PasswordReset is not working in WebMatrix - security

I am using the exsisting PasswordReset form in WebMatrix. I didn't change anything in the module but, it's not working. When I click the "Did you forget your password?" link and it takes me to the ForgotPassword form. After I enter my email address and click 'Send Instructions' it goes to my email. But, when I click on the link it provides I immediately get the Password Reset screen but, he top of the screen says, "Could not reset password. Please correct the errors and try again." Eventhough, I try resetting my password anyway nothing happens.
Below is the Password Reset code:
#* Remove this section if you are using bundling *#
#section Scripts {
<script src="~/Scripts/jquery.validate.min.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.min.js"></script>
}
#{
Layout = "~/_SiteLayout.cshtml";
Page.Title = "Password Reset";
var passwordResetToken = Request.Form["resetToken"] ?? Request.QueryString["resetToken"];
bool tokenExpired = false;
bool isSuccess = false;
// Setup validation
Validation.RequireField("newPassword", "The new password field is required.");
Validation.Add("confirmPassword",
Validator.EqualsTo("newPassword", "The new password and confirmation password do not match."));
Validation.RequireField("passwordResetToken", "The password reset token field is required.");
Validation.Add("newPassword",
Validator.StringLength(
maxLength: Int32.MaxValue,
minLength: 6,
errorMessage: "New password must be at least 6 characters"));
if (IsPost && Validation.IsValid()) {
AntiForgery.Validate();
var newPassword = Request["newPassword"];
var confirmPassword = Request["confirmPassword"];
if (WebSecurity.ResetPassword(passwordResetToken, newPassword)) {
isSuccess = true;
} else {
ModelState.AddError("passwordResetToken", "The password reset token is invalid.");
tokenExpired = true;
}
}
}
<hgroup class="title">
<h1>#Page.Title.</h1>
<h2>Use the form below to reset your password.</h2>
</hgroup>
#if (!WebMail.SmtpServer.IsEmpty()) {
if (!Validation.IsValid()) {
<p class="validation-summary-errors">
#if (tokenExpired) {
<text>The password reset token is incorrect or may be expired. Visit the forgot password page
to generate a new one.</text>
} else {
<text>Could not reset password. Please correct the errors and try again.</text>
}
</p>
}
if (isSuccess) {
<p class="message-success">
Password changed! Click here to log in.
</p>
}
<form method="post">
#AntiForgery.GetHtml()
<fieldset>
<legend>Password Change Form</legend>
<ol>
<li class="new-password">
<label for="newPassword" #if (!ModelState.IsValidField("newPassword")) {<text>class="error-label"</text>}>New password</label>
<input type="password" id="newPassword" name="newPassword" disabled="#isSuccess" #Validation.For("newPassword") />
#Html.ValidationMessage("newPassword")
</li>
<li class="confirm-password">
<label for="confirmPassword" #if (!ModelState.IsValidField("confirmPassword")) {<text>class="error-label"</text>}>Confirm password</label>
<input type="password" id="confirmPassword" name="confirmPassword" disabled="#isSuccess" #Validation.For("confirmPassword") />
#Html.ValidationMessage("confirmPassword")
</li>
<li class="reset-token">
<label for="resetToken" #if (!ModelState.IsValidField("resetToken")) {<text>class="error-label"</text>}>Password reset token</label>
<input type="text" id="resetToken" name="resetToken" value="#passwordResetToken" disabled="#isSuccess" #Validation.For("resetToken") />
#Html.ValidationMessage("resetToken")
</li>
</ol>
<input type="submit" value="Reset password" disabled="#isSuccess"/>
</fieldset>
</form>
} else {
<p class="message-info">
Password recovery is disabled for this website because the SMTP server is
not configured correctly. Please contact the owner of this site to reset
your password.
</p>
}
Here is the code in my _AppStart:
WebSecurity.InitializeDatabaseConnection("StarterSite", "UserProfile", "UserId", "Email", autoCreateTables: true);
OAuthWebSecurity.RegisterGoogleClient();
WebMail.SmtpServer = "smtp.gmail.com";
WebMail.EnableSsl = true;
WebMail.SmtpPort = 587;
WebMail.UserName = "mark.anthnony#yahoo.com";
WebMail.Password = "September";
WebMail.From = "mark.anthony#yahoo.com";

Change constancies in your User object. Delete required attributes from there. Also. I suggest to write your own base authentication.

