"; + return false; + } + + $headers = get_jpeg_header_data($filename); + if ( !$headers ) + { + echo "Bad headers
"; + return false; + } + + $metadata = get_jpeg_intrinsic_values($headers); + if ( !$metadata ) + { + echo "Bad metadata:
" . print_r($metadata, true) . "
"; + return false; + } + + if ( !isset($metadata['Image Width']) || !isset($metadata['Image Height']) ) + { + echo "No metadata
"; + return false; + } + + return array($metadata['Image Width'], $metadata['Image Height']); +} + +/** + * Generates a URL for the avatar for the given user ID and avatar type. + * @param int User ID + * @param string Image type - must be one of jpg, png, or gif. + * @return string + */ + +function make_avatar_url($user_id, $avi_type) +{ + if ( !is_int($user_id) ) + return false; + if ( !in_array($avi_type, array('png', 'gif', 'jpg')) ) + return false; + return scriptPath . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type; +} + +/** + * Determines an image's filetype based on its signature. + * @param string Path to image file + * @return string One of gif, png, or jpg, or false if none of these. + */ + +function get_image_filetype($filename) +{ + $filecontents = @file_get_contents($filename); + if ( empty($filecontents) ) + return false; + + if ( substr($filecontents, 0, 8) == "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a" ) + return 'png'; + + if ( substr($filecontents, 0, 6) == 'GIF87a' || substr($filecontents, 0, 6) == 'GIF89a' ) + return 'gif'; + + if ( substr($filecontents, 0, 2) == "\xFF\xD8" ) + return 'jpg'; + + return false; +} + //die('
Original: 01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'');
?>
diff -r c2f4c900c507 -r dc838fd61a06 includes/http.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/includes/http.php Thu Dec 20 22:23:07 2007 -0500
@@ -0,0 +1,792 @@
+method == GET.
+ * @var array (associative)
+ */
+
+ var $parms_post = array();
+
+ /**
+ * The list of cookies that will be sent.
+ * @var array (associative)
+ */
+
+ var $cookies_out = array();
+
+ /**
+ * Additional request headers.
+ * @var array (associative)
+ */
+
+ var $headers = array();
+
+ /**
+ * Cached response.
+ * @var string, or bool:false if the request hasn't been sent yet
+ */
+
+ var $response = false;
+
+ /**
+ * Cached response code
+ * @var int set to -1 if request hasn't been sent yet
+ */
+
+ var $response_code = -1;
+
+ /**
+ * Cached response code string
+ * @var string or bool:false if the request hasn't been sent yet
+ */
+
+ var $response_string = false;
+
+ /**
+ * Resource for the socket. False if a connection currently isn't going.
+ * @var resource
+ */
+
+ var $socket = false;
+
+ /**
+ * The state of our request. 0 means it hasn't been made yet. 1 means the socket is open, 2 means the socket is open and the request has been written, 3 means the headers have been fetched, and 4 means the request is completed.
+ * @var int
+ */
+
+ var $state = 0;
+
+ /**
+ * Constructor.
+ * @param string Hostname to send to
+ * @param string URI (/index.php)
+ * @param string Request method - GET or POST.
+ * @param int Optional. The port to open the request on. Defaults to 80.
+ */
+
+ function Request_HTTP($host, $uri, $method = 'GET', $port = 80)
+ {
+ if ( !preg_match('/^(([a-z0-9-]+\.)*?)([a-z0-9-]+)$/', $host) )
+ die(__CLASS__ . ': Invalid hostname');
+ $this->host = $host;
+ $this->uri = $uri;
+ if ( is_int($port) && $port >= 1 && $port <= 65535 )
+ $this->port = $port;
+ else
+ die(__CLASS__ . ': Invalid port');
+ $method = strtoupper($method);
+ if ( $method == 'GET' || $method == 'POST' )
+ $this->method = $method;
+ else
+ die(__CLASS__ . ': Invalid request method');
+
+ $newline = "\r\n";
+ $php_ver = PHP_VERSION;
+ $this->add_header('User-Agent', "PHP/$php_ver (Server: {$_SERVER['SERVER_SOFTWARE']}; automated bot request)");
+ }
+
+ /**
+ * Sets one or more cookies to be sent to the server.
