Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2 3 4   Go Down

Author Topic: [cpg1.4.x]: Download a Zipped Album With Basic Security  (Read 154643 times)

0 Members and 1 Guest are viewing this topic.

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
[cpg1.4.x]: Download a Zipped Album With Basic Security
« on: October 25, 2007, 08:53:17 pm »

This was originally posted in a reply to http://forum.coppermine-gallery.net/index.php?topic=43527.0
Since that thread contains multiple hack versions it is very cluttered and hard to follow. Since my original post there I have made some small changes to to the commenting in the zip.php file located in the attached securezip.zip file. I also cleaned up some typos, etc. in the installation instructions. And I included a readme.html with the full installation instructions.


Download a Zipped Album With Basic Security

I have wanted to have the functionality of users being able to download a zip of an entire album/folder for a long, long time. But I never manged to get it working on my own. That's one reason that I decided to try out CPG. So I tried out the various hacks in the forum and managed to get the zip.php version to work. The zipalbum.php version does not work at all as posted. There are errors in the scripting.

I was happy to get zip downloads working, but there was one major problem. Lack of any kind of security. All a user had to do was replace the number in the aid portion of the url and he could download any album, including private ones. Well there can be many many reasons why that is completely unacceptable. You may have family pictures stored in your CPG that you don't want the world at large to see, etc. My main reason for needing better security is that I want to be able to make updates at anytime, and then make them active on a set day by changing the permissions from admin-only to everyone.

So I decided to use the built in user levels to secure the zip script. An album with "everyone" permissions has "0" set in the visibility colum of the cpgxxx_albums table. An "admin" gallery has a "1", etc. I figured the easiest thing to implement would be a check to see what the content of the visibility column was, and then disallow any downloads if the result was not "0". I only use admin and everyone in my CPG, so that works perfectly for me. You might want to change things around a bit to suit your own setup. To find out what the visibilty value is for any particular setting just change the setting in the album's properties and then check the contents of the table with phpmyadmin or MySQL Administrator.

This is tested and working on my linux, apache, mysql, php4 server. Your mileage may vary.

This script contains work by h3nn3s, Beme, MoolFreet, easyjava and Nibbler. Thanks guys!


This mod does not require any modification of any core CPG files so it should be installable on most versions of CPG or future versions. Rather than a CPG mod it is actually a template modification. It should not cause a problem for you to update to a different version of CPG unless the way themes work is changed. With that said I have only tested it with 1.4.13, 1.4.14 and 1.4.16. I have tried it with the following themes: Rainy Day, Classic and Water Drop. Also with a heavily customized Rainy Day variant that I am using in my CPG. It works with no problems with Stramm's ModPack installed. I have tested it with CPG 1.5 and it is working. However I am not using the latest build of 1.5.

Detailed installation instructions:

# 1 ) Download the securezip.zip attached to this message.
# 2 ) Unzip it and upload zip.php to the root folder of your CPG installation. (Same folder as the index.php)
# 3 ) Open the file in your editor of choice and look for:
Code: [Select]
/* Write here the name of the folder  where the zip will be created */
$sFolderZip = "zipfiles/";
It starts on line 5. Either change the name (make sure it has the "/" on the end!) of the folder or else make a folder in the root of your CPG installation called "zipfiles". Whichever one you choose, you will probably have to chmod to 777 to get the script to work.

# 4 ) Navigate to the folder of the template you are using. Something like: /yourwwwfolder/CPG/templates/name_of_template.

# 5 ) Open themes/yourtheme/theme.php in your editor of choice. Copy the following code into your theme.php file just above the
Code: [Select]
?>at the end of the file.
Code: [Select]
function theme_display_thumbnails(&$thumb_list, $nbThumb, $album_name, $aid, $cat, $page, $total_pages, $sort_options, $display_tabs, $mode = 'thumb')
{
    global $CONFIG;
    global $template_thumb_view_title_row,$template_fav_thumb_view_title_row, $lang_thumb_view, $template_tab_display, $template_thumbnail_view, $lang_album_list;

    static $header = '';
    static $thumb_cell = '';
    static $empty_cell = '';
    static $row_separator = '';
    static $footer = '';
    static $tabs = '';
    static $spacer = '';

    if ($header == '') {
        $thumb_cell = template_extract_block($template_thumbnail_view, 'thumb_cell');
        $tabs = template_extract_block($template_thumbnail_view, 'tabs');
        $header = template_extract_block($template_thumbnail_view, 'header');
        $empty_cell = template_extract_block($template_thumbnail_view, 'empty_cell');
        $row_separator = template_extract_block($template_thumbnail_view, 'row_separator');
        $footer = template_extract_block($template_thumbnail_view, 'footer');
        $spacer = template_extract_block($template_thumbnail_view, 'spacer');
    }

    $cat_link = is_numeric($aid) ? '' : '&cat=' . $cat;
    $uid_link = (isset($_GET['uid']) && is_numeric($_GET['uid'])) ? '&uid=' . $_GET['uid'] : '';

    $theme_thumb_tab_tmpl = $template_tab_display;

    if ($mode == 'thumb') {
        $theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => $aid == 'lastalb' ? $lang_album_list['album_on_page'] : $lang_thumb_view['pic_on_page']));
        $theme_thumb_tab_tmpl['inactive_tab'] = strtr($theme_thumb_tab_tmpl['inactive_tab'], array('{LINK}' => 'thumbnails.php?album=' . $aid . $cat_link . $uid_link . '&page=%d'));
        $theme_thumb_tab_tmpl['inactive_next_tab'] = strtr($theme_thumb_tab_tmpl['inactive_next_tab'], array('{LINK}' => 'thumbnails.php?album=' . $aid . $cat_link . $uid_link . '&page=%d'));
        $theme_thumb_tab_tmpl['inactive_prev_tab'] = strtr($theme_thumb_tab_tmpl['inactive_prev_tab'], array('{LINK}' => 'thumbnails.php?album=' . $aid . $cat_link . $uid_link . '&page=%d'));
    } else {
        $theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_thumb_view['user_on_page']));
        $theme_thumb_tab_tmpl['inactive_tab'] = strtr($theme_thumb_tab_tmpl['inactive_tab'], array('{LINK}' => 'index.php?cat=' . $cat . '&page=%d'));
        $theme_thumb_tab_tmpl['inactive_next_tab'] = strtr($theme_thumb_tab_tmpl['inactive_next_tab'], array('{LINK}' => 'index.php?cat=' . $cat . '&page=%d'));
        $theme_thumb_tab_tmpl['inactive_prev_tab'] = strtr($theme_thumb_tab_tmpl['inactive_prev_tab'], array('{LINK}' => 'index.php?cat=' . $cat . '&page=%d'));
    }

    $thumbcols = $CONFIG['thumbcols'];
    $cell_width = ceil(100 / $CONFIG['thumbcols']) . '%';

    $tabs_html = $display_tabs ? create_tabs($nbThumb, $page, $total_pages, $theme_thumb_tab_tmpl) : '';
    // The sort order options are not available for meta albums
    if ($sort_options) {
        $param = array('{ALBUM_NAME}' => $album_name,
            '{AID}' => $aid,
            '{PAGE}' => $page,
            '{NAME}' => $lang_thumb_view['name'],
            '{TITLE}' => $lang_thumb_view['title'],
            '{DATE}' => $lang_thumb_view['date'],
            '{SORT_TA}' => $lang_thumb_view['sort_ta'],
            '{SORT_TD}' => $lang_thumb_view['sort_td'],
            '{SORT_NA}' => $lang_thumb_view['sort_na'],
            '{SORT_ND}' => $lang_thumb_view['sort_nd'],
            '{SORT_DA}' => $lang_thumb_view['sort_da'],
            '{SORT_DD}' => $lang_thumb_view['sort_dd'],
            '{POSITION}' => $lang_thumb_view['position'],
            '{SORT_PA}' => $lang_thumb_view['sort_pa'],
            '{SORT_PD}' => $lang_thumb_view['sort_pd'],
            );
        // MOD - begin
$param['{ALBUM_NAME}'] .= '&nbsp;<a href="zip.php?aid=' . $aid . '" title="Download album as *zip archive">[ Download Album ]</a>';
// MOD - end
        $title = template_eval($template_thumb_view_title_row, $param);
    } else if ($aid == 'favpics' && $CONFIG['enable_zipdownload'] == 1) { //Lots of stuff can be added here later
       $param = array('{ALBUM_NAME}' => $album_name,
                             '{DOWNLOAD_ZIP}'=>$lang_thumb_view['download_zip']
                               );
       $title = template_eval($template_fav_thumb_view_title_row, $param);
    }else{
        $title = $album_name;
    }


    if ($mode == 'thumb') {
        starttable('100%', $title, $thumbcols);
    } else {
        starttable('100%');
    }

    echo $header;

    $i = 0;
    foreach($thumb_list as $thumb) {
        $i++;
        if ($mode == 'thumb') {
            if ($aid == 'lastalb') {
                $params = array('{CELL_WIDTH}' => $cell_width,
                    '{LINK_TGT}' => "thumbnails.php?album={$thumb['aid']}",
                    '{THUMB}' => $thumb['image'],
                    '{CAPTION}' => $thumb['caption'],
                    '{ADMIN_MENU}' => $thumb['admin_menu']
                    );
            } else {
                $params = array('{CELL_WIDTH}' => $cell_width,
                    '{LINK_TGT}' => "displayimage.php?album=$aid$cat_link&amp;pos={$thumb['pos']}$uid_link",
                    '{THUMB}' => $thumb['image'],
                    '{CAPTION}' => $thumb['caption'],
                    '{ADMIN_MENU}' => $thumb['admin_menu']
                    );
            }
        } else {
            $params = array('{CELL_WIDTH}' => $cell_width,
                '{LINK_TGT}' => "index.php?cat={$thumb['cat']}",
                '{THUMB}' => $thumb['image'],
                '{CAPTION}' => $thumb['caption'],
                '{ADMIN_MENU}' => ''
                );
        }
        echo template_eval($thumb_cell, $params);

        if ((($i % $thumbcols) == 0) && ($i < count($thumb_list))) {
            echo $row_separator;
        }
    }
    for (;($i % $thumbcols); $i++) {
        echo $empty_cell;
    }
    echo $footer;

    if ($display_tabs) {
        $params = array('{THUMB_COLS}' => $thumbcols,
            '{TABS}' => $tabs_html
            );
        echo template_eval($tabs, $params);
    }

    endtable();
    echo $spacer;
}
This is assuming that you are using CPG 1.4.13 - 1.4.16 with the Classic, RainyDay or Waterdops themes. I haven't tested it in other themes. Your theme may have some or all of this code in it already. If that's the case then search the code in your theme.php for:
Code: [Select]
$param = array('{ALBUM_NAME}' => $album_name,
            '{AID}' => $aid,
            '{PAGE}' => $page,
            '{NAME}' => $lang_thumb_view['name'],
            '{TITLE}' => $lang_thumb_view['title'],
            '{DATE}' => $lang_thumb_view['date'],
            '{SORT_TA}' => $lang_thumb_view['sort_ta'],
            '{SORT_TD}' => $lang_thumb_view['sort_td'],
            '{SORT_NA}' => $lang_thumb_view['sort_na'],
            '{SORT_ND}' => $lang_thumb_view['sort_nd'],
            '{SORT_DA}' => $lang_thumb_view['sort_da'],
            '{SORT_DD}' => $lang_thumb_view['sort_dd'],
            '{POSITION}' => $lang_thumb_view['position'],
            '{SORT_PA}' => $lang_thumb_view['sort_pa'],
            '{SORT_PD}' => $lang_thumb_view['sort_pd'],
            );
and immediately after that, insert this:
Code: [Select]
// MOD - begin
$param['{ALBUM_NAME}'] .= '&nbsp;<a href="zip.php?aid=' . $aid . '" title="Download album as *zip archive">[ Download Album ]</a>';
// MOD - end
As MoolFreet pointed out you can change the formatting of the URL in that snippet to use an icon image instead of text if you like.

