[cpg1.4.x]: Download a Zipped Album With Basic Security - Page 3 [cpg1.4.x]: Download a Zipped Album With Basic Security - Page 3
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[cpg1.4.x]: Download a Zipped Album With Basic Security

Started by erostew, October 25, 2007, 08:53:17 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rebel Racer

Hi,

Thanks for making this mod - I've been looking for something like this for ages! If only I could get it to work!  :'(

I followed your instructions carefully, but when it came time to test the script, I get a humongous error message, it reads:

QuoteWarning: Cannot modify header information - headers already sent by (output started at /home/content/d/o/c/dockingbay101/html/images/include/config.inc.php:17) in /home/content/d/o/c/dockingbay101/html/images/zip.php on line 71

Warning: Cannot modify header information - headers already sent by (output started at /home/content/d/o/c/dockingbay101/html/images/include/config.inc.php:17) in /home/content/d/o/c/dockingbay101/html/images/zip.php on line 72

Warning: Cannot modify header information - headers already sent by (output started at /home/content/d/o/c/dockingbay101/html/images/include/config.inc.php:17) in /home/content/d/o/c/dockingbay101/html/images/zip.php on line 73

...and is followed by millions of nonsensical characters.

You can see it in action on my site here: http://www.dockingbay101.com/images/thumbnails.php?album=1

Any idea what I'm doing wrong/how to fix this?

Thanks again for your time!

Nibbler

Looks like you were hacked but didn't clean everything up. Remove the iframe from include/config.inc.php and any whitespace after the closing ?>

Rebel Racer

Thank you for your insightful instructions, Nibbler! I did as you instructed and the script now works flawlessly.

Many, many thanks!

screech

First i hope you can excuse me for my bad english..

I do all things i can, All works except the ZIP File i download directly.

this is the error i get after the downloading: !   "C:\Documents and Settings\Administrateur\Bureau\2008+-+Visite+de+Soumia.zip: Unexpected end of archive"

If i try to download directly from the FTP in the zipfile folder, the generated ZIP file Work, but it didn't work if i download it from the link in the galery.

I try with PCLZIP 2-5 and 2-6 the error is the same.

(I try version 1.1 and 1.2 too but no change...)

This is a link to my gallery : http://screech2.free.fr

Can you help me ?

erostew

Quote from: screech on October 26, 2008, 07:40:27 PM
First i hope you can excuse me for my bad english..

I do all things i can, All works except the ZIP File i download directly.

this is the error i get after the downloading: !   "C:\Documents and Settings\Administrateur\Bureau\2008+-+Visite+de+Soumia.zip: Unexpected end of archive"

If i try to download directly from the FTP in the zipfile folder, the generated ZIP file Work, but it didn't work if i download it from the link in the galery.

I try with PCLZIP 2-5 and 2-6 the error is the same.

(I try version 1.1 and 1.2 too but no change...)

This is a link to my gallery : http://screech2.free.fr

Can you help me ?


I can't say what the problem is for sure. If the zip file is okay by ftp then it seems the script is working okay. I would guess it is an error caused by the server configuration. For some reason it seems not to transfer the zip file correctly. Not sure what kind of Apache that server is running as the headers don't say. There is some small possibility that the problem might be caused by the "/" in the album name. You could try renaming it to something like 01.02.2008 and see if it makes any difference.

Maybe someone else will have a different suggestion but I'm afraid I don't have any other ideas. Good luck.

screech

Thanks for your help.

I try to rename the album name without "/" (now it's 10-08-2008) but the problem is the same.

My Apache serveur is  hosted by my provider "Free" So it's impossible for me to change settings on it...

But if it's help

PHP : PHP Version 4.4.3-dev
MySQL : 5.0.51a
But i'm sorry i can't found the version of the Apache serveur...

If you think about some other hint ;) i take it ;) thank you.

primera

Hi all, i am the newbie of the php and Coppermine, i've just follow all the step ...and get the error code which is...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

did anyone know about this ?

thx ~

Joachim Müller

Means that you haven't followed the instructions to a tee. Undo your edits and re-apply the mod extra throughly. Impossible to advise anything else, since we can't see what you did.

primera

yeah ... this time i step by step clearly. and it's work ...thanks Joachim Müller !!
but anything came out....

the page "You don't have permission to do that!" come out when i click on "download album"  even i am using administrator to log in..


stardust

This was actually very fast and easy to do, so thank you so much for this mod!

I would like it if the mod recognized the registered user, so we wouldn't have to change the album permission. In that way, anyone can view the content in the albums, but the Download Album link only appears when viewers are logged in. But I don't know if this is possible? Or I think somewhere in this thread, it's said that the security can only be done through album properties?  ???

