Avatar UCP and ACP: Ported Dynano -> jQuery; merged POST processing code. Added support for IPv6 URLs (avatar UCP and RequestHTTP).
Fri, 21 Aug 2009 11:54:26 -0400 (2009-08-21)
changeset 1086 6a59951b70e4
parent 1085 3343a05e7e5b
child 1087 c3db5e44f8f3
--- a/includes/http.php	Fri Aug 21 11:47:26 2009 -0400
+++ b/includes/http.php	Fri Aug 21 11:54:26 2009 -0400
@@ -197,8 +197,9 @@
   function Request_HTTP($host, $uri, $method = 'GET', $port = 80)
-    if ( !preg_match('/^(([a-z0-9-]+\.)*?)([a-z0-9-]+)$/', $host) )
+    if ( !preg_match('/^(?:(([a-z0-9-]+\.)*?)([a-z0-9-]+)|\[[a-f0-9:]+\])$/', $host) )
       throw new Exception(__CLASS__ . ': Invalid hostname');
+    // Yes - this really does support IPv6 URLs!
     $this->host = $host;
     $this->uri = $uri;
     if ( is_int($port) && $port >= 1 && $port <= 65535 )
--- a/language/english/user.json	Fri Aug 21 11:47:26 2009 -0400
+++ b/language/english/user.json	Fri Aug 21 11:54:26 2009 -0400
@@ -359,7 +359,7 @@
       avatar_lbl_url_desc: 'This must start with the <tt>http://</tt> prefix and must be a valid URL. The image will be copied from the existing URL to this server - dynamic avatars are not supported.',
       avatar_lbl_file: 'Upload file:',
       avatar_lbl_file_desc: 'Your browser needs to support file uploads for this option to work.',
-      avatar_limits: 'The image cannot be more than %config.avatar_max_size% bytes in size. The maximum dimensions are %config.avatar_max_width% &#215; %config.avatar_max_height% pixels. Allowed formats are PNG, GIF, and JPEG.',
+      avatar_limits: 'The maximum file size is %config.avatar_max_size% bytes, and maximum dimensions are %config.avatar_max_width% &#215; %config.avatar_max_height% pixels; we\'ll try resizing it if necessary. Allowed formats are PNG, GIF, and JPEG.',
       avatar_delete_success: 'Your avatar has been deleted.',
       avatar_bad_write: 'Either the remote server had trouble finding the image, or your image exceeded the allowed file size.',
       avatar_bad_filetype: 'The file you selected is invalid. You must choose a file in PNG, JPEG, or GIF format.',
@@ -369,6 +369,7 @@
       avatar_move_failed: 'Your image was accepted, but there was a problem moving the image file to the correct location.',
       avatar_upload_success: 'Your avatar has been updated.',
       avatar_file_too_large: 'The image you uploaded exceeds the maximum file size allowed for avatars on this site.',
+      avatar_invalid_url: 'The URL you entered to your avatar image is not valid. Please enter another URL and try again.',
       avatar_gravatar_success: 'Your Gravatar will now be used as your avatar on this site.',
       avatar_gravatar_rating_g: 'The highest allowed rating for your Gravatar image is <b>G</b>. Images must be suitable for display on all websites with any audience type.',
       avatar_gravatar_rating_pg: 'The highest allowed rating for your Gravatar image is <b>PG</b>. Rude gestures, lesser swear words, mild violence, and mildly provocatively dressed individuals are permitted.',
--- a/plugins/SpecialUserPrefs.php	Fri Aug 21 11:47:26 2009 -0400
+++ b/plugins/SpecialUserPrefs.php	Fri Aug 21 11:54:26 2009 -0400
@@ -184,6 +184,10 @@
   switch ( $section )
+    case 'Avatar':
+      $template->preload_js('jquery');
+      $template->preload_js('jquery-ui');
+      break;
     case 'EmailPassword':
       // Require elevated privileges (well sortof)
       if ( $session->auth_level < USER_LEVEL_CHPREF )
@@ -793,197 +797,18 @@
-      // Determine current avatar
-      $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
-      if ( !$q )
-        $db->_die('Avatar CP selecting user\'s avatar data');
-      list($has_avi, $avi_type) = $db->fetchrow_num();
       if ( isset($_POST['submit']) )
-        $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
-        $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $avi_type;
-        switch($action)
-        {
-          case 'keep':
-          default:
-            break;
-          case 'remove':
-            if ( $has_avi )
-            {
-              // First switch the avatar off
-              $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';');