# 6 ) Download the pclzip library from http://www.phpconcept.net/pclzip/index.php#download. Unzip it and and upload pclzip.lib.php to your CPG root.
# 7 ) You're done! If you want to test it just go to an album and click the download link on the top of the thumbnail view. If you want to test the security just set an album to anything except "everyone" in the album's properties, and then try to d/l it by changing the aid=123 portion of the zip url to the aid (album ID) number of the restricted gallery. You should see a white page with a red error message.

Known Limitations:

    * If you are logged in as admin you will still see the "Download Album" link, but if you click it permission will be denied. Personally I don't have any need to download a zip because I am the only one allowed to upload to my site.
    * As written ONLY albums with permission set to "Everyone" can be downloaded.
    * The coding of the error message is inelegant, but it works.
    * If you change themes you will need to do the same modifications to the theme.php of your new theme.

I am NOT a real coder. I struggled like hell to get this tiny bit of code to work. If you can improve it then feel free to do so. Hopefully something like this might make it into the next release of CPG. If you are using the "download favorites" function included in CPG you may be interested to know that it also allows the downloading of favorites without checking if the pic is in an album that is private  or not. However that script only downloads the files that are already present in favorites. That makes it less of a risk because if he can't see an album a user can't add an image to his favorites. I have not checked to see if it is possible to add to favorites by changing the url around.

Possible Modifications:

If you know some PHP you can change the security settings to suit your own setup. For instance you could change
Code: [Select]
 != '0'Into something like
Code: [Select]
 ==1That would allow albums of all levels except 1 to be downloaded. That has a serious drawback if you allow private albums for anyone except admins because you will have changed the code from protecting all albums except "everyone" viewable albums, to only protecting "admin" albums.

See the 3rd post in this topic for how to modify it to use the "registered users" group instead of "everyone"

You can also mess around with elseif statements to try and make it fit better with your setup. As a general rule it is easier and safer to disallow permissions than it is to grant them when dealing with multiple user groups.

The best way to handle security would be to check if the user was logged in and then check to see if he or his user group was allowed access to the album. However that is a lot more complex and not really something suitable for a quick hack/mod.

Enjoy!

  • New version 1.01 - Modified the zip.php so that the created archive removes the path. Files were being located inside albums/folder1/folder2/folder3, etc.
  • New version 1.1 - Modified to delete files in the defined zip folder that are older than 60 minutes. That should make it more useable by those with diskspace restrictions. Thanks to easyjava and Nibbler. Added readme.txt and updated the readme.html.
  • New version 1.2 - Modified to make the script compatible with servers where register_globals is turned off, as it should be. Thanks to VladiczeK for reporting the issue and Nibbler for providing the fix. Updated readme.txt and readme.html.
« Last Edit: May 04, 2010, 07:54:13 am by Joachim Müller »
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #1 on: October 28, 2007, 03:28:51 am »

I made a small change to zip.php to remove the path from the generated archive. No need to have the files 3 or folders deep. After extraction the files were inside albums/folder1/folder2/etc.

An entirely optional upgrade. If you want it just d/l the newer file securezip1.01.zip attached to the first post.

If you already installed the first version just overwrite the old zip.php with the new. If you haven't installed it before just use install as normal.

Regards
« Last Edit: October 29, 2007, 06:51:53 pm by erostew »
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #2 on: October 28, 2007, 03:50:36 am »

If you use the registered users group and don't want to allow unregistered users to d/l zips you can make the following changes to the install to suit your setup.

look in zip.php for:
Code: [Select]
if ($priv["visibility"] != '0') {and change it to:
Code: [Select]
if ($priv["visibility"] != '2') {
This will change the script to only allow albums with privileges set to "registered user" to be zip downloaded. Of course this means that "everyone" and "guests" will not be able to download.

