));
} elseif ($value == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && empty($modSettings['avatar_download_external'])) {
// We need these clean...
$cur_profile['id_attach'] = 0;
$cur_profile['attachment_type'] = 0;
$cur_profile['filename'] = '';
// Remove any attached avatar...
removeAttachments(array('id_member' => $memID));
$profile_vars['avatar'] = str_replace('%20', '', preg_replace('~action(?:=|%3d)(?!dlattach)~i', 'action-', $_POST['userpicpersonal']));
if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///') {
$profile_vars['avatar'] = '';
} elseif (substr($profile_vars['avatar'], 0, 7) != 'http://') {
return 'bad_avatar';
} elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external'])) {
// Now let's validate the avatar.
$sizes = url_image_size($profile_vars['avatar']);
if (is_array($sizes) && ($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external']) || $sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))) {
// Houston, we have a problem. The avatar is too large!!
if ($modSettings['avatar_action_too_large'] == 'option_refuse') {
return 'bad_avatar';
} elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize') {
require_once $sourcedir . '/Subs-Graphics.php';
if (downloadAvatar($profile_vars['avatar'], $memID, $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external'])) {
$profile_vars['avatar'] = '';
$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
} else {
return 'bad_avatar';
}
}
}
}
} elseif ($value == 'upload' && allowedTo('profile_upload_avatar') || $downloadedExternalAvatar) {
if (isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '' || $downloadedExternalAvatar) {
// Get the dimensions of the image.
if (!$downloadedExternalAvatar) {
if (!is_writable($uploadDir)) {
fatal_lang_error('attachments_no_write', 'critical');
}
if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $uploadDir . '/avatar_tmp_' . $memID)) {
fatal_lang_error('attach_timeout', 'critical');
}
$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
// No size, then it's probably not a valid pic.
if ($sizes === false) {
return 'bad_avatar';
} elseif (!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload'] || !empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']) {
if (!empty($modSettings['avatar_resize_upload'])) {
// Attempt to chmod it.
@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);
require_once $sourcedir . '/Subs-Graphics.php';
if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload'])) {
return 'bad_avatar';
}
// Reset attachment avatar data.
$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
} else {
return 'bad_avatar';
}
} elseif (is_array($sizes)) {
// Now try to find an infection.
require_once $sourcedir . '/Subs-Graphics.php';
if (!checkImageContents($_FILES['attachment']['tmp_name'], !empty($modSettings['avatar_paranoid']))) {
// It's bad. Try to re-encode the contents?
if (empty($modSettings['avatar_reencode']) || !reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])) {
return 'bad_avatar';
}
// We were successful. However, at what price?
$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
// Hard to believe this would happen, but can you bet?
if ($sizes === false) {
return 'bad_avatar';
}
}
$extensions = array('1' => 'gif', '2' => 'jpg', '3' => 'png', '6' => 'bmp');
$extension = isset($extensions[$sizes[2]]) ? $extensions[$sizes[2]] : 'bmp';
$mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension));
$destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;
list($width, $height) = getimagesize($_FILES['attachment']['tmp_name']);
$file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : '';
// Remove previous attachments this member might have had.
removeAttachments(array('id_member' => $memID));
$smcFunc['db_insert']('', '{db_prefix}attachments', array('id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'mime_type' => 'string', 'id_folder' => 'int'), array($memID, empty($modSettings['custom_avatar_enabled']) ? 0 : 1, $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']), (int) $width, (int) $height, $mime_type, $id_folder), array('id_attach'));
$cur_profile['id_attach'] = $smcFunc['db_insert_id']('{db_prefix}attachments', 'id_attach');
$cur_profile['filename'] = $destName;
$cur_profile['attachment_type'] = empty($modSettings['custom_avatar_enabled']) ? 0 : 1;
$destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash);
if (!rename($_FILES['attachment']['tmp_name'], $destinationPath)) {
// I guess a man can try.
removeAttachments(array('id_member' => $memID));
fatal_lang_error('attach_timeout', 'critical');
}
// Attempt to chmod it.
@chmod($uploadDir . '/' . $destinationPath, 0644);
}
$profile_vars['avatar'] = '';
// Delete any temporary file.
if (file_exists($uploadDir . '/avatar_tmp_' . $memID)) {
@unlink($uploadDir . '/avatar_tmp_' . $memID);
}
} else {
$profile_vars['avatar'] = '';
}
} else {
$profile_vars['avatar'] = '';
}
// Setup the profile variables so it shows things right on display!
