News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Is it possible to have linked avatars use https somehow?

Started by chrishicks, November 30, 2015, 02:25:27 AM

Previous topic - Next topic

chrishicks

I'm stuck trying to figure this one out. I have most of my site now able to run on https with the exception of linked avatars. I can't even use an https:// link as the forum just tosses it afterwards and acts as if I added nothing to the link box. It seems to only accept an http:// link for an avatar. Is there a way I can get around this? Maybe a setting I'm just not seeing perhaps? I'm using 2.0.11 and I've only been on it for about a week so I'm still familiarizing myself with the new version coming from 1.1.x for the last 8 years.


margarett

It is, but it's kinda tricky :P

Go to Profile-Modify.php, find:
elseif ($value == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && empty($modSettings['avatar_download_external']))
Replace with:
elseif ($value == 'external' && allowedTo('profile_remote_avatar') && (strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' || strtolower(substr($_POST['userpicpersonal'], 0, 8)) == 'https://') && empty($modSettings['avatar_download_external']))

Find:
elseif (substr($profile_vars['avatar'], 0, 7) != 'http://')
Replace with:
elseif ((substr($profile_vars['avatar'], 0, 7) != 'http://') && (substr($profile_vars['avatar'], 0, 8) != 'https://'))

Tested in my local machine and it worked :)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

chrishicks

Hi Margarett, sorry for the long overdue reply. Thank you for the code. I'll give it a try in the next day or so and see how things so.

Colin

"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

margarett

* margarett requests a board for himself: "Hackish code edits"
;D
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

First off, I'm sorry for replying to this old topic, but I did try that code from reply #1 on my test installation. Tl:dr, it does not work for me. :(
(SMF 2.0.11 on XAMPP, only language dropdown mod is installed)

margarett

We always need to know more than "does not work" :P

What is the avatar you're using?
Can you please attach your modified file?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

It was a normal avatar from the gallery.

Following that I have changed:
Code (Profile-Modify.php) Select
<?php
// elseif ($value == 'external' && allowedTo('profile_remote_avatar') && strtolower(substr($_POST['userpicpersonal'], 0, 7)) == 'http://' && empty($modSettings['avatar_download_external']))
elseif ($value == 'external' && allowedTo('profile_remote_avatar') && (strtolower(substr($_POST['userpicpersonal'], 07)) == 'http://' || strtolower(substr($_POST['userpicpersonal'], 08)) == 'https://') && empty($modSettings['avatar_download_external']))
{
// We need these clean...
$cur_profile['id_attach'] = 0;
$cur_profile['attachment_type'] = 0;
$cur_profile['filename'] = '';

// Remove any attached avatar...
removeAttachments(array('id_member' => $memID));

$profile_vars['avatar'] = str_replace('%20'''preg_replace('~action(?:=|%3d)(?!dlattach)~i''action-'$_POST['userpicpersonal']));

if ($profile_vars['avatar'] == 'http://' || $profile_vars['avatar'] == 'http:///')
$profile_vars['avatar'] = '';
// Trying to make us do something we'll regret?
// elseif (substr($profile_vars['avatar'], 0, 7) != 'http://')
elseif ((substr($profile_vars['avatar'], 07) != 'http://') && (substr($profile_vars['avatar'], 08) != 'https://'))
return 'bad_avatar';
// Should we check dimensions?
?>


And Profile-Modify as attachment:

margarett

Ahh but this is not the same thing ;)
This "fix" is for an external avatar, which is server over https. The gallery avatar scenario implies that your site is served over https. Is it?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

My test installation hasn't SSL/https enabled (maybe I should enable it?) ???


Just a bit more background information:
The production site has indeed SSL/https. I have created a mod that add the possibility to force SSL/https and comes together with an image proxy. However, I've managed that avatars with http source used to go through the image proxy. So, I have no mixed content issue. I just banging about a solution to let allow our member to link avatars stuff from the gallery or from somewhere else that has https. :)

Btw, feel free to split my stuff if it deverse to be its own topic. ;)

PS: something completely else, who can approve the Big Forum Operator I've requested one and a hals week ago? I totally do not intent to sound impatient, because I don't know the procedures in the background. I'll wait patiently, if I have to. :)

margarett

Then I'm lost, sorry (I'll split the topic when I can understand the issue :P )