In case you are wondering about the levels...
In cpgXXX_albums each album has a visibilty setting. 0 means everyone, 1 is admin only, 2 is registered user and 3 is guest user. Higher levels have the privileges of the lower level in addition to their own. Admins can access admin, registered, guest and everyone albums. Registered users can access registered, guest and everyone, etc. Everyone seems to be effectively the same as guest. I'm not sure about private user albums because I don't use those in my CPG.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
A note about server requirements.
« Reply #3 on: November 05, 2007, 12:27:01 pm »

Zipping an album places a fairly heavy burden on the server. Processing power isn't too big a deal. My server is about 3 years old and zipping a good size album is pretty fast. But it DOES take a good chunk of memory and it does use a lot of cpu cycles for that 5-10 seconds. You will probably have to adjust your settings a bit in php.ini to zip anything more than a small album.

I have memory usage set to 32M and I have successfully tested with an album of 174 pics in 1280x833. Total filesize of the zip was 20.63MB. I couldn't manage more than about 30 pics until I turned up the memory from 20M. If you are running on a shared server this mod may not be for you. You can still try it but your host is not likely to give you more memory usage for php. You might even get into trouble for using too many resources if you use this on a busy site.

I'd be interested to hear from anyone that does or does not get this mod to work on their server. Let me know what your settings are in php.ini. I think it's necessary to have the entire zipfile in memory plus a certain amount extra for overhead, but I could be wrong.

To Do: When the mod writes the file to disk it stays in whatever folder you have configured after sending the file to the user. I'd like to know if the pclzip class just writes over the file on the next request for that particular album, or if it just checks to see if anyfiles need to be added and appends or exits based on that. Not sure how to test it. The timestamp changes on the file so I think it just overwrites.

Might be a good idea to have a check to see if the file exists before passing the filelist to the class for zipping. It could save a lot of resources by not duplicating previously done work. But that would cause a problem with an album that gets new files sometimes. So it would have to be coded to check the contents of the zip and create/not create based on that. Pretty complex for a simple mod.

Also might be useful to delete the file after the user gets it, to save disk space. Done! Thanks to easyjava and Nibbler.

Also To Do: Check for compatibilty with CPG1.5 and possibly turn it into a plugin. I installed 1.5 for testing but unfortunately was not able to get the installation to work well enough to test anything. It installed OK but I was unable to save any settings for any of the config. I couldn't even turn on debug mode to try and find the problem. So I had to abandon that for the moment. But the good news is that CPG1.5 looks to be very nice indeed. I got 1.5 installed after a lot of trial/error but still haven't had a chance to test the mod. I have tested it with 1.5 and found it to be working. BUT I am not using the latest build.
Regards

Update: I have tested successfully now with an album of 343 photos. The zip file size was 36.7MB. So it seems that it ISN'T necessary for all the files/zip to be in memory to create the file for downloading. Cool! It's probably more a question of raising the allowed execution time in php.ini than the actual memory. Although I doubt you could get by with 8MB memory allowed.
« Last Edit: February 09, 2008, 08:26:45 pm by erostew »
Logged

easyjava

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 120
  • Be Tresh
Re: Download a Zipped Album With Basic Security
« Reply #4 on: January 03, 2008, 04:11:49 pm »

I  add a script for auto delete the older files.

zip.php

under
Code: [Select]
/* Write here the name of the folder  where the zip will be created */
$sFolderZip = "zipfiles/";
add
Code: [Select]
/* Auto déléstage */
$dir = opendir($sFolderZip);
while($filetodel = readdir($dir)) {
if(date("F d Y", filemtime($sFolderZip.$filetodel)) != date("F d Y")){
unlink($sFolderZip.$filetodel);
}
}
closedir($dir);

This will delete all files older than 1 day.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #5 on: January 03, 2008, 06:30:25 pm »

I  add a script for auto delete the older files.

