Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2] 3 4 5 6 7   Go Down

Author Topic: Prevent downloading of pics - transparent gif overlay  (Read 158925 times)

0 Members and 1 Guest are viewing this topic.

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #20 on: August 21, 2006, 08:05:44 am »

that's the overlay thingie for the MODPACK that doesn't open the fullsized but the next pic when clicking on the intermediate image.

I've commented every change I did for the next pic mod so it should be pretty easy to port that to the non modpack version

Code: [Select]
function theme_html_picture()
{
    global $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;
    global $album, $comment_date_fmt, $template_display_media;
    global $lang_display_image_php, $lang_picinfo, $mime_content;

    //mod next pic
    global $pos;
//end mod

    $pid = $CURRENT_PIC_DATA['pid'];
    $pic_title = '';

    if (!isset($USER['liv']) || !is_array($USER['liv'])) {
        $USER['liv'] = array();
    }
    // Add 1 to hit counter
    if (!USER_IS_ADMIN && !in_array($pid, $USER['liv']) && isset($_COOKIE[$CONFIG['cookie_name'] . '_data'])) {
        add_hit($pid);
        if (count($USER['liv']) > 4) array_shift($USER['liv']);
        array_push($USER['liv'], $pid);
    }

    if($CONFIG['thumb_use']=='ht' && $CURRENT_PIC_DATA['pheight'] > $CONFIG['picture_width'] ){ // The wierd comparision is because only picture_width is stored
      $condition = true;
    }elseif($CONFIG['thumb_use']=='wd' && $CURRENT_PIC_DATA['pwidth'] > $CONFIG['picture_width']){
      $condition = true;
    }elseif($CONFIG['thumb_use']=='any' && max($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight']) > $CONFIG['picture_width']){
      $condition = true;
    }elseif($CONFIG['thumb_use']=='ex' && max($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight']) > $CONFIG['picture_width']){
      $condition = true;
    }else{
     $condition = false;
    }

    if ($CURRENT_PIC_DATA['title'] != '') {
        $pic_title .= $CURRENT_PIC_DATA['title'] . "\n";
    }
    if ($CURRENT_PIC_DATA['caption'] != '') {
        $pic_title .= $CURRENT_PIC_DATA['caption'] . "\n";
    }
    if ($CURRENT_PIC_DATA['keywords'] != '') {
        $pic_title .= $lang_picinfo['Keywords'] . ": " . $CURRENT_PIC_DATA['keywords'];
    }

    if (!$CURRENT_PIC_DATA['title'] && !$CURRENT_PIC_DATA['caption']) {
        template_extract_block($template_display_media, 'img_desc');
    } else {
        if (!$CURRENT_PIC_DATA['title']) {
            template_extract_block($template_display_media, 'title');
        }
        if (!$CURRENT_PIC_DATA['caption']) {
            template_extract_block($template_display_media, 'caption');
        }
    }

    $CURRENT_PIC_DATA['menu'] = html_picture_menu(); //((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0) || GALLERY_ADMIN_MODE) ? html_picture_menu($pid) : '';

    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }

    //$image_size = compute_img_size($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight'], $CONFIG['picture_width']);
    $image_size = compute_img_size($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight'], $CONFIG['picture_width'], "normal");

    $pic_title = '';
    //$mime_content = cpg_get_type($CURRENT_PIC_DATA['filename']);


    if ($mime_content['content']=='movie' || $mime_content['content']=='audio') {

        if ($CURRENT_PIC_DATA['pwidth']==0 || $CURRENT_PIC_DATA['pheight']==0) {
            $CURRENT_PIC_DATA['pwidth']  = 320; // Default width

            // Set default height; if file is a movie
            if ($mime_content['content']=='movie') {
                $CURRENT_PIC_DATA['pheight'] = 240; // Default height
            }
        }

        $ctrl_offset['mov']=15;
        $ctrl_offset['wmv']=45;
        $ctrl_offset['swf']=0;
        $ctrl_offset['rm']=0;
        $ctrl_offset_default=45;
        $ctrl_height = (isset($ctrl_offset[$mime_content['extension']]))?($ctrl_offset[$mime_content['extension']]):$ctrl_offset_default;
        $image_size['whole']='width="'.$CURRENT_PIC_DATA['pwidth'].'" height="'.($CURRENT_PIC_DATA['pheight']+$ctrl_height).'"';
    }

    if ($mime_content['content']=='image') {

            //mod next pic
        $next = $pos + 1;
        $next_tgt = "{$_SERVER['PHP_SELF']}?album=$album$cat_link&pos=$next$uid_link";
//end mod

