It looks like you're new here. If you want to get involved, click one of these buttons!
Just setup my first Vanilla Forum coming from SMF/PHPBB mostly and coding my own sites in PHP, HTML5, etc. I mostly picked Vanilla for its size and Mobile support, and it allowed some features I wanted like invites. So far I've mostly cleaned house a bit- Set better Folder Permissions, turned off the error_reporting and display_errors in the index (Should never be set in production and opens up to hacking with returned Error strings), flipped the button order in Q and A along with making Discussion default over Question, set a max height on signatures, tightened FileUpload extensions and max file size, etc. I still need to find/fix some CSS with shifted backgrounds and checkboxes drawing on top of links, but everything else looks good.
When I created an Avatar that kept cropping and I changed it 3 times until I had a square under 50px that didn't crop. I noticed that the forum created a random folder and random file for each and kept the unused old folders and files. I also noticed the File Upload plugin appears to do the same thing. I haven't messed with it enough yet or looked too deep at the code to see if it does any house cleaning when posts containing an attachment are deleted, but I want to make it easier to clean up either way. My host has "Unlimited" files/bandwidth, but that really means 50,000 max can get backed up, so I don't want files everywhere.
My Idea is to have a folder for each user. This would most likely key off of the Users ID (Assuming they get an ID in the database...haven't looked at it yet). Then within that folder it could have random filenames except the Avatar which would be unique...at least to that extension type, so I'm not having new files every time someone changes their avatar. In class.fileupload.plugin it looks like it uses the first 2 of the MD5 for the folder and the rest for the file. What I need is the location where the Avatar is saved to edit it, and how to get the User's ID to use as the folder name. Might be useful to make it do this by default too in the future.