Avatars and Privacy

Avatars should be treated in the same way as photos and not allowed to be called directly through a URL. If you have a closed system, the faces of the people cannot be exposed to the www and every crawler/search engine around.

style="background-image:url(http://demo.boonex.com/modules/boonex/avatar/data/images/23.jpg);"

Also i don't like that the page source code still shows the boonex path in it. Pls deliver the images via a php function so they are protected from outside access. Is this possible?

interesting thought. But, heres another one. What if someone like deanos decides to do a new avatar module. Your original url would be totally different. Cause remember - the boonex that you see in the url (modules/boonex/avatar) is based on the module creator - in which case boonex created the original module so thats why we have boonex in the url. If it were deanos avatar, it woud be modules/deanos/avatar.

You should be able to stop the web crawlers from indexing them by adding the folder to a robots.txt.

Also, protect it from access with a .htaccess file.

You can copy the one from

modules/boonex/photos/data/files

And put it in

modules/boonex/avatar/data/images

As for the word boonex in the url. Well, that goes along with my argument of unreasonable requests for branding removal. You don't ask Microsoft or Adobe which charge a arm and a leg for some of their products to remove all traces of who owns the product. Boonex should not have to go that far either.

just to test a theory - i have a fresh 7.1.2. I have changed the boonex folder to MyGoodStuff. Then uploaded to test site. The theory is that I should be able to install the modules - hopefully - with little to no issues, because the name of the folder should not make a difference. Will post what happens after I eat dinner and do the actual install

It should fail.

The name of the folder does make a difference.

You will have to edit the config file of every module, and in some cases references in code of some of the classes.

The folder name can be changed. It just requires work. It's not as easy as just renaming the folder.

What you would have to do is to find all the references in the Dolphin code to the /modules/boonex and change them to /modules/MyGoodStuff; do that and see if you can get it to work

 that part I did expect, but was hoping it was limited to just that. I will try a few and see what happens.

EDITS:

First update: Install went perfectly - no errors at all.

2nd update: there are 844 references to boonex in the modules directory (including notes and copyright statements), so since the avatar module was mentioned here, I shose the avatar module - there are only 21 references in there - i changed those only, and the install went perfect. Now I have to make sure it works.

alrighty - for grins and giggles - this is what I got:

style="background-image:url(http://mytherapysession.net/demo/modules/goodstuff/avatar/data/images/1i.jpg);"

changed all references to boonex (with lower case b) in avatar module folder (there are 21), as well as 2 quick changes in BxDolMemberInfo.php; 1 change in BxBaseCmtsView.php; and 1 change in BxBaseIndexpageView. - so a total of 25 references to change for the avatar module. - not really too bad. it only took me about 10 minutes to find and change everything. Probably not that long as i stopped to take notes on what I was doing.

Which brings us back around full circle - why should I have to go through this to remove the boonex referencing when I have paid for a license. Which has been asked several times before.

EDIT:

From what I just looked at in order to make the necessary changes, it seems to me that there really isnt a need for a vendor folder at all. Example: in the BxBaseIndexPageView.php there is this line:

include_once (BX_DIRECTORY_PATH_MODULES . 'boonex/avatar/include.php');

why not just get rid of the vendor folder and place all modules directly in the modules folder. so you end up with:

include_once (BX_DIRECTORY_PATH_MODULES . 'avatar/include.php');

This does not seem like it should be too hard to do - well maybe now as the system and all other modules are developed based on the vendor folder being present. But the concept seems to be one that could possible work.

Quick Update - after making the changes for the avatar, i decided to do the groups module next - 29 items in the groups module, but only 6 needed to be changed (the rest were notes or copyright). No other changes were done to the site.

End result - everything works like a charm.

I think I will continue down and see how many I can successfully change which do not require changing any other dolphin coding other than in the actual module folder itself.

 Just my 2 cents, but it looks like a complete waste of time and resources to do all these changes for a folder that most of the users won't even know what it means.  And good luck when you have to upgrade the base files.

Just preventing the robots from indexing should be enough.

Hi Deano

my robots is a plain Disallow: / because i don't like to expose any folders that are normally hidden to the end user. Anyway changes will be made to the file soon but i will not add disallows for specific folders there. Badbots don't care and in the end they even know where to look for stuff.

Copying the file from photo module to avatar module will not work because it is denying access totally, so the avatars not even get displayed on the site anymore. Photo module sends the file via a php function and avatar module is writing the real link to the output. Thats why i asked to change it in the same way. Anyway i found a simple way to stop accessing avatar photos directly by putting this into the .htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www.)?example.com [NC]
RewriteRule .(gif|jpg|png|jpeg)$ /path_to_a_folder/images/replace.jpg [L]

For the Boonex link. This is not really about rebranding, it is more a security by obscurity. If there ever is a new security hole in dolphin (hopefully not) hackers just need run a google query for /modules/boonex and can be sure it is a dolphin site. Yes i know even the structure of your websites source reveals this, but this is the easiest way to find out what system it is running under. So i would be happy if also the avatar module follows the rewrite rules like all the other modules. Why this one should be an exception? Changing the modules vendor name folders is no option for me.

Edit: I got rid of the /modules/ path in the source by doing a mod rewrite in /.htaccess and changing the path for BX_AVA_URL_USER_AVATARS in include.php of the avatar module. Looks like it works side wide, I just don't like the additonal server load by doing this. Maybe easiest way is to create another folder somewhere and change just the two variables there and the path to the /ready folder in BxAvaModule.php so the source is not pointing to the module anymore.

 A. nothing I do is a waste of time - everything is a learning experience

B. I was just curious if it could be done

C. If it could, how much work would be involved

D. I dont do upgrades anyways

E. just that 30 minutes or so I spent on this, taught me even more about dolphin and its structure as I dont know everything there is to know.