//mod next pic
        //if (isset($image_size['reduced'])) {
$imginfo=getimagesize($picture_url);
            $winsizeX = $CURRENT_PIC_DATA['pwidth'];  //the +'s are the mysterious FF and IE paddings
            $winsizeY = $CURRENT_PIC_DATA['pheight']; //the +'s are the mysterious FF and IE paddings

$pic_html = "<table cellpadding=0 cellspacing=0><tr><td background=\"" . $picture_url . "\" width={$imginfo[0]} height={$imginfo[1]} class=\"image\">";
           
            //mod next pic
//$pic_html .= "<a href=\"javascript:;\" onclick=\"MM_openBrWindow('displayimage.php?pid=$pid&amp;fullsize=1','" . uniqid(rand()) . "','scrollbars=yes,toolbar=no,status=no,resizable=yes,width=$winsizeX,height=$winsizeY')\">";
            $pic_html .= "<a href=\"  $next_tgt  \">";   //click on the intermediate photo will link to the next photo
//end mod

$pic_title = $lang_display_image_php['view_fs'] . "\n==============\n" . $pic_title;
            $pic_html .= "<img src=\"images/overlay.gif\" width={$imginfo[0]} height={$imginfo[1]}  border=\"0\" alt=\"{$lang_display_image_php['view_fs']}\" /><br />";
            $pic_html .= "</a>\n </td></tr></table>";
       
/* mod next pic
} else {
$pic_html = "<table cellpadding=0 cellspacing=0><tr><td background=\"" . $picture_url . "\" {$image_size['geom']} class=\"image\">";
            $pic_html .= "<img src=\"images/overlay.gif\" {$image_size['geom']} border=\"0\" alt=\"\" /><br />\n";
            $pic_html .= "</td></tr></table>";
end mod */

    } elseif ($mime_content['content']=='document') {
        $pic_thumb_url = get_pic_url($CURRENT_PIC_DATA,'thumb');
        $pic_html = "<a href=\"{$picture_url}\" target=\"_blank\" class=\"document_link\"><img src=\"".$pic_thumb_url."\" border=\"0\" class=\"image\" /></a>\n<br />";
    } else {
        $autostart = ($CONFIG['media_autostart']) ? ('true'):('false');

        $players['WMP'] = array('id' => 'MediaPlayer',
                                'clsid' => 'classid="" ',
                                'codebase' => 'codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701" ',
                                'mime' => 'type="application/x-mplayer2" ',
                               );
        $players['RMP'] = array('id' => 'RealPlayer',
                                'clsid' => 'classid="clsid:CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA" ',
                                'codebase' => '',
                                'mime' => 'type="audio/x-pn-realaudio-plugin" '
                               );
        $players['QT']  = array('id' => 'QuickTime',
                                'clsid' => 'classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ',
                                'codebase' => 'codebase="http://www.apple.com/qtactivex/qtplugin.cab" ',
                                'mime' => 'type="video/x-quicktime" '
                               );
        $players['SWF'] = array('id' => 'SWFlash',
                                'clsid' => ' classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" ',
                                'codebase' => 'codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" ',
                                'mime' => 'type="application/x-shockwave-flash" '
                               );
        $players['UNK'] = array('id' => 'DefaultPlayer',
                                'clsid' => '',
                                'codebase' => '',
                                'mime' => ''
                               );

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_'.$mime_content['extension'].'player'])) {
            $user_player = $_COOKIE[$CONFIG['cookie_name'].'_'.$mime_content['extension'].'player'];
        } else {
            $user_player = $mime_content['player'];
        }

                // There isn't a player selected or user wants client-side control
        if (!$user_player) {
            $user_player = 'UNK';
        }

        $player = $players[$user_player];

        $pic_html  = '<object id="'.$player['id'].'" '.$player['clsid'].$player['codebase'].$player['mime'].$image_size['whole'].'>';
        $pic_html .= "<param name=\"autostart\" value=\"$autostart\" /><param name=\"src\" value=\"". $picture_url . "\" />";
        $pic_html .= '<embed '.$image_size['whole'].' src="'. $picture_url . '" autostart="'.$autostart.'" '.$player['mime'].'></embed>';
        $pic_html .= "</object><br />\n";
    }

    $CURRENT_PIC_DATA['html'] = $pic_html;
    $CURRENT_PIC_DATA['header'] = '';
    $CURRENT_PIC_DATA['footer'] = '';

    $CURRENT_PIC_DATA = CPGPluginAPI::filter('file_data',$CURRENT_PIC_DATA);

