Access to full-sized images using the path from "view source" Access to full-sized images using the path from "view source"
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Access to full-sized images using the path from "view source"

Started by oleredeye, November 29, 2010, 12:57:37 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

oleredeye

My sandpit gallery is http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/ running Coppermine 1.5.8 on a Windows server.

I have configured it so that public users can see a normal, watermarked image overlayed with a transparent gif.

Everybody can View Source so that the path to the image is apparent - for example, the html shows background="albums/userpics/10001/normal_Church_Street_1910.jpg"

So if I enter the URL http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/normal_Church_Street_1910.jpg  I see the normal, watermarked image without the transparent gif.

But if I edit out normal_ to give http://www.helmsleyarchaeologicalandhistoricalsociety.org.uk/cpg15x/albums/userpics/10001/Church_Street_1910.jpg  I see the full-sized, non-watermarked image which I am trying to protect and stop people stealing....

I want to keep the full-sized, non-watermarked images on the server for privileged users and the administrator.  Is there a workaround to this, please?

Feel free to delete this from the forum if you feel it exposes a security issue you would prefer not to make public....

Αndré

That's no security issue and has been discussed lately.

Moving to permissions board.

oleredeye

Fine.  Now sorted with a .htaccess file in the appropriate place...

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.site.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://site.com.* [NC]

RewriteRule /* http://www.site.com/angryman.gif [R,L]

Thanks for pointing me in the right direction, André ...