-              if ( !$q )
-                $db->_die('Avatar CP switching user avatar off');
-              if ( @unlink($avi_path) )
-              {
-                echo '<div class="info-box">' . $lang->get('usercp_avatar_delete_success') . '</div>';
-              }
-              $has_avi = 0;
-            }
-            break;
-          case 'set_http':
-          case 'set_file':
-            // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
-            if ( $action == 'set_http' )
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_http', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                echo '<div class="error-box">Uploads over HTTP are disabled.</div>';
-                break;
-              }
-              // Download the file
-              require_once( ENANO_ROOT . '/includes/http.php' );
-              if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
-              {
-                echo '<div class="error-box">' . $lang->get('usercp_avatar_invalid_url') . '</div>';
-                break;
-              }
-              $hostname = $match[1];
-              $uri = '/' . $match[4];
-              $port = ( $match[3] ) ? intval($match[3]) : 80;
-              $max_size = intval(getConfig('avatar_max_size'));
-              // Get temporary file
-              $tempfile = tempnam(false, "enanoavatar_{$session->user_id}");
-              if ( !$tempfile )
-                echo '<div class="error-box">Error getting temp file.</div>';
-              @unlink($tempfile);
-              $request = new Request_HTTP($hostname, $uri, 'GET', $port);
-              $result = $request->write_response_to_file($tempfile, 50, $max_size);
-              if ( !$result || $request->response_code != HTTP_OK )
-              {
-                @unlink($tempfile);
-                echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_write') . '</div>';
-                break;
-              }
-              // Response written. Proceed to validation...
-            }
-            else
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_file', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                echo '<div class="error-box">Uploads from the browser are disabled.</div>';
-                break;
-              }
-              $max_size = intval(getConfig('avatar_max_size'));
-              $file =& $_FILES['avatar_file'];
-              $tempfile =& $file['tmp_name'];
-              if ( filesize($tempfile) > $max_size )
-              {
-                @unlink($tempfile);
-                echo '<div class="error-box">' . $lang->get('usercp_avatar_file_too_large') . '</div>';
-                break;
-              }
-            }
-            $file_type = get_image_filetype($tempfile);
-            if ( !$file_type )
-            {
-              unlink($tempfile);
-              echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_filetype') . '</div>';
-              break;
-            }
-            $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $file_type;
-            // The file type is good - validate dimensions and animation
-            switch($file_type)
-            {
-              case 'png':
-                $is_animated = is_png_animated($tempfile);
-                $dimensions = png_get_dimensions($tempfile);
-                break;
-              case 'gif':
-                $is_animated = is_gif_animated($tempfile);
-                $dimensions = gif_get_dimensions($tempfile);
-                break;
-              case 'jpg':
-                $is_animated = false;
-                $dimensions = jpg_get_dimensions($tempfile);
-                break;
-              default:
-                echo '<div class="error-box">API mismatch</div>';
-                break 2;
-            }
-            // Did we get invalid size data? If so the image is probably corrupt.
-            if ( !$dimensions )
-            {
-              @unlink($tempfile);
-              echo '<div class="error-box">' . $lang->get('usercp_avatar_corrupt_image') . '</div>';
-              break;
-            }
-            // Is the image animated?
