[Phpwebsite-developers] Image Uploads / FC Questions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi fellow devs,

... still working on re-writing the first of my modules for phpws  
1.x ... many new habits to learn, but I want to get it right and not  
just do a quick conversion :)

I have questions about image uploads and best practices.

I don't want to use File Cabinet (FC) in this case. I want this mod's  
images to be separate. I want any logged in user to be able to upload  
an image without special permissions, and also, I don't want users  
posting to this mod to have access to any other images on the site.

That raises another point I hadn't thought of at first... I don't  
want other mods having access to the images uploaded by this mod, via  
FC, for use in other parts of the site either. At first glance,  
although I really like a lot of what FC has to offer, it seems to  
give pretty broad access to the resources of all modules, to any  
module where it is used and I guess that's the point. However, I can  
imagine scenarios where a Profiler user might inadvertently delete an  
image used in some other mod, while poking around for an image for  
the profile being edited, not to mention being able to upload in any  
mod's image dir. What if for some reason, while adding Profiler  
records, I upload all my images in the blog image dir. Then later on,  
an admin un-installs blog, not knowing that the Profiler editor  
wasn't very bright :)

A couple thoughts come to mind (and I am just thinking out-loud)...

1) It might be useful if mods had to be registered (or not) with FC  
at boost or perhaps later with settings within FC. This would allow a  
mod developer to protect the resources of their mod from other mods'  
users via FC. If these was achieved with settings within FC, perhaps  
it would only apply to  non-diety users.

2) Maybe it would be better if there were two sorts of upload  
scenarios to FC. By that I mean, if the image/file upload screen is  
invoked from within some other module (like Profiler does for images)  
then only the image/file directory for the invoking mod is allowed  
for uploading to. If FC is accessed directly (Control Panel >  
Administration > FC) then all image/file dirs are available for upload.

Anywise, back to saving images in my mod, assuming I'm not going to  
use FC. I used to use EZform::saveImage() but that no longer exists.  
I can write my own function and have been looking around for  
examples, mostly trying to figure out what FC is doing when uploading/ 
saving an image. It would be really useful if there was a saveImage()  
function in /core/class/File.php. Perhaps if I write a solid enough  
function for my mod it can be moved to core in future versions :)

Does anyone have any advice as to whether I should use the old  
EZform::saveImage() as a starting point, or if I should further  
explore what FC's image/file class is doing? It looks like FC is  
passing a lot of stuff off to Pear functions and I haven't followed  
that thread yet. I'm starting to lose sight of the forest for the  
trees ;-)

Best regards,
verdon