Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Displaying images using a script that checks permissions, demo link included  (Read 17938 times)

0 Members and 1 Guest are viewing this topic.

Jan Vrsinsky

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 1

Here's a modification to CPG 1.4.5 for getting images using a script. I've seen dozens of posts on this issue but I haven't seen a real solution. So I've created my own.

Advantages of using a script for displaying images
  • After you log out, no one is able to access your restricted files
  • More secure than using .htaccess to check the referrer, which can be easily hacked by faking HTTP headers
  • In fact, there's no need of keeping the 'albums' folder visible anymore. You can deny the web access to it completely!

Downside
  • Slower (files need to pass through the script)

Thanks to omniscientdeveloper for his post http://forum.coppermine-gallery.net/index.php?topic=3069.0. I used his version of get_file.php but I've made it far more advanced. It checks for access rights now.

Disclaimer:
  • No warranty! Use at your own risk!
  • Modifies original CPG files! Be sure to make a backup first.
  • ***** Please post your questions and comments only to this thread. Do not ask the CPG support team for any help with this mod. *****

Installation:
All the files you need to replace in your CPG 1.4.5 installation:
http://test.janvrsinsky.com/php/cpghf/mod/mod.zip
(There is one extra file called get_file.php, which is used for displaying images.)

Examples:
A link to my test site where you can see how it works:
http://test.janvrsinsky.com/php/cpghf/index.php

For example, this is a link to a picture you will see even if you've logged out
http://test.janvrsinsky.com/php/cpghf/get_file.php?cat=-1&album=1&pos=1&size=normal

And you won't be able to see a picture at this link unless you log in to my test gallery
http://test.janvrsinsky.com/php/cpghf/get_file.php?cat=-2&album=2&pos=0&size=normal
(use test/test to log in)

The next action: I don't know PHP so I created the entire mod just by searching/copying/pasting. I'm a Java expert so I was able to follow the code but I'm sure I've made a couple of inefficiencies there. For example there is no need to fetch the URL of an image in the displayimage.php anymore, etc. It would also be nice if you could turn off this feature for certain albums and/or categories or at least for the entire gallery. So if anybody wants to enhance my idea in a way or use any part of it in a different mod, you're welcome!

A feature request?: It would be great if CPG developers could incorporate this mod to the CPG itself. That way, when a new version of CPG is installed, this feature would not be lost.

Any comments are welcome.
« Last Edit: May 14, 2006, 09:56:33 pm by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de

Thanaks for your mod, we'll look into it. As an alternative to replacing coppermine files with the ones from your mod, here's the "usual" way of posting mods (split over two postings due to posting size limitations):

edit catmgr.php, find
Code: [Select]
$thumb_url = get_pic_url($picture, 'thumb');and replace with
Code: [Select]
$thumb_url = get_pic_url2('', '', -$picture['pid'], 'thumb');
edit editpcis.php, find
Code: [Select]
$thumb_url = get_pic_url($CURRENT_PIC, 'thumb');and replace with
Code: [Select]
$thumb_url = get_pic_url2('', '', -$CURRENT_PIC['pid'], 'thumb');
edit index.php, find
Code: [Select]
                    if (mysql_num_rows($result)) {
                        $picture = mysql_fetch_array($result);
                        mysql_free_result($result);
                        $pic_url = get_pic_url($picture, 'thumb');
and replace with
Code: [Select]
                    if (mysql_num_rows($result)) {
                        $picture = mysql_fetch_array($result);
                        mysql_free_result($result);
                        //$pic_url = get_pic_url($picture, 'thumb');
                        $pic_url = get_pic_url2('', '', -$subcat['thumb'], 'thumb');
(replace two times!).

Then find
Code: [Select]
$sql = 'SELECT a.aid, a.title, a.description, category, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;and replace with
Code: [Select]
$sql = 'SELECT a.aid, a.title, a.description, category, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight, p.pid ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;
Next, find
Code: [Select]
        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];

                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) {
            if ($count > 0) {
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                }
                $pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }
and replace with
Code: [Select]
        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];

                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) {
            if ($count > 0) {
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                    $pic_url = get_pic_url2('', '', -$alb_thumb['pid'], 'thumb');
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                    $pic_url = get_pic_url2('', '', -$alb_stat['last_pid'], 'thumb');
                }
                //$pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }

