Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 2 [3] 4 5 6 7   Go Down

Author Topic: Prevent downloading of pics - transparent gif overlay  (Read 158926 times)

0 Members and 1 Guest are viewing this topic.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Prevent downloading of pics - transparent gif overlay
« Reply #40 on: December 09, 2006, 10:20:19 am »

Added this mod to devel branch of svn. This means that it will be available as a core feature (of course admin-settable) in cpg1.5.x.

Suggestions:
  • rename the file "overlay.gif" to something that makes it less obvious for end users that they are being tricked into believing that they are saving "the real thing". After all, this mod is trying to fool end users ;).
  • <?php $imagedata['geometry'] ?> won't do anything. It needs to be something like width:<?php echo $row['pwidth'] ?>px; height:<?php echo $row['pheight'] ?>px;

BTW: those who try to make their gallery standards-compliant should be aware that the HTML-attribute "background" is being considered deprecated. Therefor, applying this mod as-is will leave your gallery non-standards-compliant. You should then turn off the vanity blocks at the bottom as well. The reason for using the outdated background-attribute is obvious: if you used the standards-compliant method (using CSS attributes), some browsers would display a context menu entry "save background image", which would kick you back to square one.

Side-note: I have tested the mod in FF2, IE6 and Opera8.

Joachim
Logged

tiagobr

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Prevent downloading of pics - transparent gif overlay
« Reply #41 on: December 14, 2006, 06:31:52 pm »

thanks!!!
overlay worked perfect!!!!

 ;)
Logged

shef

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Prevent downloading of pics - transparent gif overlay
« Reply #42 on: January 17, 2007, 10:03:25 pm »

This seems like a great mod.  I have added it to my theme.php but it is not working for me in Firefox.  No image displays at all in firefox but it works just fine in IE7.  Any ideas?  Help would be really appreciated.
Logged

uk_martin

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 186
Re: Prevent downloading of pics - transparent gif overlay
« Reply #43 on: January 18, 2007, 02:08:54 am »

Side-note: I have tested the mod in FF2, IE6 and Opera8.

Joachim
A slightly disturbing development is that a freely downloadable "Pictures Toolbar" plug-in to IE7 searches out and downloads all images to several levels of link distance from any given base URL, a bit like "Web Whacker" thus rendering this sort of protection a little less reliable.

A possible weakness is that it searches for user defined filetypes. Thus if there are JPG files there, then they will be downloaded. If there are no JPG files, then it won't. I wonder if it would ever be possible to rename JPG files when adding them into Coppermine, giving them a random file extension (fixed file extensions would become known and lose their security as a result) which could then be "decoded" back to JPG at the time when a request comes in to view the images?

In other words, If I had "airplane.jpg" to upload, then when it got added to the gallery, the file (and its normal / intermediate "relatives") would be renamed and stored as "airplane.xyz" / normal_airplane.xyz" (for example). Then if the Pictures toolbar was used, the files wouldn't be found, as it no longer has the jpg file extension. However when the picture is "called" in the Gallery, the system would know to temporarilly rename the file back to "airplane.jpg" for it to be recognised by the web browser.

Just an idea. I have no idea if it is actually possible as I am not a PHP programmer, but as I always say, the stupidest suggestion is the one that never gets made.
Logged

shef

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Prevent downloading of pics - transparent gif overlay
« Reply #44 on: January 18, 2007, 08:31:03 pm »

Side-note: I have tested the mod in FF2, IE6 and Opera8.
Joachim

I can't get it to work in FF, is there anything I might be doing wrong?  It works fine in IE7
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Prevent downloading of pics - transparent gif overlay
« Reply #45 on: January 19, 2007, 08:13:23 am »

Impossible to say without a link to your site...
Logged

shef

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Prevent downloading of pics - transparent gif overlay
« Reply #46 on: January 20, 2007, 01:38:34 pm »

Logged

shef

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Prevent downloading of pics - transparent gif overlay
« Reply #47 on: January 27, 2007, 09:40:16 pm »

Anyone able to help?
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #48 on: January 28, 2007, 02:22:26 pm »

bump this thread when your site is online again

shef

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Prevent downloading of pics - transparent gif overlay
« Reply #49 on: February 03, 2007, 06:59:36 pm »

bump - it's back online now
Logged

kiig

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 141
    • Igel's Journaler
Re: Prevent downloading of pics - transparent gif overlay
« Reply #50 on: February 05, 2007, 12:21:27 pm »

I had weird issues with some of my albums showing images correctly (after applying the functions) and other not showing the images.

