feat: Replace image upload avatars with Gravatar

Avatars are now generated from the user's email via Gravatar instead of
uploaded image files. When no Gravatar exists, the existing letter-circle
fallback is preserved via an onerror handler on the img element.

- Add gravatarUrl() view helper (MD5 hash + ?d=404)
- Store session.email instead of session.profilePic on login/verify/remember-me
- Replace all 12+ avatar blocks across views with Gravatar + onerror fallback
- Replace upload form with Gravatar instructions page
- Remove uploadProfilePic() handler and dead upload code
- Update "Update Profile Pic" nav links to point to gravatar.com

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: bpamiri

app/controllers/admin/UserController.cfc

@@ -3,10 +3,10 @@ component extends="app.Controllers.Controller" {
 
     function config() {
         super.config();
-        verifies(except="index,loadUsers,loadRoles,addUser,store,delete,profile,changePassword,updatePassword,uploadProfilePic,updateProfilePic,checkAdminAccess,unlockUser,toggleUserLock", params="key", paramsTypes="integer", handler="index");
-        usesLayout(template="/admin/AdminController/layout", except="changePassword,updatePassword,uploadProfilePic,updateProfilePic" );
-        filters(through="checkAdminAccess", except="changePassword,updatePassword,uploadProfilePic,updateProfilePic,unlockUser,toggleUserLock");
-        filters(through="checkUserAccess", only="changePassword,updatePassword,uploadProfilePic,updateProfilePic");
+        verifies(except="index,loadUsers,loadRoles,addUser,store,delete,profile,changePassword,updatePassword,updateProfilePic,checkAdminAccess,unlockUser,toggleUserLock", params="key", paramsTypes="integer", handler="index");
+        usesLayout(template="/admin/AdminController/layout", except="changePassword,updatePassword,updateProfilePic" );
+        filters(through="checkAdminAccess", except="changePassword,updatePassword,updateProfilePic,unlockUser,toggleUserLock");
+        filters(through="checkUserAccess", only="changePassword,updatePassword,updateProfilePic");
         filters(through="checkRoleAccess", only="index,addUser,delete");
     }
 
@@ -147,62 +147,8 @@ component extends="app.Controllers.Controller" {
         return;
     }
 
-    // user profile pic form
+    // user profile pic page (now shows Gravatar instructions)
     function updateProfilePic(){}
-
-    // update user profile pic
-    function uploadProfilePic(){
-
-        var uploadPath = expandPath("/images");
-
-        if (structKeyExists(form, "profilePic")) {
-            try {
-                // Ensure directory exists
-                if (!directoryExists(uploadPath)) {
-                directoryCreate(uploadPath);
-                }
-
-                // Accept only image files
-                var uploadedFile = fileUpload(
-                destination = uploadPath,
-                nameConflict = "makeUnique",
-                fileField = form.profilePic,
-                accept = "image/*"
-                );
-                var fileExt = lcase(listLast(uploadedFile.serverFile, "."));
-                var allowedTypes = "jpg,jpeg,png,gif,webp";
-                var allowedContentTypes = "image/jpeg,image/png,image/gif,image/webp";
-
-                if (!listFindNoCase(allowedTypes, fileExt)) {
-                    fileDelete(uploadPath & "/" & uploadedFile.serverFile);
-                    renderText("Please upload a valid image file (png, jpg, jpeg, gif, webp).");
-                    return;
-                }
-
-                // Validate MIME content type
-                if (structKeyExists(uploadedFile, "contentType") && structKeyExists(uploadedFile, "contentSubType")) {
-                    var detectedContentType = uploadedFile.contentType & "/" & uploadedFile.contentSubType;
-                    if (!listFindNoCase(allowedContentTypes, detectedContentType)) {
-                        fileDelete(uploadPath & "/" & uploadedFile.serverFile);
-                        renderText("Invalid file content type. Only JPEG, PNG, GIF, and WebP images are allowed.");
-                        return;
-                    }
-                }
-
-                var savedFileName = uploadedFile.serverFile;
-                model("User").updateAll(profilePicture = savedFileName, where = "id = #val(session.userID)#");
-                session.profilePic = savedFileName;
-                renderText("Profile picture uploaded successfully!");
-                return;
-            } catch (any e) {
-                renderText("Error uploading file: #e.message#");
-                return;
-            }
-        } else {
-            renderText("Please select a profile picture to upload!");
-            return;
-        }
-    }
     // Business Logic
 
