Prevent downloading of pics - transparent gif overlay - Page 2 Prevent downloading of pics - transparent gif overlay - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Prevent downloading of pics - transparent gif overlay

Started by Stramm, July 12, 2006, 09:43:57 AM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Stramm

that's the overlay thingie for the MODPACK that doesn't open the fullsized but the next pic when clicking on the intermediate image.

I've commented every change I did for the next pic mod so it should be pretty easy to port that to the non modpack version

function theme_html_picture()
{
    global $CONFIG, $CURRENT_PIC_DATA, $CURRENT_ALBUM_DATA, $USER;
    global $album, $comment_date_fmt, $template_display_media;
    global $lang_display_image_php, $lang_picinfo, $mime_content;

    //mod next pic
    global $pos;
//end mod

    $pid = $CURRENT_PIC_DATA['pid'];
    $pic_title = '';

    if (!isset($USER['liv']) || !is_array($USER['liv'])) {
        $USER['liv'] = array();
    }
    // Add 1 to hit counter
    if (!USER_IS_ADMIN && !in_array($pid, $USER['liv']) && isset($_COOKIE[$CONFIG['cookie_name'] . '_data'])) {
        add_hit($pid);
        if (count($USER['liv']) > 4) array_shift($USER['liv']);
        array_push($USER['liv'], $pid);
    }

    if($CONFIG['thumb_use']=='ht' && $CURRENT_PIC_DATA['pheight'] > $CONFIG['picture_width'] ){ // The wierd comparision is because only picture_width is stored
      $condition = true;
    }elseif($CONFIG['thumb_use']=='wd' && $CURRENT_PIC_DATA['pwidth'] > $CONFIG['picture_width']){
      $condition = true;
    }elseif($CONFIG['thumb_use']=='any' && max($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight']) > $CONFIG['picture_width']){
      $condition = true;
    }elseif($CONFIG['thumb_use']=='ex' && max($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight']) > $CONFIG['picture_width']){
      $condition = true;
    }else{
     $condition = false;
    }

    if ($CURRENT_PIC_DATA['title'] != '') {
        $pic_title .= $CURRENT_PIC_DATA['title'] . "\n";
    }
    if ($CURRENT_PIC_DATA['caption'] != '') {
        $pic_title .= $CURRENT_PIC_DATA['caption'] . "\n";
    }
    if ($CURRENT_PIC_DATA['keywords'] != '') {
        $pic_title .= $lang_picinfo['Keywords'] . ": " . $CURRENT_PIC_DATA['keywords'];
    }

    if (!$CURRENT_PIC_DATA['title'] && !$CURRENT_PIC_DATA['caption']) {
        template_extract_block($template_display_media, 'img_desc');
    } else {
        if (!$CURRENT_PIC_DATA['title']) {
            template_extract_block($template_display_media, 'title');
        }
        if (!$CURRENT_PIC_DATA['caption']) {
            template_extract_block($template_display_media, 'caption');
        }
    }

    $CURRENT_PIC_DATA['menu'] = html_picture_menu(); //((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0) || GALLERY_ADMIN_MODE) ? html_picture_menu($pid) : '';

    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }

    //$image_size = compute_img_size($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight'], $CONFIG['picture_width']);
    $image_size = compute_img_size($CURRENT_PIC_DATA['pwidth'], $CURRENT_PIC_DATA['pheight'], $CONFIG['picture_width'], "normal");

    $pic_title = '';
    //$mime_content = cpg_get_type($CURRENT_PIC_DATA['filename']);


    if ($mime_content['content']=='movie' || $mime_content['content']=='audio') {

        if ($CURRENT_PIC_DATA['pwidth']==0 || $CURRENT_PIC_DATA['pheight']==0) {
            $CURRENT_PIC_DATA['pwidth']  = 320; // Default width

            // Set default height; if file is a movie
            if ($mime_content['content']=='movie') {
                $CURRENT_PIC_DATA['pheight'] = 240; // Default height
            }
        }

        $ctrl_offset['mov']=15;
        $ctrl_offset['wmv']=45;
        $ctrl_offset['swf']=0;
        $ctrl_offset['rm']=0;
        $ctrl_offset_default=45;
        $ctrl_height = (isset($ctrl_offset[$mime_content['extension']]))?($ctrl_offset[$mime_content['extension']]):$ctrl_offset_default;
        $image_size['whole']='width="'.$CURRENT_PIC_DATA['pwidth'].'" height="'.($CURRENT_PIC_DATA['pheight']+$ctrl_height).'"';
    }

    if ($mime_content['content']=='image') {

            //mod next pic
        $next = $pos + 1;
        $next_tgt = "{$_SERVER['PHP_SELF']}?album=$album$cat_link&pos=$next$uid_link";
//end mod

