Pictures for registered users publicly accessible by URL

[Jan]

Great! Great! Great!

Thank you for this useful guide, I will add it into the FAQ section...

Thank you, Jan

[akerman]

Jan. Attention!

First, there is absolutely nothing wrong with the tutorial itself as described above.

However, it seemed that it just worked a little bit 'too good'. After being logged off for a while I now have to login with my '.htaccess' credentials for each of the image categories that I have. In the Front-end. Some caching was obviously 'lurking' around. Sigh...

So, please feel free to use the tutorial as a FAQ on how '.htaccess' works and all quirks around that. It is all valid.
But, the Phocagallery is effected in a negative way. (locking users out).

I'll get back later, hopefully with some kind of solution.

Regards
Akerman

[akerman]

Hi,

work in progress. But there are things I do not understand.

First, this is the change that I've tried in the
'administrator\components\com_phocagallery\helpers\phocagallery.php'
function getPathSet()
{
$pathstring = str_replace('..','',$_SERVER['QUERY_STRING']); // Gives a blank path
$pathx = '/var/ac_images'.$pathstring; // Inserts '/var/ac_images' as path. Directory created manually

$path['orig_abs_ds'] = $pathx . DS . 'images' . DS . 'phocagallery' . DS ; //All images was copied here
$path['orig_abs'] = $pathx . DS . 'images' . DS . 'phocagallery' ;
$path['orig_rel_ds'] = $pathx . '/' . "images/phocagallery/";
return $path;

The only thing that happens is that the thumbs in backend falls away. Frontend is not effected.

And these are the things I don't understand:

1. ALL helper files obviously builds their path strings. Editing must be done in all these files.
2. In the helper files (and likely in other files), there is a lot of 'str_replace' going on and references to the 'Jpath'.

All this leads me to believe that it will be extremly difficult to change this, to somewhere above the Apache/Joomla document root. Right?

------------------------------------------------------------------------------------------------------------------
So maybe it is an alternative to just move/save the original image above the root OR insert it into the database, leaving the rest?

In short how this would work:
When uploading an image, I add a watermark. The watermark is on all images except the original.
When user clicks the 'Download icon' the original image without the watermark is downloaded from the the database or from above the root.

Does this make sense?

All my users that are roaming around in the gallery have already paid for the access. But different users has different access. This works fine through JoomSuite Member component. But what I don't want is to have the occasional guest/visitor to be able to URL/hack their way into the original-non-watermarked image. The watermarkt ones are ok under the '/image/phocagallery' path.

Any hint/idea in the direction of solving this is received with the greatest of gratitudes (possibly even monetary gratitude? )

Regards
Akerman

[Jan]

Hi, there are only two helpers and settings for path:

- in administration and in front (because the path can be different, and there are problems on different servers, e.g.

somewhere works JHTML method and somewhere JRoute method

- JHTML with image code for JHTML methed
- JRoute with standard html <img tag

some of str functions are there only as safety fuse that the path will be ok ...

The problem with original images is, Phoca Gallery only creates thumbnails from them but this is all ... then it doesn't work with original image but only with thumbnails ... original images can be uploaded e.g. via ftp, so Phoca Gallery doesn't manipulate with files, which were not created by itself... There is e.g. exception, that you can create a link to display the original image in e.g. modal box (this is only displaying of original image with the exact path)

- No images are saved in the database, only file paths to the images is saved in the database
- Watermarks - while creating thumbnails, watermarks are added on the thumbnails, but not on the originals (as I said, Phoca Gallery doesn't do anything with originals), they are needed for running gallery (e.g. in case, you want to rotate image, you want to recreate image, you want to display download icon (it is called download icon but in fact it is only displaying original image with information)

Jan

[akerman]

Hi,

OK, things are a bit clearer for me now and hopefully I can turn this info into some useful solution.

Good to know that you're thinking of us and insert safety catches, so we silly users don't go around hurti'n ourselves!

Thanx for the detailed reply, really appreciate you taking the time.

Regards
Akerman

[Jan]

[dwizer]

I'm reading this topic with a big smile on my face I'w been looking for a good component/image viewer with good security. And what's most important for me is to get the images outside the webroot dir and have the image gallery "get them" from that directory outside and show them in some way..

Any progress made from you code-gods? I'm not a coder so i can't help just hope you guys solve this important thing that no other joomla gallery can do..

If this will be possible in Phoca.. It's like a dream come true =)

And thanks for a super nice component

Best Regards from Sweden!

/Mats

**Edited: Just some bad spelling from me..

[purealloy]

Hello!

I am also curious if there has been any progress in securing the photos so they are not directly accessible when for registered users only? Is this a feature that is being worked on?

Unfortunately, I am in the same position of not being able to add much coding help.

Thanks for all the great work!

David

[caro84g]

Hi,

otherwise you could create a 'new' feature request in the feedback forums: http://phoca.uservoice.com/

Regards, Carolien

[Designated]

Was this resolved in the 1.6 version of the component?