Specify avatar by URL ?

Started by lurkalot, December 02, 2017, 10:45:06 AM

Previous topic - Next topic

lurkalot

Need some advice on how to handle remote avatars on various parts of TP Shoutbox and recent topics wont display avatars if someone enters a secure url via SMF "Specify avatar by URL"

Example.
$row['avatar'] = $row['avatar'] == '' ? ($row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '') : (stristr($row['avatar'], 'http://') ? '<img src="' . $row['avatar'] . '" alt="&nbsp;" />' : '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />');


What's the best way to handle this?

Change this part of the code to,
$row['avatar'], 'https://') ? '<img src="'

Avatar will display, but then if they enter a url with http the avatar won't display.

Or I could use,
$row['avatar'], '//') ? '<img src="'

Then both http and https avatars will display fine. Does anyone know if it's going to cause a problem using this method?  Will the images get handled by the image proxy built into SMF 2.0.14/15

Any advice would be greatly appreciated.

Arantor

I thought I replied to your PM on this?

Anyway, kinda need to see more of the code to have it be able to detect between http and https.

As for the proxy, no, there's no magic way for it to handle that - and you'd have to be able to know whether the proxy was available to be able to use it, which makes it harder to support in a mod that doesn't explicitly demand 2.0.14 and up.

lurkalot

Quote from: Arantor on December 02, 2017, 10:50:47 AM
I thought I replied to your PM on this?

Anyway, kinda need to see more of the code to have it be able to detect between http and https.


Thanks Arantor.  ;)

Not sure how much of the code you need to see, hopefully this section

$memberdata = array();
if(isset($request2) && $smcFunc['db_num_rows']($request2)>0)
{
while($row = $smcFunc['db_fetch_assoc']($request2))
{
$row['avatar'] = $row['avatar'] == '' ? ($row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '') : (stristr($row['avatar'], 'http://') ? '<img src="' . $row['avatar'] . '" alt="&nbsp;" />' : '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />');
$memberdata[$row['id_member']] = $row;
}
$smcFunc['db_free_result']($request2);
}
if(!empty($fetched) && count($fetched)>0)
{
$ns = array();
foreach($fetched as $b => $row)
{
$row['avatar'] = !empty($memberdata[$row['value5']]['avatar']) ? $memberdata[$row['value5']]['avatar'] : '';
$row['realName'] = !empty($memberdata[$row['value5']]['realName']) ? $memberdata[$row['value5']]['realName'] : $row['value3'];
$row['value1'] = parse_bbc(censorText($row['value1']), true);
$ns[] = template_singleshout($row);
}
$nshouts .= implode('', $ns);

$context['TPortal']['shoutbox'] = $nshouts;
}

Arantor

That was the code I was looking for. This should fix avatars in the shoutbox.


$memberdata = array();
if(isset($request2) && $smcFunc['db_num_rows']($request2)>0)
{
while($row = $smcFunc['db_fetch_assoc']($request2))
{
if ($row['avatar'] == '')
{
$row['avatar'] = $row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '';
}
elseif (stristr($row['avatar'], 'http://'))
{
if (!empty($GLOBALS['image_proxy_enabled']) && file_exists($GLOBALS['boarddir'] . '/proxy.php'))
{
// 2.0.14+ and the proxy is enabled
$row['avatar'] = strtr($GLOBALS['boardurl'], array('http://' => 'https://')) . '/proxy.php?request=' . urlencode($row['avatar']) . '&hash=' . md5($row['avatar'] . $GLOBALS['image_proxy_secret']);
}
else
{
// 2.0.13 or below, or the proxy is disabled
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
}
elseif (stristr($row['avatar'], 'https://'))
{
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
else
{
$row['avatar'] = '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />';
}

$row['avatar'] = $row['avatar'] == '' ? ($row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '') : (stristr($row['avatar'], 'http://') ? '<img src="' . $row['avatar'] . '" alt="&nbsp;" />' : '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />');
$memberdata[$row['id_member']] = $row;
}
$smcFunc['db_free_result']($request2);
}
if(!empty($fetched) && count($fetched)>0)
{
$ns = array();
foreach($fetched as $b => $row)
{
$row['avatar'] = !empty($memberdata[$row['value5']]['avatar']) ? $memberdata[$row['value5']]['avatar'] : '';
$row['realName'] = !empty($memberdata[$row['value5']]['realName']) ? $memberdata[$row['value5']]['realName'] : $row['value3'];
$row['value1'] = parse_bbc(censorText($row['value1']), true);
$ns[] = template_singleshout($row);
}
$nshouts .= implode('', $ns);

$context['TPortal']['shoutbox'] = $nshouts;
}


I haven't got a TP environment set up to test this right now but it should work.

lurkalot

Arantor, thank you.  8)  I will get this tested asap.

I have similar code in the latest posts, I'm assuming I can do the same with that, but I'll have to check that out.

Arantor

Probably, but let's check this one first :)

lurkalot

Quote from: Arantor on December 03, 2017, 12:49:17 PM
Probably, but let's check this one first :)

Agreed.  I just tested it locally, but I'm not getting any avatars in the shoutbox.  not even the built in ones.  I fear I have messed up somewhere.  Just going to create a fresh install to test it on.  Meanwhile here is the whole in-edited file on GitHub just in case, https://github.com/Tinyportal/TinyPortal/blob/master/tp-files/tp-modules/TPShout/Sources/TPShout.php

Illori

can you check what was done for TP 2.0 and see if the same code works here?

lurkalot

Quote from: Illori on December 03, 2017, 01:07:18 PM
can you check what was done for TP 2.0 and see if the same code works here?

Illori, I thought those files were the same, or at least that section of code?

Arantor

Bah, I left a line in that wasn't meant to be there.


