Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to make users change pictures without the upload function?

How do I make users change pictures without the upload function?
I disabled upload throughout all my website, but change pictures upload still lived.
How do I enable people to change their pictures only by the image url???

Comments

  • You can prevent people from editing their profile by changing permissions in the dashboard for members etc.

    You can't use a url as an avatar but you can use Gravatar or Vanillicon or other types of plugins like these that link the email from a user to an avatar.

    The problem with allowing people to use a link to an image as an avatar is that it creates too many external http requests .

    However I suppose there is room to create a plugin that allows you to add a url for an avatar instead of the upload form or along with it. And that it also allows an admin to disallow uploads in the profile image edit form.

    The plugin DefaultAvatar allows you to use any image you want as a general avatar.

  • I wrote a plugin that did this, but I think it was bespoke for a client.

    Pretty easy to do since the field already exists, so lets do this here:

    public function userController_customUserFields_hander($sender) {
       echo wrap($sender->Form->label('User Photo') . $sender->Form->textBox('Photo'), 'li');
    }
    
    public function profileController_editMyAccountAfter_handler($sender) {
      userController_customUserFields_hander($sender)
    }
    

    I would add a little more like use JS to see if the URL resolves to an image file, but this works.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • R_JR_J Admin

    I think this is a horrible idea.

    A user that adds a 10mb sized bitmap would make your page ridiculously slow.
    If the external link is broken, you would always have 404 errors on your page (very bad for SEO)
    Users would be able to track at least a part of your traffic simply by looking at their on servers logs.
    You could bet that nerds like me sooner or later would write a php script that returns a picture based on the users browser "All hail to Opera" "Down with IE". Or "Thanks for looking at my profile picture for the X time" while X is a counter based on the IP that's doing this request. By using some wild guesses and prepared php images in conversations, you would even be able to track individuals. Oh, I would love that!

    I guess there are quite a lot more disadvantages, but I cannot stop dreaming about how I would misuse the possibility to serve images dynamically. Maybe I would create "mood avatars". In the morning they would look sleepy, in the day time they would wear sun glasses and in the evening - I don't know.

    Oh, caching is another issue. Well it's more a lost chance than an issue.

  • Use gravatar.

    grep is your friend.

  • If you are really worried about it, add a permission check and only give it to trusted members.

    Perhaps via a Yaga Perk? ;P

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

Sign In or Register to comment.