Location: PHPKode > projects > H-tracker > upavatar.php
<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
require_once ("backend/functions.php");
dbconn();
loggedinonly(); 

if ($site_config['AVATARUPLOAD']){

if (!($_FILES[avatar]['name'] == "")) {
    $max_avatar_size = 768000;

    if ($_FILES[avatar]['size'] > $max_avatar_size)
        show_error_msg("Invalid file size!", "Image must be less than " . mksize($max_avatar_size),1);

    if (preg_match('/^(.+)\.(jpg|gif|png)$/si', $_FILES[avatar]['name'])){
        define("MAX_WIDTH", 120);   // Define width sizes what you want.
        define("MAX_HEIGHT", 120);  // Define height sizes what you want.
        $avatar_dir = "".str_replace("\\","/",getcwd())."".$site_config['avatar_dir']."";
        $avatar_url = "".$site_config['SITEURL']."".$site_config['avatar_dir']."";
        $type = strtolower(end(explode('.', $_FILES[avatar]['name'])));

        if (extension_loaded('gd')){
            $gdinfo = gd_info();
            list($width, $height) = getimagesize($_FILES[avatar]['tmp_name']);
            $scale = min(MAX_WIDTH/$width, MAX_HEIGHT/$height);

        if ($scale < 1) {
            $n_w = floor($scale*$width);
            $n_h = floor($scale*$height);
        }
        else{
            $n_w = $width;
            $n_h = $height;
        }

        $tmp_image = imagecreatetruecolor($n_w, $n_h);

        if ($type == 'png' OR $type == 'gif' OR $type == 'jpg'){
            $avatar = $CURUSER[id] . "." . $type;
            if ($type == 'jpg' and $gdinfo['JPG Support'] ){
                $nimage = imagecreatefromjpeg($_FILES[avatar]['tmp_name']);
                imagecopyresampled($tmp_image, $nimage, 0, 0, 0, 0, $n_w, $n_h, $width, $height);
                if (!imagejpeg($tmp_image, $avatar_dir . "/" . $avatar))
                    show_error_msg("Error", "Error, uploading JPG files type. <br>Maybe your GD library not support JPG",1);
        }

        if ($type == 'gif' and $gdinfo['GIF Create Support']){
            if ($scale < 1) {
                $nimage = imagecreatefromgif($_FILES[avatar]['tmp_name']);
                imagecopyresampled($tmp_image, $nimage, 0, 0, 0, 0, $n_w, $n_h, $width, $height);
                if (!imagegif($tmp_image, $avatar_dir . "/" . $avatar))
                    show_error_msg("Error", "Error, uploading GIF files type. <br>Maybe your GD library not support GIF Create",1);
                }
                else{
                    if (!move_uploaded_file($_FILES[avatar]['tmp_name'], $avatar_dir . "/" . $avatar))
                        show_error_msg("Error", "Error, moving uploaded GIF file.",1);
                    }
        }

        if ($type == 'png' and $gdinfo['PNG Support'] == 1 ){
            $nimage = imagecreatefrompng($_FILES[avatar]['tmp_name']);
            imagecopyresampled($tmp_image, $nimage, 0, 0, 0, 0, $n_w, $n_h, $width, $height);
            if (!imagepng($tmp_image, $avatar_dir . "/" . $avatar))
                show_error_msg("Error", "Error, uploading PNG files type. <br>Maybe your GD library not support PNG",1);
        }
        mysql_query("UPDATE users SET avatar = '$avatar_url/$avatar' WHERE username = '$CURUSER[username]'") or die(mysql_error());
        }
    }
    else { show_error_msg("PHP - Error", "PHP on your server, not support GD library. <br>Reinstal your PHP with support GD",1); }
    }
    else {
    write_log("<b>HACKING ATTEMPT !!! </b>- User <B>" . $CURUSER["username"] . "</B> try to upload avatar file: <B>" . $_FILES[avatar]["name"] . "</B>");
    show_error_msg("Invalid type", "Is not allowed type file: (" . $_FILES[avatar]["name"] .")",1);
    }
}

stdhead("Upload Avatar");
begin_frame("" . UP_AVATAR . "", center);

if ($action == "post") {
    if (empty($_FILES[avatar]['tmp_name'])){
    print ("<br><p><center>" . NO_AVATAR . "<a href=upavatar.php?action=upload><b>" . UP_AVATAR . "</b></a></center></p>");
    }
    else{
    print ("<br><p><center>" . AVATAR_OK . "<a href=account.php?action=edit_settings&do=edit><b>" . ACCOUNT . "</b></a></center></p>");
    }
}

if ($action == "upload") {
    print ("<form method=post action=?action=post enctype=multipart/form-data><table width=98% border=0 cellpadding=5><tr><td>". AVATAR_FILE ."</td><td><input type=file name=avatar size=50></td></tr><tr><td>". RULES .":</td><td><table width=95%><td>". AVATAR_TXT ."</td><td align=right colspan=4><input type=submit name=Submit value=".UPLOAD." class=btn></td></table></td></tr></table></form>");
}

if (!$action == "post" OR !$action == "upload") {
    write_log("<b>HACKING ATTEMPT !!! </b>- User <b>" . $CURUSER["username"] . "</b> tries to direct access to upavatar.php");
    print ("<br><p><center><b>Direct access not allowed !!!</b></p><p>Go to: <a href=account.php?action=edit_settings&do=edit><b>" . ACCOUNT . "</b></a></center></p><br>");
}
}
else{
    stdhead("ERROR !");
    write_log("<b>HACKING ATTEMPT !!! </b>- User <b>" . $CURUSER["username"] . "</b> tries to upload avatar !");
    show_error_msg ("Error", "<p><font color=red>Avatar uploading, disabled bay site admin !</font></p>");
}

end_frame();
stdfoot();
?>
Return current item: H-tracker