Skype messaging and external avatar url

agita · 2010-03-07 13:13:05

Are there any chances that in Profile/Messaging would be added Skype field and also allow to use external avatar url besides uploading them on server?

Reines · 2010-03-07 13:16:03

The messaging fields probably should be sorted out. I think for 2.0 we might aim to make them custom, rather than hard coding a few specific fields.

Regarding avatars, I'm sure there is a mod for this but I'm not keen on adding it to the core because you cannot check enforce size/dimension limits of remote images.

agita · 2010-03-07 13:21:45

Actualy i either think that messaging is absolutley not necessary. Thanks for reply.

Reines · 2010-03-07 13:34:04

Yeah removing them totally would be another good option, I don't think anyone actually uses them anyway...

Paul · 2010-03-07 13:40:37

An alternative option is to get rid of the messaging fields but add a short generic "Other information" field rather like a signature where people can give some more information about themselves including their contact details if they wish.

agita · 2010-03-07 13:44:55

Not bad idea, Paul. At least more useful than it is made now.

Newman · 2012-02-19 21:51:56

Reines wrote:

The messaging fields probably should be sorted out. I think for 2.0 we might aim to make them custom, rather than hard coding a few specific fields.
Regarding avatars, I'm sure there is a mod for this but I'm not keen on adding it to the core because you cannot check enforce size/dimension limits of remote images.

cCurl u can?

lol

Smartys · 2012-02-20 03:02:06

No, you can't reliably check remote images without caching a copy locally, unless you want to open yourself up to a whole host of issues.

Newman · 2012-02-20 15:57:22

Smartys wrote:

No, you can't reliably check remote images without caching a copy locally, unless you want to open yourself up to a whole host of issues.

so this is a unsecure script?

 $file = $ibforums->input['url_avatar'];

    $ch = curl_init($file);
    curl_setopt($ch, CURLOPT_NOBODY, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    $data = curl_exec($ch);
    curl_close($ch);

    if (preg_match('/Content-Length: (\d+)/', $data, $matches)) {

        // Contains file size in bytes
        $contentLength = (int)$matches[1];
    }
	if ($contentLength >= 51200){
	$std->Error2("Maximum allowed Image size is 50 kilobytes... Please lower your avatar size.");
	exit;
	}else{

	}

I used to use this on my old forum system, worked wonderful?

Ofcourse I DB escape, and etc before i enter into db, but this very reliable?

How can a user bypass this if it checks it by the server?

Last edited by Newman (2012-02-20 15:57:47)

Reines · 2012-02-21 09:55:27

Newman wrote:

How can a user bypass this if it checks it by the server?

Depends when you check it, and how hard the user tries to bypass it. If you just check when they set the avatar, simply bypass by changing the file that is at that URL afterwards. If it checks every time the avatar is used, then that is horrible performance wise and will upset your users very fast.

If a user wanted, they could also avoid it by checking the user-agent/IP on their server and redirecting your script to a fake image.

Forums

#1 2010-03-07 13:13:05

Skype messaging and external avatar url

#2 2010-03-07 13:16:03

Re: Skype messaging and external avatar url

#3 2010-03-07 13:21:45

Re: Skype messaging and external avatar url

#4 2010-03-07 13:34:04

Re: Skype messaging and external avatar url

#5 2010-03-07 13:40:37

Re: Skype messaging and external avatar url

#6 2010-03-07 13:44:55

Re: Skype messaging and external avatar url

#7 2012-02-19 21:51:56

Re: Skype messaging and external avatar url

#8 2012-02-20 03:02:06

Re: Skype messaging and external avatar url

#9 2012-02-20 15:57:22

Re: Skype messaging and external avatar url

#10 2012-02-21 09:55:27

Re: Skype messaging and external avatar url

Board footer