Download complete album als ZIP - Page 4 Download complete album als ZIP - Page 4
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Download complete album als ZIP

Started by Finswimmer, January 18, 2012, 09:33:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Αndré

Quote from: Tatome on May 27, 2012, 06:20:16 PM
I'm attaching a patch (administrators --- could you apply this, please?).
Committed in SVN revision 8431.


Quote from: sebbo_ on May 28, 2012, 08:56:26 AM
i checked $aid and whatever album i try, its value is always 1
Please post a link to your gallery.

Cainte

Hello,

I really tried to understand how to "install" this helpful plugin, but somehow I'm afraid to crash my gallery. I downloaded the files from your link André and I don't know where to place all the files, or which files just include the changes to make... sorry.

I'd be very grateful for some help...

Cainte

Αndré

Create a new directory albumdownload inside the plugins directory in your Coppermine directory with your FTP client and download all files to that new directory. Then, install the plugin as described in the docs.

Cainte


Cainte

#64
now I installed it succesfully and it works. Thx again Andre.

A new problem now is that no matter in which album I push the ZIP Button it's always the same Album that gets downloaded with the same filename. It's the album with id 1

When I go over the ZIP Button the link is wrong it shows  .../index.php?file=albumdownload/albumZip&aid=1
But the album id of this album is 22

cpg version is 1.5.20

Αndré

Please try the latest codebase.php file from the SVN repository (revision 8445).

Cainte

Thx Andre. Now everything works fine!!

tuxyso

Great plugin, congratualations! It is exactly the plugin I have looking for a long time. But I think in the current implementation it breaks the access control policies of coppermine. At the moment there are basically 3 access levels:

  • public access without password
  • direct link to album and access with password
  • access only after login with username and password

I expected that albumZip.php sticks to these levels. Independently which access for an album is configured, the direct url
http://<mybaseurl>/index.php?file=albumdownload/albumZip&aid=<albumnr>
leads to a download of the complete album. Is there a future plan to prevent such an access? If not, albumZip is a serious security hole, because the album ids are predictable, starting with id 1 with an increment of 1.

At the current state one workaround might be an Apache .htaccess based on a special RegexMatch pattern. A special username and password is given to users who want to download complete zip files. For coppermine random album ids (e.g. hash values) could improve the situation. The best way, of course, would the consideration of security levels by the album download plugin.

Αndré

Open albumZip.php, find
$query = "SELECT filepath, filename FROM {$CONFIG['TABLE_PICTURES']} AS pictures , (SELECT keyword FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '" . $aid . "' ) AS keyword WHERE pictures.aid = '" . $aid . "' OR ( keyword.keyword <> '' AND CONCAT(';', keywords, ';') LIKE CONCAT('%;', keyword.keyword, ';%'))";
and replace with
get_meta_album_set(0);
$query = "SELECT filepath, filename FROM {$CONFIG['TABLE_PICTURES']} AS pictures , (SELECT keyword FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '" . $aid . "' ) AS keyword, {$CONFIG['TABLE_ALBUMS']} AS r $RESTRICTEDWHERE AND r.aid = pictures.aid AND (pictures.aid = '" . $aid . "' OR ( keyword.keyword <> '' AND CONCAT(';', keywords, ';') LIKE CONCAT('%;', keyword.keyword, ';%')))";


This will currently offer an empty zip file for albums with restricted access or invalid album IDs, which could of course be optimized. Please report if the code change works as expected for you.

tuxyso

The code works for me in all cases:

  • public album: regular zip file
  • album with restricted access: empty zip file

Thanks for your fast reply.




hiddenvalley390

Thanks for the great plugin.

The plugin works fine when I download an album with not many pics in it but when I try to download an album with a large amount of files (100+) it just lists the filenames of the picutes.  I dont get any error and the zip isn't created.

Do you have any ideas on how to try and get this working for albums with a large amount of pics?

Αndré

Quote from: hiddenvalley390 on October 09, 2012, 10:36:45 PM
when I try to download an album with a large amount of files (100+) it just lists the filenames of the picutes.
I guess that's some kind of timeout issue. The display of the filenames seems to be a debugging leftover. Please try the latest revision of albumZip.php from our SVN repository, it probably won't fix your issue but will give us some information at which step the script stops.


Quote from: hiddenvalley390 on October 09, 2012, 10:36:45 PM
the zip isn't created.
Have you checked that manually by looking at the albums/edit/ directory?

hiddenvalley390

Quote from: Αndré on October 10, 2012, 09:56:25 AM
Have you checked that manually by looking at the albums/edit/ directory?

I have checked and there is no zip file located in albums/edit.

One of the albums takes a while but it then downloads a zip of 0 bytes. I have also got a few connection reset errors in chrome this morning when trying it. I have also gotten a no data received error once.

Macelskie

Hello,
I love this Plug-In, it works very well.
But is there an option that the Zip file will be deleted after downloading it?
Because after many downloads my webspace will be full.

Thank you.

Αndré

Please check the latest SVN revision. I just added some code that will delete zip files that are older than 48 hours on each new zip file creation in revision 8517.

Macelskie

Thanks.
Is it possible to change a value that this files will be deleted after about 15 minutes?

Αndré

Sure. Replace
2 * CPG_DAY
with
900
but IMHO 15 minutes may be too short for slow connections.

Rainakthx

Hi,

First I wanted to say THANK YOU for this plugin. It is amazing and exactly what I needed. I run a really large gallery where people are always wanting Zip downloads of the files we add and as I live in Australia my upload speed is almost in the minuses and it takes hours to upload one zip file to Mediafire.

I was able to get it working fine on one Gallery, however it the name it gives the zip is pictures-510a....etc. It would be great if the name given to the Zip file was the album name. Is there any chance you could tell me how to do this?

Thanks again!!

Raina

Rainakthx

Sorry to double post - can't seem to edit my previous one. Is there a way to check how many times something has been downloaded? Some kind of log? Thanks!

Αndré

Quote from: Rainakthx on January 31, 2013, 05:24:39 PM
the name it gives the zip is pictures-510a....etc. It would be great if the name given to the Zip file was the album name. Is there any chance you could tell me how to do this?

Open zip.php, find
$filename = 'edit/pictures-' . uniqid(null) . '.zip';
and replace it with something like
require_once('include/transliteration.inc.php');
$filename = 'edit/' . preg_replace('/[^0-9a-zA-Z]/', '_', transliteration_process(mysql_result(cpg_db_query("SELECT title FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = $aid"), 0))) . '.zip';


This will of course break:
Quote from: Αndré on December 04, 2012, 10:48:00 AM
code that will delete zip files that are older than 48 hours
as the file names doesn't match
/^pictures-[0-9a-f]+.zip$/

This could be fixed if you decide to add a static prefix like
pictures-
to each file.