+ * @param string or array If a string, the cookie name. If an array, associative array in the form of cookiename => cookievalue
+ * @param string or bool If a string, the cookie value. If boolean, defaults to false, param 1 should be an array, and this should not be passed.
+ */
+
+ function add_cookie($cookiename, $cookievalue = false)
+ {
+ if ( is_array($cookiename) && !$cookievalue )
+ {
+ foreach ( $cookiename as $name => $value )
+ {
+ $this->cookies_out[$name] = $value;
+ }
+ }
+ else if ( is_string($cookiename) && is_string($cookievalue) )
+ {
+ $this->cookies_out[$cookiename] = $cookievalue;
+ }
+ else
+ {
+ die(__CLASS__ . '::' . __METHOD__ . ': Invalid argument(s)');
+ }
+ }
+
+ /**
+ * Sets one or more request header values.
+ * @param string or array If a string, the header name. If an array, associative array in the form of headername => headervalue
+ * @param string or bool If a string, the header value. If boolean, defaults to false, param 1 should be an array, and this should not be passed.
+ */
+
+ function add_header($headername, $headervalue = false)
+ {
+ if ( is_array($headername) && !$headervalue )
+ {
+ foreach ( $headername as $name => $value )
+ {
+ $this->headers[$name] = $value;
+ }
+ }
+ else if ( is_string($headername) && is_string($headervalue) )
+ {
+ $this->headers[$headername] = $headervalue;
+ }
+ else
+ {
+ die(__CLASS__ . '::' . __METHOD__ . ': Invalid argument(s)');
+ }
+ }
+
+ /**
+ * Adds one or more values to be passed on GET.
+ * @param string or array If a string, the parameter name. If an array, associative array in the form of parametername => parametervalue
+ * @param string or bool If a string, the parameter value. If boolean, defaults to false, param 1 should be an array, and this should not be passed.
+ */
+
+ function add_get($getname, $getvalue = false)
+ {
+ if ( is_array($getname) && !$getvalue )
+ {
+ foreach ( $getname as $name => $value )
+ {
+ $this->parms_get[$name] = $value;
+ }
+ }
+ else if ( is_string($getname) && is_string($getvalue) )
+ {
+ $this->parms_get[$getname] = $getvalue;
+ }
+ else
+ {
+ die(__CLASS__ . '::' . __METHOD__ . ': Invalid argument(s)');
+ }
+ }
+
+ /**
+ * Adds one or more values to be passed on POST.
+ * @param string or array If a string, the header name. If an array, associative array in the form of headername => headervalue
+ * @param string or bool If a string, the header value. If boolean, defaults to false, param 1 should be an array, and this should not be passed.
+ */
+
+ function add_post($postname, $postvalue = false)
+ {
+ if ( is_array($postname) && !$postvalue )
+ {
+ foreach ( $postname as $name => $value )
+ {
+ $this->parms_post[$name] = $value;
+ }
+ }
+ else if ( is_string($postname) && is_string($postvalue) )
+ {
+ $this->parms_post[$postname] = $postvalue;
+ }
+ else
+ {
+ die(__CLASS__ . '::' . __METHOD__ . ': Invalid argument(s)');
+ }
+ }
+
+ /**
+ * Internal function to open up the socket.
+ * @access private
+ */
+
+ function _sock_open(&$connection)
+ {
+ if ( $this->debug )
+ {
+ echo '';
+ echo '
' . __CLASS__ . ': Sending request
Request parameters:
'; + echo "Headers:
$headers"; + echo "
Cookies: $cookies
"; + echo "GET URI: " . htmlspecialchars($get) . "
"; + echo "POST DATA: " . htmlspecialchars($post) . "
"; + } + + // Open connection + $connection = fsockopen($this->host, $this->port); + if ( !$connection ) + die(__CLASS__ . '::' . __METHOD__ . ': Could not make connection'); + + if ( $this->debug ) + echo 'Connection opened. Writing main request to socket. Raw socket data follows.
