php file in the album's directories to redirect the curious

vincent3569

hello

now, if we know the path to the files, it is entirely possible to view pictures, even if the gallery is private and is protected by a password.

it's right ?

to fix this problem, it is possible to put a php file with the following code in all directories and subdirectories under Albums:

`<?php<br />
// Recursive call

$url = '../';

header( 'Request-URI: '.$url );

header( 'Content-Location: '.$url );

header( 'Location: '.$url );

exit();

?>

`

Is it possible to create a plugin that automatically write this file in all directories found on the site?

I do not have the skills to do this in php.

sbillard

If the album folder is within the web path and you have no .htaccdess prevention then, yes, someone can view the image.

I am not sure what you are attempting with that PHP script. But it would not prevent a direct link to the image file. Pretty much the only way to do that is as above--external album or .htaccess protection.

acrylian

Take a look at our troubleshooting, there is a template file of a .htaccess file for preventing hotlinking. No guarantee that it works on every server as expected though.

DetlevCM

I just thought I'd comment:

On IIS you cannot use .htaccess - so there is not way of locking out the album folder...

One way of securing data that I came across, is by moving the folder out of the webroot path.
(Webmail Pro6 -> DocumentatioN;: http://www.afterlogic.com/wiki/Installation_Instructions_for_Windows_(WebMail_Pro_6_PHP) )

I.e.
Folder A) - Viweable on the Web
Folder - Outside Webroot, accessible to the code from Webroot

acrylian

On IIS you cannot use .htaccess

We know and we state that we only officially support Apache servers so we can't help with that.

You can move the albums folder out of the webroot but that will make it impossible to use multimedia items. These will not work then, at least not with our standard player.