-            if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
-            {
-              @unlink($tempfile);
-              echo '<div class="error-box">' . $lang->get('usercp_avatar_disallowed_animation') . '</div>';
-              break;
-            }
-            // Check image dimensions
-            list($image_x, $image_y) = $dimensions;
-            $max_x = intval(getConfig('avatar_max_width'));
-            $max_y = intval(getConfig('avatar_max_height'));
-            if ( $image_x > $max_x || $image_y > $max_y )
-            {
-              @unlink($tempfile);
-              echo '<div class="error-box">' . $lang->get('usercp_avatar_too_large') . '</div>';
-              break;
-            }
-            // All good!
-            @unlink($avi_path);
-            if ( rename($tempfile, $avi_path_new) )
-            {
-              $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$session->user_id};");
-              if ( !$q )
-                $db->_die('Avatar CP updating users table after successful avatar upload');
-              $has_avi = 1;
-              $avi_type = $file_type;
-              echo '<div class="info-box">' . $lang->get('usercp_avatar_upload_success') . '</div>';
-            }
-            else
-            {
-              echo '<div class="error-box">' . $lang->get('usercp_avatar_move_failed') . '</div>';
-            }
-            break;
-          case 'set_gravatar':
-            // set avatar to use Gravatar
-            // make sure we're allowed to do this
-            if ( getConfig('avatar_upload_gravatar') != '1' )
-            {
-              // access denied
-              break;
-            }
-            // first, remove old image
-            if ( $has_avi )
-            {
-              // First switch the avatar off
-              $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';');
-              if ( !$q )
-                $db->_die('Avatar CP switching user avatar off');
-              @unlink($avi_path);
-            }
-            // set to gravatar mode
-            $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $session->user_id . ';');
-            if ( !$q )
-              $db->_die('Avatar CP switching user avatar off');
-            $has_avi = 1;
-            echo '<div class="info-box">' . $lang->get('usercp_avatar_gravatar_success') . '</div>';
-            break;
-        }
+        list($has_avi, $avi_type) = avatar_post($session->user_id);
+      }
+      else
+      {
+        // Determine current avatar
+        $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
+        if ( !$q )
+          $db->_die('Avatar CP selecting user\'s avatar data');
+        list($has_avi, $avi_type) = $db->fetchrow_num();
@@ -991,28 +816,17 @@
         function avatar_select_field(elParent)
+          $('td#avatar_upload_btns > div:visible').hide('blind');
-            case 'keep':
-            case 'remove':
-              $('avatar_upload_http').object.style.display = 'none';
-              $('avatar_upload_file').object.style.display = 'none';
-              $('avatar_upload_gravatar').object.style.display = 'none';
-              break;
             case 'set_http':
-              $('avatar_upload_http').object.style.display = 'block';
-              $('avatar_upload_file').object.style.display = 'none';
-              $('avatar_upload_gravatar').object.style.display = 'none';
+              $('#avatar_upload_http').show('blind');
             case 'set_file':
-              $('avatar_upload_http').object.style.display = 'none';
-              $('avatar_upload_file').object.style.display = 'block';
-              $('avatar_upload_gravatar').object.style.display = 'none';
+              $('#avatar_upload_file').show('blind');
             case 'set_gravatar':
-              $('avatar_upload_gravatar').object.style.display = 'block';
-              $('avatar_upload_http').object.style.display = 'none';
-              $('avatar_upload_file').object.style.display = 'none';
+              $('#avatar_upload_gravatar').show('blind');
@@ -1030,7 +844,7 @@
       echo '<tr>
-              <td class="row2" style="width: 50%;">
+              <td class="row2" style="width: 150px;">
                 ' . $lang->get('usercp_avatar_label_current') . '
               <td class="row1" style="text-align: center;">';
@@ -1051,7 +865,7 @@
                 <td class="row2">
                   ' . $lang->get('usercp_avatar_lbl_change') . '