';
+
+ // 1 = socket open
+ $this->state = 1;
+ }
+
+ /**
+ * Internal function to actually write the request into the socket.
+ * @access private
+ */
+
+ function _write_request(&$connection, &$headers, &$cookies, &$get, &$post)
+ {
+ $newline = "\r\n";
+
+ $this->_fputs($connection, "{$this->method} {$this->uri}{$get} HTTP/1.1{$newline}");
+ $this->_fputs($connection, "Host: {$this->host}{$newline}");
+ $this->_fputs($connection, $headers);
+ $this->_fputs($connection, $cookies);
+
+ if ( $this->method == 'POST' )
+ {
+ // POST-specific parameters
+ $post_length = strlen($post);
+ $this->_fputs($connection, "Content-type: application/x-www-form-urlencoded{$newline}");
+ $this->_fputs($connection, "Content-length: {$post_length}{$newline}");
+ }
+
+ $this->_fputs($connection, "Connection: close{$newline}");
+ $this->_fputs($connection, "{$newline}");
+
+ if ( $this->method == 'POST' )
+ {
+ $this->_fputs($connection, $post);
+ }
+
+ if ( $this->debug )
+ echo 'Request written. Fetching response.
'; + + // 2 = request written + $this->state = 2; + } + + /** + * Wrap up and close the socket. Nothing more than a call to fsockclose() except in debug mode. + * @access private + */ + + function sock_close(&$connection) + { + if ( $this->debug ) + { + echo 'Response fetched. Closing connection. Response text follows.
'; + echo htmlspecialchars($buffer); + echo '
'; + } + + fclose($connection); + } + + /** + * Internal function to grab the response code and status string + * @access string + */ + + function _parse_response_code($buffer) + { + // Retrieve response code and status + $pos_newline = strpos($buffer, "\n"); + $pos_carriage_return = strpos($buffer, "\r"); + $pos_end_first_line = ( $pos_carriage_return < $pos_newline && $pos_carriage_return > 0 ) ? $pos_carriage_return : $pos_newline; + + // First line is in format of: + // HTTP/1.1 ### Blah blah blah(\r?)\n + $response_code = substr($buffer, 9, 3); + $response_string = substr($buffer, 13, ( $pos_end_first_line - 13 ) ); + $this->response_code = intval($response_code); + $this->response_string = $response_string; + } + + /** + * Internal function to send the request. + * @access private + */ + + function _send_request() + { + $this->concat_headers($headers, $cookies, $get, $post); + + if ( $this->state < 1 ) + { + $this->_sock_open($this->socket); + } + if ( $this->state < 2 ) + { + $this->_write_request($this->socket, $headers, $cookies, $get, $post); + } + if ( $this->state == 2 ) + { + $buffer = $this->_read_until_newlines($this->socket); + $this->state = 3; + $this->_parse_response_code($buffer); + $this->response = $buffer; + } + if ( $this->state == 3 ) + { + // Determine transfer encoding + $is_chunked = preg_match("/Transfer-Encoding: (chunked)\r?\n/", $this->response); + + $buffer = ''; + while ( !feof($this->socket) ) + { + $part = fgets($this->socket, 1024); + if ( $is_chunked && preg_match("/^([a-f0-9]+)\x0D\x0A$/", $part, $match) ) + { + $chunklen = hexdec($match[1]); + $part = ( $chunklen > 0 ) ? fread($this->socket, $chunklen) : ''; + // remove the last newline from $part + $part = preg_replace("/\r?\n\$/m", "", $part); + } + $buffer .= $part; + } + $this->response .= $buffer; + } + $this->state = 4; + + $this->sock_close($this->socket); + $this->socket = false; + } + + /** + * Internal function to send the request but only fetch the headers. Leaves a connection open for a finish-up function. + * @access private + */ + + function _send_request_headers_only() + { + $this->concat_headers($headers, $cookies, $get, $post); + + if ( $this->state < 1 ) + { + $this->_sock_open($this->socket); + } + if ( $this->state < 2 ) + { + $this->_write_request($this->socket, $headers, $cookies, $get, $post); + } + if ( $this->state == 2 ) + { + $buffer = $this->_read_until_newlines($this->socket); + $this->state = 3; + $this->_parse_response_code($buffer); + $this->response = $buffer; + } + } + + /** + * Internal function to read from a socket until two consecutive newlines are hit. + * @access private + */ + + function _read_until_newlines($sock) + { + $prev_char = ''; + $prev1_char = ''; + $prev2_char = ''; + $buf = ''; + while ( !feof($sock) ) + { + $chr = fread($sock, 1); + $buf .