    $params = array('{CELL_HEIGHT}' => '100',
        '{IMAGE}' => $CURRENT_PIC_DATA['header'].$CURRENT_PIC_DATA['html'].$CURRENT_PIC_DATA['footer'],
        '{ADMIN_MENU}' => $CURRENT_PIC_DATA['menu'],
        '{TITLE}' => bb_decode($CURRENT_PIC_DATA['title']),
        '{CAPTION}' => bb_decode($CURRENT_PIC_DATA['caption']),
        );

    return template_eval($template_display_media, $params);
}

Chili

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Prevent downloading of pics - transparent gif overlay
« Reply #21 on: October 15, 2006, 03:44:13 am »

Stramm,  This works very well for me, thank you.  One question, is it possible to get this to protect the photos in the slideshow as well?
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #22 on: October 16, 2006, 08:19:35 am »

I'm nearly sure it's possible. Will have a look in a free min

jsmith

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Prevent downloading of pics - transparent gif overlay
« Reply #23 on: October 18, 2006, 03:55:22 pm »

I added this overlay and it makes the intermediate image aprox. 1 and a half images wide by repeating part of the image.  I assume this has to do with the size of the overlay - when I switch to a different theme it is fine.  How do I fix this?  Most of my images are not square - either horiz. or vert. and I generally upload images no larger than 750 pixels on the long side.
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #24 on: October 18, 2006, 04:15:12 pm »

yep, I know about that problem... there's a lil leftover in the functions from testing... needs to be replaced

edit: code removed
I'm going to update the zip

jsmith

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Prevent downloading of pics - transparent gif overlay
« Reply #25 on: October 18, 2006, 04:17:27 pm »

I'll try that.  What do you mean about intermediate images disabled?  I thought the image you get when you click the thumbnail was the intermediate image?
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #26 on: October 18, 2006, 04:35:13 pm »

new zip is up... the theme mod differs between two states. Either you have intermediate pics enabled (in config) or not. Then it calculates the necessary overlay size

Yes, that's the intermediate image. If the orig is the same size or smaller than the intermediate, then the intermediate doesn't get created.

Try if it works for you... if not, please report back with a link to an image where the problems occur

jsmith

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Prevent downloading of pics - transparent gif overlay
« Reply #27 on: October 18, 2006, 04:51:14 pm »

that fixed it.  Thanks !
Logged

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #28 on: October 27, 2006, 12:44:29 pm »

Hi,

I have been unable to locate the "overlay.gif" file mentioned in this thread.  Any help in locating the same is appreciated.

TIA.
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #29 on: October 27, 2006, 12:50:04 pm »

ouch, I've fixed a problem in the script some days ago and removed the gif instead of the outdated code... can be found again now in the first post of this thread

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #30 on: October 27, 2006, 01:08:05 pm »

Thanks for the super fast update!

However, the downloaded overlay.gif (43 bytes) file results in the intermediate and full size images both not showing up (a small box with black borders appears instead).

CPG 1.4.9 and theme.php are configured properly.  I can replace this GIF with another GIF and that one shows up over the intermediate and full size pics (but covers them up instead of displaying them through the overlay).

 
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #31 on: October 27, 2006, 01:37:30 pm »

works perfect for me... just tried the uploaded gif and the code attachment.

Attach your theme.php in your next post

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #32 on: October 27, 2006, 08:54:05 pm »

theme.php with overlay.txt copied in right before final "?>" on last line attached.

Tried include contents of overlay.txt in the Classis theme's theme.php file with same results.

Note:  The only other change to vanilla CPG 1.4.9 that I have is the on-the-fly watermark enhancement (by flex) in functions.inc.php.  Reverting back to vanilla CPG 1.4.9 did not help above issue.

Thanks!
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #33 on: October 28, 2006, 08:12:45 am »

I've tested your theme file and it's working as expected. Can you post a link to your gallery?

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #34 on: October 29, 2006, 01:04:48 am »

Thank you for checking and confirming theme.php tests OK!

I was incorrect in stating that the "flex" on-the-fly watermark modifications did not causing overlays to not work.  After removing those modifications your transparent GIF overlay modification works great (cleared cache and restarted Web server this time).  Thank you for this great add-on to CPG functionality.

I would really like to see them both work together.  It appears that this issue is being caused due to the getimagesize() call in the overlay code in theme.php not getting input in a format it expects.

#Notices when overlay/watermarking not working
/themes/hardwired/theme.php

    * Warning line 310: getimagesize(watermark_normal.php?pid=1230&mode=normal): failed to open stream: No such file or directory

Attached is info on changes made to enable watermarking (diff to functions.inc.php, and contents of watermark_normal.php).

Hopefully the fix to overcome this issues is straightforward/simple.  If anyone is able to help with tips on how to effect that change or provide the fix, I would much appreciate it.

Thanks.

