Fullsize access plugin for cpg1.5.x Fullsize access plugin for cpg1.5.x
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Fullsize access plugin for cpg1.5.x

Started by Αndré, May 04, 2012, 03:05:40 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Αndré

This is the cpg1.5.x port of the fullsize_access plugin by Klaus Schwarzburg. The port has been created as a freelance job (link), so there's just limited support.

From the original announcement thread:
Quote from: ks on September 17, 2006, 10:29:39 AM
this plugin controls access for downloading fullsize images and adds several features:

- restrict access to fullsize pics to registered users
- adds a download link to the image information section
- adds a fullsize download history (datetime,username,ip) table and a statistics page
- sending email to admin and/or customer for each download
- zip download link to download all pics in an album and in favorites
- clicking on medium sized pic to show fullsize pic is disabled
- Secure image files on the file system level via chmod

Most settings can be controlled by a configuration page added to the admin menu. Plugin language is english only, but some settings are in german. This may be improved in a future version... At the moment all registered users are allowed to download fullsize images. You can change this behavior by editing the file fullsize_check.php.

The zip download feature bypasses cpg's build-in favorites zip download. I recommend to switch off the cpg favorites-zip download in the cpg-config page if you want to use this plugin.


The optional file security feature will prevent users to download pics by entering the pics url directly and it works like this:
- if a fullsize pic is requested, the plugin first changes the file attributes from 660 (safe) to 666 (unsafe) and then sends the file to the user. After the download the attribute is set back to 660.
- The fullsize access conig panel has  buttons to secure and unsecure all files
- The file attribute is changed via ftp

If you want to use this feature you have to edit the file 'fullsize_secure.php'. At the beginning of the file there is a section where you must specify your ftp login and the path for the ftp client to the coppermine root.  New pics that are added to the cpg gallery are not automatically secured. You must use the secure button in the plugins config page. So this feature is only useful for galleries were only 1 or a few people are uploading pics.
I'm not an unix/apache expert and the security feature is open for discussion. On my present webserver the file attribute change from 660 to 666 is not needed to download the file via the script. However this was different on my old system.... Any suggestions are welcome!

The album ZIP download feature has been disabled, as it doesn't work (missing library).

Mimer

Hi

I would like to change the plugin, so a specific user group can access fullsize and not all registred users.
For a test I changed fullsize_check.php:
<?php
function fullsize_check_user(){
if( USER_GROUP=='Testing' ){
return(true);
} else{
return(false);
}
}
?>
This doesn't do the trick.
Do I have to change something in the codebase.php as well?

Best regards
Mimer  8)

Αndré

Try
<?php
function fullsize_check_user(){
global $USER_DATA;
if($USER_DATA['group_name'] == 'Testing'){
return(true);
} else{
return(false);
}
}
?>

Mimer


paquets

Hi,

Great plugin! Do you know if it would be possible to move the download link from the file info section and position it right under the image itself in displayimage.php?

Thank you!

Αndré


paquets

Thank you André.

Would it be simply a case of replacing "file_info" by "file_data" in fullsize_access/codebase.php? I'm not familiar how plugin hooks work.

Αndré

I doubt that this will work. But as I hadn't looked at the code, I don't know.

Quote from: paquets on August 29, 2012, 11:06:17 AM
I'm not familiar how plugin hooks work.
Have a look at the docs and maybe some other plugins, that use that plugin hook to add something below the picture.

paquets

I will have a look and if I figure it out, I'll report it back here.
Thank you.

phill104

Interesting idea changing perms that way. For users with root access it might be easier to have a specific group (chown) setup on the server so images in the albums folder could only be called up by a script belonging to that group and not a general user guessing the URL. The problem as ever with this kind of script it how an individuals server is setup.
It is a mistake to think you can solve any major problems just with potatoes.

taucher0815

Hi all!

First of all: Merry Christmas!

I really like the plugin but I have a little issue.
It is running on CPG 1.5.20 with no ability to use the php internal mail sending.
I set up my mail-providers details in the general cpg setup und all works well.

