Attachments images rotation extension

[axe70]

Hello all the lovely people!

I coded a piece of code, initially intended to act like an hack, that allow to rotate attachments images by adding a folder into phpBB root, a call to include a file, some js code added into overall_footer.html. All working like a charm, under the image link, when on post edit mode, appear a link Rotate which when clicked, open a popup: onclick into image, the image rotate, then you can click save to save in the position you like.
So nice, result is perfect. It's for gif (also trasparent), png and jpg (and easily can be improved with img ext of any kind)

The problem come out, when finished the required work, i like to release it like a free mod.
Beside the fact i should write a mod implementing all with classes etc (this is it? it is strictly required?) i followed another way instead, that work, and is really more short.
I do not need to write too much code to include these files, within a skeleton starting code, but when an ajax call is done by the popup, to a file that reside into a folder named core within the mod folder, and that receive the ajax request, to make it work and setup phpBB environment on it, i've start the code like this:

note: $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../../../../';
since i need the environment vars, i get all in this way: i define the root so any phpBB included file after, will work as expected

Code: Select all

define('IN_PHPBB', true);
// define the root from here
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../../../../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

// Thank you sun.
if (isset($_SERVER['CONTENT_TYPE']))
{
	if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
	{
		exit;
	}
}
else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
{
	exit;
}

///////////////////
// Obtain before common.php include, or will return error
///////////////////
if (isset($_POST['data'])){
 $ajaxdata = json_decode(stripslashes($_POST['data']));
}
///////////////////

// implicit else: we are not in avatar mode
include($phpbb_root_path . 'common.' . $phpEx);
require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx);
.....

the code, after images process terminated, just exit giving a response (errors or success).

Questions:
I'm quite sure all this is secure, i can call this file making it work this way, isn't it?
Will be never validated, a mod that execute an ajax call this way?

Further help and/any consideration would be appreciated. Thank you

i will post all the mod code soon, asap it is "refined"

ADDED:

A new thread has been posted to support questions and report bugs here:
Attachments images rotation extension - devel/support thread

Please follow into the linked post, as suggested by mods.
I already answered and started into it about your question

phpBB attachments images rotation 1.0.3 on github

[3Di]

Looks like a custom coding discussion, I mean nothing here is related to Extensions. Am I wrong?

[Paul]

Will be never validated, a mod that execute an ajax call this way?

I assume you are asking if it ever will be validated. And the question is no, never. And for the next reason:

• MODs don't exists anymore. Only extensions are validated, and can be submitted. You will need to incorperate it into a extension.
• You can't use $_POST and $_SERVER directly, you need to use the request class.
• You can't create a user facing file, but should use the routing system like all extensions.

[axe70]

It is an extension, the code run within proper classes and fire following ext rules (created with skeleton).
Why should not be validated, because it is not secure?
$_POST here, mean this:

Code: Select all

 $degrees = isset($ajaxdata[0]) ? intval($ajaxdata[0]) : 0;
 $attach_id = isset($ajaxdata[1]) ? intval($ajaxdata[1]) : 0;
 unset($ajaxdata);

nothing is executed that is not secure.
I assume it can be discussed the way it include the environment, not the $_POST that is secure in the way it is implemented, in this case.
Ok, thank you, by the way I will check if it is possible to resolve also this aspect

[Paul]

The limited code above is not a extension, but a user facing file not using the routing system. So the code you provided will not pass validation.

You should not use $_POST directly, but use the request class.

[axe70]

Ok Paul, thank you, i will post the entire code, so may somebody can help on improve it, or use it beside the fact it will be validated or not.
P.s thanks to all!

[3Di]

It is an extension

It is not, at the present stage.

You can't use $_POST and $_SERVER directly, you need to use the request class.

To begin with, ofcourse.

Morever, if you are making an extension out of your code I would suggest you to do it first, then put your code on GitHub in order us to watch it and suggest you the right way to do it. An extension means no manual code changes, you know that I am sure. It is a sort of plug-in.

[axe70]

Thank you for all answers, giving me the right direction. No manual code changes will be required, the code run within a normal extension wrapper, using two events:
'core.download_file_send_to_browser_before'
and on template:
overall_footer_body_after

so easy, so short

[3Di]

Very well, go ahead then. We will surely support your work.
If you use GitHub I am sure you will get more and accurate help.

BTW, I am interested on your extension, so I will be here.

Luck.

[axe70]

Very well, go ahead then. We will surely support your work.
If you use GitHub I am sure you will get more and accurate help.

BTW, I am interested on your extension, so I will be here.

Luck.

Preparing the mess, i will reply here asap! Grazie Marco!