//mod next pic
        //if (isset($image_size['reduced'])) {
$imginfo=getimagesize($picture_url);
            $winsizeX = $CURRENT_PIC_DATA['pwidth'];  //the +'s are the mysterious FF and IE paddings
            $winsizeY = $CURRENT_PIC_DATA['pheight']; //the +'s are the mysterious FF and IE paddings

$pic_html = "<table cellpadding=0 cellspacing=0><tr><td background=\"" . $picture_url . "\" width={$imginfo[0]} height={$imginfo[1]} class=\"image\">";
           
            //mod next pic
//$pic_html .= "<a href=\"javascript:;\" onclick=\"MM_openBrWindow('displayimage.php?pid=$pid&amp;fullsize=1','" . uniqid(rand()) . "','scrollbars=yes,toolbar=no,status=no,resizable=yes,width=$winsizeX,height=$winsizeY')\">";
            $pic_html .= "<a href=\"  $next_tgt  \">";   //click on the intermediate photo will link to the next photo
//end mod

$pic_title = $lang_display_image_php['view_fs'] . "\n==============\n" . $pic_title;
            $pic_html .= "<img src=\"images/overlay.gif\" width={$imginfo[0]} height={$imginfo[1]}  border=\"0\" alt=\"{$lang_display_image_php['view_fs']}\" /><br />";
            $pic_html .= "</a>\n </td></tr></table>";
       
/* mod next pic
} else {
$pic_html = "<table cellpadding=0 cellspacing=0><tr><td background=\"" . $picture_url . "\" {$image_size['geom']} class=\"image\">";
            $pic_html .= "<img src=\"images/overlay.gif\" {$image_size['geom']} border=\"0\" alt=\"\" /><br />\n";
            $pic_html .= "</td></tr></table>";
end mod */

    } elseif ($mime_content['content']=='document') {
        $pic_thumb_url = get_pic_url($CURRENT_PIC_DATA,'thumb');
        $pic_html = "<a href=\"{$picture_url}\" target=\"_blank\" class=\"document_link\"><img src=\"".$pic_thumb_url."\" border=\"0\" class=\"image\" /></a>\n<br />";
    } else {
        $autostart = ($CONFIG['media_autostart']) ? ('true'):('false');

        $players['WMP'] = array('id' => 'MediaPlayer',
                                'clsid' => 'classid="" ',
                                'codebase' => 'codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701" ',
                                'mime' => 'type="application/x-mplayer2" ',
                               );
        $players['RMP'] = array('id' => 'RealPlayer',
                                'clsid' => 'classid="clsid:CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA" ',
                                'codebase' => '',
                                'mime' => 'type="audio/x-pn-realaudio-plugin" '
                               );
        $players['QT']  = array('id' => 'QuickTime',
                                'clsid' => 'classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ',
                                'codebase' => 'codebase="http://www.apple.com/qtactivex/qtplugin.cab" ',
                                'mime' => 'type="video/x-quicktime" '
                               );
        $players['SWF'] = array('id' => 'SWFlash',
                                'clsid' => ' classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" ',
                                'codebase' => 'codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" ',
                                'mime' => 'type="application/x-shockwave-flash" '
                               );
        $players['UNK'] = array('id' => 'DefaultPlayer',
                                'clsid' => '',
                                'codebase' => '',
                                'mime' => ''
                               );

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_'.$mime_content['extension'].'player'])) {
            $user_player = $_COOKIE[$CONFIG['cookie_name'].'_'.$mime_content['extension'].'player'];
        } else {
            $user_player = $mime_content['player'];
        }

                // There isn't a player selected or user wants client-side control
        if (!$user_player) {
            $user_player = 'UNK';
        }

        $player = $players[$user_player];

        $pic_html  = '<object id="'.$player['id'].'" '.$player['clsid'].$player['codebase'].$player['mime'].$image_size['whole'].'>';
        $pic_html .= "<param name=\"autostart\" value=\"$autostart\" /><param name=\"src\" value=\"". $picture_url . "\" />";
        $pic_html .= '<embed '.$image_size['whole'].' src="'. $picture_url . '" autostart="'.$autostart.'" '.$player['mime'].'></embed>';
        $pic_html .= "</object><br />\n";
    }