-                <td class="row1">
+                <td class="row1" id="avatar_upload_btns">
                   <label><input type="radio" name="avatar_action" value="keep" onclick="avatar_select_field(this);" checked="checked" /> ' . $lang->get('usercp_avatar_lbl_keep') . '</label><br />
                   <label><input type="radio" name="avatar_action" value="remove" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_remove') . '</label><br />';
       if ( getConfig('avatar_upload_http') == '1' )
@@ -1062,10 +876,6 @@
                     <small>' . $lang->get('usercp_avatar_lbl_url_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
-      else
-      {
-        echo '    <div id="avatar_upload_http" style="display: none;"></div>';
-      }
       if ( getConfig('avatar_upload_file') == '1' )
         echo '    <label><input type="radio" name="avatar_action" value="set_file" onclick="avatar_select_field(this);" /> ' . $lang->get('usercp_avatar_lbl_set_file') . '</label><br />
@@ -1074,10 +884,6 @@
                     <small>' . $lang->get('usercp_avatar_lbl_file_desc') . ' ' . $lang->get('usercp_avatar_limits') . '</small>
-      else
-      {
-        echo '    <div id="avatar_upload_file" style="display: none;"></div>';
-      }
       if ( getConfig('avatar_upload_gravatar') == '1' )
         $rating_images = array('g' => '0', 'pg' => '1', 'r' => '2', 'x' => '3');
@@ -1092,10 +898,6 @@
                     ' . $lang->get("usercp_avatar_gravatar_rating_$max_rating") . '
-      else
-      {
-        echo '    <div id="avatar_upload_gravatar" style="display: none;"></div>';
-      }
       echo '    </td>
@@ -1128,4 +930,237 @@
+// Avatar POST processor
+function avatar_post($user_id, $quiet = false)
+  global $db, $session, $paths, $template, $plugins; // Common objects
+  global $lang;
+  $had_a_boo_boo = true;
+  // Determine current avatar
+  $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';');
+  if ( !$q )
+    $db->_die('Avatar CP selecting user\'s avatar data');
+  list($has_avi, $avi_type) = $db->fetchrow_num();
+  $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
+  $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
+  switch($action)
+  {
+    case 'keep':
+    default:
+      $had_a_boo_boo = false;
+      break;
+    case 'remove':
+      if ( $has_avi )
+      {
+        // First switch the avatar off
+        $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
+        if ( !$q )
+          $db->_die('Avatar CP switching user avatar off');
+        if ( @unlink($avi_path) )
+        {
+          $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_delete_success') . '</div>';
+        }
+        $has_avi = 0;
+      }
+      $had_a_boo_boo = false;
+      break;
+    case 'set_http':
+    case 'set_file':
+      // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
+      if ( $action == 'set_http' )
+      {
+        // Check if this action is enabled
+        if ( getConfig('avatar_upload_http', 1) !== 1 )
+        {
+          // non-localized, only appears on hack attempt
+          echo '<div class="error-box">Uploads over HTTP are disabled.</div>';
+          break;
+        }
+        // Download the file
+        require_once( ENANO_ROOT . '/includes/http.php' );
+        if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
+        {
+          echo '<div class="error-box">' . $lang->get('usercp_avatar_invalid_url') . '</div>';
+          break;
+        }
+        $hostname = $match[1];
+        $uri = '/' . $match[4];
+        $port = ( $match[3] ) ? intval($match[3]) : 80;
+        $max_size = intval(getConfig('avatar_max_size'));
+        // Get temporary file
+        $tempfile = tempnam(false, "enanoavatar_{$user_id}");
+        if ( !$tempfile )
+          echo '<div class="error-box">Error getting temp file.</div>';
+        @unlink($tempfile);
+        $request = new Request_HTTP($hostname, $uri, 'GET', $port);
+        // max download size: 2MB, keeps things reasonable
+        // note: we'll try to scale the image down before checking filesize
+        $result = $request->write_response_to_file($tempfile, 1160, 2097152);
+        if ( !$result || $request->response_code != HTTP_OK )
+        {
+          @unlink($tempfile);
+          echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_write') . '</div>';
+          break;
+        }
+        // Response written. Proceed to validation...