$memberdata = array();
if(isset($request2) && $smcFunc['db_num_rows']($request2)>0)
{
while($row = $smcFunc['db_fetch_assoc']($request2))
{
if ($row['avatar'] == '')
{
$row['avatar'] = $row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '';
}
elseif (stristr($row['avatar'], 'http://'))
{
if (!empty($GLOBALS['image_proxy_enabled']) && file_exists($GLOBALS['boarddir'] . '/proxy.php'))
{
// 2.0.14+ and the proxy is enabled
$row['avatar'] = strtr($GLOBALS['boardurl'], array('http://' => 'https://')) . '/proxy.php?request=' . urlencode($row['avatar']) . '&hash=' . md5($row['avatar'] . $GLOBALS['image_proxy_secret']);
}
else
{
// 2.0.13 or below, or the proxy is disabled
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
}
elseif (stristr($row['avatar'], 'https://'))
{
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
else
{
$row['avatar'] = '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />';
}

$memberdata[$row['id_member']] = $row;
}
$smcFunc['db_free_result']($request2);
}
if(!empty($fetched) && count($fetched)>0)
{
$ns = array();
foreach($fetched as $b => $row)
{
$row['avatar'] = !empty($memberdata[$row['value5']]['avatar']) ? $memberdata[$row['value5']]['avatar'] : '';
$row['realName'] = !empty($memberdata[$row['value5']]['realName']) ? $memberdata[$row['value5']]['realName'] : $row['value3'];
$row['value1'] = parse_bbc(censorText($row['value1']), true);
$ns[] = template_singleshout($row);
}
$nshouts .= implode('', $ns);

$context['TPortal']['shoutbox'] = $nshouts;
}

Illori

Quote from: lurkalot on December 03, 2017, 01:15:16 PM
Quote from: Illori on December 03, 2017, 01:07:18 PM
can you check what was done for TP 2.0 and see if the same code works here?

Illori, I thought those files were the same, or at least that section of code?

nope as that version uses the proxy already.

lurkalot

Quote from: Illori on December 03, 2017, 02:03:50 PM
Quote from: lurkalot on December 03, 2017, 01:15:16 PM
Quote from: Illori on December 03, 2017, 01:07:18 PM
can you check what was done for TP 2.0 and see if the same code works here?

Illori, I thought those files were the same, or at least that section of code?

nope as that version uses the proxy already.

So, I guess I'm looking in the wrong place completely?  Back to the drawing board we go then.

Illori

try starting here https://github.com/Tinyportal/TinyPortal-SMF2.1/blob/TP2.1/tp-files/tp-modules/TPShout/Sources/TPShout.php#L558 i think that is the same section you are looking at here. this is assuming the code in 2.0 is similar enough to SMF 2.1.

lurkalot

Quote from: Illori on December 03, 2017, 02:16:05 PM
try starting here https://github.com/Tinyportal/TinyPortal-SMF2.1/blob/TP2.1/tp-files/tp-modules/TPShout/Sources/TPShout.php#L558 i think that is the same section you are looking at here. this is assuming the code in 2.0 is similar enough to SMF 2.1.

Well, I took a look at that code.  ???  This is way above my capabilities, going to have to concede.

Illori

did the last code arantor provided not work?

lurkalot

Quote from: Illori on December 03, 2017, 04:38:07 PM
did the last code arantor provided not work?

doh, I thought I'd replied to Arantor's last post, must have hit the wrong key or something because it didn't post.

Yes the code did work, until you add a insecure url, then it would show a load of code instead of the avatar (screenshot). A secure url worked fine.


Arantor

Ahhh. Give this a go.


$memberdata = array();
if(isset($request2) && $smcFunc['db_num_rows']($request2)>0)
{
while($row = $smcFunc['db_fetch_assoc']($request2))
{
if ($row['avatar'] == '')
{
$row['avatar'] = $row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="&nbsp;"  />' : '';
}
elseif (stristr($row['avatar'], 'http://'))
{
if (!empty($GLOBALS['image_proxy_enabled']) && file_exists($GLOBALS['boarddir'] . '/proxy.php'))
{
// 2.0.14+ and the proxy is enabled
$row['avatar'] = '<img src="' . strtr($GLOBALS['boardurl'], array('http://' => 'https://')) . '/proxy.php?request=' . urlencode($row['avatar']) . '&hash=' . md5($row['avatar'] . $GLOBALS['image_proxy_secret']) . '" alt="&nbsp;" />';
}
else
{
// 2.0.13 or below, or the proxy is disabled
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
}
elseif (stristr($row['avatar'], 'https://'))
{
$row['avatar'] = '<img src="' . $row['avatar'] . '" alt="&nbsp;" />';
}
else
{
$row['avatar'] = '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar']) . '" alt="&nbsp;" />';
}

$memberdata[$row['id_member']] = $row;
}
$smcFunc['db_free_result']($request2);
}
if(!empty($fetched) && count($fetched)>0)
{
$ns = array();
foreach($fetched as $b => $row)
{
$row['avatar'] = !empty($memberdata[$row['value5']]['avatar']) ? $memberdata[$row['value5']]['avatar'] : '';
$row['realName'] = !empty($memberdata[$row['value5']]['realName']) ? $memberdata[$row['value5']]['realName'] : $row['value3'];
$row['value1'] = parse_bbc(censorText($row['value1']), true);
$ns[] = template_singleshout($row);
}
$nshouts .= implode('', $ns);

$context['TPortal']['shoutbox'] = $nshouts;
}

lurkalot

Quote from: Arantor on December 03, 2017, 05:14:34 PM

Ahhh. Give this a go.


Bingo.  Thank you Arantor, looks like it's working nicely now.  8)

Now I have to find the code in the recent topics etc, and see if they is fixable.

Advertisement: