Displaying images using a script that checks permissions, demo link included Displaying images using a script that checks permissions, demo link included
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Displaying images using a script that checks permissions, demo link included

Started by Jan Vrsinsky, May 14, 2006, 08:45:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jan Vrsinsky

Here's a modification to CPG 1.4.5 for getting images using a script. I've seen dozens of posts on this issue but I haven't seen a real solution. So I've created my own.

Advantages of using a script for displaying images

  • After you log out, no one is able to access your restricted files
  • More secure than using .htaccess to check the referrer, which can be easily hacked by faking HTTP headers
  • In fact, there's no need of keeping the 'albums' folder visible anymore. You can deny the web access to it completely!

Downside

  • Slower (files need to pass through the script)

Thanks to omniscientdeveloper for his post http://forum.coppermine-gallery.net/index.php?topic=3069.0. I used his version of get_file.php but I've made it far more advanced. It checks for access rights now.

Disclaimer:

  • No warranty! Use at your own risk!
  • Modifies original CPG files! Be sure to make a backup first.
  • ***** Please post your questions and comments only to this thread. Do not ask the CPG support team for any help with this mod. *****

Installation:
All the files you need to replace in your CPG 1.4.5 installation:
http://test.janvrsinsky.com/php/cpghf/mod/mod.zip
(There is one extra file called get_file.php, which is used for displaying images.)

Examples:
A link to my test site where you can see how it works:
http://test.janvrsinsky.com/php/cpghf/index.php

For example, this is a link to a picture you will see even if you've logged out
http://test.janvrsinsky.com/php/cpghf/get_file.php?cat=-1&album=1&pos=1&size=normal

And you won't be able to see a picture at this link unless you log in to my test gallery
http://test.janvrsinsky.com/php/cpghf/get_file.php?cat=-2&album=2&pos=0&size=normal
(use test/test to log in)

The next action: I don't know PHP so I created the entire mod just by searching/copying/pasting. I'm a Java expert so I was able to follow the code but I'm sure I've made a couple of inefficiencies there. For example there is no need to fetch the URL of an image in the displayimage.php anymore, etc. It would also be nice if you could turn off this feature for certain albums and/or categories or at least for the entire gallery. So if anybody wants to enhance my idea in a way or use any part of it in a different mod, you're welcome!

A feature request?: It would be great if CPG developers could incorporate this mod to the CPG itself. That way, when a new version of CPG is installed, this feature would not be lost.

Any comments are welcome.

Joachim Müller

Thanaks for your mod, we'll look into it. As an alternative to replacing coppermine files with the ones from your mod, here's the "usual" way of posting mods (split over two postings due to posting size limitations):

edit catmgr.php, find$thumb_url = get_pic_url($picture, 'thumb');and replace with$thumb_url = get_pic_url2('', '', -$picture['pid'], 'thumb');


edit editpcis.php, find$thumb_url = get_pic_url($CURRENT_PIC, 'thumb');and replace with$thumb_url = get_pic_url2('', '', -$CURRENT_PIC['pid'], 'thumb');


edit index.php, find                    if (mysql_num_rows($result)) {
                        $picture = mysql_fetch_array($result);
                        mysql_free_result($result);
                        $pic_url = get_pic_url($picture, 'thumb');
and replace with                    if (mysql_num_rows($result)) {
                        $picture = mysql_fetch_array($result);
                        mysql_free_result($result);
                        //$pic_url = get_pic_url($picture, 'thumb');
                        $pic_url = get_pic_url2('', '', -$subcat['thumb'], 'thumb');
(replace two times!).