= $chr; + if ( ( $chr == "\n" && $prev_char == "\n" ) || + ( $chr == "\n" && $prev_char == "\r" && $prev1_char == "\n" && $prev2_char == "\r" ) ) + { + return $buf; + } + $prev2_char = $prev1_char; + $prev1_char = $prev_char; + $prev_char = $chr; + } + return $buf; + } + + /** + * Returns the response text. If the request hasn't been sent, it will be sent here. + * @return string + */ + + function get_response() + { + if ( $this->state == 4 ) + return $this->response; + $this->_send_request(); + return $this->response; + } + + /** + * Writes the response body to a file. This is good for conserving memory when downloading large files. If the file already exists it will be overwritten. + * @param string File to write to + * @param int Chunk size in KB to read from the socket. Optional and should only be needed in circumstances when extreme memory conservation is needed. Defaults to 768. + * @param int Maximum file size. Defaults to 0, which means no limit. + * @return bool True on success, false on failure + */ + + function write_response_to_file($file, $chunklen = 768, $max_file_size = 0) + { + if ( !is_writeable( dirname($file) ) || !file_exists( dirname($file) ) ) + { + return false; + } + $handle = @fopen($file, 'w'); + if ( !$handle ) + return false; + $chunklen = intval($chunklen); + if ( $chunklen < 1 ) + return false; + if ( $this->state == 4 ) + { + // we already have the response, so cheat + $response = $this->get_response_body(); + fwrite($handle, $response); + } + else + { + // read data from the socket, write it immediately, and unset to free memory + $headers = $this->get_response_headers(); + $transferred_bytes = 0; + $bandwidth_exceeded = false; + // if transfer-encoding is chunked, read using chunk sizes the server specifies + $is_chunked = preg_match("/Transfer-Encoding: (chunked)\r?\n/", $this->response); + if ( $is_chunked ) + { + $buffer = ''; + while ( !feof($this->socket) ) + { + $part = fgets($this->socket, ( 1024 * $chunklen )); + // Theoretically if the encoding is really chunked then this should always match. + if ( $is_chunked && preg_match("/^([a-f0-9]+)\x0D\x0A$/", $part, $match) ) + { + $chunk_length = hexdec($match[1]); + $part = ( $chunk_length > 0 ) ? fread($this->socket, $chunk_length) : ''; + // remove the last newline from $part + $part = preg_replace("/\r?\n\$/m", "", $part); + } + + $transferred_bytes += strlen($part); + if ( $max_file_size && $transferred_bytes > $max_file_size ) + { + // truncate output to $max_file_size bytes + $partlen = $max_file_size - ( $transferred_bytes - strlen($part) ); + $part = substr($part, 0, $partlen); + $bandwidth_exceeded = true; + } + fwrite($handle, $part); + if ( $bandwidth_exceeded ) + { + break; + } + } + } + else + { + $first_chunk = fread($this->socket, ( 1024 * $chunklen )); + fwrite($handle, $first_chunk); + while ( !feof($this->socket) ) + { + $chunk = fread($this->socket, ( 1024 * $chunklen )); + + $transferred_bytes += strlen($chunk); + if ( $max_file_size && $transferred_bytes > $max_file_size ) + { + // truncate output to $max_file_size bytes + $partlen = $max_file_size - ( $transferred_bytes - strlen($chunk) ); + $chunk = substr($chunk, 0, $partlen); + $bandwidth_exceeded = true; + } + + fwrite($handle, $chunk); + unset($chunk); + + if ( $bandwidth_exceeded ) + { + break; + } + } + } + } + fclose($handle); + // close socket and reset state, since we haven't cached the response + $this->sock_close($this->socket); + $this->state = 0; + return ($bandwidth_exceeded) ? false : true; + } + + /** + * Returns only the response headers. + * @return string + */ + + function get_response_headers() + { + if ( $this->state == 3 ) + { + return $this->response; + } + else if ( $this->state == 4 ) + { + $pos_end = strpos($this->response, "\r\n\r\n"); + $data = substr($this->response, 0, $pos_start); + return $data; + } + else + { + $this->_send_request_headers_only(); + return $this->response; + } + } + + /** + * Returns only the response headers, as an associative array. + * @return array + */ + + function get_response_headers_array() + { + $data = $this->get_response_headers(); + preg_match_all("/(^|\n)([A-z0-9_-]+?): (.+?)(\r|\n|\$)/", $data, $matches); + $headers = array(); + for ( $i = 0; $i < count($matches[0]); $i++ ) + { + $headers[ $matches[2][$i] ] = $matches[3][$i]; + } + return $headers; + } + + /** + * Returns only the body (not the headers) of the response. If the request hasn't been sent, it will be sent here. + * @return string + */ + + function get_response_body() + { + $data = $this->get_response(); + $pos_start = strpos($data, "\r\n\r\n") + 4; + $data = substr($data, $pos_start); + return $data; + } + + /** + * Returns all cookies requested to be set by the server as an associative array. If the request hasn't been sent, it will be sent here. + * @return array + */ + + function get_cookies() + { + $data = $this->get_response(); + $data = str_replace("\r\n", "\n", $data); + $pos = strpos($data, "\n\n"); + $headers = substr($data, 0, $pos); + preg_match_all("/Set-Cookie: ([a-z0-9_]+)=([^;]+);( expires=([^;]+);)?( path=(.*?))?\n/", $headers, $cookiematch); + if ( count($cookiematch[0]) < 1 ) + return array(); + $cookies = array(); + foreach ( $cookiematch[0] as $i => $cookie ) + { + $cookies[$cookiematch[1][$i]] = $cookiematch[2][$i]; + } + return $cookies; + } + + /** + * Internal method to write data to a socket with debugging possibility. + * @access private + */ + + function _fputs($socket, $data) + { + if ( $this->debug ) + echo htmlspecialchars($data); + return fputs($socket, $data); + } + + /** + * Internal function to stringify cookies, headers, get, and post. + * @access private + */ + + function concat_headers(&$headers, &$cookies, &$get, &$post) + { + $headers = ''; + $cookies = ''; + foreach ( $this->headers as $name => $value ) + { + $value = str_replace('\\n', '\\\\n', $value); + $value = str_replace("\n", '\\n', $value); + $headers .= "$name: $value\r\n"; + } + unset($value); + if ( count($this->cookies_out) > 0 ) + { + $i = 0; + $cookie_header = 'Cookie: '; + foreach ( $this->cookies_out as $name => $value ) + { + $i++; + if ( $i > 1 ) + $cookie_header .= '; '; + $value = str_replace(';', rawurlencode(';'), $value); + $value = str_replace('\\n', '\\\\n', $value); + $value = str_replace("\n", '\\n', $value); + $cookie_header .= "$name=$value"; + } + $cookie_header .= "\r\n"; + $cookies = $cookie_header; + unset($value, $cookie_header); + } + if ( count($this->parms_get) > 0 ) + { + $get = '?'; + $i = 0; + foreach ( $this->parms_get as $name => $value ) + { + $i++; + if ( $i > 1 ) + $get .= '&'; + $value = urlencode($value); + if ( !empty($value) ) + $get .= "$name=$value"; + else + $get .= "$name"; + } + } + if ( count($this->parms_post) > 0 ) + { + $post = ''; + $i = 0; + foreach ( $this->parms_post as $name => $value ) + { + $i++; + if ( $i > 1 ) + $post .= '&'; + $value = urlencode($value); + $post .= "$name=$value"; + } + } + } + +} + +?