Skip to:

Plugin: Avatar Upload

  • LMD


    Although there are already two avatar plugins available, they require that users either have their own webspace to store an avatar or use one of the avatar services (e.g. Gravatar).

    My users do not have either of those things, so I wrote an avatar upload plugin. Besides offering avatar hosting, it also allows you more control over the type and content of avatars than simply providing a link to an offsite image.


    • Bozos can not upload avatars.
    • Admins can configure the maximum allowed file size (bytes) and dimensions (pixels) of images.

      • Currently done from within the script (no Admin page interface at this time).

    • Anybody with the ‘moderate’ capability can upload another user’s avatar.

      • This ensures that inappropriate images can be removed.
      • There is no “delete avatar” function at this time, but an inappropriate image can be removed by uploading a ’safe’ image (e.g. a blank 1×1 pixel image) to replace it (you could then manually set that user as a bozo to stop them re-uploading inappropriate images.

    • File checking is carried out to ensure that:

      • The file has a valid extension (.gif, .jpeg, .jpeg, .png)
      • The file has a valid content-type (’image/gif’, ‘image/jpeg’, ‘image/png’)
      • The file extension and content-type actually match.
      • Other checks for filesize, image dimensions, etc.

    More info and ZIP download: bbPress Plugin: Avatar Upload

    I will be submitting this avatar to the bbPRess Plugin Repositry too.

Viewing 25 replies - 26 through 50 (of 128 total)
  • * added a ‘default avatar image’ option (if you don’t want to use fel64’s identicons — see previous posts in this thread).

    fel – how would you like me to link to the identicon’s plugin? Currently, I’m just linking to your post in this thread.

    IMO identicons make the perfect default avatar and I would like it if you include them or at least make it an option choosable through the admin panel. (If it reassures you, the Identicon creator is happy with this being included as part of such a plugin too.)

    If you don’t want to do that, again IMO this should go into a branch for your plugin (I’d need to update it first). It’s not possible to add this as a plugin so that it will work with yours, nor is it distinct enough to be its own plugin; if not part of the core plugin, I see the only alternatives to be making it a branch or just leaving it here as unofficial hack.


    I’m installing this plugin for my forum. Evering goes well, I have the default avatar, the avatar tab but I can’t upload anything: when I click on the avatar tab, I have this error:

    Fatal error: Call to undefined function: bb_get_current_user_info() in /home.13/s/p/l/spleenar/www/forum/avatar-upload.php on line 24

    Can you help me?

    Anaon, delete the old files from this plugin, download the plugin again and put the files back where they belong. Hopefully that will work. If not, download the latest version of bb and replaces the files on your server with new ones. It’s a strange error which seems to indicate to me that loading bb-load.php did not succeed fully.

    If a required file requires another file and that fails, does the original requirement also fail or generate a warning/error?

    Oh thank you very much for your help. I followed your advices and then, I saw that I had a very old version of BBpress!

    So it works great now as you can see:

    Thanks again!



    I have a problem and I’m not that good at html. Can anyone help me? I can’t seem to add an avatar to my profile. Also, the sample avatar corsses borders with the name of the member in the post below the post where the avatar is depicted. Follow the link to see an example:

    And this is the error:

    move_uploaded_file(/var/www/g29802/ [function.move-uploaded-file]: failed to open stream: Permission denied in /var/www/g29802/ on line 130

    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move ‘/var/www/g29802/’ to ‘/var/www/g29802/’ in /var/www/g29802/ on line 130

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/g29802/ in /var/www/g29802/ on line 1819



    You need to change the permissions of the avatars folder I think.

    The avatars cross the next poster’s names because they’re that’s how the CSS is set up. You could change the HTML and CSS structure, or if that’s perhaps too much you could open kakumei’s style.css, find #thread li { ... } and add this to it:

    min-height: 120px;

    That should make sure the post box is big enough that the next post box doesn’t interfere with the avatar. Change the number if you want it differently.



    Oops, I ought to add the permissions information into the help file – maybe add a permissions check so plugin dies gracefully.



    Thank you very much. Such a polite reply! I’m amazed at the helpfulness on this forum. It is all working now :D If you are dutch, come and join the forum :D It is for dutch role playing only… Sorry :S

    (no intention or commercial interest, just see the above as a polite invitation, no spam intended.)