+      }
+      else
+      {
+        // Check if this action is enabled
+        if ( getConfig('avatar_upload_file', 1) !== 1 )
+        {
+          // non-localized, only appears on hack attempt
+          echo '<div class="error-box">Uploads from the browser are disabled.</div>';
+          break;
+        }
+        $max_size = intval(getConfig('avatar_max_size'));
+        $file =& $_FILES['avatar_file'];
+        $tempfile =& $file['tmp_name'];
+      }
+      $file_type = get_image_filetype($tempfile);
+      if ( !$file_type )
+      {
+        @unlink($tempfile);
+        echo '<div class="error-box">' . $lang->get('usercp_avatar_bad_filetype') . '</div>';
+        break;
+      }
+      $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
+      // The file type is good - validate dimensions and animation
+      switch($file_type)
+      {
+        case 'png':
+          $is_animated = is_png_animated($tempfile);
+          $dimensions = png_get_dimensions($tempfile);
+          break;
+        case 'gif':
+          $is_animated = is_gif_animated($tempfile);
+          $dimensions = gif_get_dimensions($tempfile);
+          break;
+        case 'jpg':
+          $is_animated = false;
+          $dimensions = jpg_get_dimensions($tempfile);
+          break;
+        default:
+          echo '<div class="error-box">API mismatch</div>';
+          break 2;
+      }
+      // Did we get invalid size data? If so the image is probably corrupt.
+      if ( !$dimensions )
+      {
+        @unlink($tempfile);
+        echo '<div class="error-box">' . $lang->get('usercp_avatar_corrupt_image') . '</div>';
+        break;
+      }
+      // Is the image animated?
+      if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
+      {
+        @unlink($tempfile);
+        echo '<div class="error-box">' . $lang->get('usercp_avatar_disallowed_animation') . '</div>';
+        break;
+      }
+      // Check image dimensions
+      list($image_x, $image_y) = $dimensions;
+      $max_x = intval(getConfig('avatar_max_width'));
+      $max_y = intval(getConfig('avatar_max_height'));
+      if ( $image_x > $max_x || $image_y > $max_y )
+      {
+        // try to scale the image
+        try
+        {
+          @rename($tempfile, "$tempfile-unscaled.$file_type");
+          $scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true);
+          if ( $scale_result )
+          {
+            if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) )
+            {
+              // scale failed
+              @unlink("$tempfile-scale.$file_type");
+              echo '<div class="error-box">Rename failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
+              break;
+            }
+          }
+          else
+          {
+            @unlink($tempfile);
+            @unlink("$tempfile-unscaled.$file_type");
+            echo '<div class="error-box">Scale failure: ' . $lang->get('usercp_avatar_too_large') . '</div>';
+            break;
+          }
+        }
+        catch ( Exception $e )
+        {
+          // If we get here, the scaling process most definitely failed.
+          echo '<div class="error-box">EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '</div>';
+          break;
+        }
+      }
+      // Check file size last, so that the scale operation is considered
+      if ( filesize($tempfile) > $max_size )
+      {
+        @unlink($tempfile);
+        echo '<div class="error-box">' . $lang->get('usercp_avatar_file_too_large') . '</div>';
+        break;
+      }
+      // All good!
