Some suggestions for the server side

[vantavoids]

Hi hi!!

I've been using your mod for quite some time now and noticed that it stopped working in game recently (aka fails to download images)

I thought the image url I uploaded previously was expired or something so I tried to reupload a new one but then I get redirected to a blank screen with just a text that says "Password saved", which apparently is a problem that someone else has also encountered (#10 )

For some reason (I don't know which) I decided to take a look in Chrome's network inspector, then discovered that the form submission results in a 500 server internal error.

I then decided to take a look at the code myself to see what the matter could be and maybe try to fix it, here's some of the stuff I updated:

It seems like you're creating a "users" dir in order to save php scripts that each contain a user's hashed password and their submitted image url, which is a way to do it. However, you're creating this directory EVERY single time the main script is executed. I'm not an expert on linux' filesystem but I think mkdir gives you an error when you attempt to create a directory that already exists. Instead, you could create that directory ONLY if it doesn't exist already

https://github.com/user95401/ProfileImage/blob/ece28edc1e1a58b34b30d6d9651217a834ca8584/server%20side/index.php#L4

//check if a users dir doesnt exist already, so we can create one
if (!file_exists('users')){
    mkdir('users', 0700, true); //make users dir (700 its owner only prems)
}

Here, it's not really an issue on it's own, just a matter of better readability and geting rid of some warnings (especially if some of the entries of the $_GET and $_POST arrays are undefined)

https://github.com/user95401/ProfileImage/blob/ece28edc1e1a58b34b30d6d9651217a834ca8584/server%20side/index.php#L48-L79

function html_putPassword($msg){
    $name = $_GET['name'];
    $id = $_GET['id'];
    $password = $_POST['Password'] ?? "";

    return ("
    <h1>Hello! $name?</h1>
    Create a password to take over this user register point ($id.$name) for your own use.
    <br>Or just login if already registered. <a target=\"_blank\" href=\"https://github.com/user95401/ProfileImage/issues\">Help...</a>
    <br>$msg
    <form method=\"post\">
    <input value=\"$password\" placeholder=\"Password\" type=\"Password\" name=\"Password\" required>
    <input type=\"submit\">
    ");
}
function html_saveImgLink($msg){
    $name = $_GET['name'];
    $id = $_GET['id'];
    $url = $_POST['url'];
    $password = $_POST['Password'];

    return ("
    <h1>Hello, $name! again.. huh</h1>
    ($id.$name)
    <br>Now u can set link up to ur image: <span style=\"opacity: 0.5;\">its better if u put .png or .jpg, NOT .gif/.webp/.ico/.bpm/data and stuff</span>
    <br>$msg
    <form method=\"post\">
        <input value=\"$password\" type=\"hidden\" name=\"Password\">
        <input value=\"$url\" placeholder=\"Image url\" type=\"url\" name=\"url\" id=\"imgInp\" required>
        <div style=\"
    display: flex;
    align-items: flex-start;
    flex-direction: row;
    justify-content: space-between;
            \">
            <img name=\"url\" id=\"blah\" src=\"$url\" alt=\"Link is bad seems\" style=\"max-height: 22vh;\"/>
            <input type=\"submit\" style=\"width: 10rem;margin: 0px;\">
        </div>
        <script>imgInp.onchange = evt => {blah.src = imgInp.value}</script>
    ");
}

Same thing here

https://github.com/user95401/ProfileImage/blob/ece28edc1e1a58b34b30d6d9651217a834ca8584/server%20side/index.php#L95

$urlFromPost = $_POST["url"] ?? "";

Here you're feeding strlen() a $str variable that is nowhere to be found in the code and therefore undefined, so you get warnings for it (I think it might even be errors actually)

https://github.com/user95401/ProfileImage/blob/ece28edc1e1a58b34b30d6d9651217a834ca8584/server%20side/index.php#L114

if(strlen($_POST["Password"]) > 100) exit(html_putPassword("<b style=\"color: coral;\">LONG PASSWORD (>100)</b>"));

In this foreach loop, you're looping through each file contained in the users dir to generate a userblock from the file name. Again, for the sake of readability, I created two variables that hold the user name and user id respectively. I also noticed that you're checking if the current file is either "." or ".." which is a good thing, but you're simply replacing it with an empty string when that condition is true. You then pass said empty string to explode() which will return an empty array, so trying to access any element of it will cause issues. Instead of making $ff an empty string, you can simply skip this iteration and move on to the next one which should be an actual file name.

https://github.com/user95401/ProfileImage/blob/ece28edc1e1a58b34b30d6d9651217a834ca8584/server%20side/index.php#L162-L180

$ffs = scandir("users"); 
foreach($ffs as $ff) {
    //if uppers things
    if($ff == ".." or $ff == ".") continue;
    //user and id
    $userEntry = explode(".", $ff);
    $userName = $userEntry[1];
    $userId = $userEntry[0];

    //img
    include "users/".$ff;
    $userBlock = ("
        <div class=\"user_block\">
            <img class=\"user_block_img\" src=\"$url\" loading=\"lazy\">
            <h1 class=\"user_block_name\">$userName</h1>
            <h3 class=\"user_block_id\">$userId</h3>
        </div class=\"user_block\">
    ");
    echo $ff !== "" ?
    $userBlock
    : "";
}

All these changes have been tested and seem to be working fine when ran locally and in a docker container.

There could be more refactoring done obviously, but for now I think these are the most important ones and could solve some issues.

You can contact me on Discord (same @ as here) if you have any questions or need help with anything! (sorry for the gigantic issue btw)

[user95401]

anyways good issue ya real reason (i think) is more funny, its just free hosting limits. recently i lost good one i grab ur suggestions but not sure if in game it will be works

[vantavoids]

ah yeah fair enough 💀, i mean i could help with the hosting part if you wanna. i'd just need to maybe rewrite the serverside a bit (with your permission obviously)

[user95401]

ur welcome