After moving to another host nobody can add an avatar.

There is error message specified under $l_uploadError of the language pack.

What the reason for this problem can be?

Check permissions for the avatars folder.
Debug the script and get the idea at which point such error appears.
There are a lot of cases why it happens so, without deep debugging it's impossible to tell.

I've checked permissions before posting here. They are 777.
What do you mean by debugging the script?

It's a programming term. The error appears under addon_avatar.php. There is a block of code which is responsible for uploading a file.

/* upload avatar - step 2 */

You need to put in the code something like

then upload the file again and again until you see the breaking point at some step.

In general, such error will appear when $warn=1; So there is quite a lot of cases when it happens, you need to know which exactly.

Possible reasons:

- the file was not uploaded at all. It may happen because on the server, a temporary upload folder is set up incorrectly. If other applications can't upload the file, this could be the reason.

- uploaded file doesn't match the allowed file type (specified under $availableTypes), so it may be not 'gif', 'jpeg', 'jpg', 'png'.

- the file exceeds the maximum size set under $maxFileSize

- file dimensions exceed $maxAvatarWidth and/or $maxAvatarHeight, or if $staticAvatarSize is set to TRUE, they are not equal to such settings.

It looks really strange but I don't have any error, may be I'm doing something not right.

Speaking about possible reasons, I think there can be only the first error, because all other possible reasons were checked by me and everything is right about these options, but an avatar can't be uploaded.

If other applications can't upload the file, this could be the reason. Do you have other scripts which are programmed to upload files? Do they upload files normally?

I tried to install a template in my joomla cms ant there was a mistake which said that some files couldn't be moved to media folder. Media folder has 777 permissions.
So it's seems that you are right, Paul. What I need to do? To ask my hosting provider?

Probably... as I wrote, there could be a temporary upload folder just missing or specified wrong. I experienced that often when moving sites to the newly installed/upgraded servers.

Hello,

I found something in avatars folder.. a user tried and uploaded some php codes in his avatar .mbb (avatar appeared like an image but inside that mbb was php malicious code).

I think avatar add-on has some bugs to allow uploading php hidden file inside images! I hope you could fix this! if you want I can provide you the file in a zip format so you could check it.

Thanks :)

Even if some file was uploaded - what's next?
You can't execute it as PHP script, if .mbb extension is not associated with PHP in your server settings. The same way you could try to rename .exe or .doc or anything else to JPG, fake the header and it may pass.

There is no strict solution on renamed files with wrong extensions, or at least I don't know about the easy and effective one. File type headers are sent by a browser and may be easily faked. PHP itself can not determine what kind of file is being uploaded.

If it's so.. that's great then! I thought it might be a bug!
Thanks anyway :)

Well, it "might" be a bug, but if somebody has greater solution or suggestion that mine, I could develop it ;)

Hello,

User can easily upload PHP-Shell via Avatars, if it could be a way to avoid uploading such file that would be great!!!

Best regards,

User can easily upload it, but it's not clear what s/he will do with it later?
I have answered this above.
You can actually upload any virus app as well - but who will care of it, if it can't be executed.