Full-Size & Intermediate Photos Access Control Full-Size & Intermediate Photos Access Control
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Full-Size & Intermediate Photos Access Control

Started by Paver, December 12, 2005, 07:06:32 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Paver

Note: This post gives the most recent version of this plugin.  The original post that announced the first release of this plugin is provided below the version list.

This plugin allows you to control access to the full-size and intermediate photos/files by usergroup.  Versions 1.2 and earlier only control the full-size photo.  Versions 1.3 and later include intermediate photo/file control.  You may read the CHANGELOG included with the plugin to follow the development, as well as read this thread.

Full-size photo restriction is done by removing the link on the intermediate (displayimage.php) page.  Note that users can still access the full-size photos by guessing & typing in the URL to the file directly into their web browsers  (which avoids Coppermine completely).  You must use some sort of hot-linking protection (described in other threads) to stop such access.  This plugin only restricts access through Coppermine.

Intermediate photo/file restriction is done by removing the link on the corresponding thumbnail and also by denying access to the intermediate page for the file.  Once again, the full-size and intermediate files can still be accessed by typing in the direct URL to the files (which avoids Coppermine completely).

Version 1.0 is the initial release and is described at the bottom of this post.
Version 1.1 is described in this post below.
Version 1.1b is a bug-fix.  I mistakingly hard-coded the config table in 2 queries.
Version 1.2 is described in this post below.
Note: Even though the filename says 1.4.2, this plugin works with the entire 1.4.x series.
Version 1.3 is described in this post below.  The main addition is the control of intermediate images.  Versions prior to 1.3 only controlled the full-size images.
Version 1.4 is described in this post below.  This version includes an option to control images only and a message hover/box for the intermediate file control.



Original posting (for version 1.0):
Here's my first plugin contribution.  It's very simple.  You select which groups you allow to access full-size photos and it does the access validation for you.  This access control is gallery-wide, no choices for categories or albums.  You configure the groups on installation.  If you want to change this, uninstall and re-install.  (I hope there's a plan to add a "configure" button to installed plugins so that the configure function can be run after installation.  Yes I could put together an admin page for the plugin but it seems to me that a simple configure button would be useful and logical and easy to implement.)

This plugin takes a scorched-earth method of filtering the <img src> tag; it kills all other tags (and then blanks out the alt attribute appropriately).

A few thoughts I had while writing this plugin:

  • If groupmgr.php had a plugin hook, I could add a "allow full-size access" setting there.
  • I assume it's OK to add plugin config settings to 'cpg_config'.  It seems to me that configuration settings for plugins belong there, with maybe the caveat that the names should be prefixed by "plugin_" and then the shortplugin name (as I did).  If people agree, I think this guideline for config settings should go on the guideline list in the sticky thread above.
  • The 'file_data' filter is only used in themes.inc.php (so the following discussion is not relevant in this case) but I was wondering if it's possible for the plugin function to figure out which function or script called the plugin function.  Besides searching passed parameters for certain patterns, it seems to me that knowing from whence the plugin function was called might be useful.
  • Finally, I haven't yet figured out the advantages or disadvantages of using the 'uninstall' action versus using the 'cleanup' action.  Any tips on that?



Versions 1.2 and 1.4 of the plugin are available for download below.

[Edited By Sami]:
Minor Bug fix
There is a minor template bug on both version of this plugin,
position of intermediate image get little messy
to fix this problem you need to edit codebase.php and change

$cpicdata['html'] = strip_tags($cpicdata['html'],'<img>');


to this


$cpicdata['html'] = strip_tags($cpicdata['html'],'<img><br>');

imrich

Nice! Thanks for doing this. I'm sure that many people will like it.

I'll take a look at it to see how it works. From your text it appears that there is no control via the groups admin panel. It would be nice to alllow control this way so different options could be set for the different classes of users and administered easily without having to 'install/uninstall'.

It appears that most of the plug-ins are being supported on this other board: http://cpg-contrib.org/board/index.php  I'm still trying to catch up on what's there.

Thanks again!

