[cpg1.4.x]: Download a Zipped Album With Basic Security

[Joe Carver]

Do you refer to this step in the instruction?

# 5 ) Open template.php in your editor of choice. Copy the following code into your template.php file just above the

The author probably intended to write:   theme.php

[Joachim Müller]

Obviously, as there is no file named template.php in coppermine themes, but only theme.php and template.html
I edited the initial posting in this thread accordingly to end confusion for newbies.

[shadlaws]

Hi everyone,

Thanks so much to everyone for working on this zip download feature!  Last night I spent a fair amount of time toying with it for use with my personal website, and having this new feature makes me much happier with my photo server :-).  Also, I made a few more modifications / bug fixes I thought I'd share with the group.

Disclaimer: I'm not a coder by trade and this is my first experience with php, so any and all feedback is welcome :-)

#1 - Commas in directories and filenames make the code crash

Commas do not work well with zip.php and pclzip by default.  If you're like me and have several directory names that have commas, the Download Album feature simply won't work.  This is because, by default, the create() function of pclzip uses the comma as a filename separator in the filelist.  Whoops.

This is easily solved by making a modification to both zip.php and pclzip.lib.php by changing the separator from "," to something that's extremely unlikely to occur in a directory or filename.  Note that there is no reason this has to be a single character... in fact, having a multiple-character separator likely makes things more robust.  I chose "#,#,#,#".

In zip.php, find:

Code Select Expand


$bilder .= "albums/" . $row['filepath'].$row['filename'].",";


And change to:

Code Select Expand


$bilder .= "albums/" . $row['filepath'].$row['filename']."#,#,#,#";


Then, in pclzip.lib.php, find:

Code Select Expand


  //define( 'PCLZIP_SEPARATOR', ' ' );
  // Recommanded values for smart separation of filenames.
  if (!defined('PCLZIP_SEPARATOR')) {
    define( 'PCLZIP_SEPARATOR', ',' );
  }


And change to:

Code Select Expand


  //define( 'PCLZIP_SEPARATOR', ' ' );
  define( 'PCLZIP_SEPARATOR', '#,#,#,#' );
  // Recommanded values for smart separation of filenames.
  if (!defined('PCLZIP_SEPARATOR')) {
    define( 'PCLZIP_SEPARATOR', ',' );
  }


Voila - now, unless you tend to use #,#,#,# in your directory names, the Download Album button won't cause the system to crash :-)

#2 - Zip-compressing images that are already compressed is a waste of time

I have a lot of high-resolution jpeg images on my website, so sometimes it can take quite awhile to generate the zip file for download.  Much of this time is spent by the zip program trying to compress jpegs... which is pretty useless.  So, I modified zip.php to tell pclzip to do compression-less zipping.  This saves a lot of server processing time while causing zip file sizes to grow by maybe 1-2% - a nice tradeoff in my opinion.

In zip.php, find:

Code Select Expand


$v_list = $archive->create($bilder,PCLZIP_OPT_REMOVE_ALL_PATH);


And change to:

Code Select Expand


$v_list = $archive->create($bilder,PCLZIP_OPT_REMOVE_ALL_PATH,PCLZIP_OPT_NO_COMPRESSION);


This probably isn't a good idea if you have a bunch of uncompressed files (bmp, raw, etc.), but otherwise it can be quite handy.

#3 - Filenames for zip files might be unintelligible

By default, zip.php uses urlencode() to make the filename for the zip file from the album name.  This is a very robust, straightforward, and fool-proof method.  However, for my purposes, I felt that it resulted in a bunch of really ugly, unintelligible filenames.  For example, a descriptive name of "2009/11/23 - John Smith's birthday" becomes "2009%2F11%2F23+-+John+Smith%27s+birthday" which wasn't exactly my cup of tea :-).

So, I use str_replace() instead.  For functionality, some characters must be changed.  I made spaces into underscores (" " to "_"), turned apostrophes back into apostrophes ("'" to "'"), and got rid of slashes ("/" to "").  Now, "2009/11/23 - John Smith's birthday" becomes "20091123_-_John_Smith's_birthday" which looks prettier to me :-). 

In zip.php, find:

Code Select Expand


$sDesiredZipName = urlencode($o_AlbumName->title);


And change to:

Code Select Expand


//$sDesiredZipName = urlencode($o_AlbumName->title);
$sDesiredZipName = str_replace(" ", "_", $o_AlbumName->title);
$sDesiredZipName = str_replace("'", "'", $sDesiredZipName);
$sDesiredZipName = str_replace("/", "", $sDesiredZipName);


This works well with my style of album titles, but likely needs tweaking for other people (particularly with the slashes... some might prefer them to be spaces or hyphens or something).  Also, to be fair, this method is not as robust as the default, urlencode() method.  I haven't thought through an exhaustive list of name cases... it's possible that your album naming scheme may generate something that causes the code to crash.  But, it works well with mine so I thought I'd share.

#4 - Adding a "Download Album" button to the album list view

Having the Download Album button on the thumbnail view is great, but I also wanted the option of seeing the button on the album list view.  That way, you don't have to open the album to be able to download it.  It seemed like a nice piece of functionality to add - having the button in two different places makes it seem more user-friendly.

Adding this functionality is very similar to the default implementation of zip.php - it involves theme.php.  Whereas adding the button to the thumbnail view involved the theme_display_thumbnails function, adding the button to the album list view involves (unsurprisingly) the theme_display_album_list function.  Like before, odds are that this function is not, by default, defined in theme.php but rather in theme.inc.php.  So, it has to be added to theme.php and then modified for our purposes.

In theme.inc.php, find:

Code Select Expand


function theme_display_album_list
    ...
    ...
    ...
}

and copy it in entirety to theme.php either directly above or below the theme_display_thumbnails function that was added to make zip.php work.

Then, within this function, find:

Code Select Expand


$params = array('{COL_WIDTH}' => $column_width,
                '{ALBUM_TITLE}' => $album['album_title'],
                '{THUMB_CELL_WIDTH}' => $thumb_cell_width,
                '{ALB_LINK_TGT}' => "thumbnails.php?album={$album['aid']}",
                '{ALB_LINK_PIC}' => $album['thumb_pic'],
                '{ADMIN_MENU}' => $album['album_adm_menu'],
                '{ALB_DESC}' => $album['album_desc'],
                '{ALB_INFOS}' => $album['album_info'],
                );


And change to:

Code Select Expand


$params = array('{COL_WIDTH}' => $column_width,
                '{ALBUM_TITLE}' => $album['album_title'],
                '{THUMB_CELL_WIDTH}' => $thumb_cell_width,
                '{ALB_LINK_TGT}' => "thumbnails.php?album={$album['aid']}",
                '{ALB_LINK_PIC}' => $album['thumb_pic'],
                '{ADMIN_MENU}' => $album['album_adm_menu'],
                '{ALB_DESC}' => $album['album_desc'],
                '{ALB_INFOS}' => $album['album_info'],
                );
        //mod zipped album download start
            $params['{ALB_INFOS}'] .= '&nbsp;&nbsp;&nbsp;<a href="zip.php?aid=' . $album['aid'] . '" title="Download album as *zip archive">[ DOWNLOAD ALBUM ]</a>';
        //mod zipped album download end


This implementation appends the button to the end of the info field, which looks nice for my site layout.  One could also use the description field (change ALB_INFOS to ALB_DESC) or the album title itself (change ALB_INFOS to ALBUM_TITLE).  I also used capital letters for the button... I thought it looked better for the album view.  Change as you like :-).

Thanks again for your work on making the securezip modification, and I hope my suggestions help out someone else!

Take care,
Shad

[shadlaws]

Oops, one more addition to above...

#3 - Filenames for zip files might be unintelligible

I got the single quotes ('), but forgot the double quotes (") in the characters that need to be changed - d'oh!  Anyway, instead of what I wrote above, replace with this piece of code in zip.php:

Code Select Expand


//$sDesiredZipName = urlencode($o_AlbumName->title);
$sDesiredZipName = str_replace(" ", "_", $o_AlbumName->title);
$sDesiredZipName = str_replace("'", "'", $sDesiredZipName);
$sDesiredZipName = str_replace("/", "", $sDesiredZipName);
$sDesiredZipName = str_replace(""", "'", $sDesiredZipName);


Take care,
Shad

[Kazna]

Oh man it's working...  I didn't expect it to work but it works!!! Thanks a bunch guys!!!  Really appreciate your jobs!