     private function checkUserAccess() {

app/controllers/web/AuthController.cfc

@@ -177,7 +177,7 @@ component extends="app.Controllers.Controller" {
                 session.userID = user.id;
                 session.username = user.fullname;
                 session.role = (isObject(user.role) ? user.role.name : "");
-                session.profilePic = user.profilePicture;
+                session.email = user.email;
                 session.lastActivity = now();
                 // Handle remember me
                 if (structKeyExists(params, "rememberMe")) {
@@ -547,6 +547,7 @@ component extends="app.Controllers.Controller" {
             session.userID = user.id;
             session.username = user.fullname;
             session.role = user.role.name;
+            session.email = user.email;
 
             session.message = "Register and Login Successfully!"
             redirectto(route="home");

app/events/onrequeststart.cfm

@@ -34,7 +34,7 @@ if (!structKeyExists(session, "userID") && structKeyExists(cookie, "remember_me"
                 session.userID = user.id;
                 session.username = user.fullname;
                 session.role = (isObject(user.role) ? user.role.name : "");
-                session.profilePic = user.profilePicture;
+                session.email = user.email;
                 session.lastActivity = now();
                 // rotate token
                 var newToken = createUUID() & generateSecretKey("AES");

app/views/admin/AdminController/layout.cfm

@@ -175,22 +175,19 @@
                         Back to Wheels.dev
                     </a>
                     <ul class="navbar-nav navbar-nav-icons flex-row">
-                        <cfif !structKeyExists(session, "profilePic") OR session.profilePic == "">
-                            <cfset session.profilePic = "avatar-rounded.webp">
-                        </cfif>
                         <div class="nav-item dropdown">
                             <a class="nav-link lh-1 pe-0" id="navbarDropdownUser" href="javascript:void(0)" role="button" data-bs-toggle="dropdown" data-bs-auto-close="outside" aria-haspopup="true" aria-expanded="false">
                                 <div class="avatar avatar-l ">
                                     <cfoutput>
-                                        <cfif !len(session.profilePic) OR findNoCase("avatar-rounded", session.profilePic)>
-											<div 
-												class="d-flex align-items-center justify-content-center #getAvatarColorByLetter(ucase(left(listLast(session.username, " "), 1)))# text-white rounded-circle fw-bold text-uppercase" 
-												style="width:40px; height:40px;">
-												#ucase(left(listLast(session.username, " "), 1))#
-											</div>
-										<cfelse>
-                                            <img src = '/img/#session.profilePic#' class="rounded-circle" alt="user profile picture">
-										</cfif>
+                                        <img src="#gravatarUrl(session.email, 80)#"
+                                            class="rounded-circle"
+                                            style="width:40px; height:40px;"
+                                            onerror="this.style.display='none';this.nextElementSibling.style.display='flex';"
+                                            alt="avatar">
+                                        <div style="display:none;width:40px;height:40px;"
+                                            class="align-items-center justify-content-center #getAvatarColorByLetter(ucase(left(listLast(session.username, ' '), 1)))# text-white rounded-circle fw-bold text-uppercase">
+                                            #ucase(left(listLast(session.username, " "), 1))#
+                                        </div>
                                     </cfoutput>
                                 </div>
                             </a>
@@ -200,15 +197,15 @@
                                     <div class="text-center pt-4">
                                     <div class="avatar avatar-xl ">
                                         <cfoutput>
-                                            <cfif !len(session.profilePic) OR findNoCase("avatar-rounded", session.profilePic)>
-                                                <div 
-                                                    class="d-flex align-items-center fs-24 justify-content-center #getAvatarColorByLetter(ucase(left(listLast(session.username, " "), 1)))# text-white rounded-circle fw-bold text-uppercase" 
-                                                    style="width:3rem; height:3rem;">
-                                                    #ucase(left(listLast(session.username, " "), 1))#
-                                                </div>
-                                            <cfelse>
-                                                <img src = '/img/#session.profilePic#' class="rounded-circle" alt="profile-picture">
-                                            </cfif>
+                                            <img src="#gravatarUrl(session.email, 96)#"
+                                                class="rounded-circle"
+                                                style="width:3rem; height:3rem;"
+                                                onerror="this.style.display='none';this.nextElementSibling.style.display='flex';"
+                                                alt="avatar">
+                                            <div style="display:none;width:3rem;height:3rem;"
+                                                class="align-items-center justify-content-center fs-24 #getAvatarColorByLetter(ucase(left(listLast(session.username, ' '), 1)))# text-white rounded-circle fw-bold text-uppercase">
+                                                #ucase(left(listLast(session.username, " "), 1))#
+                                            </div>
                                         </cfoutput>
                                     </div>
                                     <h6 class="mt-2 text-body-emphasis"><cfoutput>#session.username#</cfoutput></h6>

app/views/admin/AdminController/showBlog.cfm

@@ -31,15 +31,15 @@
                         <div class="col-12 d-flex flex-column">
                             <div class="d-flex my-3 align-items-center gap-3">
                                 <div>
-                                    <cfif !len(blog.user.profilePicture) OR findNoCase("avatar-rounded", blog.user.profilePicture)>
-                                        <div 
-                                            class="d-flex align-items-center justify-content-center #getAvatarColorByLetter(ucase(left(listLast(blog.user.fullName, " "), 1)))# text-white rounded-circle fw-bold text-uppercase" 
-                                            style="width:3rem; height:3rem;">
-                                            #ucase(left(listLast(blog.user.fullName, " "), 1))#
-                                        </div>
-                                    <cfelse>
-                                        <img src="/img/#blog.user.profilePicture#" style="width:3rem; height:3rem" class="bg-body-secondary rounded-5" alt="profile-picture">
-                                    </cfif>
+                                    <img src="#gravatarUrl(blog.user.email, 96)#"
+                                        class="rounded-circle"
+                                        style="width:3rem; height:3rem;"
+                                        onerror="this.style.display='none';this.nextElementSibling.style.display='flex';"
+                                        alt="avatar">
+                                    <div style="display:none;width:3rem;height:3rem;"
+                                        class="d-flex align-items-center justify-content-center #getAvatarColorByLetter(ucase(left(listLast(blog.user.fullName, ' '), 1)))# text-white rounded-circle fw-bold text-uppercase">
+                                        #ucase(left(listLast(blog.user.fullName, " "), 1))#
+                                    </div>
                                 </div>
                                 <p class="fs-18 text--secondary fw-semibold p-0 m-0">#blog.user.fullName#</p>
                             </div>

app/views/admin/UserController/profile.cfm

@@ -69,10 +69,18 @@
                         <label class="form-label mb-1 fs-14 fw-medium">
                             Profile Picture
                         </label>
-                        <cfif len(user.profilePicture)>
-                            <img src="/img/#user.profilePicture#" width="100" alt="Wheels.dev Profile Picture">
-                        </cfif>
-                        <input class="form-control fs-14" type="file" name="profilePicture" accept="image/*">
+                        <div class="d-flex align-items-center gap-3 mt-1">
+                            <img src="#gravatarUrl(email, 200)#"
+                                class="rounded-circle"
+                                style="width:100px; height:100px;"
+                                onerror="this.style.display='none';this.nextElementSibling.style.display='flex';"
+                                alt="avatar">
+                            <div style="display:none;width:100px;height:100px;font-size:2rem;"
+                                class="align-items-center justify-content-center #getAvatarColorByLetter(ucase(left(listLast(firstName & ' ' & lastName, ' '), 1)))# text-white rounded-circle fw-bold text-uppercase">
+                                #ucase(left(listLast(firstName & " " & lastName, " "), 1))#
+                            </div>
+                            <span class="fs-12 text-muted">Powered by <a href="https://gravatar.com" target="_blank" rel="noopener noreferrer">Gravatar</a></span>
+                        </div>
                     </div>
 
 

app/views/admin/UserController/updateProfilePic.cfm

@@ -2,65 +2,33 @@
     <div class="row w-100 m-lg-auto m-2">
         <div class="col-lg-5 bg-white col-12 mx-auto p-3 rounded-18">
             <div class="mt-2">
-                <h1 class="fs-24 mb-0 fw-bold text--secondary text-center">Change Profile Picture</h1>
+                <h1 class="fs-24 mb-0 fw-bold text--secondary text-center">Profile Picture</h1>
 
                 <div class="text-center pb-3 my-4">
-                    <cfif !structKeyExists(session, "profilePic") OR session.profilePic == "">
-                        <cfset session.profilePic = "avatar-rounded.webp">
-                    </cfif>
                     <cfoutput>
-                        <img src = '/img/#session.profilePic#' alt="user profile pic" height="150" width="150" class="rounded-circle">
+                        <img src="#gravatarUrl(session.email, 300)#"
+                            class="rounded-circle"
+                            style="width:150px; height:150px;"
+                            onerror="this.style.display='none';this.nextElementSibling.style.display='flex';"
+                            alt="avatar">
+                        <div style="display:none;width:150px;height:150px;font-size:3rem;"
+                            class="align-items-center justify-content-center mx-auto #getAvatarColorByLetter(ucase(left(listLast(session.username, ' '), 1)))# text-white rounded-circle fw-bold text-uppercase">
+                            #ucase(left(listLast(session.username, " "), 1))#
+                        </div>
                     </cfoutput>
                 </div>
-                <form class="pt-3 px-1 needs-validation" id="profilePicForm" enctype="multipart/form-data" novalidate hx-post="/admin/user/upload-profile-pic" hx-validate="true">
-                    <cfoutput>#authenticityTokenField()#</cfoutput>
-                    <div class="mb-3">
-                        <label for="formFile" class="form-label">Profile Picture</label>
-                        <input type="file" id="imageInput" class="form-control" name="profilePic" accept="image/*" required>
-                        <div id="fileError" class="text-danger fs-14 mt-1"></div>
-                    </div>
 
-                    <div class="d-flex flex-wrap justify-content-center gap-2 align-items-start">
-                        <button type="button" class="bg--default text-dark px-3 py-2 rounded fs-14" onclick="history.back()">Cancel</button>
-                        <button type="submit" class="bg--primary text-white px-3 py-2 rounded fs-14">Save</button>
-                    </div>
-                </form>
+                <div class="text-center px-3">
+                    <p class="fs-14 text--secondary">
+                        Your profile picture is powered by <strong>Gravatar</strong>.
+                        To change your avatar, update it on Gravatar using the email address associated with your account.
+                    </p>
+                    <a href="https://gravatar.com" target="_blank" rel="noopener noreferrer" class="bg--primary text-white px-4 py-2 rounded fs-14 text-decoration-none d-inline-block mt-2">
+                        Manage Avatar on Gravatar
+                    </a>
+                    <button type="button" class="bg--default text-dark px-3 py-2 rounded fs-14 d-inline-block mt-2 ms-2 border-0" onclick="history.back()">Back</button>
+                </div>
             </div>
         </div>
     </div>
 </main>
-<script>
-    document.addEventListener("htmx:configRequest", function (event) {
-        const form = document.getElementById("profilePicForm");
-        if (!form.contains(event.target)) return;
-        const fileInput = document.getElementById("imageInput");
-        const errorDiv = document.getElementById("fileError");
-        const file = fileInput.files[0];
-
-        // Clear previous error message
-        errorDiv.textContent = "";
-
-        if (file) {
-            const validExtensions = ["image/png", "image/jpeg", "image/jpg", "image/gif", "image/webp"];
-            if (!validExtensions.includes(file.type) || file.name.toLowerCase().endsWith(".jfif")) {
-                event.preventDefault(); // Prevent form submission
-                errorDiv.textContent = "Please upload a valid image file (png, jpg, jpeg, gif, webp).";
-            }
-        } else {
-            event.preventDefault();
-            errorDiv.textContent = "Please select an image file to upload.";
-        }
-    });
-    document.getElementById("profilePicForm").addEventListener("htmx:afterRequest", function(e) {
-    const xhr = e.detail.xhr;
-    const responseText = xhr.responseText.trim().toLowerCase();
-    if (xhr.status === 200 && responseText.includes("success")) {
-        notifier.show("Success", "Profile picture updated!", "success", "", 3000);
-        setTimeout(() => {
-            window.location.href = "/";
-        }, 3000);
-    } else if (responseText) {
-        notifier.show("Error", responseText, "danger", "", 4000);
-    }
-});
-</script>

app/views/helpers.cfm

@@ -36,4 +36,9 @@
     function verifyCSRFToken(required string token) {
         return structKeyExists(session, "csrf_token") && token == session.csrf_token;
     }
+
+	string function gravatarUrl(required string email, numeric size=80) {
+		var emailHash = lcase(hash(lcase(trim(arguments.email)), "MD5"));
+		return "https://www.gravatar.com/avatar/" & emailHash & "?s=" & arguments.size & "&d=404";
+	}
 </cfscript>