How to Upload images to DB? How to Upload images to DB?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to Upload images to DB?

Started by UltraMagnus, October 12, 2004, 06:52:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

UltraMagnus

Does coppermine have this ability?  Is this what the mod_limit_files is for? (I could not see what that mod did as there is no documentation or readme.)  I do not want non-members to crawl the image directories.  Thanks for your time.

Satyr

I recommend to put a empty index.html in the image-directory, so a browsing is not possible anymore.  ;)
Or ask your provider if he can set this off.

On my server, if a visitor tries to browse a directory he receives a 403 (forbidden) - error.   ;D
Kein Support über PN. Bitte im Forum posten, dann ist anderen auch geholfen.

http://www.gothicmodels.net/gothicmodels/gallery/

Testuser: Test23 PW: 123456

Tranz

Better yet, set up an .htaccess file to prevent indexing. Creating and keeping track of index files in all those image directories will get cumbersome. It would be dependent upon your host allowances if you can use .htaccess.

UltraMagnus

#3
So that hack (limit files) is not for database file upload?  I am just noticing on commercial websites, you cannot right click on photos and on some of the newer ones, the properties of the photo does not show where it is located on the server.  Instead I see Input tags or post.  Here is an example:

photo.php?photo=44

As it stands now, users will be able to link to the pictures in my gallery an steal my bandwidth :/

Satyr

To prevent hotlinking, put the following htaccess to your albums-directory:

Post the following content in a textfile and rename it on the webserver to .htaccess. (works only on unix-hosts)
Replace yourdomain and .net with your domain. ;)


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.net(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.net(/.*)?$ [NC]
RewriteRule \.(gif|jpg|GIF|JPG)$ http://www.yourdomain.net/nohotlink.gif [R,L]


Then make a gif with a text like "no hotlink please" and put it on the webserver, watch for the correct path.


Disabling right-click is only possible in Internet Explorer and with Javascript, so forget this.
Kein Support über PN. Bitte im Forum posten, dann ist anderen auch geholfen.

http://www.gothicmodels.net/gothicmodels/gallery/

Testuser: Test23 PW: 123456

UltraMagnus

Okay, looks like I need ot find a host on Unix.  I am on IIS right now.  Is it also possible to have the pictures in a hidden directory that is not public, but the php script has access to (since .htaccess and javascript are not options)?

BTW, thanks for the help and the fast replies.

Satyr

Yes, and look that you have apache-webserver, then htaccess works only with apache, i forgot to say. ^^

More about htaccess:
http://www.freewebmasterhelp.com/tutorials/htaccess/2   or just search Google;)

For your question: Sorry for IIS i don't know any solution for this. :(
Kein Support über PN. Bitte im Forum posten, dann ist anderen auch geholfen.

http://www.gothicmodels.net/gothicmodels/gallery/

Testuser: Test23 PW: 123456

Tranz

If you need a Coppermine-friendly host, check out mine: Lunarpages. It lets you edit not just .htaccess but php.ini if you want to change max file size, etc. It's also easier for me to help people out when I know their host settings and capabilities.

UltraMagnus

still, though....any solution to store photos securely?

Tranz

#9
You must disable directory listing and direct access and enable hotlink protection. Another thing to do is store the images outside of the web directory, but that would require some re-writing of the code so that CPG could access the files. Also, watermark them.

The image files are still going to be in the browser cache. There is no 100% secure way to deal with photos online except not to put them online.

UltraMagnus

yeah, I know.  I just want to make it as difficult as possible  ;)

Thanks for all of the help though.

Is it going to be hard for me to recode the pages to find a directory outside of the web directory?  This sounds like my best option.

Tranz

I wonder if we used '..' to indicate going up a directory in the configuration for the album directory, there would be no need to change the code.

UltraMagnus

That is what I was thinking.  I will try it out when I get on the server tonight.

Joachim Müller

you can't  store pics outside of the webfolder - as soon as it's visible in the browser, you can steal it. On IIS, you (or rather: your webhost) can easily disable indexing with one click.

This discussion is leading nowhere: if you don't want users to steal your pics, don't post them on the internet - all other methods are just plainly silly. This is "by design", the nature of the www works this way.

Storing the pics in the db (as blob) wouldn't help either (is not possible with coppermine anyway).

Joachim

demo

I did not find this useless.  I thought it was very informative.  I also learned how to stop hot linking.  That was a big help, too.  Thanks everyone (and I got the ../ to work for those people who are familiar with the cpg directory structure).