Any chance to get this enabled here, too?

Many thanks
Sven

(http://www.sportfotos-oberbayern.de)

taucher0815

Hi all!

OK, the above topic can be ignored.

A few more questions:
a) Is it possible to add more text to the mail a user gets after downloading an image?
b) Is there a way to insert the Album-Name and the user name as a variable?
c) For the access rights of the full sized image: The "secured" images are getting the rights 660. In the settings of coppermine there is an option to set the default access rights of files. When setting 660 there, does this save the step from securing images via the plug in?

Many thanks
Sven

(http://www.sportfotos-oberbayern.de)

Αndré

Quote from: taucher0815 on December 24, 2012, 06:55:31 PM
no ability to use the php internal mail sending.
It seems that the plugin doesn't use the cpg mail function, but the PHP function mail.

Quote from: taucher0815 on December 27, 2012, 11:47:18 AM
OK, the above topic can be ignored.
Please post your solution.


Quote from: taucher0815 on December 27, 2012, 11:47:18 AM
a) Is it possible to add more text to the mail a user gets after downloading an image?
Have a look at the file fullsize_secure.php and check the mail functions. I guess you either have to adjust that line:
$txt = $CONFIG['plugin_ks_fullsize_message_for_customer'] . "\n";
or adjust the corresponding config value.


Quote from: taucher0815 on December 27, 2012, 11:47:18 AM
b) Is there a way to insert the Album-Name and the user name as a variable?
Should be possible by adjusting the some code near the code you found in a).


Quote from: taucher0815 on December 27, 2012, 11:47:18 AM
c) For the access rights of the full sized image: The "secured" images are getting the rights 660. In the settings of coppermine there is an option to set the default access rights of files. When setting 660 there, does this save the step from securing images via the plug in?
If Coppermine has sufficient permissions to change that, I guess you won't be able to access any generated files (thumbnails, intermediate-sized versions). I haven't checked that nor looked at the code. I suggest to test this on your gallery.

taucher0815

Hi André!

Quote from: Αndré on December 28, 2012, 11:12:36 AM
It seems that the plugin doesn't use the cpg mail function, but the PHP function mail.
Please post your solution.
Initially I wanted to host the large gallery on my own server at home via dyndns... Due to bandwidth reasons and a good offer from my webhoster I upgraded my plan there.

Quote from: Αndré on December 28, 2012, 11:12:36 AM
Have a look at the file fullsize_secure.php and check the mail functions. I guess you either have to adjust that line:
$txt = $CONFIG['plugin_ks_fullsize_message_for_customer'] . "\n";
or adjust the corresponding config value.

OK, I will have a look.

Thanks so far!
Sven

taucher0815

Hi Andrè!

The message text is stored in the config-table where the values are defined as varchar(255)...

That's the reason for the limited message size.

Sven

allvip

Fatal error: Call to undefined function ftp_connect() in /gallery/plugins/fullsize_access/fullsize_secure.php on line 177 error when I clik secure all files.

I edited the fullsize_secure.php:




////////////////////// section to edit

// edit ftp user/host data here:
$ftp_server = "ftp.myhost.de";
$ftp_user_name = "my filezilla usename";
$ftp_user_pass = "file zilla pass";
$ftppath_to_cpg = '/gallery/'; // this is the path to your cpg dir starting from your home page root (what the ftp sees by default)

////////////////////// end section to edit



my gallery:

http://allvip.us/gallery/index.php

allvip



allvip

done.ftp suport not showing.

anyway I'm moving my gallery to another host and I will use .htaccess for hotlinking.

yahoo host does not allows many many things.

JohannM

Hi there

I disabled "image information" completely since I do not want to have my website visitors or registered users to see it.

Question: Is there a way to configure this:

1. To enable only my group "VIP" to be able to download
2. Display a simple button "DOWNLOAD" just below or above the intermediate picture based on my usergroup "VIP" ?

Thank you in advance.

JohannM
( www.youth-sport-fotos.com)