How to Upload images to DB?

[UltraMagnus]

Does coppermine have this ability?  Is this what the mod_limit_files is for? (I could not see what that mod did as there is no documentation or readme.)  I do not want non-members to crawl the image directories.  Thanks for your time.

[Satyr]

I recommend to put a empty index.html in the image-directory, so a browsing is not possible anymore. 
Or ask your provider if he can set this off.

On my server, if a visitor tries to browse a directory he receives a 403 (forbidden) - error.   

[Tranz]

Better yet, set up an .htaccess file to prevent indexing. Creating and keeping track of index files in all those image directories will get cumbersome. It would be dependent upon your host allowances if you can use .htaccess.

[UltraMagnus]

So that hack (limit files) is not for database file upload?  I am just noticing on commercial websites, you cannot right click on photos and on some of the newer ones, the properties of the photo does not show where it is located on the server.  Instead I see Input tags or post.  Here is an example:

photo.php?photo=44

As it stands now, users will be able to link to the pictures in my gallery an steal my bandwidth :/

[Satyr]

To prevent hotlinking, put the following htaccess to your albums-directory:

Post the following content in a textfile and rename it on the webserver to .htaccess. (works only on unix-hosts)
Replace yourdomain and .net with your domain.

Code Select Expand


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.net(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.net(/.*)?$ [NC]
RewriteRule \.(gif|jpg|GIF|JPG)$ http://www.yourdomain.net/nohotlink.gif [R,L]


Then make a gif with a text like "no hotlink please" and put it on the webserver, watch for the correct path.


Disabling right-click is only possible in Internet Explorer and with Javascript, so forget this.

[UltraMagnus]

Okay, looks like I need ot find a host on Unix.  I am on IIS right now.  Is it also possible to have the pictures in a hidden directory that is not public, but the php script has access to (since .htaccess and javascript are not options)?

BTW, thanks for the help and the fast replies.

[Satyr]

Yes, and look that you have apache-webserver, then htaccess works only with apache, i forgot to say. ^^

More about htaccess:
http://www.freewebmasterhelp.com/tutorials/htaccess/2   or just search Google. 

For your question: Sorry for IIS i don't know any solution for this.

[Tranz]

If you need a Coppermine-friendly host, check out mine: Lunarpages. It lets you edit not just .htaccess but php.ini if you want to change max file size, etc. It's also easier for me to help people out when I know their host settings and capabilities.

[UltraMagnus]

still, though....any solution to store photos securely?

[Tranz]

You must disable directory listing and direct access and enable hotlink protection. Another thing to do is store the images outside of the web directory, but that would require some re-writing of the code so that CPG could access the files. Also, watermark them.

The image files are still going to be in the browser cache. There is no 100% secure way to deal with photos online except not to put them online.

[UltraMagnus]

yeah, I know.  I just want to make it as difficult as possible  

Thanks for all of the help though.

Is it going to be hard for me to recode the pages to find a directory outside of the web directory?  This sounds like my best option.

[Tranz]

I wonder if we used '..' to indicate going up a directory in the configuration for the album directory, there would be no need to change the code.

[UltraMagnus]

That is what I was thinking.  I will try it out when I get on the server tonight.

[Joachim Müller]

you can't  store pics outside of the webfolder - as soon as it's visible in the browser, you can steal it. On IIS, you (or rather: your webhost) can easily disable indexing with one click.

This discussion is leading nowhere: if you don't want users to steal your pics, don't post them on the internet - all other methods are just plainly silly. This is "by design", the nature of the www works this way.

Storing the pics in the db (as blob) wouldn't help either (is not possible with coppermine anyway).

Joachim

[demo]

I did not find this useless.  I thought it was very informative.  I also learned how to stop hot linking.  That was a big help, too.  Thanks everyone (and I got the ../ to work for those people who are familiar with the cpg directory structure).