Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 ADD-ON Avatar V2: Adding avatar easier.		  New Topic  Topic Locked
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

SalmanKhana
Average Member

USA
961 Posts
Posted - 19 August 2001 :  04:47:20  Show Profile
quote:

Hey Alan,

Server priviledges that are required in order to move files between directories can be a security risk -- escpecially with web sniffers that are looking for places to put potentially dangerous exe files.

Why not make your mod look at the contents of a directory and change the database parameters to "add" or "remove" avatars. (I'm not sure why "moving" files is neccessary.) In this way, security is not a compromised. Until then, I would suggest that users at least change the directory names to something other than "Avatars" and "New_Avatars". EVERYONE that reads about this mod can have access to these directories for any server that has implemented this mod! If you at least change the names, then someone has to go out of there way to hack in.

FOr sites hosted by NT Server, the other thing that you can do is to use code like this:

<%
		If Request.ServerVariables("LOGON_USER")="" Then
			Response.Status = "401 Access Denied"
		end if
%>

This uses NT authentication before files are moved. This way permissions are kept and whatever you use for a password on your server allows you the access that you need. (You need Internet Explorer 5.5 or higher.) I put the above code at the top of the admin_add_avatar.asp, and it seems to work fine.

Great mod by the way... I think I said this before though!

Cheers!



Rob Poretti
Sascom Marketing Group ~ Toronto
vox.905.825.5373 fax.905.825.5960

Edited by - Rob Poretti on 18 August 2001 14:23:41






O MY GOD, this is something serious . should i go ahead and change the code?
Go to Top of Page

weirdave
Starting Member

USA
6 Posts
Posted - 21 August 2001 :  16:50:23  Show Profile  Visit weirdave's Homepage
Error in instructions. You said:

1) Unzip the avatar_addon.zip to your forum directory.

2) Rename admin_add_avatar.asp to admin_add_avatar_backup.asp and then unzip the avatar_admin_addon.zip to your forum director

Step 1 should be eliminated and step two should be your first step.

I like this mod it is nice for seeing the avatar while you are adding it but if I already know what they look like this only takes one step and a couple of clicks out of the equation. I agree that there should be a script that just automatically adds whatever is in the "new_avatars" folder into the database with the filename as the name and the extention just truncated.



\\/eir]>ave
Home of The Tidbit List
http://www.weirdave.com/tidbits/default.asp
Go to Top of Page

Rob Poretti
Junior Member

Canada
435 Posts
Posted - 30 August 2001 :  17:12:48  Show Profile  Visit Rob Poretti's Homepage
Hi Alan,

I've got a question about the add-on page. Is there a way to control the size of the picture display when one selects an avatar in the list box. I guess ideally it should use the avatar_config properties for the lenght and width, but I'd be happy even if I can hard code-it...

Much obliged!

Cheers



Rob Poretti
Sascom Marketing Group ~ Toronto
vox.905.825.5373 fax.905.825.5960
Go to Top of Page

GauravBhabu
Advanced Member

4288 Posts
Posted - 30 August 2001 :  19:01:44  Show Profile
Hi Rob,

This is how you control the size of the picture display.

 
     <td bgcolor="<% =CColor %>" align="center">
 <% if Trim(rs("M_AVATAR_URL")) <> "" and lcase(rs("M_AVATAR_URL")) <> "noavatar.gif" and (IsNull(rs("M_AVATAR_URL")) = false) then %>
	<%	'## Forum_SQL - Get Avatar Settings from DB
				strSql = "SELECT " & strTablePrefix & "AVATAR2.A_WSIZE"
				strSql = strSql & ", " & strTablePrefix & "AVATAR2.A_HSIZE"
				strSql = strSql & ", " & strTablePrefix & "AVATAR2.A_BORDER"
				strSql = strSql & " FROM " & strTablePrefix & "AVATAR2"

			set rsav = my_Conn.Execute (strSql) %>
     <img src="<% =rs("M_AVATAR_URL") %>" align="absmiddle" width="<% =rsav("A_WSIZE") %>" height="<% =rsav("A_HSIZE") %>" border="<% =rsav("A_BORDER") %>" hspace="0">

      <% set rsav = nothing 
		 end if%>
		 </td>


I also saw a custom function posted by davye. I can not recall the link.

Share A Square at forumSquare

GauravBhabu
There is only one miracle...That is LIFE!
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.15 seconds. Powered By: Snitz Forums 2000 Version 3.4.07