Announcement

  •  » Engine
  •  » Multiple-size

#16 2011-12-28 15:32:52

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

rvelices wrote:

Yes: you need to protect your directory with a .htaccess, make sure you have enabled_high=false for everyone and make sure your original photos are larger than the biggest resize

Correction: It will not work if you have non photos (such as movies or zip files that require to be sent to browser ). However with some plugins and existing action.php it might work ...

Offline

 

#17 2011-12-28 15:40:20

flop25
Piwigo Team
2006-07-06
7037

Re: Multiple-size

@rvelices
I like your strap nodatabase, but can we imagin a configfile or another i.php, for allowing crypted request (crypted with the secret key...) ?


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#18 2011-12-29 07:17:21

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

flop25 wrote:

@rvelices
I like your strap nodatabase, but can we imagin a configfile or another i.php, for allowing crypted request (crypted with the secret key...) ?

In order to do what ?

Offline

 

#19 2011-12-29 10:34:54

rub
Former Piwigo Team
Lille
2005-08-26
5019

Re: Multiple-size

with [Subversion] r12802 and $conf['data_location'] is not possible to set _data on "private" directory. Like a directory not visible by http.
I know that I can used . .htaccess but with current version I liked to make difference between temporary data (templates, data plugin, ...) and visible data (combined, local data)...

For exemple, http:\\toto\Piwigo.

On server, there are:
───root
   ├───www
   │   └───Piwigo
   │       ├───local
   │       │   ├───combined
   │       │   │   
   │       │   └───i
   ├───tmp
   │   └───_data
   │       │   ├───templates_c

Offline

 

#20 2011-12-29 10:58:42

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13795

Re: Multiple-size

Offline

 

#21 2011-12-29 11:04:48

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13795

Re: Multiple-size

rvelices, Piwigo currently (version 2.3) has an option to remove access to HD (user by user), but this is just a "display option" to remove the link to the HD : the HD remains reachable if you know the path pattern to the HD.

With Piwigo 2.4, this option also needs to be redesigned because "HD" doesn't mean the same. I think that a "maximum visible size" would be better but we keep the problem of the path pattern : if you know the path to the thumbnail, you can find the path to any other size.

What's your opinion about that? Do you think we can do something clean and more secure?

Offline

 

#22 2011-12-29 11:38:22

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

plg wrote:

What's your opinion about that? Do you think we can do something clean and more secure?

Not yet properly working with svn trunk but my target for securing originals will be a plugin that:
- adds .htacces in uploads/galleries deny from all
- implement two event handlers
    get_element_url - will return action.php?part=e&id=1&view instead of get_root_url().row[path]
    get_representative_url - will return action.php?part=r&id=1&view. instead of get_root_url().add_pwg_representative_inside(row[path])

Offline

 

#23 2011-12-29 11:55:08

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13795

Re: Multiple-size

rvelices wrote:

plg wrote:

What's your opinion about that? Do you think we can do something clean and more secure?

- implement two event handlers
    get_element_url - will return action.php?part=e&id=1&view instead of get_root_url().row[path]

That doesn't sound enough for me if the visitor can still open _data/i/[path]-la.jpg : we also need .htacess into _data/i, don't you think?

Have you already made some performance test on action.php used for all thumbnail/photo etc? (I haven't and I wonder if it needs a lot of CPU/memory on server side)

Offline

 

#24 2011-12-29 12:08:47

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

plg wrote:

That doesn't sound enough for me if the visitor can still open _data/i/[path]-la.jpg : we also need .htacess into _data/i, don't you think?

My idea was not to protect _data/i - the webmaster could always allow only "small" resizes.
However this would work out of the box if you choose $conf['derivative_url_style']=2 (i.php) and if we finish the implementation i.php (look for // todo send pass-through )

plg wrote:

Have you already made some performance test on action.php used for all thumbnail/photo etc? (I haven't and I wonder if it needs a lot of CPU/memory on server side)

No tests done, but I would say - no CPU usage, rather heavy IO. Instead of apache using an optimized syscall for transferring data (checkout sendfile function), php reads the file and then outputs it (either quick if used as a php module or with extra IO as cgi/fcgi)

Offline

 

#25 2011-12-29 14:05:20

flop25
Piwigo Team
2006-07-06
7037

Re: Multiple-size

rvelices wrote:

flop25 wrote:

@rvelices
I like your strap nodatabase, but can we imagin a configfile or another i.php, for allowing crypted request (crypted with the secret key...) ?

In order to do what ?

like Pierrick I was thinking of " the problem of the path pattern : if you know the path to the thumbnail, you can find the path to any other size.".
I also was thinking about adding other location of pictures, how to secure it (I was focusing of hiding the path, but adding an htaccess is much easier) : we could specify any path to i.php (ex public_html/blabla/mypic/ ) and generate the multisized pics in _data/i/blabla/mypic/


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#26 2011-12-30 14:36:33

flop25
Piwigo Team
2006-07-06
7037

Re: Multiple-size

You have already thought about this, but I asked myself why we need to remove the Remote Sites : can you explain why we can't check if http://mysite/_data/mypicture-tn.jpeg exists and call the distant i.php?etc to generate it ? I'm sorry if it appears as a stupid question for you, I'm certainly missing something


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#27 2012-01-12 22:56:15

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13795

Re: Multiple-size

rvelices wrote:

The remaining things to do (in order of importance from my point of view) are:
c. review upload (forms + ws)?

Done for upload form and pwg.images.addSimple. Still under review for pwg.images.add.

Offline

 

#28 2012-01-13 09:03:43

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

plg wrote:

Done for upload form and pwg.images.addSimple. Still under review for pwg.images.add.

You can still cleanup in functions_upload
'tn_ext' => 'jpg',

    if (isset($high_infos))
    {
      $insert['has_high'] = 'true';
      $insert['high_filesize'] = $high_infos['filesize'];
      $insert['high_width'] = $high_infos['width'];
      $insert['high_height'] = $high_infos['height'];
    }

in file_path_for_type the only acceptable $type parameters should be 'original' and 'representative' (if the added element is not a picture)

Offline

 

#29 2012-01-16 13:41:55

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13795

Re: Multiple-size

I'm implementing the "update file" algorithm and I'm searching the deleteDerivative function you had described me. I don't find it. Is it in the TODO list or did I miss it?

Offline

 

#30 2012-01-16 14:18:02

rvelices
Former Piwigo Team
2005-12-29
1960

Re: Multiple-size

plg wrote:

I'm implementing the "update file" algorithm and I'm searching the deleteDerivative function you had described me. I don't find it. Is it in the TODO list or did I miss it?

it's in the todolist you can put sth like
function delete_element_derivatives($infos)
{
  // todo
}
in admin functions.inc.php and call it ...

Offline

 
  •  » Engine
  •  » Multiple-size

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact