forum.coppermine-gallery.net
Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: nasiri on December 29, 2010, 02:08:15 pm
-
Hello Guys,
i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Is there a way to do this for 1.5.x ???
It's only for hiding the url. More Security is done by htaccess file....
Thank you for helping.
PS: I searched a lot, but couldn'T find anything here.
A simple solution would do it.
-
i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Please post the links to that mods. Afaik there doesn't exist any mods of that kind that are designed for cpg1.5.x in particular.
-
f.e.
http://forum.coppermine-gallery.net/index.php/topic,19425.20.html
or
http://forum.coppermine-gallery.net/index.php?topic=6464.0
thank you ... ???
-
also
http://forum.coppermine-gallery.net/index.php/topic,3069.0.html
doesn't work.
-
http://forum.coppermine-gallery.net/index.php/topic,3069.0.html
That mod should do what you asked for. I haven't tested it if it's compatible with cpg1.5.x. What exactly doesn't work?
-
there is no
return $url_prefix[$pic_row['url_prefix']]. path2url($pic_row['filepath']. $pic_prefix[$mode]. $pic_row['filename']); in the include/functions.inc.php of 1.5.10
-
In cpg1.5.x, it's this line:
return $pic_row['url'];
-
will test if it's working. thank you anyway ;)
-
what's with the
$CONFIG['url_mode'] = 'hide';where have i put this code ?? no config.inc.php longer avalaible
-
i just created a new one with
$CONFIG['url_mode'] = 'hide'; or does i have to put it anywhere else ?
the get_file.php looks like ( i changed already $results = mysql_query to cpg_mysql_query ... anything else to change ?)
<?php
define('IN_COPPERMINE', true);
define('GETFILE_PHP', true);
global $CONFIG;
include('include/config.inc.php');
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX'] . "config";
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX'] . "pictures";
db_connect($db);
$results = cpg_mysql_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");
while ($row = mysql_fetch_array($results)) {
$CONFIG[$row['name']] = $row['value'];
} // while
mysql_free_result($results);
// Set error logging level
if ($CONFIG['debug_mode']) {
error_reporting (E_ALL);
} else {
error_reporting (E_ALL ^ E_NOTICE);
}
mysql_close();
if (!function_exists('mime_content_type'))
{
function mime_content_type($path) {
$image_params = getimagesize($path);
if (is_null($image_params))
return null;
else
return $image_params['mime'];
}
}
$pic_prefix = array(
'thumb' => $CONFIG['thumb_pfx'],
'normal' => $CONFIG['normal_pfx'],
'fullsize' => '',
);
$pid = (int) $_GET['pid'];
$size = htmlspecialchars($_GET['size']);
db_connect($db);
$result = mysql_query("select filepath,filename from {$CONFIG['TABLE_PREFIX']}pictures where pid=$pid;");
$result = mysql_fetch_assoc($result);
mysql_close();
$cfilepath = $CONFIG['fullpath'].$result['filepath'].$pic_prefix[$size].$result['filename'];
header('Content-type: '.mime_content_type($cfilepath));
$fp = fopen($cfilepath,'rb');
echo fread($fp,filesize($cfilepath));
fclose();
function db_connect(&$db)
{
global $CONFIG;
$db = mysql_connect($CONFIG['dbserver'],$CONFIG['dbuser'],$CONFIG['dbpass']);
mysql_select_db($CONFIG['dbname']);
}
?>
-
ignore the information about no longer config.inc.php blabla ... i couldn't delete the post ...
-
solved ... thanks used the code for my own little plugin.
-
allright now i've got the problem, that everybody can access the get_file.php?PID=xxxx and change the PID as he wants... is it possible to check if logged in before catching the URL and sending it to the browser ??
-
solved and plugin created ... have to tune it now.
will post it in 1 week in the pluginsection, i worked with htaccess workaround. maybe some improvements needed.
can be closed!
-
Thanks for your readiness to share your created plugin with the community. I think a lot of people will use that plugin.
-
Hi nasiri, did you publish the plugin? i can't find them.