"._UPLOAD_SUBMIT."

"; echo _UPLOAD_DIMENSIONS.": ".$sbConfig['avatarWidth']."x".$sbConfig['avatarHeight']." - ".$sbConfig['avatarSize']." KB"; echo "
"; echo ""; echo ""; echo "
"; $uplabel=_UPLOAD_UPLOAD; //echo " "; echo _UPLOAD_SELECT_FILE." "; echo ""; echo "

"; echo "
"; } if($sbConfig['allowAvatarGallery']){ echo ""._UPLOAD_GALLERY."

\n"; ?> "; get_dirs($sbp.'/avatars/gallery', "categoryid", $gallery); echo "\n"; echo ""; echo "
\n"; echo ""; echo ""; echo ""; if($gallery=="default") unset($gallery); if($gallery) { $gallery1="/".str_replace("%20", " ", $gallery); $gallery2=str_replace("%20", " ", $gallery) . "/"; } $avatar_gallery_path=$sbp.'/avatars/gallery'.$gallery1; $avatar_images=array(); $avatar_images=display_avatar_gallery($avatar_gallery_path); for($i = 0; $i < count($avatar_images); $i++) { $j=$i+1; echo '\n"; if (function_exists('fmod')) { if (!fmod(($j),5)){echo '';} } else { if (!fmodReplace(($j),5)){echo '';} } } echo ''; echo '
'; //echo ''; echo ''; echo ''; echo "
'; echo '
'; echo ""; } }else if ($do=='validate'){ require_once($map."/administrator/components/com_simpleboard/simpleboard_config.php"); $Itemid = mosGetParam( $_REQUEST, 'Itemid' ); //numExtensions= people tend to upload malicious files using mutliple extensions like: virus.txt.vbs; we'll want to have the last extension to validate against.. $filename= split("\.", $_FILES['avatar']['name']); $numExtensions=(count($filename))-1; $avatarName=$filename[0]; $avatarExt=$filename[$numExtensions]; $newFileName=$my->id.".".$avatarExt; //move it to the proper location if (! move_uploaded_file($_FILES['avatar']['tmp_name'], $sbp."/avatars/$newFileName") ) echo _UPLOAD_ERROR_GENERAL; @chmod ($sbp."/avatars/$newFileName", 0777); //Filename + proper path $fileLocation=$sbp."/avatars/$newFileName"; //Avatar Size $avatarSize=$_FILES['avatar']['size']; //check for empty file if (empty($_FILES['avatar']['name'])) { unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_EMPTY); } //check for allowed file type (jpeg, gif, png) if (!($imgtype = check_image_type($avatarExt))){ unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_TYPE); } //check file name characteristics if (eregi("[^0-9a-zA-Z_]", $avatarExt)) { unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_NAME); } //check filesize $maxAvSize=$sbConfig['avatarSize']*1024; if ($avatarSize > $maxAvSize) { unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_SIZE." (".$sbConfig['avatarSize']." KiloBytes)"); return; } list($width, $height) = @getimagesize($fileLocation); if ( $width > $sbConfig['avatarWidth']){ unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_WIDTH." (".$sbConfig['avatarWidth']." pixels)"); } if ( $height > $sbConfig['avatarHeight']){ unlink($fileLocation); MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_HEIGHT." (".$sbConfig['avatarHeight']." pixels)"); } $database->setQuery("UPDATE #__sb_users SET avatar='$newFileName' WHERE userid='$my->id'"); $database->query(); echo " "._UPLOAD_UPLOADED."...

"; echo ""._GEN_CONTINUE."."; }else if ($do=='fromgallery'){ require_once("$sbp/sb_helpers.php"); if($newAvatar==''){ MOSredirect("index.php?option=com_simpleboard&Itemid='.$Itemid.'&func=upload",_UPLOAD_ERROR_CHOOSE); } $database->setQuery("UPDATE #__sb_users SET avatar='$newAvatar' WHERE userid='$my->id'"); if(!$database->query()) { echo _USER_PROFILE_NOT_A." "._USER_PROFILE_NOT_B." "._USER_PROFILE_NOT_C.".

"; }else { echo _USER_PROFILE_UPDATED."

"; } echo _USER_RETURN_A." "._USER_RETURN_B."

"; sbSetTimeout("index.php?option=com_simpleboard&Itemid=$Itemid&func=userprofile&do=show",3500); } function check_filesize($file,$maxSize) { $size = filesize($file); if($size <= $maxSize) { return true; } return false; } function display_avatar_gallery($avatar_gallery_path) { $dir = @opendir($avatar_gallery_path); $avatar_images = array(); $avatar_col_count = 0; while( $file = @readdir($dir) ) { if( $file != '.' && $file != '..' && is_file($avatar_gallery_path . '/' . $file) && !is_link($avatar_gallery_path. '/' . $file) ) { if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $file) ) { $avatar_images[$avatar_col_count] = $file; $avatar_name[$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $file))); $avatar_col_count++; } } } @closedir($dir); @ksort($avatar_images); @reset($avatar_images); return $avatar_images; } //function fmodReplace($x,$y) //{ //function provided for older PHP versions which do not have an fmod function yet // $i = floor($x/$y); // r = x - i * y // return $x - $i*$y;} // This function was modified from the one posted to PHP.net by rockinmusicgv // It is available under the readdir() entry in the PHP online manual function get_dirs($directory, $select_name, $selected = "") { if ($dir = @opendir($directory)) { while (($file = readdir($dir)) !== false) { if ($file != ".." && $file != ".") { if(is_dir($directory."/".$file)) { if(!($file[0] == '.')) { $filelist[] = $file; } } } } closedir($dir); } if($selected) $selected = str_replace("%20", " ", $selected); echo "\n"; } ?>