Related

Uncaught TypeError: Cannot read property 'checked' of null from chrome.storage.get()

When I try to load my Google Chrome extension into the browser, I get the above error for my options.js file:
Here are my options.js:
var email_addr = document.getElementById("email_addr");
var email_password = document.getElementById("email_password");
var registerButton = document.getElementById("register");
var url = document.getElementById("url");
var port = document.getElementById("port");
var password = document.getElementById("password");
var ecs_mode = document.getElementById("ecs_mode");
var encrypt = document.getElementById("encrypt");
var include_content = document.getElementById("include_content");
var saveButton = document.getElementById("save");
debugger;
restore_settings();
chrome.storage.sync.get({"emailAddr": email_addr.value,
"emailPassword": email_password.value,
"contentServerURL": url.value,
"contentServerPort": port.value,
"contentServerPassword": password.value,
"ecs_mode": ecs_mode.checked,
"encrypt": encrypt.checked,
"include_content": include_content.checked},
function() {
// Update status to let user know settings were saved.
var status = document.getElementById("status");
status.innerHTML = "Settings Saved.";
setTimeout(function() {
status.innerHTML = "";
}, 750);
});
function register_addr() {
}
// Saves settings to chrome.storage.
function save_settings() {
if (!password.value) return;
chrome.storage.sync.set({"emailAddr": email_addr.value,
"emailPassword": email_password.value,
"contentServerURL": url.value,
"contentServerPort": port.value,
"contentServerPassword": password.value,
"ecs_mode": ecs_mode.checked,
"encrypt": encrypt.checked,
"include_content": include_content.checked},
function() {
// Update status to let user know settings were saved.
var status = document.getElementById("status");
status.innerHTML = "Settings Saved.";
setTimeout(function() {
status.innerHTML = "";
}, 750);
});
}
// Restores select box state to saved value from localStorage.
function restore_settings() {
chrome.storage.sync.get("emailAddr", function(val) {
email_addr.value = val.emailAddr;
});
chrome.storage.sync.get("emailPassword", function(val) {
email_password.value = val.emailPassword;
});
chrome.storage.sync.get("contentServerPassword", function(val) {
password.value = val.contentServerPassword;
});
chrome.storage.sync.get("contentServerURL", function(val) {
url.value = val.contentServerURL;
});
chrome.storage.sync.get("contentServerPort", function(val) {
port.value = val.contentServerPort;
});
chrome.storage.sync.get("ecs_mode", function(val) {
ecs_mode.checked = val.ecs_mode;
});
chrome.storage.sync.get("encrypt", function(val) {
encrypt.checked = val.encrypt;
});
chrome.storage.sync.get("include_content", function(val) {
include_content.checked = val.include_content;
});
registerButton.disabled = false;
saveButton.disabled = false;
}
function ecs_mode_fn() {
if (ecs_mode.checked) {
encrypt.disabled = false;
include_content.disabled = false;
}
else {
encrypt.disabled = true;
include_content.disabled = true;
}
}
function toggleButton() {
if (email_addr.value.length == 0) {
registerButton.disabled = true;
saveButton.disabled = true;
}
else {
registerButton.disabled = false;
saveButton.disabled = false;
}
}
document.addEventListener('DOMContentReady', restore_settings);
if (document.querySelector('#save, #ecs_mode, #save, #restore, #register') != null) {
document.querySelector('#ecs_mode').addEventListener('click', ecs_mode_fn);
document.querySelector('#save').addEventListener('click', save_settings);
document.querySelector('#restore').addEventListener('click', restore_settings);
document.querySelector('#email_addr').addEventListener('keyup', toggleButton);
document.querySelector('#register').addEventListener('click', register_addr);
}
options.html:
<html>
<head><title>ECS Extension Settings</title>
<style type="text/css">
body {
width: 800px;
height: 200px;
}
</style>
</head>
<body>
<center><h1>ECS Content Server Settings</h1></center>
<div title="Enter your e-mail address and password here. The address can be a regular Gmail address ('<someone>#gmail.com') or an e-mail address associated with a Google business account.">
<b>Your e-mail address:</b>