Find
Code: [Select]
$sql = 'SELECT a.aid, a.title, a.description, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;and replace with
Code: [Select]
$sql = 'SELECT a.aid, a.title, a.description, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight, p.pid ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;
Finally, find
Code: [Select]
        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];
                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) { //test for visibility
            if ($count > 0) { // Inserts a thumbnail if the album contains 1 or more images
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                }
                $pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }
and replace with
Code: [Select]
        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];
                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) { //test for visibility
            if ($count > 0) { // Inserts a thumbnail if the album contains 1 or more images
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                    $pic_url = get_pic_url2('', '', -$alb_thumb['pid'], 'thumb');
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                $pic_url = get_pic_url2('', '', -$alb_stat['last_pid'], 'thumb');
                }
                //$pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }

edit mdifyalb.php, find
Code: [Select]
$thumb_url = get_pic_url($picture, 'thumb');and replace with
Code: [Select]
$thumb_url = get_pic_url2('', '', -$picture['pid'], 'thumb');
edit profile.php, find
Code: [Select]
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body " . "FROM {$CONFIG['TABLE_COMMENTS']} AS c, {$CONFIG['TABLE_PICTURES']} AS p " . "WHERE msg_id='" . $lastcom_id . "' AND c.pid = p.pid";, replace with
Code: [Select]
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body, p.pid " . "FROM {$CONFIG['TABLE_COMMENTS']} AS c, {$CONFIG['TABLE_PICTURES']} AS p " . "WHERE msg_id='" . $lastcom_id . "' AND c.pid = p.pid";
Then find
Code: [Select]
$pic_url =  get_pic_url($row, 'thumb');and replace with
Code: [Select]
$pic_url =  get_pic_url2('', '', -$row['pid'], 'thumb');
Next, find
Code: [Select]
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='" . $thumb_pid . "'";and replace with
Code: [Select]
$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight,pid " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='" . $thumb_pid . "'";
Finally, find
Code: [Select]
$pic_url =  get_pic_url($picture, 'thumb');and replace with
Code: [Select]
$pic_url =  get_pic_url2('', -$picture['pid'], 'thumb');
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de

edit include/functions.inc.php, find
Code: [Select]
function display_thumbnails($album, $cat, $page, $thumbcols, $thumbrows, $display_tabs)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;

        $thumb_per_page = $thumbcols * $thumbrows;
        $lower_limit = ($page-1) * $thumb_per_page;

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $lower_limit, $thumb_per_page);

        $total_pages = ceil($thumb_count / $thumb_per_page);

        $i = 0;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        $pic_url =  get_pic_url($row, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $i - 1 + $lower_limit;
                        $thumb_list[$i]['pid'] = $row['pid'];;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\"/>";
                        $thumb_list[$i]['caption'] = bb_decode($row['caption_text']);
                        $thumb_list[$i]['admin_menu'] = '';
                        $thumb_list[$i]['aid'] = $row['aid'];
                }
                theme_display_thumbnails($thumb_list, $thumb_count, $album_name, $album, $cat, $page, $total_pages, is_numeric($album), $display_tabs);
        } else {
                theme_no_img_to_display($album_name);
        }
}
and replace with
Code: [Select]
function display_thumbnails($album, $cat, $page, $thumbcols, $thumbrows, $display_tabs)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;

        $thumb_per_page = $thumbcols * $thumbrows;
        $lower_limit = ($page-1) * $thumb_per_page;

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $lower_limit, $thumb_per_page);

        $total_pages = ceil($thumb_count / $thumb_per_page);

        $i = 0;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        //$pic_url =  get_pic_url($row, 'thumb');
                        $pic_url =  get_pic_url2($cat, $album, $key < 0 ? $key : $i - 1 + $lower_limit, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $i - 1 + $lower_limit;
                        $thumb_list[$i]['pid'] = $row['pid'];;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\"/>";
                        $thumb_list[$i]['caption'] = bb_decode($row['caption_text']);
                        $thumb_list[$i]['admin_menu'] = '';
                        $thumb_list[$i]['aid'] = $row['aid'];
                }
                theme_display_thumbnails($thumb_list, $thumb_count, $album_name, $album, $cat, $page, $total_pages, is_numeric($album), $display_tabs);
        } else {
                theme_no_img_to_display($album_name);
        }
}

Find
Code: [Select]
function display_film_strip($album, $cat, $pos)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;
        $max_item=$CONFIG['max_film_strip_items'];
        //$thumb_per_page = $pos+$CONFIG['max_film_strip_items'];
        $thumb_per_page = $max_item*2;
        $l_limit = max(0,$pos-$CONFIG['max_film_strip_items']);
        $new_pos=max(0,$pos-$l_limit);