$cur_profile['avatar'] = $profile_vars['avatar'];
return false;
}
function makeAvatarChanges($memID, &$post_errors)
{
global $modSettings, $sourcedir, $db_prefix;
if (!isset($_POST['avatar_choice']) || empty($memID)) {
return;
}
require_once $sourcedir . '/ManageAttachments.php';
$uploadDir = empty($modSettings['custom_avatar_enabled']) ? $modSettings['attachmentUploadDir'] : $modSettings['custom_avatar_dir'];
$downloadedExternalAvatar = false;
if ($_POST['avatar_choice'] == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && strlen($_POST['userpicpersonal']) > 7 && !empty($modSettings['avatar_download_external'])) {
if (!is_writable($uploadDir)) {
fatal_lang_error('attachments_no_write');
}
require_once $sourcedir . '/Subs-Package.php';
$url = parse_url($_POST['userpicpersonal']);
$contents = fetch_web_data('http://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . $url['path']);
if ($contents != false && ($tmpAvatar = fopen($uploadDir . '/avatar_tmp_' . $memID, 'wb'))) {
fwrite($tmpAvatar, $contents);
fclose($tmpAvatar);
$downloadedExternalAvatar = true;
$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
}
if ($_POST['avatar_choice'] == 'server_stored' && allowedTo('profile_server_avatar')) {
$_POST['avatar'] = strtr(empty($_POST['file']) ? empty($_POST['cat']) ? '' : $_POST['cat'] : $_POST['file'], array('&' => '&'));
$_POST['avatar'] = preg_match('~^([\\w _!@%*=\\-#()\\[\\]&.,]+/)?[\\w _!@%*=\\-#()\\[\\]&.,]+$~', $_POST['avatar']) != 0 && preg_match('/\\.\\./', $_POST['avatar']) == 0 && file_exists($modSettings['avatar_directory'] . '/' . $_POST['avatar']) ? $_POST['avatar'] == 'blank.gif' ? '' : $_POST['avatar'] : '';
// Get rid of their old avatar. (if uploaded.)
removeAttachments('a.ID_MEMBER = ' . $memID);
} elseif ($_POST['avatar_choice'] == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && empty($modSettings['avatar_download_external'])) {
// Remove any attached avatar...
removeAttachments('a.ID_MEMBER = ' . $memID);
$_POST['avatar'] = preg_replace('~action(=|%3d)(?!dlattach)~i', 'action-', $_POST['userpicpersonal']);
if ($_POST['avatar'] == 'http://' || $_POST['avatar'] == 'http:///') {
$_POST['avatar'] = '';
} elseif (substr($_POST['avatar'], 0, 7) != 'http://') {
$post_errors[] = 'bad_avatar';
} elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external'])) {
// Now let's validate the avatar.
$sizes = url_image_size($_POST['avatar']);
if (is_array($sizes) && ($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external']) || $sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))) {
// Houston, we have a problem. The avatar is too large!!
if ($modSettings['avatar_action_too_large'] == 'option_refuse') {
$post_errors[] = 'bad_avatar';
} elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize') {
require_once $sourcedir . '/Subs-Graphics.php';
if (downloadAvatar($_POST['avatar'], $memID, $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external'])) {
$_POST['avatar'] = '';
} else {
$post_errors[] = 'bad_avatar';
}
}
}
}
} elseif ($_POST['avatar_choice'] == 'upload' && allowedTo('profile_upload_avatar') || $downloadedExternalAvatar) {
if (isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != '' || $downloadedExternalAvatar) {
// Get the dimensions of the image.
if (!$downloadedExternalAvatar) {
if (!is_writable($uploadDir)) {
fatal_lang_error('attachments_no_write');
}
if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $uploadDir . '/avatar_tmp_' . $memID)) {
fatal_lang_error('smf124');
}
$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
}
$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
// No size, then it's probably not a valid pic.
if ($sizes === false) {
$post_errors[] = 'bad_avatar';
} elseif (!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload'] || !empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']) {
if (!empty($modSettings['avatar_resize_upload'])) {
// Attempt to chmod it.
@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);
require_once $sourcedir . '/Subs-Graphics.php';
downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']);
} else {
$post_errors[] = 'bad_avatar';
}
} elseif (is_array($sizes)) {
// Though not an exhaustive list, better safe than sorry.