> diff -r c2f4c900c507 -r dc838fd61a06 includes/pageprocess.php --- a/includes/pageprocess.php Wed Dec 19 23:04:17 2007 -0500 +++ b/includes/pageprocess.php Thu Dec 20 22:23:07 2007 -0500 @@ -805,6 +805,7 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $email; + global $lang; $page_urlname = dirtify_page_id($this->page_id); if ( $this->page_id == $paths->page_id && $this->namespace == $paths->namespace ) @@ -839,14 +840,14 @@ $template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name); - $q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments + $q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.*, COUNT(c.comment_id) AS n_comments FROM '.table_prefix.'users u LEFT JOIN '.table_prefix.'users_extra AS x ON ( u.user_id = x.user_id OR x.user_id IS NULL ) LEFT JOIN '.table_prefix.'comments AS c ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) ) WHERE u.username=\'' . $db->escape($target_username) . '\' - GROUP BY u.username, u.user_id, u.real_name, u.email, u.reg_time,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;'); + GROUP BY u.username, u.user_id, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;'); if ( !$q ) $db->_die(); @@ -891,6 +892,10 @@ // Basic user info echo '
You have entered an invalid avatar directory.
';
+ }
+ }
+ else
+ {
+ echo 'You have entered an invalid avatar directory.
';
+ }
+
echo 'Your changes to the site configuration have been saved.
'; } @@ -245,7 +274,7 @@ -
Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.
+
+
+
+
+
+ | Users and communication | +|||
|---|---|---|---|
| User account activation | |||
| User account activation | |||
| @@ -357,7 +377,7 @@ | |||
| Account activation: | + | Account activation: |
'; echo ''; @@ -369,7 +389,7 @@ - |
| Account lockouts | |||
| Account lockouts | |||
| Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times. | |||
| Password strength | |||
| Password strength | |||
| @@ -428,22 +448,125 @@ - | |||
| E-mail sent from the site | |||
| E-mail sending method: Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here. |
- - |
- ||
| SMTP hostname: This option only applies to the external SMTP mode. |
- - | ||
| SMTP credentials: This option only applies to the external SMTP mode. |
- Username: - Password: |
- ||
| E-mail sent from the site | |||
| E-mail sending method: Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here. |
+ + |
+ ||
| SMTP hostname: This option only applies to the external SMTP mode. |
+ + | ||
| SMTP credentials: This option only applies to the external SMTP mode. |
+ Username: + Password: |
+ ||
| Avatars | +|||
| + Avatars are small images that users can display on their profiles and in comments. + + | |||
|
+ Enable avatar support: + Supported formats are JPEG, PNG, and GIF™. + |
+ + + | +||
|
+ Maximum avatar file size: + For smaller sites, the highest value for this should be about 50KB, 51200. Larger sites with more visitors will likely want to use something much smaller, such as 10KB. + |
+ + /> bytes + | +||
|
+ Maximum avatar dimensions: + The format is width × height. Typically you want to have this square (the same width and height). These are only maximum dimensions; users are not prevented from having smaller images. + |
+ + /> × + /> pixels + | +||
|
+ Allow animated avatars: + If this is checked, users can upload APNG and Animated GIF™ avatars. Sometimes such images can be specifically made to be distracting, like rapidly flashing images. If this is unchecked, these formats will be blocked, and only still PNGs and GIFs will be allowed. + |
+ + + | +||
|
+ Allowed upload methods: + + |
+
+ + + |
+ ||
|
+ Avatar storage directory: + This should be relative to your Enano root and should contain only alphanumeric characters and forward slashes, even if your server runs Windows. + |
+ + /> + | +||
+
+
+
+
+
+ | Sidebar links | +|
