Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2 3   Go Down

Author Topic: Fullsize Access  (Read 70081 times)

0 Members and 1 Guest are viewing this topic.

ks

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 44
Fullsize Access
« on: September 17, 2006, 10:29:39 am »

Hi,

this plugin controls access for downloading fullsize images and adds several features:

- restrict access to fullsize pics to registered users
- adds a download link to the image information section
- adds a fullsize download history (datetime,username,ip) table and a statistics page
- sending email to admin and/or customer for each download
- zip download link to download all pics in an album and in favorites
- clicking on medium sized pic to show fullsize pic is disabled
- Secure image files on the file system level via chmod

Most settings can be controlled by a configuration page added to the admin menu. Plugin language is english only, but some settings are in german. This may be improved in a future version... At the moment all registered users are allowed to download fullsize images. You can change this behavior by editing the file fullsize_check.php.

The zip download feature bypasses cpg's build-in favorites zip download. I recommend to switch off the cpg favorites-zip download in the cpg-config page if you want to use this plugin.


The optional file security feature will prevent users to download pics by entering the pics url directly and it works like this:
- if a fullsize pic is requested, the plugin first changes the file attributes from 660 (safe) to 666 (unsafe) and then sends the file to the user. After the download the attribute is set back to 660.
- The fullsize access conig panel has  buttons to secure and unsecure all files
- The file attribute is changed via ftp

If you want to use this feature you have to edit the file 'fullsize_secure.php'. At the beginning of the file there is a section where you must specify your ftp login and the path for the ftp client to the coppermine root.  New pics that are added to the cpg gallery are not automatically secured. You must use the secure button in the plugins config page. So this feature is only useful for galleries were only 1 or a few people are uploading pics.
I'm not an unix/apache expert and the security feature is open for discussion. On my present webserver the file attribute change from 660 to 666 is not needed to download the file via the script. However this was different on my old system.... Any suggestions are welcome!


klaus


« Last Edit: September 17, 2006, 01:54:25 pm by GauGau »
Logged

JesseLeeStringer

  • Coppermine newbie
  • Offline Offline
  • Posts: 16
Re: Fullsize Access
« Reply #1 on: September 24, 2006, 04:56:31 am »

A small note that Jared Hatfield's plugin must be disabled to use this plugin.


"Name Download and Alternate File Loading v1.3     
Author Jared Hatfield
Description Add a download link for full resolution picture. Load ALL files through a PHP script. Requires a small modification to be fully functional."

JesseLeeStringer
Logged

NevilleX

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
    • SeGoodies
Re: Fullsize Access
« Reply #2 on: September 25, 2006, 09:08:13 am »

Great plugin. Thanks a lot!
I have noticed on bug though.
It doesn't work good with filenames with spaces.
For example if the file is named "my file.jpg" download link downloads file with filename "my" and without extension.

ks

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 44
Re: Fullsize Access
« Reply #3 on: September 25, 2006, 09:24:24 am »

Hi Neville,

I always try to avoid spaces in filenames and paths whenever possible. I wasnt even aware that unix can deal with blanks, or do you run cpg on a win system? Anyway I will have a look at this issue.

klaus
Logged

NevilleX

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
    • SeGoodies
Re: Fullsize Access
« Reply #4 on: September 25, 2006, 09:35:05 am »

I have only tested it locally on windows. Maybe it works on unix which will be fine.
I also avoid spaces, but my users somethimes don't.  :)
Thanks for looking at it.

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Fullsize Access
« Reply #5 on: September 25, 2006, 09:42:58 am »

CPG will replace space with _ on upload process
@ks: check your plugin for dealing with _
Logged
‍I don't answer to PM with support question
Please post your issue to related board

NevilleX

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
    • SeGoodies
Re: Fullsize Access
« Reply #6 on: September 25, 2006, 10:03:41 am »

CPG will replace space with _ on upload process
@ks: check your plugin for dealing with _

Oh I wasn't aware of that. However, I have files with spaces in the gallery uploaded by previous versions of CPG also.

Sami

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 3686
  • BMossavari
    • My Project
Re: Fullsize Access
« Reply #7 on: September 25, 2006, 10:06:42 am »

if you are running CPG (public one) on win box this would be OK
« Last Edit: September 25, 2006, 10:14:53 am by Sami »
Logged
‍I don't answer to PM with support question
Please post your issue to related board

ks

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 44
Re: Fullsize Access
« Reply #8 on: September 25, 2006, 10:20:16 am »

CPG will replace space with _ on upload process
@ks: check your plugin for dealing with _

SInce almost all my pics have underscores in the filename I'm sure the plugin has no problems with that  :D
Logged

NevilleX

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
    • SeGoodies
Re: Fullsize Access
« Reply #9 on: September 25, 2006, 01:38:20 pm »

I can confirm this behaviour on unix too.
I have installed the plugin on my site.

Try to download this file: http://www.segoodies.com/displayimage.php?album=100&pos=5 for example.