Then find$sql = 'SELECT a.aid, a.title, a.description, category, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;and replace with$sql = 'SELECT a.aid, a.title, a.description, category, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight, p.pid ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;

Next, find        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];

                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) {
            if ($count > 0) {
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                }
                $pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }
and replace with        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];

                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) {
            if ($count > 0) {
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                    $pic_url = get_pic_url2('', '', -$alb_thumb['pid'], 'thumb');
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                    $pic_url = get_pic_url2('', '', -$alb_stat['last_pid'], 'thumb');
                }
                //$pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }


Find$sql = 'SELECT a.aid, a.title, a.description, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;and replace with$sql = 'SELECT a.aid, a.title, a.description, visibility, filepath, ' . 'filename, url_prefix, pwidth, pheight, p.pid ' . 'FROM ' . $CONFIG['TABLE_ALBUMS'] . ' as a ' . 'LEFT JOIN ' . $CONFIG['TABLE_PICTURES'] . ' as p ' . 'ON a.thumb=p.pid ' . 'WHERE category=' . $cat . $album_filter . ' ORDER BY a.pos ' . $limit;

Finally, find        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];
                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) { //test for visibility
            if ($count > 0) { // Inserts a thumbnail if the album contains 1 or more images
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                }
                $pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }
and replace with        // Inserts a thumbnail if the album contains 1 or more images
        $visibility = $alb_thumb['visibility'];
                if (!in_array($aid,$FORBIDDEN_SET_DATA) || $CONFIG['allow_private_albums'] == 0) { //test for visibility
            if ($count > 0) { // Inserts a thumbnail if the album contains 1 or more images
                if ($alb_thumb['filename']) {
                    $picture = &$alb_thumb;
                    $pic_url = get_pic_url2('', '', -$alb_thumb['pid'], 'thumb');
                } else {
                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$alb_stat['last_pid']}'";
                    $result = cpg_db_query($sql);
                    $picture = mysql_fetch_array($result);
                    mysql_free_result($result);
                $pic_url = get_pic_url2('', '', -$alb_stat['last_pid'], 'thumb');
                }
                //$pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = getimagesize(urldecode($pic_url));
                    $picture['pwidth'] = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }



edit mdifyalb.php, find$thumb_url = get_pic_url($picture, 'thumb');and replace with$thumb_url = get_pic_url2('', '', -$picture['pid'], 'thumb');


edit profile.php, find$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body " . "FROM {$CONFIG['TABLE_COMMENTS']} AS c, {$CONFIG['TABLE_PICTURES']} AS p " . "WHERE msg_id='" . $lastcom_id . "' AND c.pid = p.pid";, replace with$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight, msg_author, UNIX_TIMESTAMP(msg_date) as msg_date, msg_body, p.pid " . "FROM {$CONFIG['TABLE_COMMENTS']} AS c, {$CONFIG['TABLE_PICTURES']} AS p " . "WHERE msg_id='" . $lastcom_id . "' AND c.pid = p.pid";

Then find$pic_url =  get_pic_url($row, 'thumb');and replace with$pic_url =  get_pic_url2('', '', -$row['pid'], 'thumb');

Next, find$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='" . $thumb_pid . "'";and replace with$sql = "SELECT filepath, filename, url_prefix, pwidth, pheight,pid " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='" . $thumb_pid . "'";

Finally, find$pic_url =  get_pic_url($picture, 'thumb');and replace with$pic_url =  get_pic_url2('', -$picture['pid'], 'thumb');

Joachim Müller

edit include/functions.inc.php, findfunction display_thumbnails($album, $cat, $page, $thumbcols, $thumbrows, $display_tabs)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;

        $thumb_per_page = $thumbcols * $thumbrows;
        $lower_limit = ($page-1) * $thumb_per_page;

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $lower_limit, $thumb_per_page);

        $total_pages = ceil($thumb_count / $thumb_per_page);

        $i = 0;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        $pic_url =  get_pic_url($row, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $i - 1 + $lower_limit;
                        $thumb_list[$i]['pid'] = $row['pid'];;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\"/>";
                        $thumb_list[$i]['caption'] = bb_decode($row['caption_text']);
                        $thumb_list[$i]['admin_menu'] = '';
                        $thumb_list[$i]['aid'] = $row['aid'];
                }
                theme_display_thumbnails($thumb_list, $thumb_count, $album_name, $album, $cat, $page, $total_pages, is_numeric($album), $display_tabs);
        } else {
                theme_no_img_to_display($album_name);
        }
}
and replace withfunction display_thumbnails($album, $cat, $page, $thumbcols, $thumbrows, $display_tabs)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;

        $thumb_per_page = $thumbcols * $thumbrows;
        $lower_limit = ($page-1) * $thumb_per_page;

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $lower_limit, $thumb_per_page);

        $total_pages = ceil($thumb_count / $thumb_per_page);

        $i = 0;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        //$pic_url =  get_pic_url($row, 'thumb');
                        $pic_url =  get_pic_url2($cat, $album, $key < 0 ? $key : $i - 1 + $lower_limit, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $i - 1 + $lower_limit;
                        $thumb_list[$i]['pid'] = $row['pid'];;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\"/>";
                        $thumb_list[$i]['caption'] = bb_decode($row['caption_text']);
                        $thumb_list[$i]['admin_menu'] = '';
                        $thumb_list[$i]['aid'] = $row['aid'];
                }
                theme_display_thumbnails($thumb_list, $thumb_count, $album_name, $album, $cat, $page, $total_pages, is_numeric($album), $display_tabs);
        } else {
                theme_no_img_to_display($album_name);
        }
}


Findfunction display_film_strip($album, $cat, $pos)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;
        $max_item=$CONFIG['max_film_strip_items'];
        //$thumb_per_page = $pos+$CONFIG['max_film_strip_items'];
        $thumb_per_page = $max_item*2;
        $l_limit = max(0,$pos-$CONFIG['max_film_strip_items']);
        $new_pos=max(0,$pos-$l_limit);

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $l_limit, $thumb_per_page);

        if (count($pic_data) < $max_item ){
                $max_item = count($pic_data);
        }
        $lower_limit=3;

        if(!isset($pic_data[$new_pos+1])) {
           $lower_limit=$new_pos-$max_item+1;
        } else if(!isset($pic_data[$new_pos+2])) {
           $lower_limit=$new_pos-$max_item+2;
        } else if(!isset($pic_data[$new_pos-1])) {
           $lower_limit=$new_pos;
        } else {
          $hf=$max_item/2;
          $ihf=(int)($max_item/2);
          if($new_pos > $hf ) {
             //if($max_item%2==0) {
               //$lower_limit=
             //} else {
             {
               $lower_limit=$new_pos-$ihf;
             }
          }
          elseif($new_pos <= $hf ) { $lower_limit=0; }
        }

        $pic_data=array_slice($pic_data,$lower_limit,$max_item);
        $i=$l_limit;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $hi =(($pos==($i + $lower_limit)) ? '1': '');
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        $pic_url =  get_pic_url($row, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $p=$i - 1 + $lower_limit;
                        $p=($p < 0 ? 0 : $p);
                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $p;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\" />";
                        $thumb_list[$i]['caption'] = $CONFIG['display_film_strip_filename'] ? '<span class="thumb_filename">'.$row['filename'].'</span>' : '';
                        $thumb_list[$i]['admin_menu'] = '';

                }
                return theme_display_film_strip($thumb_list, $thumb_count, $album_name, $album, $cat, $pos, is_numeric($album));
        } else {
                theme_no_img_to_display($album_name);
        }
}
and replace withfunction display_film_strip($album, $cat, $pos)
{
        global $CONFIG, $AUTHORIZED;
        global $album_date_fmt, $lang_display_thumbnails, $lang_errors, $lang_byte_units;
        $max_item=$CONFIG['max_film_strip_items'];
        //$thumb_per_page = $pos+$CONFIG['max_film_strip_items'];
        $thumb_per_page = $max_item*2;
        $l_limit = max(0,$pos-$CONFIG['max_film_strip_items']);
        $new_pos=max(0,$pos-$l_limit);

        $pic_data = get_pic_data($album, $thumb_count, $album_name, $l_limit, $thumb_per_page);

        if (count($pic_data) < $max_item ){
                $max_item = count($pic_data);
        }
        $lower_limit=3;

        if(!isset($pic_data[$new_pos+1])) {
           $lower_limit=$new_pos-$max_item+1;
        } else if(!isset($pic_data[$new_pos+2])) {
           $lower_limit=$new_pos-$max_item+2;
        } else if(!isset($pic_data[$new_pos-1])) {
           $lower_limit=$new_pos;
        } else {
          $hf=$max_item/2;
          $ihf=(int)($max_item/2);
          if($new_pos > $hf ) {
             //if($max_item%2==0) {
               //$lower_limit=
             //} else {
             {
               $lower_limit=$new_pos-$ihf;
             }
          }
          elseif($new_pos <= $hf ) { $lower_limit=0; }
        }