[btaz]

I'm pretty new to php and and working to host my own website, so be kind

I added this mod to my gallery (its awesome, thanks) and was doing some basic checks to see if the security settings were working as expected.  I do not allow guests into my gallery.  So I tried something pretty simple tests and think I failed a basic security check.

• I copied the link from when I was logged in ( http://localhost/coppermine/zip.php?aid=2 )
• logged out
• Cleared my browser of all cookies/history/temp files/et
• Then pasted the link back into my browser.
• The File Download window opens with the last file that was downloaded.

I'm a bit worries that anybody can come to my site and paste the link to get the last downloaded file. 

Does this happen to anyone else?  Any ideas for a fix?

--BT

[nike_bytom]

Hi i have litlle problem with this code, zip download option works ok but on my template i get this :  (my album properties icons above the thumbnails disappear, all i have is)

    * {MODIFY_ICO}
    * {PARENT_CAT_ICO}
    * {EDIT_PICS_ICO}
    * {ALBUM_MGR_ICO}

cpg1.5.3
any idea what is wrong


http://lobuziaki.info

login:test
pass:12345

[Joachim Müller]

The mod you're trying to implement is for cpg1.4.x and can't be used with cpg1.5.3. Undo your edits. The dev team is not fond of this mod anyway - just forget it, it's not really that good anyway.

[btaz]

To the admin:  This is a really useful mod as it lets me exchange photos with my family easily.  If the functionality exists by some other means let me know.

--BT

[Joachim Müller]

Board rules / Forum policies: Post Links. Coppermine already comes with zip support. I can't see the point of your request. Anyway, if your requesting this mod to be ported for cpg1.5.x, then please read up Don't ask for other versions.

[nike_bytom]

Hi Thanks for all ur answers   

From first post:

With that said I have only tested it with 1.4.13, 1.4.14 and 1.4.16. I have tried it with the following themes: Rainy Day, Classic and Water Drop. Also with a heavily customized Rainy Day variant that I am using in my CPG. It works with no problems with Stramm's ModPack installed.I have tested it with CPG 1.5 and it is working .

so it could be used with 1.5.3 ?

To the admin:  This is a really useful mod as it lets me exchange photos with my family easily.  If the functionality exists by some other means let me know.

I have got same feeling about this mod,it is very useful for me and my family.....

sory guys for messing about...
Regards
Rafał

[Joachim Müller]

Then go ahead and use that "very usefull" mod. Use it with cpg1.5.x if you can, but stop asking questions about that aspect. This mod has been built for cpg1.4.x, and it's not very well designed imo. Applying it to cpg1.5.x is an even worse idea - the thread starter who created this mod sadly edited his initial posting instead of replying to the thread and posting a valid test report. In other words: you're on your own with this, no matter how helpfull you might consider this mod.

[MoshPuiu]

Then go ahead and use that "very usefull" mod. Use it with cpg1.5.x if you can, but stop asking questions about that aspect. This mod has been built for cpg1.4.x, and it's not very well designed imo. Applying it to cpg1.5.x is an even worse idea - the thread starter who created this mod sadly edited his initial posting instead of replying to the thread and posting a valid test report. In other words: you're on your own with this, no matter how helpfull you might consider this mod.

I noticed some sarcastic and superior tone in your post; maybe you are angry
It is the first forum I've met where one of moderators have replies like these: 'Then go ahead and use that "very usefull" mod. Use it with cpg1.5.x if you can...' or ' you're on your own with this, no matter how helpfull you might consider this mod'...
You should be shame with that answer...

In other words this mod really is very usefull (at least for me, one of the commoners);
...and if you don't see the point of request, I'll explain to you: If you want to download 100 files from one album, you have to click hundreds times instead to click few times on 'download album'.

So, if anybody knows one method to download an entire album (zip or whatever method...) on version 1.5.12, please post it...
Thanks in advance!

[clocktowerweb]

Hey, just wanted to say this has helped me loads, I needed to download images in album groups from an old version of Coppermine (1.4.18) - this is working perfectly.

Thank you