You are using in localhost, so you probably don't have a SSL certificate and so you don't use https.
If you are using gallery avatars, what exactly doesn't work?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

Uploaded avatars or avatars from the avatar gallery work just fine. I definitely mean external linked avatars that have https instead http. :)

SSL/https enabled and set up on localhost - test installation. I still can't link external avatar even with enabled https. :o

margarett

So yes, the issue is related.
Please disable https in your localhost, it's a vector less to worry about :)

Use your browser's developer tools to analyze the page source (also "Network" tab) and check what does it say about the image. Then pick its URL (if any) and check if you can open it in your browser
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

I see what is happening:
http://localhost/smf2/avatars/https://forum.---.org/avatar.png
:o lolin'

margarett

How odd...
But indeed it happens :o

Image --> https://upload.wikimedia.org/wikipedia/commons/f/fd/Farm-Fresh_thumb_up.png
Result --> http://localhost/smf2/avatars/https://upload.wikimedia.org/wikipedia/commons/f/fd/Farm-Fresh_thumb_up.png
I swear that I did this before :o
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

lntit

Btw, similar thing happens also on this forum. I'll try to investigate more, just to fix my curiosity. :)

(I think, I'll go touch that HUGE avatar array in Load.php :o :o)

lntit

OK, I think, I found a solution for it:
Load.php:
find:
'avatar' => array(
'name' => $profile['avatar'],
'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : (stristr($profile['avatar'], 'http://') ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($profile['avatar']) . '" alt="" />'),
'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) : '') : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']),
'url' => $profile['avatar'] == '' ? '' : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar'])
),

replace with
'avatar' => array(
'name' => $profile['avatar'],
'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) . '" alt="" />' : '') : ((stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://')) ? '<img class="avatar" src="' . $profile['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($profile['avatar']) . '" alt="" />'),
'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > 0 ? (empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename']) : '') : ((stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://')) ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']),
'url' => $profile['avatar'] == '' ? '' : ((stristr($profile['avatar'], 'http://') || stristr($profile['avatar'], 'https://')) ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar'])
),


Subs.php
find
elseif (substr($user_info['avatar']['url'], 0, 7) == 'http://')
replace with:
elseif (substr($user_info['avatar']['url'], 0, 7) == 'http://' || substr($user_info['avatar']['url'], 0, 8) == 'https://')

Could someone test it?

PS: I have to find that code that manages the profile editing in order to let it show the https link in the editing menu...

lntit

Quote from: lntit on March 04, 2016, 03:31:01 PM
PS: I have to find that code that manages the profile editing in order to let it show the https link in the editing menu...
I found it. :) ... I don't know how I can integrate also the https part into it. :(
Ideas and suggestion are welcome. :)
Profile-Modify.php
<?php
elseif (
stristr($cur_profile['avatar'], 'http://') && $context['member']['avatar']['allow_external'])
$context['member']['avatar'] += array(
'choice' => 'external',
'server_pic' => 'blank.gif',
'external' => $cur_profile['avatar']
);
elseif ($cur_profile['avatar'] != '' && file_exists($modSettings['avatar_directory'] . '/' $cur_profile['avatar']) && $context['member']['avatar']['allow_server_stored'])
$context['member']['avatar'] += array(
'choice' => 'server_stored',
'server_pic' => $cur_profile['avatar'] == '' 'blank.gif' $cur_profile['avatar'],
'external' => 'http://'
);
else
$context['member']['avatar'] += array(
'choice' => 'none',
'server_pic' => 'blank.gif',
'external' => 'http://'
);
?>

berbec

I have run across this issue, and patched two files to allow HTTPS linked avatars: Load.php and Profile-Modify.php

This patch has been implemented and is currently on a running system.

I have attached the two patch files created by diff. They can be applied via GNU patch. I recommend `patch -b` to make a backup file.

lntit

Excellent!

I'll have to test it! But I'll install it to our production forum after the SMF devs have released the next patch, since that patch will possibly replace my image/ssl modification, I've written last year.

Kindred

once again --  it is not recommended that you do this, since doing this will break your ability to just apply the 2.0.14 patch when it comes out
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

berbec


Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

lntit

As for me, i'll have to uninstall my image/ssl proxy mod in order to install the upcomming patch...
Just curious, is somewhere a changelog of the patch 2.0.14?

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: