Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [security] user can't know location photo  (Read 3444 times)

0 Members and 1 Guest are viewing this topic.

Bart

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
[security] user can't know location photo
« on: March 12, 2004, 01:13:13 am »

I have problem becouse I don't want to user clicking right button mouse's on photo had the possibility of checking where is photo on server. Now has the possibility to write down address of photo and he can see it with out log in.:( Have You some ideas how I can solve this problem  :?:
Logged
Bart

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
[security] user can't know location photo
« Reply #1 on: March 12, 2004, 08:12:25 am »

sure: don't post the pic on the internet! :roll:
That's the way a webbrowser works. You could try fiddling with "no right-click" scripts (using JavaScript) and other silly methods, but generally speaking: there is nothing you can do about this!

GauGau
Logged

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
[security] user can't know location photo
« Reply #2 on: March 12, 2004, 08:55:02 am »

Logged
SANIsoft PHP applications for E Biz

hyperion

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 1317
  • - retired -
[security] user can't know location photo
« Reply #3 on: March 12, 2004, 08:59:16 am »

Anyone can get to your files if they really want to, so you can only make it difficult.

For example, you worry that people will be able to see your files without logging in.  Okay, so what do you do if a user logs in and downloads your files? He can then view them on his personal computer, post them on his site, etc.  Right click scripts can be disabled, and URL obsfucation is made irrelevant by the browser cache. If they can see it in their browser, they can get it.

However, if you are determined to proceed along this futile course, I suggest you read the following threads and pages:

http://forum.coppermine-gallery.net/index.php?topic=3069 [edit]Seems you beat me to it, Tarique.  :) [/edit]
http://forum.coppermine-gallery.net/index.php?topic=2450
http://altlab.com/htaccess_tutorial.html
Logged
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(http://www.mozilla.org/products/firefox/buttons/getfirefox_small.png)

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
[security] user can't know location photo
« Reply #4 on: March 12, 2004, 11:57:14 am »

And you could make it that users have to login before they can see any pics.  There's no point in worying if the user is registered anyway, is there.

see http://forum.coppermine-gallery.net/index.php?topic=3503
Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Bart

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
[security] user can't know location photo
« Reply #5 on: March 16, 2004, 04:03:47 pm »

OK guys ... calmly ... I need solution with .htaccess and login to gallery or any good way. I want users can save photos on they hard drivers but I don't want they post link to jpg file somewhere and someone no register user can see that jpg file. For example user who have account login to gallery and get link to jpg file and he/she put that link on another site then anyone can have access to my photo - I don't want that so how I can do it?

What You think about it:

Code: [Select]

<?php 
if (!isset($_COOKIE['ActiveCode'])) { 
    unset(
$_COOKIE[session_name()]); 
    
$name 'access.denied.jpg'

else { 
   if (isset(isset(
$_GET['name']))) { 
      
$name $_GET['name']; 
   } 
   else { 
      
$name 'some.jpg'
   } 


$photo_dir 'secret_catalog/'

$name $photo_dir $name

header('Content-type: image/jpeg'); 
header('Content-transfer-encoding: binary'); 
header('Content-length: 'filesize($name)); 

readfile($name); 
?>
Logged
Bart

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
[security] user can't know location photo
« Reply #6 on: March 16, 2004, 05:44:43 pm »

If you want to keep people from displaying your pics on their site (stealing your bandwidth), there are instructions how to prevent this: search the board for "prevent AND hotlinking".
You can't keep people from entering the url of the pic into the browser though.

GauGau
Logged

Bart

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
[security] user can't know location photo
« Reply #7 on: March 16, 2004, 09:19:10 pm »

Quote from: "gaugau"

You can't keep people from entering the url of the pic into the browser though.

GauGau


I can  :D  and I know how!
Logged
Bart

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
[security] user can't know location photo
« Reply #8 on: March 17, 2004, 08:42:47 am »

OK, cool. Thanks for sharing your thoughts...
Maybe you could post a link to your gallery for us to check your modifications...?

GauGau
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 18 queries.