        $pic_data=array_slice($pic_data,$lower_limit,$max_item);
        $i=$l_limit;
        if (count($pic_data) > 0) {
                foreach ($pic_data as $key => $row) {
                        $hi =(($pos==($i + $lower_limit)) ? '1': '');
                        $i++;

                        $pic_title =$lang_display_thumbnails['filename'].$row['filename']."\n".
                                $lang_display_thumbnails['filesize'].($row['filesize'] >> 10).$lang_byte_units[1]."\n".
                                $lang_display_thumbnails['dimensions'].$row['pwidth']."x".$row['pheight']."\n".
                                $lang_display_thumbnails['date_added'].localised_date($row['ctime'], $album_date_fmt);

                        //$pic_url =  get_pic_url($row, 'thumb');
                        $pic_url =  get_pic_url2($cat, $album, $i-1+$lower_limit, 'thumb');
                        if (!is_image($row['filename'])) {
                                $image_info = getimagesize(urldecode($pic_url));
                                $row['pwidth'] = $image_info[0];
                                $row['pheight'] = $image_info[1];
                        }

                        $image_size = compute_img_size($row['pwidth'], $row['pheight'], $CONFIG['thumb_width']);

                        $p=$i - 1 + $lower_limit;
                        $p=($p < 0 ? 0 : $p);
                        $thumb_list[$i]['pos'] = $key < 0 ? $key : $p;
                        $thumb_list[$i]['image'] = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"{$row['filename']}\" title=\"$pic_title\" />";
                        $thumb_list[$i]['caption'] = $CONFIG['display_film_strip_filename'] ? '<span class="thumb_filename">'.$row['filename'].'</span>' : '';
                        $thumb_list[$i]['admin_menu'] = '';

                }
                return theme_display_film_strip($thumb_list, $thumb_count, $album_name, $album, $cat, $pos, is_numeric($album));
        } else {
                theme_no_img_to_display($album_name);
        }
}


Find?>and replace withfunction& get_pic_url2($cat, $album, $pos, $mode) {
return 'get_file.php?cat='.$cat.'&album='.$album.'&pos='.$pos.'&size='.$mode;
}
?>



Edit include/slideshow.inc.php, find    if (is_image($picture['filename'])) {
        if ($CONFIG['make_intermediate'] && $condition ) {
            $picture_url = get_pic_url($picture, 'normal');
        } else {
            $picture_url = get_pic_url($picture, 'fullsize');
        }
and replace with    if (is_image($picture['filename'])) {
        if ($CONFIG['make_intermediate'] && $condition ) {
            //$picture_url = get_pic_url($picture, 'normal');
            $picture_url = get_pic_url2($_GET['cat'], $_GET['album'], $i, 'normal');
        } else {
            //$picture_url = get_pic_url($picture, 'fullsize');
            $picture_url = get_pic_url2($_GET['cat'], $_GET['album'], $i, 'fullsize');
        }



edit include/themes.inc.php, findif (!function_exists('theme_html_picture')) {  //{THEMES}
function theme_html_picture()
{
    global $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;
and replace withif (!function_exists('theme_html_picture')) {  //{THEMES}
function theme_html_picture()
{
    global $cat, $pos, $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;


Find    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }
and replace with    if ($CONFIG['make_intermediate'] && $condition ) {
        //$picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
        $picture_url = get_pic_url2($cat, $album, $pos, 'normal');
    } else {
        //$picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
        $picture_url = get_pic_url2($cat, $album, $pos, 'fullsize');
    }


