Page 1 of 1

Some avatar files are missing - but not all

Posted: Sat Feb 05, 2011 5:29 am
by Pseudonym
Support Request Template
What version of phpBB are you using? phpBB 3.0.8
What is your board's URL? http://www.nzbodybuilding.co.nz/viewtop ... =2&t=11008
Who do you host your board with? No answer given
How did you install your board? I used the download package from phpBB.com
Is your board a fresh install or a conversion? Update from a previous version of phpBB3
Do you have any MODs installed? Yes
Is registration required to reproduce this issue? No
What version of phpBB3 did you update from? phpBB 3.0.7
What MODs do you have installed? Lots of mods, including some custom stuff, but nothing that should affect avatar files.
What styles do you currently have installed? No answer given
What language(s) is your board currently using? No answer given
Which database type/version are you using? MySQL 5
What is your level of experience? Comfortable with PHP and phpBB
When did your problem begin? I first noticed this a while ago, but thought it was probably user-error on behalf of a member. But lately I've been noticing it more and more.
Please describe your problem. Some of my members have had their avatars disappear. These are avatars they've uploaded, and I'm pretty sure have been working fine previously. The phpBB template still seems to be trying to load a legitimate filename, but the file no longer exists in the /files/ folder.
Generated by SRT Generator ($Rev: 4778 $)

It's a weird problem this one. And it's only happening for a few members though - most people's avatars are still working fine. You can see an example at http://www.nzbodybuilding.co.nz/viewtop ... =2&t=11008 - the first poster has a broken avatar, then the second poster is ok.

Some people have been reporting bots trying to hack into their account (see linked topic) - could that have anything to do with it?

Re: Some avatar files are missing - but not all

Posted: Sat Feb 05, 2011 5:39 am
by Pseudonym
Here are my avatar settings. These have never been changed.
Image

Re: Some avatar files are missing - but not all

Posted: Sat Feb 05, 2011 6:39 am
by Noxwizard
This script will tell you what a user's avatar file name is and whether it exists:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

$user_id = 2;

$sql = 'SELECT user_avatar FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id;
$result = $db->sql_query($sql);
$filename = $db->sql_fetchfield('user_avatar');

if (isset($filename[0]) && $filename[0] === 'g')
{
    $avatar_group = true;
    $filename = substr($filename, 1);
}

$ext        = substr(strrchr($filename, '.'), 1);
$stamp        = (int) substr(stristr($filename, '_'), 1);
$filename    = (int) $filename;
$prefix = $config['avatar_salt'] . '_';
$full_path = $config['avatar_path'] . '/' . $prefix . $filename . '.' . $ext;

$exists = file_exists($full_path);

echo $full_path . (($exists) ? ' exists' : ' does not exist');
?>
Just put it in the forum root and change the $user_id value.

Re: Some avatar files are missing - but not all

Posted: Sun Feb 06, 2011 3:55 am
by Pseudonym
That script tells me that "images/avatars/upload/a766eXXXXXXXXXXXXXX0c84f7f328f73_1646.jpg exists" - but that's one of the avatars that's not showing. So, um... now what?! :P

Re: Some avatar files are missing - but not all

Posted: Sun Feb 06, 2011 5:46 am
by Noxwizard
Try this one then:

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);

$user_id = 2;

$sql = 'SELECT user_avatar FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id;
$result = $db->sql_query($sql);
$filename = $db->sql_fetchfield('user_avatar');

$avatar_group = false;
if (isset($filename[0]) && $filename[0] === 'g')
{
    $avatar_group = true;
    $filename = substr($filename, 1);
}

$ext        = substr(strrchr($filename, '.'), 1);
$stamp        = (int) substr(stristr($filename, '_'), 1);
$filename_i    = (int) $filename;
$prefix = $config['avatar_salt'] . '_';
$full_path = $config['avatar_path'] . '/' . $prefix . $filename_i . '.' . $ext;

$exists = file_exists($full_path);
$readable = is_readable($full_path);