+      @unlink($avi_path);
+      if ( rename($tempfile, $avi_path_new) )
+      {
+        $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};");
+        if ( !$q )
+          $db->_die('Avatar CP updating users table after successful avatar upload');
+        $has_avi = 1;
+        $avi_type = $file_type;
+        $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_upload_success') . '</div>';
+      }
+      else
+      {
+        echo '<div class="error-box">' . $lang->get('usercp_avatar_move_failed') . '</div>';
+      }
+      $had_a_boo_boo = false;
+      break;
+    case 'set_gravatar':
+      // set avatar to use Gravatar
+      // make sure we're allowed to do this
+      if ( getConfig('avatar_upload_gravatar') != '1' )
+      {
+        // access denied
+        break;
+      }
+      // first, remove old image
+      if ( $has_avi )
+      {
+        // First switch the avatar off
+        $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';');
+        if ( !$q )
+          $db->_die('Avatar CP switching user avatar off');
+        @unlink($avi_path);
+      }
+      // set to gravatar mode
+      $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';');
+      if ( !$q )
+        $db->_die('Avatar CP switching user avatar off');
+      $has_avi = 1;
+      $quiet || print '<div class="info-box">' . $lang->get('usercp_avatar_gravatar_success') . '</div>';
+      $had_a_boo_boo = false;
+      break;
+  }
+  return array($has_avi, $avi_type, $had_a_boo_boo);
--- a/plugins/admin/UserManager.php	Fri Aug 21 11:47:26 2009 -0400
+++ b/plugins/admin/UserManager.php	Fri Aug 21 11:54:26 2009 -0400
@@ -88,7 +88,7 @@
         $real_name = $_POST['real_name'];
-      $signature = RenderMan::preprocess_text($_POST['signature'], true, true);
+      $signature = RenderMan::preprocess_text($_POST['signature'], true, false);
       $user_level = intval($_POST['user_level']);
       if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
@@ -128,7 +128,10 @@
         $homepage = '';
-      if ( count($errors) < 1 )
+      // true for quiet operation
+      list(, , $avatar_post_fail) = avatar_post($user_id, true);
+      if ( count($errors) < 1 && !$avatar_post_fail )
         $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
         if ( !$q )
@@ -176,167 +179,6 @@
           $to_update_users['activation_key'] = sha1($session->dss_rand());
-        // Avatar validation
-        $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
-        $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
-        switch($action)
-        {
-          case 'keep':
-          default:
-            break;
-          case 'remove':
-            if ( $has_avi )
-            {
-              // First switch the avatar off
-              $to_update_users['user_has_avatar'] = '0';
-              @unlink($avi_path);
-            }
-            break;
-          case 'set_http':
-          case 'set_file':
-            // Hackish way to preserve the UNIX philosophy of reusing as much code as possible
-            if ( $action == 'set_http' )
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_http', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                $errors[] = 'Uploads over HTTP are disabled.';
-                break;
-              }
-              // Download the file
-              require_once( ENANO_ROOT . '/includes/http.php' );
-              if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
-              {
-                $errors[] = $lang->get('usercp_avatar_invalid_url');
-                break;
-              }
-              $hostname = $match[1];
-              $uri = '/' . $match[4];
-              $port = ( $match[3] ) ? intval($match[3]) : 80;
-              $max_size = intval(getConfig('avatar_max_size'));
-              // Get temporary file
-              $tempfile = tempnam(false, "enanoavatar_{$user_id}");
-              if ( !$tempfile )
-                $errors[] = 'Error getting temp file.';
-              @unlink($tempfile);
-              $request = new Request_HTTP($hostname, $uri, 'GET', $port);
-              $result = $request->write_response_to_file($tempfile, 50, $max_size);
-              if ( !$result || $request->response_code != HTTP_OK )
-              {
-                @unlink($tempfile);
-                $errors[] = $lang->get('usercp_avatar_bad_write');
-                break;
-              }
-              // Response written. Proceed to validation...