    $CURRENT_PIC_DATA['html'] = $pic_html;
    $CURRENT_PIC_DATA['header'] = '';
    $CURRENT_PIC_DATA['footer'] = '';

    $CURRENT_PIC_DATA = CPGPluginAPI::filter('file_data',$CURRENT_PIC_DATA);

    $params = array('{CELL_HEIGHT}' => '100',
        '{IMAGE}' => $CURRENT_PIC_DATA['header'].$CURRENT_PIC_DATA['html'].$CURRENT_PIC_DATA['footer'],
        '{ADMIN_MENU}' => $CURRENT_PIC_DATA['menu'],
        '{TITLE}' => bb_decode($CURRENT_PIC_DATA['title']),
        '{CAPTION}' => bb_decode($CURRENT_PIC_DATA['caption']),
        );

    return template_eval($template_display_media, $params);
}

Chili

Stramm,  This works very well for me, thank you.  One question, is it possible to get this to protect the photos in the slideshow as well?

Stramm

I'm nearly sure it's possible. Will have a look in a free min

jsmith

I added this overlay and it makes the intermediate image aprox. 1 and a half images wide by repeating part of the image.  I assume this has to do with the size of the overlay - when I switch to a different theme it is fine.  How do I fix this?  Most of my images are not square - either horiz. or vert. and I generally upload images no larger than 750 pixels on the long side.

Stramm

yep, I know about that problem... there's a lil leftover in the functions from testing... needs to be replaced

edit: code removed
I'm going to update the zip


jsmith

I'll try that.  What do you mean about intermediate images disabled?  I thought the image you get when you click the thumbnail was the intermediate image?

Stramm

new zip is up... the theme mod differs between two states. Either you have intermediate pics enabled (in config) or not. Then it calculates the necessary overlay size

Yes, that's the intermediate image. If the orig is the same size or smaller than the intermediate, then the intermediate doesn't get created.

Try if it works for you... if not, please report back with a link to an image where the problems occur

jsmith


nivons

Hi,

I have been unable to locate the "overlay.gif" file mentioned in this thread.  Any help in locating the same is appreciated.

TIA.

Stramm

ouch, I've fixed a problem in the script some days ago and removed the gif instead of the outdated code... can be found again now in the first post of this thread

nivons

Thanks for the super fast update!

However, the downloaded overlay.gif (43 bytes) file results in the intermediate and full size images both not showing up (a small box with black borders appears instead).

CPG 1.4.9 and theme.php are configured properly.  I can replace this GIF with another GIF and that one shows up over the intermediate and full size pics (but covers them up instead of displaying them through the overlay).

 

Stramm

works perfect for me... just tried the uploaded gif and the code attachment.

Attach your theme.php in your next post

nivons

theme.php with overlay.txt copied in right before final "?>" on last line attached.

Tried include contents of overlay.txt in the Classis theme's theme.php file with same results.

Note:  The only other change to vanilla CPG 1.4.9 that I have is the on-the-fly watermark enhancement (by flex) in functions.inc.php.  Reverting back to vanilla CPG 1.4.9 did not help above issue.

Thanks!

Stramm

I've tested your theme file and it's working as expected. Can you post a link to your gallery?

nivons

Thank you for checking and confirming theme.php tests OK!

I was incorrect in stating that the "flex" on-the-fly watermark modifications did not causing overlays to not work.  After removing those modifications your transparent GIF overlay modification works great (cleared cache and restarted Web server this time).  Thank you for this great add-on to CPG functionality.

I would really like to see them both work together.  It appears that this issue is being caused due to the getimagesize() call in the overlay code in theme.php not getting input in a format it expects.

#Notices when overlay/watermarking not working
/themes/hardwired/theme.php

    * Warning line 310: getimagesize(watermark_normal.php?pid=1230&mode=normal): failed to open stream: No such file or directory

Attached is info on changes made to enable watermarking (diff to functions.inc.php, and contents of watermark_normal.php).

Hopefully the fix to overcome this issues is straightforward/simple.  If anyone is able to help with tips on how to effect that change or provide the fix, I would much appreciate it.

Thanks.

PS:  CPG web server is currently restricted to local/trusted network use and is not open to the Internet.

nivons

Attaching diff of functions.inc.php that didn't get attached to last post.

