How to hide IMAGE URL for Download on Displayimage Site How to hide IMAGE URL for Download on Displayimage Site
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to hide IMAGE URL for Download on Displayimage Site

Started by nasiri, December 29, 2010, 02:08:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

nasiri

Hello Guys,

i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Is there a way to do this for 1.5.x ???
It's only for hiding the url. More Security is done by htaccess file....

Thank you for helping.

PS: I searched a lot, but couldn'T find anything here.
A simple solution would do it.
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

Αndré

Quote from: nasiri on December 29, 2010, 02:08:15 PM
i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Please post the links to that mods. Afaik there doesn't exist any mods of that kind that are designed for cpg1.5.x in particular.



Αndré


nasiri

there is no return $url_prefix[$pic_row['url_prefix']]. path2url($pic_row['filepath']. $pic_prefix[$mode]. $pic_row['filename']); in the include/functions.inc.php of 1.5.10
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

Αndré


nasiri

Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

what's with the $CONFIG['url_mode'] = 'hide';
where have i put this code ?? no config.inc.php longer avalaible
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

i just created a new one with $CONFIG['url_mode'] = 'hide'; or does i have to put it anywhere else ?
the get_file.php looks like ( i changed already $results = mysql_query to cpg_mysql_query ... anything else to change ?)

<?php 

define
('IN_COPPERMINE'true); 
define('GETFILE_PHP'true); 

global 
$CONFIG

include(
'include/config.inc.php');
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX'] . "config"
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX'] . "pictures"

db_connect($db); 
$results cpg_mysql_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");

while (
$row mysql_fetch_array($results)) { 
    
$CONFIG[$row['name']] = $row['value']; 
// while 
mysql_free_result($results); 
// Set error logging level 
if ($CONFIG['debug_mode']) { 
    
error_reporting (E_ALL); 
} else { 
    
error_reporting (E_ALL E_NOTICE); 

mysql_close(); 

if (!
function_exists('mime_content_type')) 

    function 
mime_content_type($path) { 
        
$image_params getimagesize($path); 
        if (
is_null($image_params)) 
            return 
null
        else 
            return 
$image_params['mime']; 
    } 


$pic_prefix = array( 
        
'thumb' => $CONFIG['thumb_pfx'], 
        
'normal' => $CONFIG['normal_pfx'], 
        
'fullsize' => ''
); 

$pid = (int) $_GET['pid']; 
$size htmlspecialchars($_GET['size']);

db_connect($db); 

$result mysql_query("select filepath,filename from {$CONFIG['TABLE_PREFIX']}pictures where pid=$pid;"); 
$result mysql_fetch_assoc($result); 
mysql_close(); 

$cfilepath $CONFIG['fullpath'].$result['filepath'].$pic_prefix[$size].$result['filename']; 
header('Content-type: '.mime_content_type($cfilepath)); 

$fp fopen($cfilepath,'rb'); 
echo 
fread($fp,filesize($cfilepath)); 
fclose(); 

function 
db_connect(&$db

        global 
$CONFIG
        
$db mysql_connect($CONFIG['dbserver'],$CONFIG['dbuser'],$CONFIG['dbpass']); 
        
mysql_select_db($CONFIG['dbname']); 

?>
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

ignore the information about no longer config.inc.php blabla ... i couldn't delete the post ...
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

solved ... thanks used the code for my own little plugin.
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

allright now i've got the problem, that everybody can access the get_file.php?PID=xxxx and change the PID as he wants... is it possible to check if logged in before catching the URL and sending it to the browser ??
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

nasiri

solved and plugin created ... have to tune it now.
will post it in 1 week in the pluginsection, i worked with htaccess workaround. maybe some improvements needed.

can be closed!
Nasiri Media
Web Development in Münster / Germany

http://www.nasiri.com

Αndré

Thanks for your readiness to share your created plugin with the community. I think a lot of people will use that plugin.

fci

Hi nasiri, did you publish the plugin? i can't find them.