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $l_limit, $thumb_per_page);

        if (count($pic_data) < $max_item ){
                $max_item = count($pic_data);
        }
        $lower_limit=3;

        if(!isset($pic_data[$new_pos+1])) {
           $lower_limit=$new_pos-$max_item+1;
        } else if(!isset($pic_data[$new_pos+2])) {
           $lower_limit=$new_pos-$max_item+2;
        } else if(!isset($pic_data[$new_pos-1])) {
           $lower_limit=$new_pos;
        } else {
          $hf=$max_item/2;
          $ihf=(int)($max_item/2);
          if($new_pos > $hf ) {
             //if($max_item%2==0) {
               //$lower_limit=
             //} else {
             {
               $lower_limit=$new_pos-$ihf;
             }
          }
          elseif($new_pos <= $hf ) { $lower_limit=0; }
        }

        $pic_data=array_slice($pic_data,$lower_limit,$max_item);
        $i=$l_limit;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $hi =(($pos==($i + $lower_limit)) ? '1': '');
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        $pic_url =  get_pic_url($row, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $p=$i - 1 + $lower_limit;
                        $p=($p < 0 ? 0 : $p);
                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $p;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\" />";
                        $thumb_list[$i]['caption'] = $CONFIG['display_film_strip_filename'] ? '<span class="thumb_filename">'.$row['filename'].'</span>' : '';
                        $thumb_list[$i]['admin_menu'] = '';

                }
                return theme_display_film_strip($thumb_list, $thumb_count, $album_name, $album, $cat, $pos, is_numeric($album));
        } else {
                theme_no_img_to_display($album_name);
        }
}
and replace with
Code: [Select]
function display_film_strip($album, $cat, $pos)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;
        $max_item=$CONFIG['max_film_strip_items'];
        //$thumb_per_page = $pos+$CONFIG['max_film_strip_items'];
        $thumb_per_page = $max_item*2;
        $l_limit = max(0,$pos-$CONFIG['max_film_strip_items']);
        $new_pos=max(0,$pos-$l_limit);

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $l_limit, $thumb_per_page);

        if (count($pic_data) < $max_item ){
                $max_item = count($pic_data);
        }
        $lower_limit=3;

        if(!isset($pic_data[$new_pos+1])) {
           $lower_limit=$new_pos-$max_item+1;
        } else if(!isset($pic_data[$new_pos+2])) {
           $lower_limit=$new_pos-$max_item+2;
        } else if(!isset($pic_data[$new_pos-1])) {
           $lower_limit=$new_pos;
        } else {
          $hf=$max_item/2;
          $ihf=(int)($max_item/2);
          if($new_pos > $hf ) {
             //if($max_item%2==0) {
               //$lower_limit=
             //} else {
             {
               $lower_limit=$new_pos-$ihf;
             }
          }
          elseif($new_pos <= $hf ) { $lower_limit=0; }
        }

        $pic_data=array_slice($pic_data,$lower_limit,$max_item);
        $i=$l_limit;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $hi =(($pos==($i + $lower_limit)) ? '1': '');
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        //$pic_url =  get_pic_url($row, 'thumb');
                        $pic_url =  get_pic_url2($cat, $album, $i-1+$lower_limit, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $p=$i - 1 + $lower_limit;
                        $p=($p < 0 ? 0 : $p);
                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $p;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\" />";
                        $thumb_list[$i]['caption'] = $CONFIG['display_film_strip_filename'] ? '<span class="thumb_filename">'.$row['filename'].'</span>' : '';
                        $thumb_list[$i]['admin_menu'] = '';

                }
                return theme_display_film_strip($thumb_list, $thumb_count, $album_name, $album, $cat, $pos, is_numeric($album));
        } else {
                theme_no_img_to_display($album_name);
        }
}

Find
Code: [Select]
?>and replace with
Code: [Select]
function& get_pic_url2($cat, $album, $pos, $mode) {
return 'get_file.php?cat='.$cat.'&album='.$album.'&pos='.$pos.'&size='.$mode;
}
?>

Edit include/slideshow.inc.php, find
Code: [Select]
    if (is_image($picture['filename'])) {
        if ($CONFIG['make_intermediate'] && $condition ) {
            $picture_url = get_pic_url($picture, 'normal');
        } else {
            $picture_url = get_pic_url($picture, 'fullsize');
        }
and replace with
Code: [Select]
    if (is_image($picture['filename'])) {
        if ($CONFIG['make_intermediate'] && $condition ) {
            //$picture_url = get_pic_url($picture, 'normal');
            $picture_url = get_pic_url2($_GET['cat'], $_GET['album'], $i, 'normal');
        } else {
            //$picture_url = get_pic_url($picture, 'fullsize');
            $picture_url = get_pic_url2($_GET['cat'], $_GET['album'], $i, 'fullsize');
        }

edit include/themes.inc.php, find
Code: [Select]
if (!function_exists('theme_html_picture')) {  //{THEMES}
function theme_html_picture()
{
    global $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;
and replace with
Code: [Select]
if (!function_exists('theme_html_picture')) {  //{THEMES}
function theme_html_picture()
{
    global $cat, $pos, $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;