This will delete all files older than 1 day.
Cool! I'll test it out and then add it into the script.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #6 on: January 04, 2008, 12:09:47 am »

I  add a script for auto delete the older files.

zip.php

under
Code: [Select]
/* Write here the name of the folder  where the zip will be created */
$sFolderZip = "zipfiles/";
add
Code: [Select]
/* Auto déléstage */
$dir = opendir($sFolderZip);
while($filetodel = readdir($dir)) {
if(date("F d Y", filemtime($sFolderZip.$filetodel)) != date("F d Y")){
unlink($sFolderZip.$filetodel);
}
}
closedir($dir);

This will delete all files older than 1 day.
Tried it out and files were deleted and created successfully but PHP gave the following error:
Code: [Select]
Warning: unlink(..) [function.unlink]: Is a directory in /home/lpath/to/file/zip.php on line 15line 15 is:
Code: [Select]
unlink($sFolderZip.$filetodel);after that I got the header already sent error because of the error sent to the browser already and the script outputted the zip file to the browser, without the correct header information, as a screenful of gibberish.

I'll see if I can figure out how to fix that before adding to the script. Might be because I'm using PHP4.
Logged

Nibbler

  • Guest
Re: Download a Zipped Album With Basic Security
« Reply #7 on: January 04, 2008, 12:11:45 am »

Use

Code: [Select]
if (!is_dir($sFolderZip.$filetodel)) unlink($sFolderZip.$filetodel);
Also, that date comparison is a little odd. Better to just compare timestamps.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #8 on: January 04, 2008, 12:22:21 am »

Use

Code: [Select]
if (!is_dir($sFolderZip.$filetodel)) unlink($sFolderZip.$filetodel);
Also, that date comparison is a little odd. Better to just compare timestamps.
That worked perfectly. Revised code:
Code: [Select]
$dir = opendir($sFolderZip);
while($filetodel = readdir($dir)) {
if(date("F d Y", filemtime($sFolderZip.$filetodel)) != date("F d Y")){
if (!is_dir($sFolderZip.$filetodel)) unlink($sFolderZip.$filetodel);
}
}
closedir($dir);

Maybe it would be better to just wildcard delete all the files in the folder and forget about date/time comparison?

Edit: Just answered my own question. If all files were deleted it could cause trouble if one user is still d/ling when another user starts a new d/l.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #9 on: January 04, 2008, 12:46:31 am »

Okay I got it working and changed from the date comparison to a simple timestamp check and deletion of any file more than 60 minutes old. Should allow plenty of time for d/ling a zip.
Code: [Select]
/* Begin Auto déléstage - Auto Delete stored zip files
// Comment out if for some reason you have problems  with this. Change seconds_old param to modify the gae of files that will be deleted.
// This will delete any files from the folder specified above that have a file creation date older than 3600 seconds (60 mins). */

$dir = opendir($sFolderZip);
$seconds_old = 3600;
while($filetodel = readdir($dir)) {
if(filemtime($sFolderZip.$filetodel) < (time()-$seconds_old)){
if (!is_dir($sFolderZip.$filetodel)) unlink($sFolderZip.$filetodel);
}
}
closedir($dir);
/* End Auto déléstage - Auto Delete stored zip files */
The original code by easyjava would have created problems around 0h00/12:00 AM because it wasn't actually checking the age of the file, only deleting any file that had a timestamp date before "today". That would include any file created at 23h59/11:59 PM, so would lead to problems with d/ls still in progress.

I'll update the zip.php in the first post asap. This has been included in the 1.1 zip.php downloadable from the first post. Thanks to easyjava and Nibbler!

« Last Edit: January 04, 2008, 08:53:37 am by erostew »
Logged

sabbia

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Download a Zipped Album With Basic Security
« Reply #10 on: January 04, 2008, 11:45:12 am »

Hi folks!
You really did a great job, I've just tried the 1.1 and it works fine.
I have two questions (unfortunately I'm only an user, I don't develop at all):

1) When I try to zip a very big album (over 300 Mb) I get an Internal Server Error. I have unlimited webspace, so I'm afraid it depends on my PHP.INI configuration (that my hosting provider doesn't let me to modify), but I'm not sure. What can I check to be sure?