<input type="text" id="email_addr">
<b>Password:</b>
<input type="password" id="email_password">
<button id="register" disabled>Register</button>
</div>
<br>
After entering your e-mail address and password, press the <b>Register</b> button to register your address with the ChiaraMail content server. You will then be sent a registration confirmation e-mail containing a link. Select the link to show your content server password and enter the password in the <b>Content server password</b> field below.
<p>
<div title="The name and port number of the content server are fixed. Enter the password you were assigned during registration. You may change your password later at https://www.chiaramail.com/login.jsp">
<b>Content server URL:</b>
<input type="text" id="url" value="www.chiaramail.com" disabled>
<b>Content server port:</b>
<input type="text" id="port" value="443" size="4" disabled>
<b>Content server password:</b>
<input type="password" id="password" maxlength="8" size="8">
<p>
</div>
<div title="Check the 'Send as ECS' box if you want to send e-mail by default using the ECS technology. You will have the option of changing this setting when you compose your message.">
<b>Send as ECS: </b>
<input type="checkbox" id="ecs_mode" checked>
</div>
<div title="Check the 'Encrypt message' box if you want the message to be stored encrypted on the content server. You will have the option of changing this setting when you compose your message.">
<b>Encrypt message: </b>
<input type="checkbox" id="encrypt">
</div>
<div title="Check the 'Include content' box if you want the message content to be sent along with the mail headers (useful when sending to mixed recipients, some enabled for ECS and others who are not). You will have the option of changing this setting when you compose your message.">
<b>Include content: </b>
<input type="checkbox" id="include_content" checked>
</div>
<!--<div title="Select the 'Show ECS users' box to display message senders in magenta if the sender's e-mail address is registered with the ChiaraMail content server. This enables you to know which of your recipients are able to read ECS messages, but setting this option may adversely affect performance.">
<p>
<b>Show ECS users:</b>
<input type="checkbox" id="ecsusers" checked>-->
</div>
<br>
<div id="status"></div>
<div title="Press 'Save settings' to save your settings and 'Restore settings' to display them. Changes made to your account are propagated to all your devices and systems.">
<button id="save" disabled>Save settings</button>
<button id="restore">Restore settings</button>
</div>
<script src="options.js"></script>
</body>
</html>
and manifest.json:
"name": "Envelope-Content Splitting (ECS) Support for Gmail",
"version": "1.0",
"manifest_version": 2,
"description": "Add ECS support for Gmail running in Chrome. This enables Gmail users who access their accounts via the Google Chrome browser to send and read ECS mail. Check out http://www.chiaramail.com for information about ECS and for links to other FREE ECS-enabled mail clients and extensions.",
"browser_action": {
"default_icon": {"19": "ecs_icon_19.png", "38": "ecs_icon_38.png"},
"default_title": "Press here to configure ECS settings",
"default_popup": "options.html"
},
"options_page": "options.html",
"icons": { "16": "ecs_icon_16.png", "48": "ecs_icon_48.png", "128": "ecs_icon_128.png"},
"background": {
"scripts": ["background.js"]
},
"content_scripts": [
{
"run_at": "document_idle",
"matches": ["https://mail.google.com/mail/*"],
"js": ["updateContent.js", "colorHeaders.js", "renderContent.js", "sendOptions.js", "base64.js", "jsaes.js"]
}
],
"permissions": ["tabs",
"activeTab",
"storage",
"https://mail.google.com/mail/*"],
"content_security_policy": "script-src 'self' https://www.chiaramail.com; object-src 'self'"
}
I suspect the problem is with the way I coded chrome.storage.get(), but I couldn't find the API reference, only an example of how to call it. I'm pretty sure I coded the call to chrome.storage.get() correctly, though. What am I missing?
It turns out that I needed to clear the errors after correcting a missing UI element. I don't understand why Google requires users to clear the errors before reloading the extension; the reload should clear them.