Stramm

Quote from: nivons on October 29, 2006, 02:04:48 AM
I would really like to see them both work together.  It appears that this issue is being caused due to the getimagesize() call in the overlay code in theme.php not getting input in a format it expects.

yes, the function you modified in functions.inc.php doesn't give back a path now getimagesize can handle. It expects a path to an actual image and not a URL to a script

simple solution would be to have to original get_pic_url function in your functions.inc.php again as eg get_pic_url2

then you need to do some lil changes in this mod (all untested)
find
    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
    }

replace with
    if ($CONFIG['make_intermediate'] && $condition ) {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'normal');
        $picture_url_orig = get_pic_url2($CURRENT_PIC_DATA, 'normal');
    } else {
        $picture_url = get_pic_url($CURRENT_PIC_DATA, 'fullsize');
        $picture_url_orig = get_pic_url2($CURRENT_PIC_DATA, 'fullsize');
    }


find
$imginfo=getimagesize($picture_url);

replace with
$imginfo=getimagesize($picture_url_orig);


but why would you want to use on the fly watermarking??? In a live environment it may suck a lot of resources. Imagine 20 peaople browsing your site... this can be enough to bog your server down. It's good for a family album but not for production use. I'd go for a permanent wm solution

nivons

That worked perfect.  Thank you!

Quote from: Stramm on October 29, 2006, 06:29:40 AM
but why would you want to use on the fly watermarking??? In a live environment it may suck a lot of resources. Imagine 20 peaople browsing your site... this can be enough to bog your server down. It's good for a family album but not for production use. I'd go for a permanent wm solution

The user-base at this time is quite limited.  I did install and try out your mod for permanent WM, and may pick it back up in a later version of CPG.

Thanks again for your prompt and helpful responses, and for your contributions to CPG.

cgc0202

Quote from: Stramm on July 12, 2006, 09:43:57 AM
That's a lil theme addition. So you won't need to modify core files. This addition puts a transparent gif over the actual intermediate or fullsized image. If a user tries to download the image he only gets the transparent gif. Same if he tries to find out the URL (with tight click -> properties). This is no 100% secure solution but protects against most newbies and lazy users. Also it's 100 times better than blocking the right mouse button (at least I hate sites that use that techniques and leave)

Hi Stramm,

I am interested with this because my gallery sites are based on contributions from other people.  Some people may want to contribute but do not want anonymous users downloading their photos.  So, I wish to satisfy the concerns of such contributors, if possible:

So here are some observations and questions:
(1) Flickr has implemented a similar feature, but the easy way around it, as it turned out was to go to the thumbnail or mini-size URL, copy that URL and change the code used to identify "thumbnail" to the code for either the intermediate or large or original size.

Has this loophole been considered in this mode and dealt with?

One additional way to increase "security" from copying is to separate*** the URL address of original size from the derivative images.  I think it was Nibbler (or one of the Dev Team) who stated  in one response to an old post that they have a way to do just that -- separate location of original vs. intermediate.

(2) I understand that it would be a lot of work (for me as an administrator), but is there a way to make this applicable on per image basis?

If it is done per image basis, once this mode has been included, an expert coder might know how to integrate in the "Edit Files" window -- to add options to answer this:
Do you want to "prevent downloading of this photo"? No Yes.  And if yes: All, Int/Orig Orig only (where Int -> intermediate and Orig -> original)

The aforementioned per image option -- with the admin control included in the Edit files section -- would be much easier for non-programmers like me who could easily mess up a very complex php scrip.  Also, if one has multiple independent CPG galleries, it will minimize the php script modification, especially by non-programmers, that is needed during every update.

A per image basis is important for this mod because many contributing photographers have their photos under "Creative Commons (CC)" license, so there is no need to protect them from download.  However, protecting the original image even for CC files may be prudent for "small webpages" in shared-server hostings, where bandwidth usage is critical and also shared webhosting service providers frown upon "small webpages" causing bleeps due to upsurge of downloads 

(3) Is there a way to integrate this in the "Mod pack" Stramm?

I have other observations and questions but I will place them in another post.

CGC




Stramm

This mod is not meant as a full download protection. It just cheats newbs and is an alternative to blocking the right mouse button.

Of yourse you could modify CPG to save different filenames for thumbs, intermediate and fullsized images, however that needs some more modifications than just a few lines. Then you could save the images outside the webroot and not directly open them with an img tag but use a php script to show them.

Search the board for that mod. Disadvantage is a far higher CPU usage