forum.coppermine-gallery.net
Support => cpg1.5.x Support => cpg1.5 permissions => Topic started by: oleredeye on November 29, 2010, 12:57:37 pm
-
My sandpit gallery is http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/ running Coppermine 1.5.8 on a Windows server.
I have configured it so that public users can see a normal, watermarked image overlayed with a transparent gif.
Everybody can View Source so that the path to the image is apparent - for example, the html shows background="albums/userpics/10001/normal_Church_Street_1910.jpg"
So if I enter the URL http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/normal_Church_Street_1910.jpg I see the normal, watermarked image without the transparent gif.
But if I edit out normal_ to give http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/Church_Street_1910.jpg I see the full-sized, non-watermarked image which I am trying to protect and stop people stealing….
I want to keep the full-sized, non-watermarked images on the server for privileged users and the administrator. Is there a workaround to this, please?
Feel free to delete this from the forum if you feel it exposes a security issue you would prefer not to make public....
-
That's no security issue and has been discussed lately (http://forum.coppermine-gallery.net/index.php/topic,67975.0.html).
Moving to permissions board.
-
Fine. Now sorted with a .htaccess file in the appropriate place...
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.site.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://site.com.* [NC]
RewriteRule /* http://www.site.com/angryman.gif [R,L]
Thanks for pointing me in the right direction, André ...