How render a value for input field in expressJS

I am learning ExpressJS and bootstrapped an application.
In a simple login application I am trying to render value of email address already entered by customer with incorrect password.
So when user enters correct email and wrong password for signing in they see error password incorrect but I want to fill email address field.
Here is the code
https://github.com/bradtraversy/node_passport_login/blob/master/config/passport.js#L25
} else {
console.log(email)
return done(null, false, { message: 'Password incorrect' });
}
it is printing correct email but I need to render it here
https://github.com/bradtraversy/node_passport_login/blob/master/views/login.ejs#L14
You need to populate the value attribute of the email field
You should have something like that if you provide a email parameter to your template :
<input
type="email"
id="email"
name="email"
class="form-control"
placeholder="Enter Email"
<%= !email ? '' : "value="+email %>
/>

Why does my array return no data when creating a customer with the Stripe API in PHP?

I am trying to create both a customer and charge in Stripe.
However, when I try to print_r the array data in my $customer array variable, I get a blank page.
I also tried echoing a string to the charge.php page to make sure the charge page works (echo "page working");, and it does. So I know that's not part of the problem.
The permissions seem to be okay.
These are the permissions for the files in question
-rw-rw-r-- 1 sandbox admin 682 Apr 7 15:55 charge.php
-rw-rw-r-- 1 sandbox admin 1612 Apr 7 17:01 index.php
I have checked my code several times, and no luck.
Can someone help me understand what I might be doing wrong?
Note: The code shown below are all in separate files in the appropriate file types, i.e., all PHP code is in different .php files, and JS in a .js file.
The comment tags are not in the actual code. They are just indicators of where each file starts for the sake of this conversation.
<!-- index.php code below -->
<html>
<body>
<div class="container">
<h2 class="my-4 text-center">Title of Product Page Here</h2>
<form action="./charge.php" method="post" id="payment-form">
<div class="form-row">
<input type="text" class="form-control mb-3 StripeElement StripeElement--empty" name="first_name" placeholder="First Name">
<input type="text" class="form-control mb-3 StripeElement StripeElement--empty" name="last_name" placeholder="Last Name">
<input type="email" class="form-control mb-3 StripeElement StripeElement--empty" name="email" placeholder="Email Address">
<div id="card-element" class="form-control">
<!-- A Stripe Element will be inserted here. -->
</div>
<!-- Used to display form errors. -->
<div id="card-errors" role="alert"></div>
</div>
<button>Submit Payment</button>
</form>
</div>
<script src="https://js.stripe.com/v3/"></script>
<script src="js/charge.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</body>
</html>
<!-- charge.php code below -->
<!-- Note: Both the Stripe test Key and Stripe PW were masked per Stripe recommendation. Actual test key and password used in real code -->
<?php
require_once('vendor/autoload.php');
\Stripe\Stripe::setApiKey('sk_test_################');
// Sanitize
$POST = filter_var_array($_POST, FILTER_SANITIZE_STRING);
$first_name = $POST['first_name'];
$last_name = $POST['last_name'];
$email = $POST['email'];
$token = $POST['stripeToken'];
// Create customer
$customer = \Stripe\Customer::create(array(
"email" => $email,
"source" => $token
));
// Charge customer
$charge = \Stripe\Charge::create(array(
"amount" => 5000,
"currency" => "usd",
"description" => "Audio Loops Pack 2019",
"customer" => $customer->id
));
print_r($customer);
<!-- charge.js code below -->
// Create a Stripe client.
var stripe = Stripe('pk_test_################');
// Create an instance of Elements.
var elements = stripe.elements();
// Custom styling can be passed to options when creating an Element.
// (Note that this demo uses a wider set of styles than the guide below.)
var style = {
base: {
color: '#32325d',
fontFamily: '"Helvetica Neue", Helvetica, sans-serif',
fontSmoothing: 'antialiased',
fontSize: '16px',
'::placeholder': {
color: '#aab7c4'
}
},
invalid: {
color: '#fa755a',
iconColor: '#fa755a'
}
};
//Style button
document.querySelector('#payment-form button').classList ='btn btn-primary btn-block mt-4';
// Create an instance of the card Element.
var card = elements.create('card', {style: style});
// Add an instance of the card Element into the `card-element` <div>.
card.mount('#card-element');
// Handle real-time validation errors from the card Element.
card.addEventListener('change', function(event) {
var displayError = document.getElementById('card-errors');
if (event.error) {
displayError.textContent = event.error.message;
} else {
displayError.textContent = '';
}
});
// Handle form submission.
var form = document.getElementById('payment-form');
form.addEventListener('submit', function(event) {
event.preventDefault();
stripe.createToken(card).then(function(result) {
if (result.error) {
// Inform the user if there was an error.
var errorElement = document.getElementById('card-errors');
errorElement.textContent = result.error.message;
} else {
// Send the token to your server.
stripeTokenHandler(result.token);
}
});
});
// Submit the form with the token ID.
function stripeTokenHandler(token) {
// Insert the token ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeToken');
hiddenInput.setAttribute('value', token.id);
form.appendChild(hiddenInput);
// Submit the form
form.submit();
}
I expected the customer and charge arrays to return data, but I get nothing on the screen, not even an empty array.