Then find// Display the full size image
if (!function_exists('theme_display_fullsize_pic')) {  //{THEMES}
function theme_display_fullsize_pic()
{
    global $CONFIG, $THEME_DIR, $ALBUM_SET;
and replace with// Display the full size image
if (!function_exists('theme_display_fullsize_pic')) {  //{THEMES}
function theme_display_fullsize_pic()
{
    global $cat, $album, $pos, $CONFIG, $THEME_DIR, $ALBUM_SET;


Finally, find    $row = mysql_fetch_array($result);
    $pic_url = get_pic_url($row, 'fullsize');
    $geom = 'width="' . $row['pwidth'] . '" height="' . $row['pheight'] . '"';
    $imagedata = array('name' => $row['filename'], 'path' => $pic_url, 'geometry' => $geom);
    }
and replace with    $row = mysql_fetch_array($result);
    //$pic_url = get_pic_url($row, 'fullsize');
    $pic_url = get_pic_url2($cat, $album, $pos, 'fullsize');
    $geom = 'width="' . $row['pwidth'] . '" height="' . $row['pheight'] . '"';
    $imagedata = array('name' => $row['filename'], 'path' => $pic_url, 'geometry' => $geom);
    }


Warning: code in include/themes.inc.php may be overridden by theme code. Theme code possibly needs editing as well.

reindeer

Quote from: GauGau on May 14, 2006, 10:49:55 PM
Thanaks for your mod, we'll look into it. As an alternative to replacing coppermine files with the ones from your mod,
here's the "usual" way of posting mods (split over two postings due to posting size limitations):

Ok, the links for the mod.zip and to the gallery are dead, does anyone have these stored somewhere?

http://test.janvrsinsky.com/php/cpghf/mod/mod.zip

http://test.janvrsinsky.com/php/cpghf/index.php

Can this mod still be installed using GauGau's find & replace method?

I just installed CPG v1.4.10 (stable) and THIS is the mod I really need. I find it quite strange that "hotlinking" or "direct url access" is NOT
handled by the CPG v1.4.x gallery software itself, why is this the case? (I also recall this is the case with g2 software and thats why I switched to CPG)

I mean, making all the groups/users/passwords but then, a direct link like www.mydomain.com/photos/album/secret/01.jpg can be viewed by anyone?  ::)

Using .htaccess protection is not the way to go, as stated, as this can be circumvented by spoofed HTTP referers, as I read.

Is it possible to check that does a certain user/pass combination have/have not ,the rights to access an album and it's content?

As I am not a developer, i have limited knowledge of what can be implemented, so any feedback would be good!




Here are the posts that I have found in this board about this subject:

Coppermine-gallery.net > No Support > Modifications/Add-Ons/Hacks -> http://forum.coppermine-gallery.net/index.php?board=78.0

Coppermine-gallery.net > Support > cpg1.4.x Support > cpg1.4 permissions > http://forum.coppermine-gallery.net/index.php?topic=38436.0]

eK3eKyToPa

As I see noone work on this mod anymore, but i needed exactly this for my gallery,
The only thing that is missing is get_file.php that will check the access rights
So please if someone is able to get it here
Thanks!

Joachim Müller

Quote from: reindeer on February 20, 2007, 02:56:19 AM
Ok, the links for the mod.zip and to the gallery are dead, does anyone have these stored somewhere?
Yes, in the initial posting on this thread the mod file is attached.

Quote from: reindeer on February 20, 2007, 02:56:19 AM
Can this mod still be installed using GauGau's find & replace method?
You tell us.


Quote from: reindeer on February 20, 2007, 02:56:19 AMI just installed CPG v1.4.10
Now that's really silly. Most recent stable release is cpg1.4.25. Installing such an ancient, outdated version as cpg1.4.10 is not an option unless you want to see your site hacked in no time.


Quote from: reindeer on February 20, 2007, 02:56:19 AMUsing .htaccess protection is not the way to go, as stated, as this can be circumvented by spoofed HTTP referers, as I read.

Is it possible to check that does a certain user/pass combination have/have not ,the rights to access an album and it's content?

As I am not a developer, i have limited knowledge of what can be implemented, so any feedback would be good!
Use coppermine's built in authentification methods - they should be sufficient for you. No need for any mods imo, especially if you have little to no idea what you're doing.