Fullsize_access plugin problem Fullsize_access plugin problem
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Fullsize_access plugin problem

Started by LaizurePhoto, December 29, 2009, 12:41:17 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

LaizurePhoto

Coppermine 1.4.16 with Fullsize_access plugin....

Has performed like a champ for over a year. However, now when users try to download the fullsize photo, thye get the following error:

FTP connection has failed!Attempted to connect to for user

Absolutely nothing has been changed and I am the only one with admin priveleges.

Any suggestions or fixes?

Jeff Bailey

Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford


Joe Carver

First and fast you should upgrade your Coppermine.
<!--Coppermine Photo Gallery 1.4.16 (stable)-->
Is very much outdated.

Joachim Müller

Quote from: LaizurePhoto on December 29, 2009, 12:41:17 AM
Coppermine 1.4.16
Upgrade as suggested
Quote from: LaizurePhoto on December 29, 2009, 12:41:17 AMwith Fullsize_access plugin....
We don't know what plugin you refer to. Post a link to the announcement thread of that plugin in the future instead of forcing us to look that up. I guess you're refering to Fullsize Access.

Quote from: LaizurePhoto on December 29, 2009, 12:41:17 AMHas performed like a champ for over a year. However, now when users try to download the fullsize photo, thye get the following error:

FTP connection has failed!Attempted to connect to for user
That error message is probably misleading. I don't get that error message though using the test user account you posted. What's the magic behind that plugin? In fact I don't see any chance to download a full-size pic at all, but by manually entering the URL of the full-size pic into the address bar of the browser, which works just fine as far as I can tell. Even in a browser where I have never logged in with your test user account I can access http://www.soonersportsphotos.com/sooners/albums/OUFBvsBYU2009/2502byujx.jpg (randomly picked) just fine (that image usually is embedded into http://soonersportsphotos.com/sooners/displayimage.php?pos=-16768), so I can not see how the plugin could probably protect the full-sized pic. Quite frankly: I think that the plugin doesn't work as advertized.

Quote from: LaizurePhoto on December 29, 2009, 12:41:17 AMAny suggestions or fixes?
Yes: besides of upgrading, restore the JavaScript file http://www.soonersportsphotos.com/sooners/script.js that comes with coppermine.

LaizurePhoto

I have upgraded to Coppermine 1.4.25 and replaced the javascript file mentioned....probem still persists

The purpose of this plug-in for me is to allow editors and designers to download the hi-res file by using the link that appears below the photo in the preview window......


Jeff Bailey

If you are talking about Fullsize Access
The only thing I see that it uses FTP for is to change file attributes
Quote from: ks on September 17, 2006, 10:29:39 AM
The optional file security feature will prevent users to download pics by entering the pics url directly and it works like this:
- if a fullsize pic is requested, the plugin first changes the file attributes from 660 (safe) to 666 (unsafe) and then sends the file to the user. After the download the attribute is set back to 660.
- The fullsize access conig panel has  buttons to secure and unsecure all files
- The file attribute is changed via ftp
Is this turned on?

If it is read this
Quote from: ks on September 17, 2006, 10:29:39 AM
If you want to use this feature you have to edit the file 'fullsize_secure.php'. At the beginning of the file there is a section where you must specify your ftp login and the path for the ftp client to the coppermine root.  New pics that are added to the cpg gallery are not automatically secured. You must use the secure button in the plugins config page. So this feature is only useful for galleries were only 1 or a few people are uploading pics.
I'm not an unix/apache expert and the security feature is open for discussion. On my present webserver the file attribute change from 660 to 666 is not needed to download the file via the script. However this was different on my old system.... Any suggestions are welcome!
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford