1
Jakobo
Signature Control Hack
  • 2004/6/27 22:34

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Signature Control Hack:
Status: VERY hacky, requires manual editing of code

Purpose: If you have ever had a user decide to upload a 1.5MB image into their sig, you know exactly what I am talking about here. If you have ever had someone upload a sig image more than 800 pixels wide, you know what I am talking about. This hack regulates and controls signatures, forcing the users to play nice.

Restrictions: Will be marked in bold.


File:
http://felocity.org/files/
MOD_XOOPS2_edituser.php_SigController.zip (6,042 bytes)

$user_sig = substr($user_sig,0,500);
This sets the maximum sig length (including tags) to 500 characters

if (count($temp_sig_array) > 2) {
We split the sig on the IMG tag, and there should only be one open img tag

if (count($temp_sig_array) > 1) {
This is used only if there is an image (1 img tag) and helps us isolate the image's URL

$localfile = 'XOOPS DIRECTORY/uploads/'.$xoopsUser->getVar('uid').'-'.$time.'-'.basename($filename);
This is where your file is stored locally. It is used for the reading function.

while (!feof($fd) && $bytecount < 75001) {
Read 1 more byte than your maximum allowed size (this way we can test file size)

if (filesize($localfile) <= 75000)
Test if the locally stored image is greater than the alotted size.

if ( $sigimgwidth > 650 || $sigimgheight > 300 )
Test the image dimensions of the local file to make sure it complies.



It isn't as confusing as it sounds. Maybe someone can come back and clean it up a bit. This was written in a hurry to address a serious need. Ideally, I would like to write this a bit cleaner into the core as a set of user options, but that will come with time.

Cheers and happy hacking!


Manual Update
(insert) line 79 in edituser.php
[color=009900][font=Courier]
   
// MOD RJH   05-12-2004
   // we do some special things to our sig field here
   // not only do we truncate at 500 characters, but we
   // only allow 1 image tag
   // explode on every opening image tag

   
[b]$user_sig substr($user_sig,0,500);[/b]
   
$temp_sig_array explode("[img]",$user_sig);

   
// temp sig array had better only have 2 parts...
   // else they put a second img tag in there
   
[b]if (count($temp_sig_array) > 2) {[/b]
      
$errors[] = "Only one IMG tag is allowed in the sig";
   }

   @
unlink($temp_sig_array);

   
// only bother to look for size checking stuff if there
   // are no errors yet.  (prevents overloading)
   
if (count($errors) == 0) {
      
$temp_sig_array explode("[img]",$user_sig);
      [
b]if (count($temp_sig_array) > 1) {[/b]
         
$temp_img_location_arr explode("[/img]",$temp_sig_array[1]);
         
$filename $temp_img_location_arr[0];
         
// Get remote avatar size [R. 17.04.2002]
         // Download the file
         
$retvar="NULL";
         
$time time();
         
$localfile '[b]XOOPS DIRECTORY[/b]/uploads/'.$xoopsUser->getVar('uid').'-'.$time.'-'.basename($filename);
         
$fd = @fopen($filename,"rb");
         if (
$fd)
         {
            
/* This is the tricky part:
            The filesize() function does not work on a remote file system.
            This means we need to download the file to local storage before we
            can check filesize. As it is quite possible that some weirdos may
            specify a remote file with a filesize bigger than 200 megabytes,
            we do not want to download the entire file. If we can read just 1
            byte more than allowed, it's simply too big.
            */
            
clearstatcache();
            
$imgdata '';
            
$bytecount 0;
            [
b]while (!feof($fd) && $bytecount 75001) {[/b]
               
$imgdata .= fread($fd1024);
               
$bytecount $bytecount 1024;
            }
            
// $imgdata = fread($fd, 75001);
            // echo $imgdata;
            
$fl = @fopen($localfile,"wb");
            if (
$fl)
            {
               
$fp=@fwrite($fl,$imgdata);
               @
fclose($fl);
               if (
$fp != -1)
               {
                  [
b]if (filesize($localfile) <= 75000)[/b]
                  {
                     
