laneoc
Posts: 154
|
| Posted: 10/04/2012, 6:21 PM |
|
Hi all -
My application has a page with a client photo. The application prevents users from seeing each other's client pages.
However if a user finds out the URL of other clients' photo image files, the application cannot prevent it.
Using mod_auth_token seems to be the best solution. Before I dive in, might you have a different suggestion?
Lane
_________________
Lane |
 |
 |
bannedone
Posts: 273
|
| Posted: 10/04/2012, 9:59 PM |
|
Hi
I would have suggested a few ways of doing it in CCS.
But after looking at the mod_auth_token information I agree with you, using mod_auth_token would be by far the easiest and quickest I think.
http://code.google.com/p/mod-auth-token/
However if you need a CCS solution, let me know.
Have Fun
_________________
John Real
CodeCharge Studio Support, Training, Consulting, Development, Web based solutions
http://realsites.biz
http://ccselite.com
Other Banned IDs on this Forum. jjrjr1, jjrjr2 |
|
|
|
solesz
Posts: 137
|
| Posted: 10/05/2012, 12:37 AM |
|
I used the following method:
1. When user registered I generated a "secret" key stored in user table.
2. Then all file which was uploaded has been renamed in such way:
hash of (user name + secret_key) concat (serial number)
3. For links reference only serial number stored. The link assembled during page generation.
So file name can not be figured out.
|
|
|
|
laneoc
Posts: 154
|
| Posted: 10/05/2012, 5:06 AM |
|
Banned One --
Yes, I would like to know more about a CCS aproach.
Lane
_________________
Lane |
|
|
|
bannedone
Posts: 273
|
| Posted: 10/07/2012, 11:41 AM |
|
Hi Lane
Here is a method I have used for this in CCS.
Basically what we do is create an image server php script in CCS and control access to it using session variables.
So first create a new blank CCS page. Let's call it imageserver.
Add a record to that page that you can send a ID value to that would bring up the image file name.
In other words the profile record that contains the image for any given member.
What we will do is call this image server like this
imageserver.php?img=1
The record in that page should bring up the image file name.
Once you get this working properly add a BeforeShow event custom code for that record
Like so:
if(!CCGetSession("auth","")) die("No Access Allowed");
That line will kick out un-authorized users and stop access based on a session variable we will set in your display page.
Next get the filename from your display record
$imagename=$Container->The_Image_filename_Control->GetValue();
$imagepath="path/to/your/images/"; // put your image path here
Now reset the session value
if(CCGetFromGet("q","")) CCSetSession("auth","");
The reason for the q parameter is to allow more than one image to be served up by the display page. So on the display page you can have several images served up but the last one on the page sends the q parameter to cancel the auth session.
Like so: imageserver.php?img=10&q=yes
Now back to your BeforeShow Custom Code add this
readfile($imagepath.$imagename);
exit;
That's about it for your image server..
Now on the page that will display the images add this in the AfterInitialize event Custom Code
CCSetSession("auth","YES");
Now everywere you want an image from the image server put a template variable into the image tag source property like so.
<img src="{YourTemplateVariableName}" />
You can have as many as you want but each must be unique.
Now create custom code for the before show event to poplulate all your images on the page like so.
global $Tpl;
//Your script will have to determine what value $theimg gets. Probably your member # or the index where all the profile info comes from.
$theimg="1"; // this will actually be the record index for the table you get the image name from in imageserver.php
$Tpl->setvar("YourTemplateVariableName","imageserver.php?img=".$theimg);
Do it like this if it is the last or only image on the page
$Tpl->setvar("YourTemplateVariableName","imageserver.php?img=".$theimg."&q=yes");
Well that should just about do it.
I use methods similar to this to protect videos as well.
Let me know if this worked for you.
Have fun
_________________
John Real
CodeCharge Studio Support, Training, Consulting, Development, Web based solutions
http://realsites.biz
http://ccselite.com
Other Banned IDs on this Forum. jjrjr1, jjrjr2 |
|
|
|
laneoc
Posts: 154
|
| Posted: 10/08/2012, 8:23 PM |
|
Banned One I now owe you two favors. Your approach works very nicely for me, thank you so kindly.
(The other favor is for help on triggering background email generation a couple years ago.)
Furthermore, each approach pushed me into some concepts which I used / can use to solve other challenges.
Lane
_________________
Lane |
|
|
|
|