-            }
-            else
-            {
-              // Check if this action is enabled
-              if ( getConfig('avatar_upload_file', 1) !== 1 )
-              {
-                // non-localized, only appears on hack attempt
-                $errors[] = 'Uploads from the browser are disabled.';
-                break;
-              }
-              $max_size = intval(getConfig('avatar_max_size'));
-              $file =& $_FILES['avatar_file'];
-              $tempfile =& $file['tmp_name'];
-              if ( filesize($tempfile) > $max_size )
-              {
-                @unlink($tempfile);
-                $errors[] = $lang->get('usercp_avatar_file_too_large');
-                break;
-              }
-            }
-            $file_type = get_image_filetype($tempfile);
-            if ( !$file_type )
-            {
-              unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_bad_filetype');
-              break;
-            }
-            $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
-            // The file type is good - validate dimensions and animation
-            switch($file_type)
-            {
-              case 'png':
-                $is_animated = is_png_animated($tempfile);
-                $dimensions = png_get_dimensions($tempfile);
-                break;
-              case 'gif':
-                $is_animated = is_gif_animated($tempfile);
-                $dimensions = gif_get_dimensions($tempfile);
-                break;
-              case 'jpg':
-                $is_animated = false;
-                $dimensions = jpg_get_dimensions($tempfile);
-                break;
-              default:
-                $errors[] = 'API mismatch';
-                break 2;
-            }
-            // Did we get invalid size data? If so the image is probably corrupt.
-            if ( !$dimensions )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_corrupt_image');
-              break;
-            }
-            // Is the image animated?
-            if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_disallowed_animation');
-              break;
-            }
-            // Check image dimensions
-            list($image_x, $image_y) = $dimensions;
-            $max_x = intval(getConfig('avatar_max_width'));
-            $max_y = intval(getConfig('avatar_max_height'));
-            if ( $image_x > $max_x || $image_y > $max_y )
-            {
-              @unlink($tempfile);
-              $errors[] = $lang->get('usercp_avatar_too_large');
-              break;
-            }
-            // All good!
-            @unlink($avi_path);
-            if ( rename($tempfile, $avi_path_new) )
-            {
-              $to_update_users['user_has_avatar'] = '1';
-              $to_update_users['avatar_type'] = $file_type;
-            }
-            else
-            {
-              // move failed - turn avatar off
-              $to_update_users['user_has_avatar'] = '0';
-            }
-            break;
-          case 'set_gravatar':
-            // set avatar to use Gravatar
-            // first, remove old image
-            if ( $has_avi )
-            {
-              @unlink($avi_path);
-            }
-            // set to gravatar mode
-            $to_update_users['user_has_avatar'] = '1';
-            $to_update_users['avatar_type'] = 'grv';
-            $has_avi = 1;
-            break;
-        }
         if ( count($errors) < 1 )
           $to_update_users_extra = array();
@@ -422,14 +264,17 @@
-    if ( count($errors) > 0 )
+    if ( count($errors) > 0 || $avatar_post_fail )
-      echo '<div class="error-box">
-              <b>' . $lang->get('acpum_err_validation_fail') . '</b>
-              <ul>
-                <li>' . implode("</li>\n        <li>", $errors) . '</li>
-              </ul>
-            </div>';
+      if ( count($errors) > 0 )
+      {
+        echo '<div class="error-box">
+                <b>' . $lang->get('acpum_err_validation_fail') . '</b>
+                <ul>
+                  <li>' . implode("</li>\n        <li>", $errors) . '</li>
+                </ul>
+              </div>';
+      }
       $form = new Admin_UserManager_SmartForm();
       $form->user_id = $user_id;
       $form->username = $username;
@@ -1090,32 +935,21 @@
                   <td class="row2">
-                  <td class="row1">
+                  <td class="row1" id="avatar_upload_btns_{UUID}">
                     <script type="text/javascript">
                       function admincp_users_avatar_set_{UUID}(elParent)
+                        $('td#avatar_upload_btns_{UUID} > div:visible').hide('blind');
-                          case 'keep':
-                          case 'remove':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
-                            break;
                           case 'set_http':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_http_{UUID}').show('blind');
                           case 'set_file':
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_file_{UUID}').show('blind');
                           case 'set_gravatar':
-                            \$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
-                            \$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
-                            \$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
+                            $('#avatar_upload_gravatar_{UUID}').show('blind');