Hello Guys,
i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Is there a way to do this for 1.5.x ???
It's only for hiding the url. More Security is done by htaccess file....
Thank you for helping.
PS: I searched a lot, but couldn'T find anything here.
A simple solution would do it.
Quote from: nasiri on December 29, 2010, 02:08:15 PM
i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Please post the links to that mods. Afaik there doesn't exist any mods of that kind that are designed for cpg1.5.x in particular.
f.e.
http://forum.coppermine-gallery.net/index.php/topic,19425.20.html
or
http://forum.coppermine-gallery.net/index.php?topic=6464.0
thank you ... ???
also
http://forum.coppermine-gallery.net/index.php/topic,3069.0.html
doesn't work.
Quote from: nasiri on December 30, 2010, 03:30:18 PM
http://forum.coppermine-gallery.net/index.php/topic,3069.0.html
That mod should do what you asked for. I haven't tested it if it's compatible with cpg1.5.x. What exactly doesn't work?
there is no return $url_prefix[$pic_row['url_prefix']]. path2url($pic_row['filepath']. $pic_prefix[$mode]. $pic_row['filename']); in the include/functions.inc.php of 1.5.10
In cpg1.5.x, it's this line:
return $pic_row['url'];
will test if it's working. thank you anyway ;)
what's with the $CONFIG['url_mode'] = 'hide';
where have i put this code ?? no config.inc.php longer avalaible
i just created a new one with $CONFIG['url_mode'] = 'hide'; or does i have to put it anywhere else ?
the get_file.php looks like ( i changed already $results = mysql_query to cpg_mysql_query ... anything else to change ?)
<?php
define('IN_COPPERMINE', true);
define('GETFILE_PHP', true);
global $CONFIG;
include('include/config.inc.php');
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX'] . "config";
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX'] . "pictures";
db_connect($db);
$results = cpg_mysql_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");
while ($row = mysql_fetch_array($results)) {
$CONFIG[$row['name']] = $row['value'];
} // while
mysql_free_result($results);
// Set error logging level
if ($CONFIG['debug_mode']) {
error_reporting (E_ALL);
} else {
error_reporting (E_ALL ^ E_NOTICE);
}
mysql_close();
if (!function_exists('mime_content_type'))
{
function mime_content_type($path) {
$image_params = getimagesize($path);
if (is_null($image_params))
return null;
else
return $image_params['mime'];
}
}
$pic_prefix = array(
'thumb' => $CONFIG['thumb_pfx'],
'normal' => $CONFIG['normal_pfx'],
'fullsize' => '',
);
$pid = (int) $_GET['pid'];
$size = htmlspecialchars($_GET['size']);
db_connect($db);
$result = mysql_query("select filepath,filename from {$CONFIG['TABLE_PREFIX']}pictures where pid=$pid;");
$result = mysql_fetch_assoc($result);
mysql_close();
$cfilepath = $CONFIG['fullpath'].$result['filepath'].$pic_prefix[$size].$result['filename'];
header('Content-type: '.mime_content_type($cfilepath));
$fp = fopen($cfilepath,'rb');
echo fread($fp,filesize($cfilepath));
fclose();
function db_connect(&$db)
{
global $CONFIG;
$db = mysql_connect($CONFIG['dbserver'],$CONFIG['dbuser'],$CONFIG['dbpass']);
mysql_select_db($CONFIG['dbname']);
}
?>
ignore the information about no longer config.inc.php blabla ... i couldn't delete the post ...
solved ... thanks used the code for my own little plugin.
allright now i've got the problem, that everybody can access the get_file.php?PID=xxxx and change the PID as he wants... is it possible to check if logged in before catching the URL and sending it to the browser ??
solved and plugin created ... have to tune it now.
will post it in 1 week in the pluginsection, i worked with htaccess workaround. maybe some improvements needed.
can be closed!
Thanks for your readiness to share your created plugin with the community. I think a lot of people will use that plugin.
Hi nasiri, did you publish the plugin? i can't find them.