Oh well, this is still a great mod. Thanks again!

Artin1

I installed the script. And when I click on the download album link i get this error:


Warning: opendir(zipfiles/) [function.opendir]: failed to open dir: No such file or directory in /home/deltadai/public_html/gallery/zip.php on line 13

Warning: readdir(): supplied argument is not a valid Directory resource in /home/deltadai/public_html/gallery/zip.php on line 15

Warning: closedir(): supplied argument is not a valid Directory resource in /home/deltadai/public_html/gallery/zip.php on line 20
Error : PCLZIP_ERR_READ_OPEN_FAIL (-2) : Unable to open archive 'zipfiles/Madison+-+April.zip' in wb mode


??? Any ideas?

Thanks,
Artin

Artin1

Sorry, I fixed it! Sorry about that. I can't edit my previous post.

Artin

quake_jatekos

Hi all.
I post here since I can post here. I do not find any button to make a new discussion or whatever.
Here is a Tar downloader (All, large pictures, norm pictures)
There is a short info inside the Zip.
Hope it works.

By

quake_jatekos

Quote from: quake_jatekos on April 10, 2009, 10:56:02 AM
Hi all.
I post here since I can post here. I do not find any button to make a new discussion or whatever.
Here is a Tar downloader (All, large pictures, norm pictures)
There is a short info inside the Zip.
Hope it works.

By

Sorry, the help txt was not saved :):)
Here:

Coppermine "download all" easy

I created a coppermine patch to everyone who do not like shopping carts and others.
To whom want to share their coppermine gallery for download (.tar).
- Download cpg1.4.21.zip
- Owerwrite the files you can find here

You will see the change in the coppermine having icons with title for categories and albums:
   Video Camera icon: "Videók és nagy képek letöltése" == Download ALL Recursively
   Big Camera icon: "Nagy képek letöltése" == Download Only images (mime=image/*)
   Small Camera icon: "Csak normál képek letöltése" == Download normal_* images

- No security considerations! Since Coppermine security is suxx.
- No internationalization Since I'm lazy (there is only 4 new text, above 3 plus "Letöltés" == Download)
- Needs Pear installed with "Archive_Tar"

Have fun
quake_jatekos@freemail.hu

modrej

hi... i've just installed this MOD, it's great, but...

is it possible to change it some easy way, so archive name includes the last directory, which album is inside?

for example album is in this directory tree: year -> month -> event -> album and i would like to have archive name like this: event+album.zip

i cant do that myself

thx for help

Joachim Müller

Quote from: quake_jatekos on April 10, 2009, 10:56:02 AM
I post here since I can post here. I do not find any button to make a new discussion or whatever.
Sure. Whatever. Read up "Modifications/Add-Ons/Hacks > About this board - READ".

GecKoTDF

I tested in my Coppermine Photo Gallery 1.4.24 (stable) and works great no problem y download SecureZip 1.2 and the last version of the plugin in the web PCLZIP Release 2.8, and no problem, i follow the steps one by one and everything okay, thanks for the mod.

FireBird2003

Hi,

I implemented a better security check. These few lines should check the user-groups for the current user against the user-group which is used by the album:

/* updated Check up by FireBird2003 {*/
$sql = 'SELECT user_group_list FROM `'.$CONFIG['TABLE_PREFIX'].'users` where `user_id` = ' . USER_ID;
$result = mysql_query($sql) OR die(mysql_error());
$priv2 = mysql_fetch_assoc($result);
$user_group_list = split ("[, ]", $priv2["user_group_list"]);
if (($priv["visibility"] != '0') && (!in_array($priv["visibility"], $user_group_list))){
/* } // updated Check up by FireBird2003 */


it shoud be placed after
$sql = 'SELECT visibility FROM `'.$CONFIG['TABLE_PREFIX'].'albums` where `aid` = ' . $aid;
$result = mysql_query($sql) OR die(mysql_error());
$priv = mysql_fetch_assoc($result)


replacing the followed if-clause.

There is still a problem: If I choose a big album I get a file sized 0kb. Any ideas for that?

Attached you wil find my changed zip.php.tx. Rename it to zip.php.

Thx in advance.

the1shadow

Just wanted to throw in a quick note... This mod works GREAT and is exactly what I needed.  The instructions are very clear and easy to follow for installation.  Worked great off the bat.  Thanks so much!

nellygrl

The second step says to add the code you posted just above the "?>" at the end of template.php. I looksed on my theme to add the code, but the ?> wasn'y on it. I was thinking that it was because I have a different them, so I checked the classic, rany_day, and water_drop themes to see what it should look like, but none of them had it either and I've never even touched those themes.

Can anyone offer any insight on this problem?