You can login with username: test password: test

NevilleX

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
    • SeGoodies
Re: Fullsize Access
« Reply #10 on: October 01, 2006, 02:02:58 pm »

Thanks for explaining this to me. I should rename all files that have spaces in my gallery.

Another thing i have noticed is that if someone who is not loged in enters download link directly in the browser, there is a message "no download for guests" which is great, but stylesheet is not included on that page so it looks funny.
See for yourself: http://www.segoodies.com/plugins/access/download.php?pid=1886

Dirk

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Fullsize Access
« Reply #11 on: October 11, 2006, 08:34:24 am »

Hi Klaus,

i like to use your great mod. IŽve got problems to edit fullsize_secure.php (iŽam not good in PHP). Perhaps someone can explain me where i have edit thing to rum the mod.

Many thanks!

Best regards!

Dirk
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #12 on: January 19, 2007, 01:16:46 am »

I too am unsure what to edit, I've put in my host details, that is the FTP for the host that my other sites including my coppermine site sits on.
I'm not sure whether I have to alter these lines
Code: [Select]
require_once('/home/www/web294/files/inc/schwarzburgland.init.php');
//require_once('c:/webserver/files/inc/schwarzburgland.init.php');
Do I put in a path to a php file in the fullsize_acess folder ??
I have the download link appearing on my site but when I click "secure files" in my config I get this error, i'm sure I need to chnage the code but not sure what too.
Fatal error: main(): Failed opening required 'c:/webserver/files/inc/schwarzburgland.init.php' (include_path='.:/usr/share/pear')
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #13 on: January 20, 2007, 08:07:35 am »

I've been looking at this a bit more and still no joy, where it says required_once is this something I have to remove after the initial activation of the plugin?
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #14 on: January 21, 2007, 12:25:08 am »

I tried changing the top part of the code to my cpg route and still got this error.
Code: [Select]
Fatal error: main(): Failed opening required '/ghsimages/cpg146/' (include_path='.:/usr/share/pear') in /home/fhlinux195/i/itsmy-space.co.uk/user/htdocs/ghsimages/cpg146/plugins/fullsize_access/fullsize_secure.php on line 18
what is include_path='.:/usr/share/pear' I can't find any reference to it in my directory and I know I'm a bit slow on the php but the editing instructions are a little vague. I'm using dreamweaver and in code view the php file is shown up in orange text with // in front which I think is the description and instructions NOT the code to be edited, then there is the code itself which I have edited correctly I think but obviously there's something not right coz I still get this error.
Logged

Nibbler

  • Guest
Re: Fullsize Access
« Reply #15 on: January 21, 2007, 12:52:43 pm »

No reason to be using dreamweaver for this. I would suggest removing line 18 and hardcoding in your ftp details.
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #16 on: January 21, 2007, 04:32:46 pm »

Thanks for the reply Nibbler but I'm by no means competent enough to know what to put where, I took the line 18 out and now it just says it failed to connect to the FTP.
Logged

Nibbler

  • Guest
Re: Fullsize Access
« Reply #17 on: January 21, 2007, 04:59:57 pm »

You need to enter your FTP details, so change

Code: [Select]
$ftp_server = $SLCONFIG['ftp_server'];
$ftp_user_name = $SLCONFIG['ftp_user_name'];
$ftp_user_pass = $SLCONFIG['ftp_user_pass'];
$ftppath_to_cpg = "html/images2/";

to what the real values are

Code: [Select]
$ftp_server = 'your_server_name_here';
$ftp_user_name = 'your_username_here';
$ftp_user_pass = 'your_password_here';
$ftppath_to_cpg = "htdocs/ghsimages/cpg146/";

I guessed the path, check it.
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #18 on: January 21, 2007, 05:37:02 pm »

You guessed correctly good sir, it looks like I got the details pretty close to right but I didn't know about removing the config bit of code.
YOU are my hero  ;D I'm sorry it's taken a long time to get a result I'm hoping all these questions haven't added to my bad karma.

RESULT. ;D hope this helps others as well.
Logged

ir803

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 92
Re: Fullsize Access
« Reply #19 on: January 21, 2007, 07:48:13 pm »

at the risk of destroying my karma completely, I've found another issue, I've only just noticed it when I logged out of the site, my site has intermediate images created and when logged in you can see them, but since the files were secured with this plugin when your not logged in you can't see the intermediate images at all, I had a java lightbox plugin activated and when you click on a thumbnail the loading symbol comes up but the image never loads, I deactivated it and now when you click a thumb to get to the intermediate image you can see the iptc info but not the picture, any idea if this can be overcome, I know the files are secured so I'm assuming the intermediate image is made from that file live rather than when it was uploaded so if it can't be accessed whilst unlogged how can I get the intermediate image ??
SORRY... I was so close, I thought we'd solved this problem.
Logged
Pages: [1] 2 3   Go Up
 

Page created in 0.032 seconds with 21 queries.