2) It would be great if the security check

Code: [Select]
if ($priv["visibility"] != '0')

could be something like

Code: [Select]
if ($priv["visibility"] != 'THE_GROUP_NUMBER_I'M_LOGGED_IN_RIGHT_NOW')
It would let zip and download an album if it belongs to my group (not necessarely a default group like Admin - Registered - Guest etc... but a new one too)

Thanks a lot

Sabbia
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #11 on: January 04, 2008, 07:08:22 pm »

Hi folks!
You really did a great job, I've just tried the 1.1 and it works fine.
I have two questions (unfortunately I'm only an user, I don't develop at all):

1) When I try to zip a very big album (over 300 Mb) I get an Internal Server Error. I have unlimited webspace, so I'm afraid it depends on my PHP.INI configuration (that my hosting provider doesn't let me to modify), but I'm not sure. What can I check to be sure?

2) It would be great if the security check

Code: [Select]
if ($priv["visibility"] != '0')

could be something like

Code: [Select]
if ($priv["visibility"] != 'THE_GROUP_NUMBER_I'M_LOGGED_IN_RIGHT_NOW')
It would let zip and download an album if it belongs to my group (not necessarely a default group like Admin - Registered - Guest etc... but a new one too)

Thanks a lot

Sabbia
Zipping 300mb of files will probably never be possible under normal circumstances. You would need to raise the execution times in php.ini quite high and almost certainly raise the memory limit quite a bit also. Basically you could only do it on a dedicated server. I do have a dedicated server and I would never even consider trying it. It would slow things down to a standstill for everyone else while the file was being zipped. So while it is technically possible if you have access to your php.ini, it isn't something that I would recommend.

Read post 3 in this thread for some hints on modifying the user groups that can access the zip function. If I ever get the time to turn the mod into a plugin I will probably add the functionality you request. But it probably won't be anytime soon I'm afraid. I don't have that much free time to work on it. And I still have to learn a lot about coppermine and plugins before attempting it.

Regards.
Logged

easyjava

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 120
  • Be Tresh
Re: Download a Zipped Album With Basic Security
« Reply #12 on: January 05, 2008, 02:46:35 pm »

Okay I got it working and changed from the date comparison to a simple timestamp check and deletion of any file more than 60 minutes old. Should allow plenty of time for d/ling a zip.
Code: [Select]
/* Begin Auto déléstage - Auto Delete stored zip files
// Comment out if for some reason you have problems  with this. Change seconds_old param to modify the gae of files that will be deleted.
// This will delete any files from the folder specified above that have a file creation date older than 3600 seconds (60 mins). */

$dir = opendir($sFolderZip);
$seconds_old = 3600;
while($filetodel = readdir($dir)) {
if(filemtime($sFolderZip.$filetodel) < (time()-$seconds_old)){
if (!is_dir($sFolderZip.$filetodel)) unlink($sFolderZip.$filetodel);
}
}
closedir($dir);
/* End Auto déléstage - Auto Delete stored zip files */
The original code by easyjava would have created problems around 0h00/12:00 AM because it wasn't actually checking the age of the file, only deleting any file that had a timestamp date before "today". That would include any file created at 23h59/11:59 PM, so would lead to problems with d/ls still in progress.

I'll update the zip.php in the first post asap. This has been included in the 1.1 zip.php downloadable from the first post. Thanks to easyjava and Nibbler!



 ;)
Logged

VladiczeK

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Download a Zipped Album With Basic Security
« Reply #13 on: January 28, 2008, 02:17:24 am »

Hi, I've tried to mod my gallery in the same way as in this topic, but this error message is shown after execution of the link:
Code: [Select]
Notice: Undefined variable: aid in d:\www\fotky\zip.php on line 31
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

an you imagine wat is wrong??

Thx for reply...
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #14 on: January 28, 2008, 03:37:27 am »

Hi, I've tried to mod my gallery in the same way as in this topic, but this error message is shown after execution of the link:
Code: [Select]
Notice: Undefined variable: aid in d:\www\fotky\zip.php on line 31
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

an you imagine wat is wrong??