$render = (isset($_GET['render'])) ? true : false;

if(!$render)
{
    echo 'File: ' . $full_path . '<br />';
    echo 'Exists: ' . (($exists) ? ' yes' : ' no') . '<br />';
    echo 'Is readable: ' . (($readable) ? ' yes' : ' no') . '<br />';
    echo 'file.php render: <img src="./download/file.php?avatar=' . $filename . '" /><br />';
    echo 'Self render: <img src="./avatar.php?render=true" />';
}
else
{
    send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename_i . '.' . $ext);
}

function send_avatar_to_browser($file)
{
    global $config, $phpbb_root_path;

    $prefix = $config['avatar_salt'] . '_';
    $image_dir = $config['avatar_path'];

    // Adjust image_dir path (no trailing slash)
    if (substr($image_dir, -1, 1) == '/' || substr($image_dir, -1, 1) == '\\')
    {
        $image_dir = substr($image_dir, 0, -1) . '/';
    }
    $image_dir = str_replace(array('../', '..\\', './', '.\\'), '', $image_dir);

    if ($image_dir && ($image_dir[0] == '/' || $image_dir[0] == '\\'))
    {
        $image_dir = '';
    }
    $file_path = $phpbb_root_path . $image_dir . '/' . $prefix . $file;

    if ((file_exists($file_path) && is_readable($file_path)) && !headers_sent())
    {
        header('Pragma: public');

        $image_data = getimagesize($file_path);
        header('Content-Type: ' . image_type_to_mime_type($image_data[2]));

        $size = filesize($file_path);
        if ($size)
        {
            header("Content-Length: $size");
        }

        if (readfile($file_path) == false)
        {
            $fp = fopen($file_path, 'rb');

            if ($fp !== false)
            {
                while (!feof($fp))
                {
                    echo fread($fp, 8192);
                }
                fclose($fp);
            }
        }

        flush();
    }
    else
    {
        echo '<br />Status: 404, Could not find ' . $file_path;
    }
}
?>

Re: Some avatar files are missing - but not all

Posted: Mon Feb 07, 2011 10:46 am
by Pseudonym
Wow, thanks NoxWizard! Results as follows...

For the member with the faulty avatar:
File: images/avatars/upload/a766e0d91XXXXXXXXXXXXXXXX328f73_1646.jpg
Exists: yes
Is readable: no
file.php render: [broken image]
Self render: [broken image]
For me:
File: images/avatars/upload/a766e0XXXXXXXXXXXXXXX28f73_2.gif
Exists: yes
Is readable: yes
file.php render: [my avatar]
Self render: [broken image]

Re: Some avatar files are missing - but not all

Posted: Mon Feb 07, 2011 10:51 am
by Pseudonym
Actually, hang on... I think there's a problem with that test. It's giving me the same base filename each time, just changing the user id. I assume that's not what's supposed to happen?

Re: Some avatar files are missing - but not all

Posted: Mon Feb 07, 2011 5:33 pm
by Noxwizard
That's the correct behavior. According to the first script, the file isn't readable. What are the permissions on the uploaded image?

Re: Some avatar files are missing - but not all

Posted: Tue Feb 08, 2011 7:51 am
by Pseudonym
Aha! You've got it. The permissions on this file are 660, whereas mine are 666. There seems to be a wide range of permissions on these files though... 660, 666, 755, etc. Which one's correct, and why would they have (presumably) changed from the default?

Re: Some avatar files are missing - but not all

Posted: Tue Feb 08, 2011 8:48 am
by Noxwizard
It will vary by server as to what permissions you need. On mine, avatars use 600, 644 should work fine though on most setups. As for why they changed, it's hard to say. Maybe your host did something that caused it.

Re: Some avatar files are missing - but not all

Posted: Tue Feb 08, 2011 9:54 am
by Pseudonym
The most recently uploaded files were 666, so that's what I've set them all to - and lo! They work!

Thank you, sir, you truly are a wizard! If phpBB had a reputation feature, I'd be repping you hard! :D