How can I hide whmcs buttons?

Hi I hope someone can help on the client details page I need to hide the Email forwarding button and the DNS management button if the client has selected custom nameservers. I just can't work it out son any help is much welcomed ..Here is the code that takes the input;
<form method="post" action="{$smarty.server.PHP_SELF}?action=domaindetails">
<input type="hidden" name="sub" value="savens">
<input type="hidden" name="id" value="{$domainid}">
<p><input type="radio" name="nschoice" value="default" id="nschoicedefault" onclick="usedefaultns()"{if $defaultns} checked{/if} /> <label for="nschoicedefault">{$LANG.nschoicedefault}</label><br />
<input type="radio" name="nschoice" value="custom" id="nschoicecustom" onclick="usecustomns()"{if !$defaultns} checked{/if} /> <label for="nschoicecustom">{$LANG.nschoicecustom}</label></p>
And here is the code for the buttons;
{if $emailforwarding}
<td><form method="post" action="{$smarty.server.PHP_SELF}?action=domainemailforwarding">
<input type="hidden" name="domainid" value="{$domainid}">
<p align="center">
<input type="submit" value="{$LANG.domainemailforwarding}" class="button">}
</p>
</form></td>
{/if}
{if $dnsmanagement}
<td><form method="post" action="{$smarty.server.PHP_SELF}?action=domaindns">
<input type="hidden" name="domainid" value="{$domainid}">
<p align="center">
{<input type="submit" value="{$LANG.domaindnsmanagement}" class="button">}
</p>
</form></td>
{/if}
I suggest writing a helper function and calling it at the top of the tpl file
and passing the domain id to it.
You can then use the WHMCS internal API function Domain Nameservers to get the domains nameservers then compare them against the default nameservers in the tblconfiguration in the WHMCS database.
Something like this
{php}
// include our helper php file
require_once(dirname(__FILE__).'/Helper.php');
//get domain id from our template variables
$domainid = $this->get_template_vars('domainid');
//call to our helper function passing the domain ID
$hasCustomeNameServers = Helper::hasCustomNameServers($domainid);
//Once we've compared the nameservers agains the default ones we write
//our binary check to the template
if($hasCustomeNameServers >0){
$this->assign('hasCustomeNameServers',true);}
{/php}
Then in side our Helper.php we have something like the following
<?php
class Helper {
public static function hasCustomNameServers($domainid) {
$isCustom = 0;
//Interal API call to get the domains nameservers
$command = "domaingetnameservers";
$adminuser = "admin";
$values["domainid"] = $domainid;
$results = localAPI($command,$values,$adminuser);
//get default nameservers
$defautName1 ='';
$sql = mysql_query('SELECT value FROM tblconfiguration '.
' WHERE setting = "DefaultNameserver1"');
if ($res = mysql_fetch_assoc($sql)) {
$defautName1 = $res["value"];}
$defautName2 ='';
$sql = mysql_query('SELECT value FROM tblconfiguration '.
' WHERE setting = "DefaultNameserver2"');
if ($res = mysql_fetch_assoc($sql)) {
$defautName2 = $res["value"];}
//compare results
foreach ($results as &$value) {
if($value == $defautName1 || $value == $defautName2){
$isCustom++;
}
}
return $isCustom;
}
}
Now it's simply a matter on the template to wrap the {if $emailforwarding} and the {if $dnsmanagement} blocks around our check {if !hasCustomeNameServers}
I hope this helps you in the right direction this is by no means a comprehensive answer but is a guide towards the approach I think you should take in implementing your solution.