Thx for reply...
Can't be sure of the exact error but the variable $aid is defined in config.inc.php I believe. Either that file is corrupt or missing or it is possibly the wrong version. Make sure you are using the latest version of CPG and make sure that the config.inc.php file is located in the includes folder of your installation. Should be d:\www\fotky\include or something similar.

Seems you are using a windows server so you might want to try changing the line:
Code: [Select]
include ('include/config.inc.php');to
Code: [Select]
include ('d:\www\fotky\include\config.inc.php');
I'm not all that familiar with windows servers so that's about all the help I can give.
Logged

VladiczeK

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Download a Zipped Album With Basic Security
« Reply #15 on: January 28, 2008, 04:25:05 am »

Can't be sure of the exact error but the variable $aid is defined in config.inc.php I believe. Either that file is corrupt or missing or it is possibly the wrong version. Make sure you are using the latest version of CPG and make sure that the config.inc.php file is located in the includes folder of your installation. Should be d:\www\fotky\include or something similar.

Seems you are using a windows server so you might want to try changing the line:
Code: [Select]
include ('include/config.inc.php');to
Code: [Select]
include ('d:\www\fotky\include\config.inc.php');
I'm not all that familiar with windows servers so that's about all the help I can give.

So I tried your suggestions but still not works. Everything seems to be ok, table prefix defined in config.inc.php is the same as in database and changing absolute path gives the error as well. So it might be deeper problem :-/ But the favorites zip download works fine, and the zip download of entire albums was working for me earlier. I'm confused, maybe it's caused by some upgrade or new plug-in, million reasons possible, who knows.

Thx for the help anyway!
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #16 on: January 28, 2008, 08:48:53 am »

So I tried your suggestions but still not works. Everything seems to be ok, table prefix defined in config.inc.php is the same as in database and changing absolute path gives the error as well. So it might be deeper problem :-/ But the favorites zip download works fine, and the zip download of entire albums was working for me earlier. I'm confused, maybe it's caused by some upgrade or new plug-in, million reasons possible, who knows.

Thx for the help anyway!
About the only thing I can tell for sure is that mysql is getting an empty string instead of the variable and causing it to error out. So the fault is with php somewhere. Strange that it would work before and then quit. The favorites download uses a quite different method but is similar enough that you would think both should work. Oh well.

Maybe you can do a search in the forum for "undefined variable".
Logged

Nibbler

  • Guest
Re: Download a Zipped Album With Basic Security
« Reply #17 on: January 28, 2008, 09:02:57 am »

It's a coding error. You need to add in

Code: [Select]
$aid = (int) $_GET['aid'];

Somewhere near the top of the script.
Logged

erostew

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Download a Zipped Album With Basic Security
« Reply #18 on: January 28, 2008, 09:54:02 am »

It's a coding error. You need to add in

Code: [Select]
$aid = (int) $_GET['aid'];

Somewhere near the top of the script.
Actually $aid isn't defined in config.inc.php. That's for the database connections, etc.
My bad.
I'm too tired to remember where $aid is defined but it's used in multiple places in CPG. It isn't a variable that is specific to the zip.php script.
There shouldn't be a need to add any code for that or many parts of coppermine wouldn't work, no?

It seems likely that his problem is caused by a php setting change or maybe something as simple as a missing or extra character somewhere in one of the template files or in zip.php
I've had that kind of error before with other mods and scripts and it is always seems to be some little thing right in your face that you can't see.

Maybe replace the modified template files with the original ones and then redo the mod might work. Maybe delete and then reupload the zip.php also.
Logged

VladiczeK

  • Coppermine newbie
  • Offline Offline
  • Posts: 8
Re: Download a Zipped Album With Basic Security
« Reply #19 on: January 28, 2008, 03:09:39 pm »

It's a coding error. You need to add in

Code: [Select]
$aid = (int) $_GET['aid'];

Somewhere near the top of the script.

Yeah, this mod to mod work for me, thx2all!
Logged
Pages: [1] 2 3 4   Go Up
 

Page created in 0.036 seconds with 20 queries.