e-card and .htaccess directories - Help!

[ohmster]

I run Coppermine 1.2.1 together with phpBB 2.0.6 and love this gallery software. Haven't seen anything better. I run my Coppermine gallery and phpBB in a password protected directory because there is private family stuff there and I don't want the internet at large going through our stuff.

When someone clicks on the e-card option and sends an e-card with the selected picture, it works perfectly and sends an email with the picture linked right into the email. Very nice. What is not so nice is that since the pictures are in an directory that is protected with an .htaccess file, there is an immediate username and password prompt that shows up in the e-card before the picture can be downloaded and displayed in the card. This is quite a problem because when a card is sent to someone, they cannot see the image unless they have a username and password and are willing to go through all of that just to see an e-card.

I can create a user/pass set for pictures, is there anyway to insert the user/pass combo into the URL that the e-card will use when it makes the card with the picture in it? Something like http://joe:ramone22@www.mydomain.com so that the picture will already have the user/pass in the URL and it will just show up in the card like it is supposed to? I realize that this is a security risk but this is not a super high security website, I just want for this to work smoothly for family members.

Can anyone tell me what part of Coppermine to edit to make this happen? I would sure appreciate it. You guys did one fantastic job on this Coppermine Photo Gallery, thanks!

[Joachim Müller]

I recommend you edit the text of the ecard itself, telling the recipient to use this and that password. Modify themes/yourtheme/theme.php and find

Code Select Expand

// HTML template for e-cards
$template_ecard = <<<EOT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="{LANG_DIR}">
<head>
<title>{TITLE}</title>
<meta http-equiv="content-type" content="text/html; charset={CHARSET}" />
</head>
<body bgcolor="#FFFFFF" text="#0F5475" link="#0F5475" vlink="#0F5475" alink="#0F5475">
<br />
<p align="center"><a href="{VIEW_ECARD_TGT}"><b>{VIEW_ECARD_LNK}</b></a></p>
<table border="0" cellspacing="0" cellpadding="1" align="center">
  <tr>
    <td bgcolor="#000000">
      <table border="0" cellspacing="0" cellpadding="10" bgcolor="#ffffff">
        <tr>
          <td valign="top">
           <img src="{PIC_URL}" border="1" alt="" /><br />
          </td>
          <td valign="top" width="200" height="250">
            <div align="right"><img src="{URL_PREFIX}images/stamp.gif" alt="" border="0" /></div>
            <br />
            <b><font face="arial" color="#000000" size="4">{GREETINGS}</font></b>
            <br />
            <br />
            <font face="arial" color="#000000" size="2">{MESSAGE}</font>
            <br />
            <br />
            <font face="arial" color="#000000" size="2">{SENDER_NAME}</font>
            (<a href="mailto:{SENDER_EMAIL}"><font face="arial" color="#000000" size="2">{SENDER_EMAIL}</font></a>)
          </td>
        </tr>
      </table>
    </td>
  </tr>
</table>
<p align="center"><a href="{VIEW_MORE_TGT}"><b>{VIEW_MORE_LNK}</b></a></p>
</body>
</html>
EOT;

GauGau

P.S. The whole humdrum with password protection is of course overkill if you choose to email passwords, but that's your choice

[ohmster]

Thank you GauGau. I found the part that you indicated in my theme.php file but I do not know how to modify it, I was able to get Coppermine installed alright but php coding is not one of my strong points. My family is also not exceptionally tech savvy either, just having to make them type in a username and password into a prompt so that they can view the image that is being presented would probably make them delete the email. Sorry state of affairs, I know, but you have to understand that my mom is 82 years old, this has to be as painless and easy as possible for her to use. You know, check the mail, and, "Oh, there is an e-card. Look at Nichole, oh she is getting so big now!" That sort of thing, like it would work originally, without the .htaccess on the directory?

Is there a way to code a user/pass combo into the PIC_URL part of the them or anywhere else in Coppermine for the e-cards? Something like picture:user@PIC_URL or something like that?

Yes I know, emailing passwords and putting a user/pass in an emailed URL pretty much opens the door to a sniffer but this really is not a high security website. It is just family pictures and a message board for the family. The only reason that I put an .htaccess file control on this site is to keep the general internet out of it, not to seal it up like fort knox, there is nothing of real value in the directory to interest any hackers. I do appreciate your concern, though.

Anyway to code a user/pass into the PIC_URL for the e-cards?

[Joachim Müller]

Look, why don't you skip the .htaccess junk completely and use the tools that come with coppermine in the first place? You can make pics available only for certain membergroups. Create a group called "family", register for them and send them an email, telling them they'll have to log in once with the username and password you generate for them, tick the "remember me" checkbox and all authentification issues should be history. This is much painless imo than the stuff you're trying to implement.

GauGau