Paver

#2
You're welcome.  As I said, right now there is no way to re-configure a plugin without setting up a custom admin page for each plugin which I would prefer to avoid since you can imagine having 10 extra admin pages (with associated buttons on the admin menu) for 10 plugins.  Yes, it would be very easy for me to do this and I will do so if you find that you are re-configuring the access control often.  And there's also no way to modify the group manager page without hacking it, which I want to avoid doing since that negates the usefulness (and sanity) of a plugin.

One suggestion I have is to create a new group called something like "FullSizePhotosAllowed".  Install the plugin and check off this group only.  Then, on the User Manager page, check off all the users you want and at the bottom, select "With Selected: Add secondary membergroup", then choose that group.  When you want to add more users, check off only the new users, and "Add secondary membergroup".  It's an add process, so you don't have to check everything off each time.  To remove users, you'll have to go to each user's page and uncheck that group from their secondary membergroup list.  Hmm... a option to "With Selected: Remove secondary membergroup" might be useful, wouldn't it?

Paver

#3
I just added version 1.1 of this plugin in the first post above.  I noticed a thread on the freelance board (http://forum.coppermine-gallery.net/index.php?topic=24594.0) that seemed simple to add on to this plugin so I did.  With the new addition, you can now require users to comment on a photo before they are able to view the full-size photo.  I'm not sure if this is exactly what Roadster wanted in that thread mostly because I'm not sure why such a user control would be useful.  In any case, there it is.  This new condition can be ANDed or ORed onto the group requirement.

imrich

I don't quite see the need to force a comment, but some people may like it.

Suggestion, how about adding a configuration control for your plug in to allow this as well as which groups have access to be controlled by it's own configuration panel since there is no way to add to the groups permission managment panel?

Take a look at the CPGMark plug-in, it has it's own configuration panel.

imrich

I'd also like to clarify (or modify) my suggestion.

I'd like to be able to control which albums (or categories) can be viewed by group.  This would be the ultimate control! :)

Since the group permissions admin panel seemed to have the ability to control access by group, I thought the two would go together. But I suppose that's not a good assumption! ;)

kavuday

Quote from: imrich on December 14, 2005, 11:09:51 PM
I'd like to be able to control which albums (or categories) can be viewed by group.  This would be the ultimate control! :)

Agreed!  Adding this feature would be the icing on the cake.  Hope it can be done.

Paver

You know, you effectively already have this control when using my current plugin.  It's not slick but it does work. 
* Set up a group
* Choose which albums are viewable by the group
* Set up permission for this group with my plugin
* Repeat for each set of albums you want to control

But, yes, I agree it could be more intuitive:  I want this person or group to view this album or category and to be able/not able to view the full-sized photos.  I'm learning how to write plugins and set things up the way I want for my own family's site and in the process contribute back to this excellent project.  Your requests have been noted and I am thinking about ways to answer them in an organized and extensible way (so I can apply them to other plugins).  I will see what I can do. 

But it does seem to me that you have the functionality you requested already, just not in a friendly interface.  If I am not correct, please let me know so I can understand exactly what you are suggesting.

imrich

Thanks for your work on this. It appears to be working well.

It's not so bad to have the configuration of which groups have full size access done at install time. But it would be nicer if you can create a configuration panel for it similar to what CPGMark has.

Here's another minor suggestion. When someone does not have access to view full size, provide for the option of a message which will be displayed. Something like, "Sorry, you must be logged in and a member of the 'family' group to view view full sized images.".  If this message was configurablle (Display message, or Don't display message), I think this plug in would be even more useful to others.

An additional step may also be to control viewing of intermediate files too.  This way this plug in could provide almost ultimate control:

1) control of intermediate images by group
2) control of full size images by group

I don't know how important it may be to some people to have the control of intermediate images to be by different groups than full size images.

I'm so glad that coppermine has plug-ins now ;D. Previously it was a pain to upgrade if mods were made. Plug-ins will make coppermine a much better tool!  At one time I was going to ask if anyone ever created a tool like phpbb has called "EasyMod", which would help a lot, but plug-ins are much better in the long run if they allow enough hooks in the core code to do what is needed.

imrich

Here's my first bug report for you, sorry! :)

My gallery has some video's as well as images.

With this installed, users were not able to see the videos. These video's have a thumbnail which I created, but when the user clicks on the thumbnail to view the video, there's just s small square displayed, but no video!  Admin and those with rights to view full size could see the video ok.

