OK... I owed the dev team this one for a while now...
We've talked about ways to better secure your photos in the gallery - as the path to your photos is clearly visible in the html source produced by the gallery. So here is an alternative - the ability to 'mask' or 'encrypt' the filepath in the produced URLs.
There is of course a tradeoff between more secure and more overhead... read on.
This plugin adds the ability to mask or hide the actual file location of your pictures...
Normally the delivered html contains <img> tags that can be read to find your photo locations and directory structure.
As the photos are delivered via <img> tags, http access must be provided to the album folder (and subfolders).
This allows curious (or malicious) users an easy opportunity to find your pictures and download them.
But what if the delivered html looked like this:
<img src="index.php?file=maskurl/displayimage&photokey=8dOgllfG1PqJQwj0%2BNuSOMuDNKC%2B14ABd6Rfn7nhZNXVaB9bn0V1IOUTZ%2FGw" ...>
Since the path to the albums directory is configurable (doesn't have to be 'albums/') and of course you can have any subfolder structure you
want... the task of locating your pictures files is made harder... to near impossible (based on your choices configuring the plugin).
Options to 'mask' or 'encrypt' the path to photos are offered.
These options appear to have similar results - but the algorithm used has quite different results.
- The masking can be decoded by anyone that can read/understand the PHP being used (access to this plugin's source) - but it does have less overhead.
- The encryption requires encryption keys and initialization vectors that would require access to specific fields in your Coppermine database in addition to the PHP code to be able to reverse. The encryption option will use more CPU resources - but provides better protection.
The choice is of course yours...
An additional benefit if masking/encrypting is that http access to the albums directory is no longer required... All CPG functions generating the picture URL drive this plugin, and all will be changed. As a result, a .htaccess file can be placed in the albums directory denying all access - providing additonal protection for your photos. A sample .htaccess file is included in the plugin directory - named .htaccess.txt - this needs to be copied to the albums directory and named .htaccess if you wish to use it.NOTE: If you disable this plugin - or set the option to 'Clear Text' - and have the .htaccess file in place, you will be unable to view photos in your gallery!!
All filetypes permitted by CPG are supported (based on the contents of cpg15x_filetypes table). Proper additions to that table will be automatically recognized by the plugin and supported. The 'mime' type must be correctly specified in that table!
The readme file can be viewed at: (also included in the zip file of course...):http://greggallery.gmcdesign.com/plugins/maskurl/readme.php
I've been using this technique in my gallery for some time... using the encryption option and the .htaccess restriction.http://gallery.gmcdesign.com
Can you tell me where my photos are?
Code is attached below.
Good luck, and let me know what you think...
Greg (gmc on the cpg forum)