Attachment Extension 1.4

jakob_r

I received the following errors installing onto a server with PHP Version 4.4.1, MySQL 4.0.24.

Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of [runtime function name](). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer.
in .../htdocs/forum/extensions/Attachments/default.php on line ...

... 71, 109, 119, 132, 145, 151, 161

Solution: Remove the & directly after the functions below

NewContextObject(&
GetAttachmentsString(&

on those lines. Not sure, though, that the solution is generally applicable for all servers.

On another note, the image display works well, but...
What would be really good is a good looking row of linked thumbnails along the bottom of the post (perhaps the look and size of the flickr miniatures, the 36 Degrees Flickr Pool is nice, clear and compact). It makes the overall discussion clearer and reduces load for those on dial-up connections (which a lot of non-geeks still have). I can constrain them with CSS but that doesn't reduce load times, a GD-solution would be excellent.

Roguefoxx

Disregard this comment as I should have read the comment just before mine for the solution. =/

jakob_r

Jazzmann,
I've had a shot at updating your great Attachments extension to include thumbnailing for picture attachments. Your extension is great, but I will have people on the forum who are not so web-savvy and/or on dial-up connections, so I really wanted an as idiot-proof solution as possible:
- they won't want to upload to/register with another site and figure out how to link it.
- they'll want to take the file they just photographed with the digi-cam and upload it without resizing it first.
- they won't think of other users on dial-up connections when they upload 12 x 450kb pics.

After much trial and error and learning by doing I have it working on my install with thumbnails that link to the image itself. It requires that GDlib 2 is installed server-side. I've added some switches so that if you don't have GDlib you can opt to either display images inline at full size or as textlinks. You can also set thumbnail size. I've set it up to downsize and crop to the thumbnail size, but if you prefer you can take out crop and it will preserve the image aspect ratio (you'll have to adjust your CSS then accordingly).

I also changed some of the IDs for valid XHTML output, added some classes etc. for better styling and some file types too. The GDlib proved to be a bit temperamental to start with but hopefully it shouldn't choke anymore or file extensions in large letters.
Default image types: jpg/jpeg, gif, png
Default file types: zip, rar, doc, rtf, pdf, txt


I expanded your CSS with a fairly clean and sober style which works for me in Firefox and IE6/PC (not tried others yet, I'm sure you guys can improve on it). I wanted it to be low-impact and disrupt the discussion flow as little as possible. The new classes can be used for filetype logos - pdf and doc are included by way of example.


It'll also delete the thumbnail file with the original images.

Feel free to repurpose, perfect, alter and correct, and include what you want in your add-on. I'm a beginner in things PHP so please try it out well before implementing it See Jazzman's Attachment add-on in the Vanilla add-ons directory: download it here.

Lastly, a couple of questions for things I wanted to achieve:

1. How can I 'clean' incoming filenames when saving the file, so that characters which are invalid for HTML and co are stripped? Filenames with unusual characters will work but result in validation errors, either in the ID or the url.
2. Is there an easy way of reading out the filesize on the fly, without having to store it in a database? It'd be an added info for dial-up users if the tooltip showed title="filename, filesize".
3. How to sort the display of attachments so that documents are listed first, then the images? If you upload docs and images alternately it looks rather messy.

Further ideas:

• Clicking on the images could call either a pop-up window, or maybe something like thickbox, which takes over user-experience less than lightbox. Dunno if thickbox/jquery conflicts with existing vanilla ajax, or whether part of vanilla's in-built ajax can be used to pop-up the image in an on-page overlay.
• Possibility of unobtrusively watermarking the main image with "forum name / user", e.g. in the lower left corner in a clean (pixel) font.

All comments welcome.

Minisweeper

I have no idea how any of this extension works but it seems like you've done some pretty good work with it. What files arent allowed in the filename? I assume you're aware of the various string cleaning methods available in php but i have no idea which would be most suitable without knowing what needs cutting out? I'm pretty sure checking filesize is a standard php function (filesize()?) For #3 I'd need to check out how the extension works but i'd probably get lost in the code and i'm halfway through watching eternal sunshine (has anyone seen it? i'm confused!)

But yeah, looks like some pretty nifty work.

Bergamot

I know the (old) version of the attachment extension I'm using chokes on files with spaces in their names.

jakob_r

To clarify, I've not yet come across files that haven't worked—jazzman had that sorted. The filename is used as a string for the id="..." and img src="..." and the HTML-validator says these can only contain 0-9, a-z, A-Z,.:- and _. I've replaced spaces already and made the id start with letters rather than numbers (another validation stipulation). The var is called $cleanfilename (line 198). It's only a validation thing, and only occurs when the uploaded files have other chars such as ( and [ etc. nothing major.

I tried $CurrentFileSize = filesize($filename); and then putting $CurrentFileSize into title="" yesterday but I got a function error per file. It was late and I didn't try any further. I probably wasn't using it correctly or in the right context.

for 3, I've commented the code a lot to keep track of things myself :-) The function that outputs the XHTML-list is function GetAttachmentsString from line 188 onwards. I imagine the foreach( $files as $file ) loop needs reading into an array, then filtering according to image/doc type and then processing.

