How to hide IMAGE URL for Download on Displayimage Site

[nasiri]

Hello Guys,

i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.
Is there a way to do this for 1.5.x
It's only for hiding the url. More Security is done by htaccess file....

Thank you for helping.

PS: I searched a lot, but couldn'T find anything here.
A simple solution would do it.

[Αndré]

i tried several mods from earlier versions to hide the Image Url and instead using something like download.php?PID=12345.

Please post the links to that mods. Afaik there doesn't exist any mods of that kind that are designed for cpg1.5.x in particular.

[nasiri]

f.e.

http://forum.coppermine-gallery.net/index.php/topic,19425.20.html
or
http://forum.coppermine-gallery.net/index.php?topic=6464.0

thank you ... 

[nasiri]

also

http://forum.coppermine-gallery.net/index.php/topic,3069.0.html

doesn't work.

[Αndré]

http://forum.coppermine-gallery.net/index.php/topic,3069.0.html

That mod should do what you asked for. I haven't tested it if it's compatible with cpg1.5.x. What exactly doesn't work?

[nasiri]

there is no

Code Select Expand

return $url_prefix[$pic_row['url_prefix']]. path2url($pic_row['filepath']. $pic_prefix[$mode]. $pic_row['filename']); in the include/functions.inc.php of 1.5.10

[Αndré]

In cpg1.5.x, it's this line:

Code Select Expand

return $pic_row['url'];

[nasiri]

will test if it's working. thank you anyway

[nasiri]

what's with the

Code Select Expand

$CONFIG['url_mode'] = 'hide';
where have i put this code ?? no config.inc.php longer avalaible

[nasiri]

i just created a new one with

Code Select Expand

$CONFIG['url_mode'] = 'hide'; or does i have to put it anywhere else ?
the get_file.php looks like ( i changed already $results = mysql_query to cpg_mysql_query ... anything else to change ?)

Code Select Expand

<?php 

define('IN_COPPERMINE', true); 
define('GETFILE_PHP', true); 

global $CONFIG; 

include('include/config.inc.php');
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX'] . "config"; 
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX'] . "pictures"; 

db_connect($db); 
$results = cpg_mysql_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");

while ($row = mysql_fetch_array($results)) { 
    $CONFIG[$row['name']] = $row['value']; 
} // while 
mysql_free_result($results); 
// Set error logging level 
if ($CONFIG['debug_mode']) { 
    error_reporting (E_ALL); 
} else { 
    error_reporting (E_ALL ^ E_NOTICE); 
} 
mysql_close(); 

if (!function_exists('mime_content_type')) 
{ 
    function mime_content_type($path) { 
        $image_params = getimagesize($path); 
        if (is_null($image_params)) 
            return null; 
        else 
            return $image_params['mime']; 
    } 
} 

$pic_prefix = array( 
        'thumb' => $CONFIG['thumb_pfx'], 
        'normal' => $CONFIG['normal_pfx'], 
        'fullsize' => '', 
); 

$pid = (int) $_GET['pid']; 
$size = htmlspecialchars($_GET['size']);

db_connect($db); 

$result = mysql_query("select filepath,filename from {$CONFIG['TABLE_PREFIX']}pictures where pid=$pid;"); 
$result = mysql_fetch_assoc($result); 
mysql_close(); 

$cfilepath = $CONFIG['fullpath'].$result['filepath'].$pic_prefix[$size].$result['filename']; 
header('Content-type: '.mime_content_type($cfilepath)); 

$fp = fopen($cfilepath,'rb'); 
echo fread($fp,filesize($cfilepath)); 
fclose(); 

function db_connect(&$db) 
{ 
        global $CONFIG; 
        $db = mysql_connect($CONFIG['dbserver'],$CONFIG['dbuser'],$CONFIG['dbpass']); 
        mysql_select_db($CONFIG['dbname']); 
} 
?>

[nasiri]

ignore the information about no longer config.inc.php blabla ... i couldn't delete the post ...

[nasiri]

solved ... thanks used the code for my own little plugin.

[nasiri]

allright now i've got the problem, that everybody can access the get_file.php?PID=xxxx and change the PID as he wants... is it possible to check if logged in before catching the URL and sending it to the browser ??

[nasiri]

solved and plugin created ... have to tune it now.
will post it in 1 week in the pluginsection, i worked with htaccess workaround. maybe some improvements needed.

can be closed!

[Αndré]

Thanks for your readiness to share your created plugin with the community. I think a lot of people will use that plugin.

[fci]

Hi nasiri, did you publish the plugin? i can't find them.