$fp = fopen($_FILES['attachment']['tmp_name'], 'rb');
if (!$fp) {
fatal_lang_error('smf124');
}
// Now try to find an infection.
while (!feof($fp)) {
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\\s=]|\\<%[\\s=]|html|eval|body|script\\W)~', fgets($fp, 4096)) === 1) {
if (file_exists($uploadDir . '/avatar_tmp_' . $memID)) {
@unlink($uploadDir . '/avatar_tmp_' . $memID);
}
fatal_lang_error('smf124');
}
}
fclose($fp);
$extensions = array('1' => '.gif', '2' => '.jpg', '3' => '.png', '6' => '.bmp');
$extension = isset($extensions[$sizes[2]]) ? $extensions[$sizes[2]] : '.bmp';
$destName = 'avatar_' . $memID . $extension;
list($width, $height) = getimagesize($_FILES['attachment']['tmp_name']);
// Remove previous attachments this member might have had.
removeAttachments('a.ID_MEMBER = ' . $memID);
$file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';
db_query("\n\t\t\t\t\tINSERT INTO {$db_prefix}attachments\n\t\t\t\t\t\t(ID_MEMBER, attachmentType, filename, file_hash, size, width, height)\n\t\t\t\t\tVALUES ({$memID}, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '{$destName}', '" . (empty($file_hash) ? "" : "{$file_hash}") . "', " . filesize($_FILES['attachment']['tmp_name']) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);
$attachID = db_insert_id();
// Try to move this avatar.
$destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $attachID . '_' . $file_hash);
if (!rename($_FILES['attachment']['tmp_name'], $destinationPath)) {
// The move failed, get rid of it and die.
db_query("\n\t\t\t\t\t\tDELETE FROM {$db_prefix}attachments\n\t\t\t\t\t\tWHERE ID_ATTACH = {$attachID}", __FILE__, __LINE__);
fatal_lang_error('smf124');
}
// Attempt to chmod it.
@chmod($destinationPath, 0644);
}
$_POST['avatar'] = '';
// Delete any temporary file.
if (file_exists($uploadDir . '/avatar_tmp_' . $memID)) {
@unlink($uploadDir . '/avatar_tmp_' . $memID);
}
} else {
$_POST['avatar'] = '';
}
} else {
$_POST['avatar'] = '';
}
}
function avatar_save($memID, &$profile_vars, &$cur_profile)
{
// Remove any attached avatar...
removeAttachments(array('id_member' => $memID));
$profile_vars['avatar'] = $_POST['attachment'];
// if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
// $profile_vars['avatar'] = '';
// Trying to make us do something we'll regret?
// var_dump($profile_vars['avatar']);die;
if (!is_numeric($profile_vars['avatar'])) {
return 'bad_avatar';
}
// Should we check dimensions?
// elseif (!empty($modSettings['avatar_max_height_external']) || !empty($modSettings['avatar_max_width_external']))
// {
// Now let's validate the avatar.
// $sizes = url_image_size($profile_vars['avatar']);
// if (is_array($sizes) && (($sizes[0] > $modSettings['avatar_max_width_external'] && !empty($modSettings['avatar_max_width_external'])) || ($sizes[1] > $modSettings['avatar_max_height_external'] && !empty($modSettings['avatar_max_height_external']))))
// {
// Houston, we have a problem. The avatar is too large!!
// if ($modSettings['avatar_action_too_large'] == 'option_refuse')
// return 'bad_avatar';
// elseif ($modSettings['avatar_action_too_large'] == 'option_download_and_resize')
// {
require_once $this->sourcedir . '/Subs-Graphics.php';
$tea_avatar_size = !empty($this->modSettings['tea_avatar_size']) ? $this->modSettings['tea_avatar_size'] : 64;
if (downloadAvatar('http://image.eveonline.com/Character/' . $profile_vars['avatar'] . '_' . $tea_avatar_size . '.jpg', $memID, $tea_avatar_size, $tea_avatar_size)) {
$profile_vars['avatar'] = '';
$cur_profile['id_attach'] = $this->modSettings['new_avatar_data']['id'];
$cur_profile['filename'] = $this->modSettings['new_avatar_data']['filename'];
$cur_profile['attachment_type'] = $this->modSettings['new_avatar_data']['type'];
}
// }
// }
// }
}
