miniBB ®  
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
Specific miniBB Support Forums / Specific /   

Avatars problem

Author Sergeusz
Registered
#1 | Posted: 30 May 2009 12:46 
After moving to another host nobody can add an avatar.

There is error message specified under $l_uploadError of the language pack.

What the reason for this problem can be?

Author Paul
Lead Developer
#2 | Posted: 1 Jun 2009 02:45 
Check permissions for the avatars folder.
Debug the script and get the idea at which point such error appears.
There are a lot of cases why it happens so, without deep debugging it's impossible to tell.

Author Sergeusz
Registered
#3 | Posted: 2 Jun 2009 08:55 
I've checked permissions before posting here. They are 777.
What do you mean by debugging the script?

Author Paul
Lead Developer
#4 | Posted: 2 Jun 2009 09:26 | Edited by: Paul 
It's a programming term. The error appears under addon_avatar.php. There is a block of code which is responsible for uploading a file.

/* upload avatar - step 2 */

You need to put in the code something like

echo 1; exit;

then upload the file again and again until you see the breaking point at some step.

In general, such error will appear when $warn=1; So there is quite a lot of cases when it happens, you need to know which exactly.

Possible reasons:

- the file was not uploaded at all. It may happen because on the server, a temporary upload folder is set up incorrectly. If other applications can't upload the file, this could be the reason.

- uploaded file doesn't match the allowed file type (specified under $availableTypes), so it may be not 'gif', 'jpeg', 'jpg', 'png'.

- the file exceeds the maximum size set under $maxFileSize

- file dimensions exceed $maxAvatarWidth and/or $maxAvatarHeight, or if $staticAvatarSize is set to TRUE, they are not equal to such settings.

Author Sergeusz
Registered
#5 | Posted: 8 Jun 2009 14:31 
It looks really strange but I don't have any error, may be I'm doing something not right.

Speaking about possible reasons, I think there can be only the first error, because all other possible reasons were checked by me and everything is right about these options, but an avatar can't be uploaded.

Author Paul
Lead Developer
#6 | Posted: 9 Jun 2009 03:36 
If other applications can't upload the file, this could be the reason. Do you have other scripts which are programmed to upload files? Do they upload files normally?

Author Sergeusz
Registered
#7 | Posted: 9 Jun 2009 12:36 
I tried to install a template in my joomla cms ant there was a mistake which said that some files couldn't be moved to media folder. Media folder has 777 permissions.
So it's seems that you are right, Paul. What I need to do? To ask my hosting provider?

Author Paul
Lead Developer
#8 | Posted: 9 Jun 2009 12:46 | Edited by: Paul 
Sergeusz:
To ask my hosting provider?

Probably... as I wrote, there could be a temporary upload folder just missing or specified wrong. I experienced that often when moving sites to the newly installed/upgraded servers.

Author Prince
Registered
#9 | Posted: 21 Jul 2012 00:55 | Edited by: Prince 
Hello,

I found something in avatars folder.. a user tried and uploaded some php codes in his avatar .mbb (avatar appeared like an image but inside that mbb was php malicious code).

I think avatar add-on has some bugs to allow uploading php hidden file inside images! I hope you could fix this! if you want I can provide you the file in a zip format so you could check it.

Thanks :)

Author Paul
Lead Developer
#10 | Posted: 23 Jul 2012 16:17 
Prince:
a user tried and uploaded some php codes in his avatar .mbb

Even if some file was uploaded - what's next?
You can't execute it as PHP script, if .mbb extension is not associated with PHP in your server settings. The same way you could try to rename .exe or .doc or anything else to JPG, fake the header and it may pass.

There is no strict solution on renamed files with wrong extensions, or at least I don't know about the easy and effective one. File type headers are sent by a browser and may be easily faked. PHP itself can not determine what kind of file is being uploaded.

Author Prince
Registered
#11 | Posted: 23 Jul 2012 18:06 
Paul:
Even if some file was uploaded - what's next?
You can't execute it as PHP script,

If it's so.. that's great then! I thought it might be a bug!
Thanks anyway :)

Author Paul
Lead Developer
#12 | Posted: 25 Jul 2012 13:48 
Well, it "might" be a bug, but if somebody has greater solution or suggestion that mine, I could develop it ;)

Author Guest
#13 | Posted: 8 Jan 2013 00:04 
Hello,

User can easily upload PHP-Shell via Avatars, if it could be a way to avoid uploading such file that would be great!!!

Best regards,

Author Paul
Lead Developer
#14 | Posted: 8 Jan 2013 11:21 
User can easily upload it, but it's not clear what s/he will do with it later?
I have answered this above.
You can actually upload any virus app as well - but who will care of it, if it can't be executed.

Specific miniBB Support Forums / Specific / Avatars problem Top
Your Reply Click this icon to move up to the quoted message
 Short link for this topic:

 ?
Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
  Extend your miniBB-forums, attaching the images and files,
get the File and Picture Attachments add-on!
Galleries / Attachments Addon for miniBB