MODX - user profile photo upload

I am trying to allow users to upload photos to their profiles. I am sure I am doing something wrong...
What I currently have configured:
Update Profile Form
[[!UpdateProfile? &useExtended=`1` &preHooks=`user_profile_image` &postHooks=`redirect_profile_update`]]
<div class="update-profile">
<div class="updprof-error">[[+error.message]]</div>
[[+login.update_success:if=`[[+login.update_success]]`:is=`1`:then=`[[%login.profile_updated? &namespace=`login` &topic=`updateprofile`]]`]]
<form class="form" enctype="multipart/form-data" action="[[~[[*id]]]]" method="post">
<input type="hidden" name="nospam:blank" value="" />
<label for="fullname"><i class="icon-user"></i> <strong>[[!%login.fullname? &namespace=`login` &topic=`updateprofile`]]</strong>
<span class="error">[[+error.fullname]]</span>
</label>
<input type="text" name="fullname" id="fullname" value="[[+fullname]]" />
<label for="email"><i class="icon-envelope"></i> <strong>[[!%login.email]]</strong>
<span class="error">[[+error.email]]</span>
</label>
<input type="text" name="email:required:email" id="email" value="[[+email]]" />
<label for="test_field">Test Field
<span class="error">[[+error.custom_field]]</span>
</label>
<input type="text" name="test_field" id="test_field" value="[[+test_field]]" /><br/>
<div class="row clearfix">
<div class="label">Photo<span class="error">[[+fi.error.nomination_file]]</span></div>
<div class="input"><input id="nomination_file" name="nomination_file:required" type="file" value="[[+fi.nomination_file]]" maxlength="100000" /></div>
</div>
<br class="clear" />
<button class="btn-info btn btn-large" type="submit" name="login-updprof-btn">Update Profile</button>
</form>
</div>
User_profile_image snippet
<?php
// initialize output;
$output = true;
// get the current user name to create the file name as
$userName = $modx->user->get('username');
// valid extensions
$ext_array = array(`jpg', 'jpeg', 'gif', 'png');
// create unique path for this form submission
$uploadpath = 'assets/uploads/';
// you can create some logic to automatically
// generate some type of folder structure here.
// the path that you specify will automatically
// be created by the script if it doesn't already
// exist.
// EXAMPLE:
// this would put all file uploads into a new,
// unique folder every day.
// $uploadpath = 'assets/'uploads/'.date('Y-m-d').'/';
// get full path to unique folder
$target_path = $modx->config['base_path'] . $uploadpath;
// get uploaded file names:
$submittedfiles = array_keys($_FILES);
// loop through files
foreach ($submittedfiles as $sf) {
// Get Filename and make sure its good.
$filename = basename( $_FILES[$sf]['name'] );
// Get file's extension
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$ext = mb_strtolower($ext); // case insensitive
// is the file name empty (no file uploaded)
if($filename != '') {
// is this the right type of file?
if(in_array($ext, $ext_array)) {
//create file called the user name + pic
$filename = $userName . "pic".'.'.$ext ;
// full path to new file
$myTarget = $target_path . $filename;
// create directory to move file into if it doesn't exist
mkdir($target_path, 0755, true);
// is the file moved to the proper folder successfully?
if(move_uploaded_file($_FILES[$sf]['tmp_name'], $myTarget)) {
// set a new placeholder with the new full path (if you need it in subsequent hooks)
$modx->setPlaceholder('fi.'.$sf.'_new', $myTarget);
// set the permissions on the file
if (!chmod($myTarget, 0644)) { /*some debug function*/ }
} else {
// File not uploaded
$errorMsg = 'There was a problem uploading the file.';
$hook->addError($sf, $errorMsg);
$output = false; // generate submission error
}
} else {
// File type not allowed
$errorMsg = 'Type of file not allowed.';
$hook->addError($sf, $errorMsg);
$output = false; // generate submission error
}
// if no file, don't error, but return blank
} else {
$hook->setValue($sf, '');
}
}
return $output;
1) fix quote in this line
$ext_array = array(`jpg', 'jpeg', 'gif', 'png');
2) remove all :required in name fields.
3) instead
$modx->setPlaceholder('fi.'.$sf.'_new', $myTarget);
type
$hook->setValue($sf, $uploadpath . $filename);
4) after mkdir($target_path, 0755, true); add
if(file_exists($myTarget) {
chmod($myTarget,0755); //Change the file permissions if allowed
unlink($myTarget); //remove the file
}
For anyone who references this post:
move user_profile_image back to the prehooks like this:
&preHooks=`user_profile_image`
and at line 59 add the missing ")" like this:
if(file_exists($myTarget)) {

Resources