[3Di]

Okay, take your time.

[axe70]

Never used seriously github, or something else like it, so ...

"I'll look like a monkey to you, playing a guitar into a crazy Symphony"
... anyway, it works like a charm. Secure, non intrusive, it's easy and run fast.

phpBB-image-attachments-rotation on github

Please send me the username if i need to add you to commit on github, or publish it by yourself, if you'll like it. So i will see how more experts can implement the idea, rebuilding code in a more effective and conventional way.

Works fine, we'll see what you think of. Waiting for criticisms, especially for the way i used the Skeleton/Symfony phpBB classes. You may will find a not common way to do/code things. But it work fine and let see a way to accomplish with something (may) never seen around: attachments rotation in phpBB done with easy. Very easy to add/improve more features and the code.

Please READ

Some explain:
The extension as is, at moment, allow to rotate an image attachment, if it is an jpg/jpeg, gif or png.
If the image extension match one of those image ext, a link Rotate appear just below the attachment image link, when on edit post mode or posting mode, also immediately after it has been loaded: onclick into Rotate link (may a font awesome icon would be better), it open a popup, where a preview of the image created on fly will display. It is intentionally a raw little image due to img_data_uri limitations. Png or gif with transparent background, will appear with black background, but it is just a preview that let see the position which the real image need to be saved into. Click save, and the image will be saved (preserving transparency*). The popup close when process finished or when you click outside it. A just uploaded img file, will be presented immediately with the Rotate link, so it is possible to rotate it immediately, even before to submit the post for the first time.

*About gif transparency, and bg Matte, i wrote this post and code snippet days ago:
Php: rotate a gif and save the image, preserving transparency
The gif BG matte is not preserved during the image rotation process. I think it is not possible, so if anybody know more about this aspect, i would be curious to know, and improve the code about (but i do not think it is possible?)

About cached images, some explain on the simple inline code has been added, i also mentioned in short how to resolve this issue, so i've still not code this part, but resuming: may cached previous image display, if you edit a post. Be sure to reload and clean cache if the image do not appear rotated: may it is the previous browser's cached one, and not the actual you just rotated/saved. This normally happen when editing a post, where you go to rotate an image that has been already cached before. If saving the post the file result to be the same as before (not rotated), you can check that the file has been really rotated pointing your browser to open the file (for example) like this:
https://subdomain.w3host.com/phpbb3/download/file.php?id=131&test=0
as you may already know (or may in incognito window i think) ...
Here is a short video that let see you the issue:
https://www.youtube.com/watch?v=gqyCTTQFGvI

About popup: you'll see it has been added in a not common way. This is the aspect that may fail on accomplish with a regular acceptable extension (since all the rest is may not common, but is correctly wrapped into extension classes): to edit the output aspect of the popup, you'll have to edit the css/html into the /ext/w3all/imageattachrotation/core/rotateImg.php.
I will follow improving with Symphony, but may for you will be a joke to make it "validable" before i get an headache.

I've been short but sufficiently clear on commenting code, advanced programmers will have no problems on understand how the "magic" works, and i will be around for any question, when ever something is not clear.

I note that sometime i need to recompile template and/or clean cache on ACP, before to enable the extension or i have to disable the extension, delete data, and re-enable it, to see effective changes into attachments elements output. Just in case, if you see no rotate link, may clean cache into phpBB acp and set to recompile yes the template stale setting. Not sure if it is the real reason. I assume some lack on code, that should let phpBB update things, without doing something like the above described. I've see that the code result on page, but do not fire. I assume it is a Symphony issue, due to some lack on code you can may observe and correct.

In the hope you will not hate me for this, and waiting for all your feedback and help!

[3Di]

At a first glance (2 minutes), yes... there is "something" (euphemism) still to do over there, but... great job!

I do really appreciate your enthusiasm and availability, thank you on behalf of everyone.

I will certainly explore the code as soon as I find a couple of hours free, if I can suggest some improvement (not only the fundamental ones because they all know those) I will be in touch and post my feedback here. I'm almost certain that others will read this and some of them may intervene in the meantime. If only it weren't as I was saying about basic things, that's not the point in my opinion, they are things that are easily solved. Let's get down to business.

Please send me the username

On GitHub I am 3D-I if needed.

[axe70]

Added! Thank you for your appreciations!

[axe70]

Just to report: committed a little change, to not let the code create a thumb png or jpg, where there is no thumb, may due to settings on ACP.
It has been necessary to commit the change of just one line on code, into file fileRotate.php

changing:
if($rotate){
into
if($rotate && $source){

So there is no needs to check for anything from phpBB vars. It it exist, will be rotated, if the file do not exist, the code follow.