Help! With the 'get_file.php' script-and how to...securable Help! With the 'get_file.php' script-and how to...securable
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Help! With the 'get_file.php' script-and how to...securable

Started by bit bit spears, February 01, 2004, 07:02:46 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bit bit spears

Hey! I loved the 'get_file.php' script! But I was wandering if you could modify it for me (just a little, bc i don't know php)

Here is the URL to that script: http://forum.coppermine-gallery.net/index.php?topic=3069&highlight=getfile
____________________________________________________________
When you want to see the thumb, it is like this~>

get_file.php?pid=3078&size=thumb

When you want to see the normal, it is like this~>

get_file.php?pid=3078&size=normal

But, I don' t want users to try and hack this, and try typing in this~>

get_file.php?pid=3078&size=full

But, when i try anything after get_file.php?pid=3078&size=

It shows the full pic, how would i got about making it only show the full pic, if you typed in like get_file.php?pid=3078&size=hires ?

Because if you don't put any text, or put text that is not thumb, full, or normal, it shows the full pic. How would i limit it to only show the full pic if you type in hires after it?

How would you set it to only go into the mode by typing in the text after the size=? meaning:

if someone wanted to try and hack into the script, and use this:

get_file.php?pid=3078&size=full (and if full wasn't the mode to view it full size)

They would get the pic! but, i want it only to display the full size, if you have the right word after

get_file.php?pid=3078&size=

I would like it to say hires after the size=
to make it show the full image, only doing get_file.php?pid=3078&size=hires, could get you the full pic.

Also! make it only show the pics if the user is logged in! how would i go about doing this?
It will make it more secure, plus not as many hotlinks. Also, could you make it only show pics if a user was of a certain user group?

I know this is a lot to ask, but i don't know anything about php! :cry:  and i would like to learn, so if anyone could configure this script-that would be awesome!