Messages

31

Feedback & Suggestions / Re: Pic Security

« on: May 05, 2005, 03:38:02 PM »

hi guys ,
i have found a simple solution for Pic Security of my own ... which was causing me much problem .  I have posted a solution i found here which i have tested and gonna use . http://www.4homepages.de/forum/index.php?topic=7630.0 let me know if this helps you .

32

Installation, Update & Configuration / Re: media directory restrictions

« on: May 05, 2005, 03:35:47 PM »

Hi guys ,
I have managed to find my solution , and this is the code i am using is below . hopefully this will help others . Put these codes in a .htaccess file under every directory u have under the media directory and upload the file .

Code: [Select]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/gallery/.*.php(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://www.mysite.com/gallery/ [R,NC]

What this will do :

this will allow you to prevent other sites from hotlinking your images . anyone trying to hotlink your images will now get get nothing .
Not just hotlinking from other site , my problem was : anyone copying the shortcut of the thumbnail files and changign the thumbnails to media , could easily be able to view the full images by Being a GUEST even !! . This will redirect those users to the homepage of your gallery ( u may change it to what u want ) .

Cheers

33

Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.10.4

« on: May 05, 2005, 06:33:44 AM »

hi V@no ...
i understand that . Anyway ... the db not found problem was a mistake ... but still the file names didnt change to anything random after that code ( now succesfully inserted ) . take a check on this category latest images : http://www.discusstv.com/gallery/cat101.htm for example . anythign after 6305 . if u want i can PM u further details .

34

Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.10.4

« on: May 03, 2005, 03:15:45 PM »

V@no ,
i was guessing you meant in the file " checkimages.php " . I tried changing that code , and it gives

Code: [Select]

could not select Database

35

Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.10.4

« on: May 03, 2005, 02:59:39 PM »

i will find / replace the above code in which file ? image_utils.php or admin_functions.php ? 

36

Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.10.3

« on: May 03, 2005, 02:08:47 PM »

V@no ,
i have this mod working on my gallery . I am on 4images 1.7 . I want to know if there is a way , i can automatically rename the IMAGE file in a different random way from the THUMBNAIL file , while running Check New Images or Validate Images .
This is because currently many members are taking advantage of the Pic Security issue by copying THUMBNAIL shiortcut and pastingit and changing it to MEDIA and gettng the full image even without loging in.

37

Installation, Update & Configuration / media directory restrictions

« on: April 26, 2005, 04:22:53 PM »

hey
how can we prevent users ( Guests ) from being able to simply copy paste a image url from the thumbnail link and then change the " thumbnail" to "media" and thus view the image , even without loggin in ?

38

Chit Chat / batch import , annotation and random images at different server if reqd

« on: March 17, 2005, 11:36:29 PM »

Hi I am not fully sure that these are the ones you have mentioned ... or the proper version.  but i have recieved great support from this forum several times . so if these files helps , i would be very happy . http://www.discusstv.com/discusstv.com/sigs/annotation_1_4.zip and  http://www.discusstv.com/discusstv.com/sigs/batch_import.zip

I also have this one for showing random images at external server . i am pasting here

Showing random image at external web-page (could be even on different server)

Code:

<?php
define('ROOT_PATH', './4images/');
define('SITE_URL', 'http://gallery.mysite.com/');

$db_servertype = "mysql";
$db_host = "localhost";
$db_name = "database";
$db_user = "user";
$db_password = "password";

$table_prefix = "4images_";

define('4IMAGES_ACTIVE', 1);

include_once('db_mysql.php');

define('PIC_CATEGORIES_TABLE', '4images_categories');
define('PIC_IMAGES_TABLE', '4images_images');
define('THUMB_DIR', 'data/thumbnails');
define('AUTH_ALL', 0);
define('AUTH_USER', 2);
define('AUTH_ACL', 3);
define('AUTH_ADMIN', 9);

$pics_db = new Db($db_host, $db_user, $db_password, $db_name);

function is_remote($file_name) {
  return (preg_match('#^https?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $file_name)) ? 1 : 0;
}

