Are there security risks when allowing users to upload images to my server?
The plugin checks the images upon upload to ensure that only gifs, jpegs/jpgs and pngs are allowed. It checks both the file extension (e.g. .gif) AND the mime-type (e.g. image/gif).
However, one can never 100% sure and there is always some security risks when allowing users to upload to your server. USE THIS PLUGIN AT YOUR OWN RISK!
I get the following error (or similar): move_uploaded_file(/path/to/bbpress/avatars/user.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in /path/to/bbpress/avatar-upload.php on line XXX
You need to set the file permissions (chmod) of the avatars folder to 666 to allow the plugin to write to the folder. You can do this using SHH or alternatively (and more easily) many FTP applications allow permissions setting. Please refer to your web host for their advice if you do not know how to do this.
When I upload some JPEGs they either look rubbish or are blocks of plain colour
[N.b. this can also apply to some PNG images, but I'm only going to talk about JPEGS.]
This is most likely a result of your web host providing a version of PHP that can not create 'truecolor' images. JPEGS are usually photographic images and therefore contain millions of colours, hence the need for truecolor. The plugin detects if truecolor is not an option and instead uses the same function as GIF (palette based) images, which can make some JPEGS look awful.
To get the best out of a JPEG image you really need PHP version >= 4.0.6 or PHP 5 and GD library GD 2.0.1 or later.
Alternatively, because this only happens when an image needs to be resized, you could inform your uses that they must make sure they avatar conforms to the maximum allowed dimensions before they upload it.