Jazzman

Nice work Jakob!!!!!!! I will take a look at your changes soon, and with your permission I'd like to upload it to the official addon-page. The screenshots look really cool! Exactly what I had in mind but didn't had the time to make it myself

Thomas Heath

Hey! Great extension. Would it be possible to allow all filetypes - i.e. remove the control on which filetype can be uploaded?

Bergamot

Be very careful doing that; the ability to upload php and javascript files to your server is potentially dangerous.

jakob_r

Sure, Jazzman, that was the idea :-) It'd be good too if you could cast an expert eye over the code too. I can't test CSS on mac browsers either - no macbook here yet - so if someone does that (and can correct/improve the CSS too) that'd be great.

Jazzman

Ok, I've uploaded a new version of the attachment extension. You did a nice job Jakob, I've only made the following changes:

- Added a check if GD library is active (else you get an error)
- Added a check if thumbnails exists before retrieving image dimensions
- Thumbnails will be saved in a seperate folder
- Config settings will now be saved in the conf/settings.php and not in a seperate file
- Created a good readme.html file

uzi

To jakob_r / Jazzman:

the extension should proof, if the filesize is bigger than the default filesize. Now it just starts to upload the file and fails after some amount of time. It creates also a corrupt thumbnail, like this:

http://www.hessen.ru/lussumo/uploads/thumbs/5914.EZB.jpg

jakob_r

Jazzman, you tidied things up a good deal - cheers! I've taken out my link to avoid different versions flying around.

uzi: try jazzman's 1-1 version. The original attachment always did that too. I think the upload itself and 'exceed file size' is handled by vanilla, not the add-on. The corrupt thumb was for a file it couldn't upload? that would make sense. That would need checking for (jazzman?). You'll see if you google thumbnailing and GD that lots of people of problems with GD for all number of different reasons.

uzi

to jakob_r:

just tried the new version, edited my comment above. the thumb is for the file it couldn't upload. the file is actually bigger than the "default filesize" in the settings.

edit: I use firefox 1.5.0.3

edit_2: IE 6 is the same thing....

uzi

Ah! OK. Now I waited much much much longer (I think it's also a bug) and this notification appears:

"The file you have attempted to upload (EZB.jpg) is larger than the allowed size: 500kb"

But also this warnings appeared:

Warning: imagecreatefromjpeg(): Unable to access /var/www/s16u38/html/hessen/lussumo/uploads/5914.EZB.jpg in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 148 Warning: imagecreatefromjpeg(/var/www/s16u38/html/hessen/lussumo/uploads/5914.EZB.jpg): failed to open stream: Permission denied in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 148 Warning: imagesx(): supplied argument is not a valid Image resource in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 151 Warning: imagesy(): supplied argument is not a valid Image resource in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 152 Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 221 Warning: imagedestroy(): supplied argument is not a valid Image resource in /var/www/s16u38/html/hessen/lussumo/extensions/Attachments/default.php on line 228

With files smaller than 500kb everything works pretty good.

Thomas Heath

Bergamot - thanks for the warning. If its very unwise to allow all file types, would it be possible to just block js and php? And perheps a few other dangerous file types? I host a forum used by a relatively small amount people who I know in real-life. Unfortunately we exchange a lot of odd file formats. The point of the extension vanishes if we can't use it. I've tried asking people to zip their files, but that doesn't feel like the best solution.

Minisweeper

I suppose allowed file types could be a config option easily enough guys?

hutstein

why don't just rename the dangerous file types like: deleteall.php to deleteall.txt and when the file should be downloaded it can be renamed to .php in a stream download. So the file can only be watched bot not executed...

Jazzman

The filetypes can be changed in the extension itself:

$Configuration['ATTACHMENT_ALLOWED_FILETYPES'] = array ( 'image/gif' => array('gif', 'GIF'), 'image/png' => array('png', 'PNG'), 'image/jpeg' => array('jpg', 'jpeg', 'JPG', 'JPEG'), 'image/pjpeg' => array('jpg', 'jpeg', 'JPG', 'JPEG'), 'application/pdf' => array('pdf', 'PDF'), 'application/x-pdf' => array('pdf', 'PDF'), 'application/msword' => array('doc', 'DOC', 'rtf', 'RTF'), 'application/zip' => array('zip', 'ZIP'), 'application/x-zip-compressed' => array('zip', 'ZIP'), 'application/octet-stream' => array('rar', 'RAR'), 'text/plain' => array('txt', 'TXT'), 'application/x-gzip' => array('gz', 'GZ', 'tar.gz', 'TAR.GZ') );

You can easily add your own. It's not smart to enable all filetypes or block just a few. And people could always zip their attachments and upload the zip file?

jakob_r

uzi, try adding the following line beginning "file exists" around line 100

if ($this->DisplayImages == true && file_exists($this->UploadPath . $CommentID.'.'.basename($File['name'])) && in_array(...

That catches the trying to make a thumbnail out of no file error.

The time it takes to recognise if the file is too large is the time it takes to upload the file. I guess there's no way of determining how large a file on the user's system is before it's uploaded.
How to determine the filesize of a file on the server without reading in the file was one of my questions earlier.