Since videos have no 'intermediate' file, they only are 'full size' so to speak. My guess is that any other document type besides images may also have this problem.

I had to 'un-install' this plug in for now.

mche

It would be nice to add user notification or somethig else for users that not loged in that thay can see full size pictures.
Now anonimous users don't suspect pictures have full size

blablabla

Works great, but I would also like to see some kind of notification that there are full size pictures

Paver

Ok, I've released version 1.2 of this plugin.  The plugin is attached to the first message above.

  • fixed error with non-image files; now plugin only validates image files - others are left alone
  • added language support by moving all text (config & user) to lang/english.php
  • added tooltip notification that full-size image exists to logged-in and anonymous users
  • added configuration panel accessible from button on admin config toolbar
  • installation now does not involve configuration; default params are added as records to the config table
  • updates to configuration are now logged in Coppermine if admin log setting is set
  • added 'plugin manager' button to configuration panel for easy (and logical placement for) uninstall

I wasn't sure what sort of notification is best.  Do you want people who are not currently allowed to view the full-size photos to ask you for permission?  Do you really want to list the allowed groups in the notification message as mentioned above?  If someone is not logged in, how do you know when they log in, they will be in the correct group to view full-size images?  Do you want a message box to pop up?  Do you want a mouse hover box?  What I added here is fairly vague and general.  I added a simple message in a tooltip for the intermediate image.  The message is different for anonymous and logged-in users.  You can set each message in the configuration panel.

For other languages, use the lang/english.php as a guide and create your own language file.  The labels and comments may not be completely clear (mostly due to the fact that this plugin is still pretty raw).  Use the plugin to see which is which.  If you want to share your language file with others, attach it here and I'll add it to the plugin package.

As I said before, I prefer to avoid adding a separate config button for every single plugin installed.  Of course, I do see the use of such a panel.  But I would like it to be accessible from a single "Plugin Config" button.  I'll probably put one together sometime and see if others agree once they see it in action.  (something akin to the current config drop-down table but for plugins)

Please give me feedback.  I think I tested the plugin thoroughly but I might have missed something.

scottycdl

Will this plug-in work with version 1.4.3?

Nibbler

It is flagged as working for CPG1.4.x

Paver

scottycdl: If you are curious why "Coppermine 1.4.2 Plugin" is listed in each of the plugin files, that's because I didn't think ahead for future 1.4.x versions.  I removed that text in my own copy of the plugin and the next version (whenever that is) will not have that text.  Using the tag on this thread is a good way to flag the version.

scottycdl

Okie Dokie. Thanks

Clearly you're a PHP wizard....... how about this, then: member 'timers' that can be set for users such as an expiry time. If I want to offer a 10 day trial, I can add these users to the trial group, and their membership will expire after --- yep, 10 days.

This could be done for a month, year, half-year or whatever is required. This way, I don't need to manually check users' accounts. ONce their time is up, their accounts are locked out. Sound good? Is this even possible?

I have no clue. I just wrestle with the stuff, it is all Greek to me...... but it would be a nice feature, especially for me.

Regards, and thanks for the reply.

ps - I am finding version 143 *so* much better than previous versions and I really like the BLACKBIRCH theme. Right now, I am hoping to incorporate an SWF file on the homepage. I mananged to get an image there, so why not an embedded movie?

Link is http://www.pdistudios.com/cpg143/index.php

Paver

You're welcome. 

If you are asking about expirations for full-size photo access, then that is relevant to this plugin and I will consider it.  If you are asking for accounts to expire, that's an issue for a separate thread, in the "Feature Requests" forum.  Please keep to one question/request per thread.  If your P.S. includes a question, the same applies.

scottycdl

Is there an idiot's guide to installing this plug in?

Do I dump it directly into the root of my PLUGIN folfer, or must I create a subfolder for it and then point the app to that folder?

I have not installed plug-ins (or anything else) before and would like to give this one a try

Many thanks

-Scotty -

Joachim Müller

extract the zip into your plugin folder, preserving the folder structure in the zip file. This way, a sub-folder within the plugin folder will be created and populated with the needed files. Then go to your plugin manager and install the plugin by clicking the "i" button next to it.