dynamic avatar for vBulletin
I'm trying to get a dynamic avatar to work, the thing already works, problem is vBulletin says it's an invalid url, here's what I did:
<?php
function GetFiles($sDir){
if(!$rHandle = @opendir($sDir)){
return(false);
}
$aFile = array();
while(false!==($sFile = @readdir($rHandle))){
// buffer all files
if($sFile!="." && $sFile!=".."){
if(!is_dir($sDir."/".$sFile)){
$aFile[] .= $sFile;
}
}
}
@closedir($rHandle);
return $aFile;
}
$sHome = $_SERVER['DOCUMENT_ROOT']."/AHAHAHA";
$aFiles = GetFiles($sHome);
$rImage = imagecreatefromjpeg($sHome."/".$aFiles[mt_rand(0,(@count($aFiles)-1))]);
header("Content-type: image/jpeg");
imagejpeg($rImage);
imagedestroy($rImage);
?>
…and created a .htaccess file with the following lines
RewriteEngine on
RewriteRule ^31337bitches.jpg$ h4xor.php
POC: http://www.tools-and-design.com/31337bitches.jpg
why doesn't vBulletin accept the damn image :(
tia
possibly because its created by the server and they only allow, true images.
vbulletin checks the source of the picture to ensure its not got anything malisous in it, or is .htaccessed etc.
your image has:
CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
and my guess would be thats on the vbulletin block list.
you'll hvae to do some editing and string replacing on the image to get vbulletin to allow it.
Your image -is- a true image. The problem is that vBulletin -might- scan for image headers and blocks any unwanted.
Like Mr. Cheese suggested, replace the headers (easy job in PHP) and you're probably good to go.
I suggest you use a header that is already accepted on the server (no header at all works too probably).