    I get this error when trying to upload avatars (the plugin is installed and activated)

    The file could not be saved to the ‘avatars’ folder.

    I changed the permissions of the avatars folder ot ‘666’ as the information file explained, but to no avail. Doe’s anyone have any idea of why this might be happening, and how to fix it?

    I also tried leaving the folder permissions as is but this did not work either.



    Hello, the specific error you have reported could be a permissions problem – although if you tried settings permission to 666 and it still failed, I’m stumped. Alternatively, it could be some other problem with PHP’s move_uploaded_file() function.

    What might be helpful is what error PHP returns itself (I’ve suppressed PHP errors in the plugin). You need to temporarily show the PHP error for the function in question by removing the @ symbol from in front of it.

    Find the following line in avatar_upload.php (~ #99) and remove the @ symbol before the move_upload_file function.

    if ($img_errs == 0 && !@move_uploaded_file($img_temp, BBPATH .$config->avatar_dir . $user_filename) )


    Then upload the file to the server, chmod the avatars folder to 666 and try uploading an avatar again — please report the full error message you get, including the PHP error.

    Oh and I have to ask this, just in case: are all the configuration settings in my-plugins/bb-avatar-upload.php correct? Is the avatars folder in the root and is the $this->avatar_dir config setting pointing to the correct location? I’m sure they are, but I have to check.

    For those of you who have your wordpress and bbpress installs together and would like have the avatars display in the wordpress side as well…

    Here is some code you can add… This is what I use in the sidebar over at

    <?php global $user_identity;


    if ($user_identity == ”) {

    echo(‘Welcome Guest’);

    } else {

    echo(‘<img src=”/forum/avatars/’ . strtolower($user_identity) . ‘” alt=”avatar” />’);



    This will work if you would like to display the avatar outside of the loop in bbpress as well. All you have to do is change the image source line to reflect where you have your avatars stored…

    Hope that helps some people!!!

    Hey there, i’ve just installed Avatar Upload and it works brilliantly i must say! However identicon for bb-press as posted by louisedade (created by fel) gives me an unexpected error when i try to activate, running this outside of the plugin centre or whatever you want to call it, it gives:

    Fatal error: Call to undefined function: add_action() in /home/bblocked/public_html/www/forums/my-plugins/identicon.php on line 286

    Inside the plugin centre it just says fatal error :-P

    I have identicon installed on my wordpress blog and bbpress retrieves all functions from wordpress etc etc intergrated bla bla bla :-P Any ideas?

    EDIT: When editing out add_action at the bottom it doesn’t produce any errors… so i don’t know what bbpress’s problem is :-/ anyway of getting it to give more info? “Fatal Error” doesn’t explain much lol



    I found visitors were getting really hassled by the filename restrictions so I decided to relax them while still keeping some safety since you already check mime types & file extensions

    instead of:

    !eregi("^([-a-z0-9_]+).([a-z]+)$", $img_name)

    I reduced it to only exclude the four bad characters I can think of:

    eregi("#|?|&|%", $img_name)

    What do you think? Safe enough?

    Is your mime check from the physical file itself or just the sent headers? Hopefully the physical file or it’s not secure enough.

    My change allows people to click browse and enter a url into their file browser, which forces Windows to pull down the file first, then upload it to the site. Not sure what other OS’s will do. Windows adds [1] to the filename in the temp area, so your name filter was blocking it from uploading.

    My next ideas are to give lazy people a section of default avatars to choose from instead, and to allow members several stored avatars to chose from (your table should allow multiple entries per member I think, though the code to deal with it will have to be changed of course).




    The error sounds like it’s trying to call the add_action() function when either the file containing the function (wp-functions.php) isn’t included for some reason, or the plugin is being called before it has been included.

    I do not know why this might occur, although the fact you are using an integrated WordPress/bbPress combo might be a factor. We really need somebody who knows more about the internals of both system to help.

    Anyway, by commenting out the add_action() function all you have done is prevent the plugin from automatically creating an identicon for newly registered users. So, it’s not such a biggie while trying to solve the problem.


    Feel free to hack the script however you see fit — I realise I have been rather too strict with the filenames, especially as it is really only a first-stage precaution (the file gets renamed n the server anyway). Also, I believe some browsers add the whole path to the uploaded filename (something I neglected to address).

