Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Expiry Date on group access and User ID Access.  (Read 10560 times)

0 Members and 1 Guest are viewing this topic.

rostros

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 49
Expiry Date on group access and User ID Access.
« on: January 12, 2004, 03:29:40 pm »

Hey guys I have a selection of members on my site who are paying for a service to few photos, yes its adult content so i wont post the url on here, anyways , I have a 30 day access to members who have private access ' e.g private group' manually i am keeping a spreadsheet of ppl who have paid and the date there account expires,  im manually having to update each user profile every 30 days, I was thinking of having a script that could run either manually or automatically even tho where using php and not asp, any ideas ? this would be usefull.
Logged

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
Expiry Date on group access and User ID Access.
« Reply #1 on: January 12, 2004, 04:13:01 pm »

This kind of mod will not be too difficult BUT I hope you realise how simple it is to get pictures from a Coppermine install even if you are not logged in :D
Logged
SANIsoft PHP applications for E Biz

athlonkmf

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 68
    • http://www.asianfanatics.net/
Expiry Date on group access and User ID Access.
« Reply #2 on: January 12, 2004, 04:53:33 pm »

Quote from: "tarique"
This kind of mod will not be too difficult BUT I hope you realise how simple it is to get pictures from a Coppermine install even if you are not logged in :D


Enlighten me.
Logged
My coppermine gallery with 35000 images: http://www.asianfanatics.net/
Another coppermine gallery with images over the 1MB http://dsample.kmfstudio.com

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
Expiry Date on group access and User ID Access.
« Reply #3 on: January 12, 2004, 04:57:05 pm »

All the pictures in Coppermine are stored inside the web document root

so if you type the URL for the picture directly you can still get them no matter what
Logged
SANIsoft PHP applications for E Biz

rostros

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 49
Expiry Date on group access and User ID Access.
« Reply #4 on: January 13, 2004, 04:45:54 pm »

Quote from: "tarique"
All the pictures in Coppermine are stored inside the web document root

so if you type the URL for the picture directly you can still get them no matter what


Well you can just add Hotlink Enable protection tool so direct URL's would be invalid.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Expiry Date on group access and User ID Access.
« Reply #5 on: January 14, 2004, 12:19:39 am »

this will keep people from hotlinking your pics from other domains, but it won't keep them from entering the absolute url in the address bar of the browser and see the pics themselves. Anyone who knows the way coppermine works can do that. Spoofing a referrer isn't too hard either...

My point (and Tarique's as well afaik) is: don't put stuff on the internet that must remain absolutely private!

GauGau
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Expiry Date on group access and User ID Access.
« Reply #6 on: September 20, 2004, 03:45:25 pm »

How about putting this in the .htaccess file? When someone attempts to enter the absolute url, it redirects to the desired destination.
Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://DesiredDestination.net [R,NC]

The desired destination could be a page with a message explaining the situation, or it could just point to the gallery itself.

edit:
It seems this will work too (the difference is in the last line where it lists the extensions):
Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://DesiredDestination.net [R,NC]
« Last Edit: February 10, 2005, 09:45:34 pm by TranzNDance »
Logged

Bin

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
Re: Expiry Date on group access and User ID Access.
« Reply #7 on: September 22, 2004, 02:20:15 am »

How about putting this in the .htaccess file? When someone attempts to enter the absolute url, it redirects to the desired destination.
Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://DesiredDestination.net [R,NC]

The desired destination could be a page with a message explaining the situation, or it could just point to the gallery itself.


Worked like a charm for me. Great suggestion there TranzNDance :)
Logged

M3

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 40
Re: Expiry Date on group access and User ID Access.
« Reply #8 on: September 22, 2004, 08:19:38 pm »

I want to use this for my site too for a little added security, but when you say the .htaccess file, where am I putting that, in the albums directory or the main gallery directory or into whatever album directory I want to really protect?

And I take it that's all that needs to be in that file, correct?
Logged

Bin

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
Re: Expiry Date on group access and User ID Access.
« Reply #9 on: September 22, 2004, 09:12:38 pm »

I want to use this for my site too for a little added security, but when you say the .htaccess file, where am I putting that, in the albums directory or the main gallery directory or into whatever album directory I want to really protect?

And I take it that's all that needs to be in that file, correct?

Refer: http://forum.coppermine-gallery.net/index.php?topic=10196.0#msg45985 :)
Logged

bangerkcknbck

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 7
Re: Expiry Date on group access and User ID Access.
« Reply #10 on: April 10, 2005, 07:09:38 am »

I found this thread very helpful for dipping my feet into using .htaccess.

I just wanted to post a hickup that I ran into.

I run my own apache webserver and I didn't have mod_rewrite compiled or enabled.  Make sure you look into that if your .htaccess isn't working.

I also found this wonderful webpage with .htaccess tools to help you configure your own for what you need.
http://www.htaccesstools.com/

This code was generated from that website and I used it in my .htaccess for my Coppermine gallery.  The 2 lines after RewriteEngine On are sites that are allowed to hotlink to the gallery.  You should put the domain name where your using the .htaccess in one of them if you plan on statically linking pictures in your site or if you want to use the random block or you will block your own site.

The second domain I listed was for an auction site as I wanted to post pictures from my web server yet not have anyone use my photos for their auctions.  This did the trick.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?anyotherdomain.net.*$ [NC]
RewriteRule ^.+\.(jpg|jpeg|png|gif|bmp)$ http://redirecthere.com [NC,R,L]

This code also takes care of the issue of remembering to place the www before your domain if you also have it setup that way.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 21 queries.