Simple Single Image Front-end Upload

  • I am sorry that this question may seem similar to so many others, but I have yet to find post on here that matches my specific needs.

    I am trying to allow users of my WordPress website to have profile pictures, without using Gravatar. A default image should be set when a user registers.

    My profile page is generated via php functions, as a response to a shortcode. When a user is viewing their own profile, the picture should show, and a button below it that allows them to change this picture.

    I would like to use the WP media uploader, but this seems to always provide access to all files that have been uploaded to the site. I only want the user to have the ability to upload one picture.

    The way I see this working is to add a user_meta db entry called “website_profile_image_url”, and have this point to the url of the file that was uploaded.

    I have tried many plugins to achieve this, but most seem to attach the url to a post, or to a page template, or some other location that does not make sense with the design of the website.

    I just need a clean and simple solution that saves the picture with the others in the media library, and fills a hidden html field with the url of the uploaded picture.

    Any guidance on how to develop a custom html/css/php/javascript solution would be greatly appreciated. Digging through themes and other plugins has not been much help in deciphering how to achieve this.

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    I don’t think the media library is going to be easy to adapt for your purposes, it’s just not set up for limited user access, some sort of privilege is assumed. It’s also quite common for uploaded images to be associated to an attachment post type. The media library will do this itself in many situations. Don’t let that deter you, you are free to ignore the attachment posts.

    In any case, uploading a single image file isn’t the hardest thing to code in some ways, but it’s very difficult to do so in a secure manner that ensures the purported image file isn’t carrying a malicious payload. The best advice I can offer is that you should never allow users to upload anything to your server. Unless you really know what you’re doing, allowing uploads will eventually lead to your site being hacked. Guaranteed.

    A simple, safe alternative would be to just have users enter an URL to an online image that is hosted by a limited range of well established photo sharing sites like imgur and photobucket. This is how these forums and many others allow embedded images in our posts. It does mean the user needs to upload their image to a third party site so that they can enter the correct link on your site. This is exactly the process that needs to be followed when using gravatar to customize one’s profile image. What’s wrong with gravatar anyway?

    If you still wish to get hacked upload files for yourself, wp_handle_upload() will be a big help. At the very least you additionally need to do something to ensure an upload is actually an image file. You cannot just rely on file extensions or MIME types for this.

Viewing 1 replies (of 1 total)
  • The topic ‘Simple Single Image Front-end Upload’ is closed to new replies.