|---|---|
| Promote Enano | +|
| + If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano + homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because + Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word + using this link. + | ++ + | +
| SourceForge.net logo | |
| SourceForge.net logo | |
| @@ -488,8 +611,8 @@ - | |
| W3C compliance logos | |
| Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below. | |
| W3C compliance logos | |
| Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below. | |
| id="w3c-vh32" name="w3c-vh32" /> | |
| id="w3c-vh40" name="w3c-vh40" /> | |
| Defective By Design Anti-DRM button | |
| Defective By Design Anti-DRM button | |
| The Enano project is strongly against Digital Restrictions Management. DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to DefectiveByDesign.org on your sidebar. | |
| /> | |
+
-
diff -r c2f4c900c507 -r dc838fd61a06 plugins/SpecialUserPrefs.php
--- a/plugins/SpecialUserPrefs.php Wed Dec 19 23:04:17 2007 -0500
+++ b/plugins/SpecialUserPrefs.php Thu Dec 20 22:23:07 2007 -0500
@@ -103,6 +103,10 @@
userprefs_menu_add('Profile/membership', 'Edit e-mail address and password', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
userprefs_menu_add('Profile/membership', 'Edit signature', makeUrlNS('Special', 'Preferences/Signature'));
userprefs_menu_add('Profile/membership', 'Edit public profile', makeUrlNS('Special', 'Preferences/Profile'));
+ if ( getConfig('avatar_enable') == '1' )
+ {
+ userprefs_menu_add('Profile/membership', 'Avatar settings', makeUrlNS('Special', 'Preferences/Avatar'));
+ }
userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
userprefs_menu_add('Private messages', 'Outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
@@ -124,6 +128,7 @@
function page_Special_Preferences()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
// We need a login to continue
if ( !$session->user_logged_in )
@@ -594,6 +599,273 @@
';
break;
+ case 'Avatar':
+ if ( getConfig('avatar_enable') != '1' )
+ {
+ echo '' . $lang->get('usercp_avatar_err_disabled_title') . '
' . $lang->get('usercp_avatar_err_disabled_body') . '
';
+ }
+
+ // Determine current avatar
+ $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP selecting user\'s avatar data');
+
+ list($has_avi, $avi_type) = $db->fetchrow_num();
+
+ if ( isset($_POST['submit']) )
+ {
+ $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
+ $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $avi_type;
+ switch($action)
+ {
+ case 'keep':
+ default:
+ break;
+ case 'remove':
+ if ( $has_avi )
+ {
+ // First switch the avatar off
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';');
+ if ( !$q )
+ $db->_die('Avatar CP switching user avatar off');
+
+ if ( @unlink($avi_path) )
+ {
+ echo '' . $lang->get('usercp_avatar_err_disabled_body') . '
' . $lang->get('usercp_avatar_delete_success') . '
';
+ }
+ $has_avi = 0;
+ }
+ break;
+ case 'set_http':
+ case 'set_file':
+ // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
+ if ( $action == 'set_http' )
+ {
+ // Check if this action is enabled
+ if ( getConfig('avatar_upload_http') !== '1' )
+ {
+ // non-localized, only appears on hack attempt
+ echo 'Uploads over HTTP are disabled.
';
+ break;
+ }
+ // Download the file
+ require_once( ENANO_ROOT . '/includes/http.php' );
+
+ if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
+ {
+ echo '' . $lang->get('usercp_avatar_invalid_url') . '
';
+ break;
+ }
+
+ $hostname = $match[1];
+ $uri = '/' . $match[4];
+ $port = ( $match[3] ) ? intval($match[3]) : 80;
+ $max_size = intval(getConfig('avatar_max_size'));
+
+ // Get temporary file
+ $tempfile = tempnam(false, "enanoavatar_{$session->user_id}");
+ if ( !$tempfile )
+ echo 'Error getting temp file.
