Print

[dke]

Hi all,

I put the rule on my coppermine that everyone needs to "Register" their own account in order to browse. But the thing is, if you browse with your account and then link a picture to someone who dosnt have a account lets say the url would become "http://myserver.com/gallery.php?picture.jpg" he can access the picture without login in. He cannot access the folder where the picture is in though. But i want ONLY people who have an account to get access to the pictures, and if you get urled a picture youll get transfered to the "login.php" page insted of viewing the picture (if youre not logged on through cookies that is).

I have slight knowledge of htpasswd, ive used it to limit access to some folders before i used coppermine. Im not sure its usefull in this case.

I would be very pleased if anyone could help me on this matter! Im guessing the solution is in both apache and coppermine making them work together.

[Stramm]

http://forum.coppermine-gallery.net/index.php?topic=30738.0

[dke]

Thanks, not quiet sure exactly how to do this though. Got any instructions page on how to do this properly? The htpasswd ive used before has probably nothing to do with this im guessing. Also id like to add im kinda new at all this so instructions would help Got any url or so i could read up on? Thanks again!

[Stramm]

hmm.. I presuppose you've read the manual and the FAQ
How can I prevent unregistered users from viewing the gallery - http://coppermine-gallery.net/demo/cpg14x/docs/faq.htm#registeredUsersOnly
If you search you'll also find a solution for 'unregisterd users only can view the preview thumbs'.

But as I've understood, you want to block direct access to the images if someone calls them directly when not logged in (eg. http://domain.com/albums/mynewpics/2.jpg ). And you want to check that if a cookie is set and has a special value.

Contrary to the example in the link you don't set the cookie when a user browses the gallery but when he logs in (best place to do either in login.php or in a bridge file) and you clear it, when he logs out. I never have used or coded this so I can't give you 100% failproof instructions (and I won't recommend that cookie solution).

Still the link to the FAQ and a search for the unregistered only can view thumbs solution may be a good start.
If you in addition use a standard hotlink protection then you're pretty save. Make the redirection page in the htaccess your login page and don't forget to allow blank referers. Now only guys who type the image address into the browsers URL field would be able to view it.
If you don't allow blank referers you could block them as well but on the other hand valid users using some security software won't be able to see your pics also.

[dke]

thanks alot, ill go through all the information!