Took me a while to figure out that

Code: [Select]
$imginfo=getimagesize($picture_url);
should be replaced by

Code: [Select]
$imginfo=getimagesize(urldecode($picture_url));
Don't know if that helps, - made a world of difference to me :-)

thanx.

Kim.
Logged
Kim Igel
http://igel.it (Personal playground) or http://foto.igel.it (Paypal shop-site)

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #51 on: February 05, 2007, 03:54:55 pm »

bump - it's back online now

can't check cause it doesn't seem you have the mod running

Fudgemaster

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 45
    • Trackdays, Car shows, Nature and some misc photos
Re: Prevent downloading of pics - transparent gif overlay
« Reply #52 on: March 12, 2007, 02:31:51 pm »

I've noticed that some users, mainly firefox, have been having trouble seeing .swf
files when this overlay hack has been applied to the theme in use.

Removing it or using a non hacked theme shows the .swf files perfectly,
but with the hack, only a blank white screen will show up.
Plugins/players are installed so the .swf itself works perfectly.

I really wouldn't like to remove that overlay from use just
because of one album having .swf in it.

some item from the album:
http://www.partanen.net/gallery/displayimage.php?pos=-24363
straight url to file itself:
http://www.partanen.net/gallery/albums/friday/003.swf
Logged
--
It's an insane world.. But I'm proud to be a part of it.

Apurbo

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Prevent downloading of pics - transparent gif overlay
« Reply #53 on: March 25, 2007, 02:30:24 pm »

Thanx for This Nice Hack. I have successfully install it at http://apurbo.com . I cant understand how i can allow unregistered member to view photo ( Now, unregistered member can see a white screen rather than photo). I badly need the ans. I just need to protect download or save as Photo and want everybody even Guest can view All photo. I am a new wibe. Pls Help me..
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #54 on: March 25, 2007, 02:45:58 pm »

looks like you've installed some plugin that interfers with this mod

cgc0202

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 199
Re: Prevent downloading of pics - transparent gif overlay
« Reply #55 on: March 26, 2007, 03:07:07 am »

<b>Transparent gif overlay  mod and the CPMFetch mod</b>

I wanted to try this mod but the only issue is that it may mess up other mods.

For example, many of my existing galleries are displayed in other sites using the CPMFetch mod.  Briefly, this involves the  CPMFetch "interacting" with the images in the CPG database so that they are presented as screen viewable images in other pages.

In the aforementioned CPMFetch display procedure, is the process considered a "download" and thus, not allowed? 

I cannot try this simply because my photos are centralized and used by multiple galleries and in turn the multiple galleries are used by the  CPMFetch to integrate images in "gazillion" pages now.

Cornelio
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #56 on: March 26, 2007, 07:26:44 am »

not the fullsize access control plugin ?

Apurbo

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Prevent downloading of pics - transparent gif overlay
« Reply #57 on: March 27, 2007, 09:25:44 am »

looks like you've installed some plugin that interfers with this mod

I just Use Full access control and Shoping busket mod. Pls Help me How i allow guest to view images?
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #58 on: March 27, 2007, 10:52:01 am »

as said, the full size access control plugin interfers with this very mod. I never looked into the plugin you use so I can't tell you how to modify either the plugin or this mod to make them both work together.

As far as I can see the plugin grabs and modifies the html output (after this mod created it). Therefore the transparent overlay.gif is present but not the image itself in the table background. --> look up the part of the plugin code responsible for this and tell it not to remove the table setup with the image in the bg

cgc0202

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 199
Re: Prevent downloading of pics - transparent gif overlay
« Reply #59 on: March 27, 2007, 01:45:15 pm »

Hi Stramm,

I tried the mod in one of my test galleries.  It worked but when you click on the thumbnail, it displays the full size image rather than the intermediate image..


To test this, I pasted the overlay text only on the theme.php of the "Supernova" theme but not in the others.

Here are some details:

PhotoGallery
vVPG1410-Strammmodpack

Please view the Classic (the themes options are at the bottom of the page) and click on one of the thumbnails.  Note that the intermediate and full size shows up; and neither are protected in the "Classic" theme.  If you now switch to the Supernova, a protected theme,   and then click on a thumbnail, the fullsize (and not the intermediate) image shows on the browser and  the popup.  The bright note is that the "overlay.gif" protection did work.

Cornelio
Logged
Pages: 1 2 [3] 4 5 6 7   Go Up
 

Page created in 0.028 seconds with 20 queries.