';
+
+ @unlink($tempfile);
+ $request = new Request_HTTP($hostname, $uri, 'GET', $port);
+ $result = $request->write_response_to_file($tempfile, 50, $max_size);
+ if ( !$result || $request->response_code != HTTP_OK )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_bad_write') . '
';
+ break;
+ }
+
+ // Response written. Proceed to validation...
+ }
+ else
+ {
+ // Check if this action is enabled
+ if ( getConfig('avatar_upload_file') !== '1' )
+ {
+ // non-localized, only appears on hack attempt
+ echo 'Uploads from the browser are disabled.
';
+ break;
+ }
+
+ $max_size = intval(getConfig('avatar_max_size'));
+
+ $file =& $_FILES['avatar_file'];
+ $tempfile =& $file['tmp_name'];
+ if ( filesize($tempfile) > $max_size )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_file_too_large') . '
';
+ break;
+ }
+ }
+ $file_type = get_image_filetype($tempfile);
+ if ( !$file_type )
+ {
+ unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_bad_filetype') . '
';
+ break;
+ }
+
+ // The file type is good - validate dimensions and animation
+ switch($file_type)
+ {
+ case 'png':
+ $is_animated = is_png_animated($tempfile);
+ $dimensions = png_get_dimensions($tempfile);
+ break;
+ case 'gif':
+ $is_animated = is_gif_animated($tempfile);
+ $dimensions = gif_get_dimensions($tempfile);
+ break;
+ case 'jpg':
+ $is_animated = false;
+ $dimensions = jpg_get_dimensions($tempfile);
+ break;
+ default:
+ echo 'API mismatch
';
+ break 2;
+ }
+ // Did we get invalid size data? If so the image is probably corrupt.
+ if ( !$dimensions )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_corrupt_image') . '
';
+ break;
+ }
+ // Is the image animated?
+ if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_disallowed_animation') . '
';
+ break;
+ }
+ // Check image dimensions
+ list($image_x, $image_y) = $dimensions;
+ $max_x = intval(getConfig('avatar_max_width'));
+ $max_y = intval(getConfig('avatar_max_height'));
+ if ( $image_x > $max_x || $image_y > $max_y )
+ {
+ @unlink($tempfile);
+ echo '' . $lang->get('usercp_avatar_too_large') . '
';
+ break;
+ }
+ // All good!
+ if ( rename($tempfile, $avi_path) )
+ {
+ $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$session->user_id};");
+ if ( !$q )
+ $db->_die('Avatar CP updating users table after successful avatar upload');
+ $has_avi = 1;
+ $avi_type = $file_type;
+ echo '' . $lang->get('usercp_avatar_upload_success') . '
';
+ }
+ else
+ {
+ echo '' . $lang->get('usercp_avatar_move_failed') . '
';
+ }
+ break;
+ }
+ }
+
+ ?>
+
+ fullpage) . '" method="post" enctype="multipart/form-data">';
+ echo '';
+ echo '';
+ echo '
+
';
+
+ break;
default:
$good = false;
$code = $plugins->setHook('userprefs_body');
diff -r c2f4c900c507 -r dc838fd61a06 themes/oxygen/comment.tpl
--- a/themes/oxygen/comment.tpl Wed Dec 19 23:04:17 2007 -0500
+++ b/themes/oxygen/comment.tpl Thu Dec 20 22:23:07 2007 -0500
@@ -10,6 +10,13 @@
| + ' . $lang->get('usercp_avatar_table_title') . ' + | +|
|---|---|
| + ' . $lang->get('usercp_avatar_label_current') . ' + | +';
+
+ if ( $has_avi == 1 )
+ {
+ echo ' |
+
| + ' . $lang->get('usercp_avatar_lbl_change') . ' + | +
+ + '; + if ( getConfig('avatar_upload_http') == '1' ) + { + echo ' + '; + } + else + { + echo ' '; + } + if ( getConfig('avatar_upload_file') == '1' ) + { + echo ' + '; + } + else + { + echo ' '; + } + echo ' |
+
| + + | +|
{USER_LEVEL} + +
+
+ 
+
+
+