Find
Code: [Select]
    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }
and replace with
Code: [Select]
    if ($CONFIG['make_intermediate'] && $condition ) {
        //$picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
        $picture_url = get_pic_url2($cat, $album, $pos, 'normal');
    } else {
        //$picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
        $picture_url = get_pic_url2($cat, $album, $pos, 'fullsize');
    }

Then find
Code: [Select]
// Display the full size image
if (!function_exists('theme_display_fullsize_pic')) {  //{THEMES}
function theme_display_fullsize_pic()
{
    global $CONFIG, $THEME_DIR, $ALBUM_SET;
and replace with
Code: [Select]
// Display the full size image
if (!function_exists('theme_display_fullsize_pic')) {  //{THEMES}
function theme_display_fullsize_pic()
{
    global $cat, $album, $pos, $CONFIG, $THEME_DIR, $ALBUM_SET;

Finally, find
Code: [Select]
    $row = mysql_fetch_array($result);
    $pic_url = get_pic_url($row, 'fullsize');
    $geom = 'width="' . $row['pwidth'] . '" height="' . $row['pheight'] . '"';
    $imagedata = array('name' => $row['filename'], 'path' => $pic_url, 'geometry' => $geom);
    }
and replace with
Code: [Select]
    $row = mysql_fetch_array($result);
    //$pic_url = get_pic_url($row, 'fullsize');
    $pic_url = get_pic_url2($cat, $album, $pos, 'fullsize');
    $geom = 'width="' . $row['pwidth'] . '" height="' . $row['pheight'] . '"';
    $imagedata = array('name' => $row['filename'], 'path' => $pic_url, 'geometry' => $geom);
    }

Warning: code in include/themes.inc.php may be overridden by theme code. Theme code possibly needs editing as well.
Logged

reindeer

  • Coppermine newbie
  • Offline Offline
  • Posts: 2

Thanaks for your mod, we'll look into it. As an alternative to replacing coppermine files with the ones from your mod,
here's the "usual" way of posting mods (split over two postings due to posting size limitations):

Ok, the links for the mod.zip and to the gallery are dead, does anyone have these stored somewhere?

http://test.janvrsinsky.com/php/cpghf/mod/mod.zip

http://test.janvrsinsky.com/php/cpghf/index.php

Can this mod still be installed using GauGau's find & replace method?

I just installed CPG v1.4.10 (stable) and THIS is the mod I really need. I find it quite strange that "hotlinking" or "direct url access" is NOT
handled by the CPG v1.4.x gallery software itself, why is this the case? (I also recall this is the case with g2 software and thats why I switched to CPG)

I mean, making all the groups/users/passwords but then, a direct link like www.mydomain.com/photos/album/secret/01.jpg can be viewed by anyone?  ::)

Using .htaccess protection is not the way to go, as stated, as this can be circumvented by spoofed HTTP referers, as I read.

Is it possible to check that does a certain user/pass combination have/have not ,the rights to access an album and it's content?

As I am not a developer, i have limited knowledge of what can be implemented, so any feedback would be good!



Here are the posts that I have found in this board about this subject:

Coppermine-gallery.net > No Support > Modifications/Add-Ons/Hacks -> http://forum.coppermine-gallery.net/index.php?board=78.0

Coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 permissions > http://forum.coppermine-gallery.net/index.php?topic=38436.0]
Logged

eK3eKyToPa

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35

As I see noone work on this mod anymore, but i needed exactly this for my gallery,
The only thing that is missing is get_file.php that will check the access rights
So please if someone is able to get it here
Thanks!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de

Ok, the links for the mod.zip and to the gallery are dead, does anyone have these stored somewhere?
Yes, in the initial posting on this thread the mod file is attached.

Can this mod still be installed using GauGau's find & replace method?
You tell us.


I just installed CPG v1.4.10
Now that's really silly. Most recent stable release is cpg1.4.25. Installing such an ancient, outdated version as cpg1.4.10 is not an option unless you want to see your site hacked in no time.


Using .htaccess protection is not the way to go, as stated, as this can be circumvented by spoofed HTTP referers, as I read.

Is it possible to check that does a certain user/pass combination have/have not ,the rights to access an album and it's content?

As I am not a developer, i have limited knowledge of what can be implemented, so any feedback would be good!
Use coppermine's built in authentification methods - they should be sufficient for you. No need for any mods imo, especially if you have little to no idea what you're doing.
Logged
Pages: [1]   Go Up
 

Page created in 0.034 seconds with 21 queries.