PS:  CPG web server is currently restricted to local/trusted network use and is not open to the Internet.
Logged

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #35 on: October 29, 2006, 01:13:03 am »

Attaching diff of functions.inc.php that didn't get attached to last post.
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #36 on: October 29, 2006, 06:29:40 am »

I would really like to see them both work together.  It appears that this issue is being caused due to the getimagesize() call in the overlay code in theme.php not getting input in a format it expects.

yes, the function you modified in functions.inc.php doesn't give back a path now getimagesize can handle. It expects a path to an actual image and not a URL to a script

simple solution would be to have to original get_pic_url function in your functions.inc.php again as eg get_pic_url2

then you need to do some lil changes in this mod (all untested)
find
Code: [Select]
    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }
replace with
Code: [Select]
    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
        $picture_url_orig = get_pic_url2($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
        $picture_url_orig = get_pic_url2($CURRENT_PIC_DATA, 'fullsize');
    }

find
Code: [Select]
$imginfo=getimagesize($picture_url);
replace with
Code: [Select]
$imginfo=getimagesize($picture_url_orig);

but why would you want to use on the fly watermarking??? In a live environment it may suck a lot of resources. Imagine 20 peaople browsing your site... this can be enough to bog your server down. It's good for a family album but not for production use. I'd go for a permanent wm solution

nivons

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Prevent downloading of pics - transparent gif overlay
« Reply #37 on: October 29, 2006, 07:57:49 am »

That worked perfect.  Thank you!

but why would you want to use on the fly watermarking??? In a live environment it may suck a lot of resources. Imagine 20 peaople browsing your site... this can be enough to bog your server down. It's good for a family album but not for production use. I'd go for a permanent wm solution

The user-base at this time is quite limited.  I did install and try out your mod for permanent WM, and may pick it back up in a later version of CPG.

Thanks again for your prompt and helpful responses, and for your contributions to CPG.
Logged

cgc0202

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 199
Re: Prevent downloading of pics - transparent gif overlay
« Reply #38 on: November 12, 2006, 04:14:56 pm »

That's a lil theme addition. So you won't need to modify core files. This addition puts a transparent gif over the actual intermediate or fullsized image. If a user tries to download the image he only gets the transparent gif. Same if he tries to find out the URL (with tight click -> properties). This is no 100% secure solution but protects against most newbies and lazy users. Also it's 100 times better than blocking the right mouse button (at least I hate sites that use that techniques and leave)

Hi Stramm,

I am interested with this because my gallery sites are based on contributions from other people.  Some people may want to contribute but do not want anonymous users downloading their photos.  So, I wish to satisfy the concerns of such contributors, if possible:

So here are some observations and questions:
(1) Flickr has implemented a similar feature, but the easy way around it, as it turned out was to go to the thumbnail or mini-size URL, copy that URL and change the code used to identify "thumbnail" to the code for either the intermediate or large or original size.

Has this loophole been considered in this mode and dealt with?

One additional way to increase "security" from copying is to separate*** the URL address of original size from the derivative images.  I think it was Nibbler (or one of the Dev Team) who stated  in one response to an old post that they have a way to do just that -- separate location of original vs. intermediate.

(2) I understand that it would be a lot of work (for me as an administrator), but is there a way to make this applicable on per image basis?

If it is done per image basis, once this mode has been included, an expert coder might know how to integrate in the "Edit Files" window -- to add options to answer this:
Do you want to "prevent downloading of this photo"? No Yes.  And if yes: All, Int/Orig Orig only (where Int -> intermediate and Orig -> original)

The aforementioned per image option -- with the admin control included in the Edit files section -- would be much easier for non-programmers like me who could easily mess up a very complex php scrip.  Also, if one has multiple independent CPG galleries, it will minimize the php script modification, especially by non-programmers, that is needed during every update.

A per image basis is important for this mod because many contributing photographers have their photos under "Creative Commons (CC)" license, so there is no need to protect them from download.  However, protecting the original image even for CC files may be prudent for "small webpages" in shared-server hostings, where bandwidth usage is critical and also shared webhosting service providers frown upon "small webpages" causing bleeps due to upsurge of downloads 

(3) Is there a way to integrate this in the "Mod pack" Stramm?

I have other observations and questions but I will place them in another post.

CGC



Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Prevent downloading of pics - transparent gif overlay
« Reply #39 on: November 14, 2006, 05:21:18 pm »

This mod is not meant as a full download protection. It just cheats newbs and is an alternative to blocking the right mouse button.

Of yourse you could modify CPG to save different filenames for thumbs, intermediate and fullsized images, however that needs some more modifications than just a few lines. Then you could save the images outside the webroot and not directly open them with an img tag but use a php script to show them.

Search the board for that mod. Disadvantage is a far higher CPU usage
Pages: 1 [2] 3 4 5 6 7   Go Up
 

Page created in 0.028 seconds with 20 queries.