    A solution I am adding to the next version will be to extract the actual filename from the path before checking.

    $img_name = basename($img['name']);

    Then, the number of necessary characters to allow is greatly reduced. I just prefer to approach it from the other end, block everything except what I explicitly allow. But as I said, feel free to hack it to suit your needs.

    I was completely unaware that you could enter a URL into a file input (“browse”) field? You indicate that it forces Windows to download the file, but I am wondering whether it is a browser specific feature and whether it is supposed to work like that? I would not rely on it.

    The mime-type comes from the uploaded file in $_FILES which, you are right should not be trusted. I’m experimenting with checking whether the uploaded file is areally an image doing something like imagecreatefromjpeg() – obviously using the appropriate function for the reported file extension (so if it’s all wrong/missing/forged an error will result). Alternatively, a simple solution might be to use getimagesize() (just the one function for all types), which I already use later in the code.



    I have posted several changes and fixes, over here since there seems to be two threads on this plugin (and apparently bbpress won’t be able to merge topics anytime soon)

    #4 is a doozy. You might want to make that a priority in the next version. Filenames *must* be unique for every uploaded change to ensure proper caching and then image updates in the browser when the image changes.



    A new version of Avatar Upload is now available – for changes see the plugin browser thread:



    I have found and fixed a bug that was preventing the display of the newly uploaded avatar:

    (no more sleep(3) needed)


    I just upgraded to the last version and now my forum prints this message:

    Warning: call_user_func_array() []: First argumented is expected to be a valid callback, 'stdClass::has_cap' was given in /home/ficcion/public_html/wp-includes/capabilities.php on line 454

    Warning: call_user_func_array() []: First argumented is expected to be a valid callback, ‘stdClass::has_cap’ was given in /home/ficcion/public_html/wp-includes/capabilities.php on line 454

    Warning: call_user_func_array() []: First argumented is expected to be a valid callback, ‘stdClass::has_cap’ was given in /home/ficcion/public_html/wp-includes/capabilities.php on line 454

    Warning: call_user_func_array() []: First argumented is expected to be a valid callback, ‘stdClass::has_cap’ was given in /home/ficcion/public_html/wp-includes/capabilities.php on line 454

    Sadly i don’t know what it is. :(



    Hi, the error you are reporting appears to be a problem with the bbPress core code, specifically the user ‘capabilities’ class.

    Have I understood this correct:

    – You are using the latest bbPress version ( ?

    – The error only appeared AFTER you upgraded to the latest Avatar Upload plugin to version (0.6.2)?

    – Does the error appear on EVERY page, or just the Avatar Upload template in the profile area?

    It appears just in the upload avatar template. Everything else works fine :)



    Ok – in that case it must be something to do with the capabilities checking I do to ensure the current user has permission to edit the avatar. I’ll look in to it and get back to you.


    Might be related. Installing with the “Plugin Browser” will not install as the version the in SVN gives a fatal error on install.


    Sam Bauers



    I’m pretty sure that is a problem with your version of the Plugin Browser. Versions less than 0.1.5 don’t handle directories within plugins. Upgrade the Plugin Browser to 0.1.5 (you can do this within the Plugin Browser itself without problems), then you should be able to install Avatar Upload.

    * EDIT *

    Now I get what you mean, you mean it fatally errors when activating in the normal plugin page?

    Actually it has to with the way the plugin is laid out. It expects you to shuffle around and edit a few files before activation. The plugin browser will only help you get the files in this case.



    Well, yes, the plugin includes a file that must be placed into the bbPress root as well as another file that must be moved into the templates folder (either bb-templates/kakumei or my-templates/template-name). Not to mention the creation of the avatars folder and uploading of the default avatar.

    I can not see any way around this other than uploading all files to the my-plugins/avatar-upload folder and then using the script to move them to the right locations. Although, the file that remains in the my-plugins would still need to be manually edited to set the plugin’s options. Likewise, the folder creation could be done with a script rather than the current manual creation (as SamBauers suggested on the Plugin Browser thread).

    Is there a hook for when a plugin is activated? Looking around bbPulp I found the following…


    … but no information on how they are used.

Viewing 25 replies - 26 through 50 (of 128 total)
  • The topic ‘Plugin: Avatar Upload’ is closed to new replies.
Skip to toolbar