$sql = "SELECT COUNT(*) as total_images FROM ".PIC_IMAGES_TABLE." a, ".PIC_CATEGORIES_TABLE." b WHERE a.image_active=1 AND a.cat_id = b.cat_id AND b.auth_viewcat=".AUTH_ALL." AND b.auth_viewimage=".AUTH_ALL."";
$row = $pics_db->query_firstrow($sql);
$total_images = $row['total_images'];

mt_srand((double)microtime() * 1000000);
$number = ($total_images > 1) ? mt_rand(0, $total_images - 1) : 0;

$sql = "SELECT a.image_id, a.cat_id, a.image_name, a.image_active, a.image_thumb_file, a.image_comments FROM ".PIC_IMAGES_TABLE." a, ".PIC_CATEGORIES_TABLE." b WHERE a.image_active=1 AND a.cat_id = b.cat_id AND b.auth_viewcat=".AUTH_ALL." AND b.auth_viewimage=".AUTH_ALL." LIMIT $number, 1";
$row = $pics_db->query_firstrow($sql);
$image_id = $row['image_id'];
$cat_id = $row['cat_id'];
$image_name = $row['image_name'];
$image_comments = $row['image_comments'];
$thumb_src = (is_remote($row['image_thumb_file'])) ? $row['image_thumb_file'] : SITE_URL.THUMB_DIR."/".$cat_id."/".$row['image_thumb_file'];

echo "<a target=\"a\" href=\"".SITE_URL."details.php?image_id=$image_id\"><img src=\"".$thumb_src."\" border=\"0\" vspace=\"2\" alt=\"$image_name\"></a><br>\n";
echo "$image_name<br>\n";
echo "<a target=\"a\" href=\"".SITE_URL."\">Total: <b>$total_images</b> images in the gallery</a><br>\n";
?>



 Showing latest image at external web-page (could be even on different server)

Code:

<?php
define('ROOT_PATH', './4images/');
define('SITE_URL', 'http://gallery.mysite.com/');

$db_servertype = "mysql";
$db_host = "localhost";
$db_name = "database";
$db_user = "user";
$db_password = "password";

$table_prefix = "4images_";

define('4IMAGES_ACTIVE', 1);

include_once('db_mysql.php');

define('PIC_CATEGORIES_TABLE', '4images_categories');
define('PIC_IMAGES_TABLE', '4images_images');
define('THUMB_DIR', 'data/thumbnails');
define('AUTH_ALL', 0);
define('AUTH_USER', 2);
define('AUTH_ACL', 3);
define('AUTH_ADMIN', 9);

$pics_db = new Db($db_host, $db_user, $db_password, $db_name);

function is_remote($file_name) {
  return (preg_match('#^https?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $file_name)) ? 1 : 0;
}

$sql = "SELECT COUNT(*) as total_images FROM ".PIC_IMAGES_TABLE." a, ".PIC_CATEGORIES_TABLE." b WHERE a.image_active=1 AND a.cat_id = b.cat_id AND b.auth_viewcat=".AUTH_ALL." AND b.auth_viewimage=".AUTH_ALL."";
$row = $pics_db->query_firstrow($sql);
$total_images = $row['total_images'];

$sql = "SELECT a.image_id, a.cat_id, a.image_name, a.image_active, a.image_thumb_file, a.image_comments, a.image_date FROM ".PIC_IMAGES_TABLE." a, ".PIC_CATEGORIES_TABLE." b WHERE a.image_active=1 AND a.cat_id = b.cat_id AND b.auth_viewcat=".AUTH_ALL." AND b.auth_viewimage=".AUTH_ALL." ORDER BY a.image_date DESC LIMIT 1";

$row = $pics_db->query_firstrow($sql);
$image_id = $row['image_id'];
$cat_id = $row['cat_id'];
$image_name = $row['image_name'];
$image_comments = $row['image_comments'];
$thumb_src = (is_remote($row['image_thumb_file'])) ? $row['image_thumb_file'] : SITE_URL.THUMB_DIR."/".$cat_id."/".$row['image_thumb_file'];

echo "<a target=\"a\" href=\"".SITE_URL."details.php?image_id=$image_id\"><img src=\"".$thumb_src."\" border=\"0\" vspace=\"2\" alt=\"$image_name\"></a><br>\n";
echo "$image_name<br>\n";
echo "<a target=\"a\" href=\"".SITE_URL."\">Total: <b>$total_images</b> images in the gallery</a><br>\n";
?>



Usage: copy db_mysql.php from 4images directory to your external website, put <?php include("./filename.php"); ?> into the page, where you want to show pics