$retvar $localfile;   // Filesize within size limits
                     // echo filesize($localfile).'<br>'.$localfile.'<br>'.$filename;
                     // exit;
                  
}
                  else
                  {
                     
$retvar 'SIZE';      // File is too big
                  
}
               }
               else
               {
                  @
unlink($localfile);
                  
message_die(GENERAL_ERROR'Could not write avatar file to local storage. Please contact the board administrator with this message'''__LINE____FILE__);
               }
            }
            else
            {
               @
unlink($localfile);
               
message_die(GENERAL_ERROR'Could not write avatar file to local storage. Please contact the board administrator with this message'''__LINE____FILE__);
            }
            
fclose($fd);
         }

         
$tmp_filename=$retvar;

         
// echo $temp_img_location.'<br>'.filesize($tmp_filename);
         // exit;
         
         // Get avatar size, check the values and invalidate them, if necessary
         
if ($tmp_filename!='NULL' && $tmp_filename!='SIZE') list($sigimgwidth$sigimgheight) = getimagesize($tmp_filename);
         if (!isset(
$sigimgwidth) || $sigimgwidth==0$sigimgwidth=2*650;
         if (!isset(
$sigimgheight) || $sigimgheight==0$sigimgheight=2*300;
         
         
// Delete the tempfile
         
@unlink($tmp_filename);
         
         
// Now compare the image dimension with phpBB config and print error message, if necessary
         
[b]if ( $sigimgwidth 650 || $sigimgheight 300 )[/b]
         {
            
$errors[] = "Your image is larger than the maximum allowed 650 x 300 and 75kb";
         }
      }
   }

   
// now this sig is okay.  Heh   
   // END MOD RJH 05-12-2004
[/font][/color]

2
qwik420
Re: Signature Control Hack
  • 2005/1/27 7:30

  • qwik420

  • Just popping in

  • Posts: 38

  • Since: 2003/9/11


The hack URL is not found.

Does anyone else know how I can limit the image size allowed in user sigs?

3
Hisoka
Re: Signature Control Hack
  • 2005/3/4 18:31

  • Hisoka

  • Just popping in

  • Posts: 39

  • Since: 2005/3/2 1


Thanks for your hack!Security is one of the more important points for a website

4
Hisoka
Re: Signature Control Hack
  • 2005/3/21 16:26

  • Hisoka

  • Just popping in

  • Posts: 39

  • Since: 2005/3/2 1


I have insert it on my website but no control..Users can always do what they want with images they had upload on their ftp.

Could someone help me to correct the script above in order to make it work?

Thanks

5
Mithrandir
Re: Signature Control Hack

Nothing wrong with the idea of controlling users' signature images... however, it is really too simple to workaround for my taste.

1. Upload small image on own webserver
2. Set signature
3. Upload biiig image on own webserver, overwriting the one from 1.

6
RachelVirago
Re: Signature Control Hack

I would prefer to disallow images entirely, is this possible?

7
technews
Re: Signature Control Hack
  • 2005/3/30 23:39

  • technews

  • Just popping in

  • Posts: 36

  • Since: 2005/3/30


Quote:

RachelVirago wrote:
I would prefer to disallow images entirely, is this possible?


same here

this is a useful hack

no img tag allowed in the signatures :)

8
Sir_Saeed
Re: Signature Control Hack
  • 2009/2/8 11:50

  • Sir_Saeed

  • Just popping in

  • Posts: 41

  • Since: 2007/10/10


Can somebody please tell me how can I use only this part:

if ( $sigimgwidth > 650 || $sigimgheight > 300 )

?

9
noo-b
Re: Signature Control Hack
  • 2009/2/8 12:24

  • noo-b

  • Just can't stay away

  • Posts: 456

  • Since: 2007/10/23


https://xoops.org/modules/newbb/viewtopic.php?post_id=287806#forumpost287806Quote:

RachelVirago wrote:
I would prefer to disallow images entirely, is this possible?
I Love Xoops

Login

Who's Online

234 user(s) are online (172 user(s) are browsing Support Forums)


Members: 0


Guests: 234


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits