Ben
Ben is a lifelong Nintendo fan who likes to build websites, and make video games. He buys way too much Lego.
TimThumb Configurations
As a TimThumb user, making changes to the settings has always been a bit of a pain. It’s possible, of course, but if you make changes – and then want to update the script – then you have to make all the changes again.
To try and combat this, one of the things we did when creating TimThumb 2.0 is introduce a config file. This is a file that you can add to the same directory as timthumb.php, and use it to override the built in settings.
The file should be called timthumb-config.php and would contain a series of defines that change the default settings. The file is a PHP file and so should contain PHP code – I will add a small example at the bottom of this page.
There are a whole bunch of settings that are not controlled by the normal query string parameters.
| constant | values | What it does |
|---|---|---|
| DEBUG_ON | true/ false | Turn on debug logging to the standard PHP error log |
| DEBUG_LEVEL | 1, 2, 3 | Debug level 1 is less noisy and level 3 is the most noisy |
| MEMORY_LIMIT | 30M | Set the PHP Memory Limit (30M = 30 Megabytes). Higher numbers means larger images can be resized, but also uses more server resources so may slow down your website |
| BLOCK_EXTERNAL_LEECHERS | true, fale | Stop external websites from linking to you and display ‘no linking’ image instead |
| ALLOW_EXTERNAL | true/ false | Allow images from external sites to be resized. Restricted to the images defined in the $allowed_sites array. |
| ALLOW_ALL_EXTERNAL_SITES | true/ false | Allow external images to be resized from ANY website. Note that this could be less secure! |
| FILE_CACHE_ENABLED | true/ false | Should we cache the files on disk to speed up your website? (hint: the answer is yes, unless you’re testing/ developing things! :)) |
| FILE_CACHE_TIME_BETWEEN_CLEANS | 86400 (milliseconds) | TimThumb automatically cleans up the cached files. This defines the amount of time between the different the cache cleaning. |
| FILE_CACHE_MAX_FILE_AGE | 86400 (milliseconds) | How old should a file be before it’s cleaned? |
| FILE_CACHE_SUFFIX | .timthumb.txt | What to put at the end of all files in the cache directory so we can identify them easily |
| FILE_CACHE_PREFIX | timthumb | What to put at the start of the cache files so we can identify them easily |
| FILE_CACHE_DIRECTORY | ./cache | the name of the image cache directory. Left blank it will use the system temporary directory (which is better for security, but is not supported by all web hosts) |
| MAX_FILE_SIZE | 10485760 | 10 Megs is 10485760. This is the max internal or external file size that we’ll process |
| CURL_TIMEOUT | 20 | Timeout duration for Curl. This only applies if you have Curl installed and aren’t using PHP’s default URL fetching mechanism. |
| WAIT_BETWEEN_FETCH_ERRORS | 20 | Time to wait between errors fetching remote file. |
| BROWSER_CACHE_MAX_AGE | 864000 | Browser cache duration (to prevent images from being reloaded more than once – the higher the number the better). |
| BROWSER_CACHE_DISABLE | true/ false | Use for testing if you want to disable browser caching. |
| MAX_WIDTH | 1500 | Put a sensible limit of the width of the resized image (so that crazy large images can’t be created) |
| MAX_HEIGHT | 1500 | Put a sensible limit of the height of the resized image (so that crazy large images can’t be created) |
| NOT_FOUND_IMAGE | null | Image to display if a 404 error occurs, instead of showing an error message |
| ERROR_IMAGE | null | Image to display if an error occurs, instead of showing an error message |
| PNG_IS_TRANSPARENT | null | Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour |
The following settings alter the default values for the standard query string parameters.
| constant | values | What it does |
|---|---|---|
| DEFAULT_Q | 90 | Default image compression level (Q = quality) |
| DEFAULT_ZC | 1 | Default zoom crop value – more info about the zoom crop settings can be found here |
| DEFAULT_F | null | Default image filter – more info about the filter settings can be found here |
| DEFAULT_S | 0 | Default value for sharpening an image |
| DEFAULT_CC | ffffff | Default value for the canvas colour. This is used when editing the zc values in your image. More info here. |
Example
Since it’s a PHP file the code should use the standard PHP format.
An example config would be something like:
<?php
define('ALLOW_ALL_EXTERNAL_SITES', true);
?>
You guys have impressed me! I can see some serious work has gone into sorting out this issue! Have you had any glitches with the new config file?
Ben, may well be tapping you up on some WordPress Plugins shortly when we launch an on-site blog – cheers!
Hi, this script really solved a big one for me. Thanks! Constructive comment…
On this doc page, it would be super helpful to show an example of the file. e.g.
ALLOW_ALL_EXTERNAL_SITES=true
…
I’m guessing the format above is how to do it. Use ‘true’, not True etc.
Also you could add the default setting of each item. Just the first time user’s feedback 🙂
Hi Mark – I must admit I had assumed the people editing the file would know PHP – I guess I wasn’t clear that it’s a PHP file and so should be done in the PHP format. I’ll add some clarification.
Fantastic script, but on some hosts I can’t change the cache fodler permissions, and I get the “Could not get a lock for writing” error.
Wouldn’t it be possible, that when this error occurs, instead of displaying an error message, to output the image thumbnail directly to the browser instead of trying to write it in the cache folder ?
I know I could disable cache (it doesn’t really seem to work for me), but I would like the detection to be automatic.
Or is there a way to check if Timthumb is outputting an error, like with ” if (exec(timthumb.php?src=image.jpg))” and it return true or false.. ?
Hello Ben,
I wonder if you can help me on a problem I’m having with the last timthumb version. I run a popular server and use timthumb to generate the homepage thumbnails. For each article publish on the site, I’ll generate a default picture (on a specific location) that is passed to timthumb on the main homepage.
The problem I’m experiencing is that, some times, my homepage is generated before the final images are in the correct place and, when timthumb is invoked by the users requesting the homepage, it returns a broken image (because there is no image do resize).
As far as I understand, timthumb saves some information on the cache, because, if I request the page again (after confirming that the default article image is on the correct location), it keeps giving me an error, until the cache time is expired.
My question is… is it possible to not cache any kind of information wo, when the image that’s being passed to timthumb is available, will be properly cached and served?
Thank you for your help.
Hi, how can i know about timthumb change log?
It’s all on Google Code – https://code.google.com/p/timthumb/source/list
How to completely remove an noise from the image…
Photoshop is your best bet. There’s no way to do this through TimThumb.
I’m getting this error from TimThumb on a site that uses symlinks to point to a single web server for images. “Could not find the internal image you specified” Does timthumb allow symlink usage, if so, is it by default or is there a setting to allow it? thank you.
We installed WP Better Security on one of our WordPress sites. We get daily warnings about file changes like wp-content/themes/aperture/cache/timthumb_int_539c43f6c9fb64270f768f466cea4b2e.timthumb.txt
When we open those files it’s mostly gobildy goop characters. We can’t tell if it’s something nefarious or maintenance the plugin is doing. Another reason I am concerned is that I am seeing lots of failed login attempts.
Thanks for educating us about the warning and what those files are.
Those are the cache files for the thumbnails. They are nothing to worry about 🙂
Hi Ben, how to increase the security of the timthumb, as i read there are some vulnerabilities of the tim thumb?
Hi – there were some vulnerabilities a few years ago. The best thing to do is update the script and make sure you keep it up to date.