Tomcat Posted February 18, 2009 Share Posted February 18, 2009 for those of you having the login redirect problem try to change the form constructor for uploading images located in gallery_user.php from: <form enctype="multipart/form-data" action="gallery_user.php" method="POST"> to: <?php echo tep_draw_form('fotouploaden', 'gallery_user.php?osCsid=' . $osCsid ,'post', 'enctype="multipart/form-data"');?> Quote Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
nromain Posted February 18, 2009 Share Posted February 18, 2009 (edited) Some unscrupulous genius keep posting spam and ads in the Comments of my customer's photos... I constantly have to delete the comments in Admin. How can I prevent bad users from adding their stupid ads to my customer's photos? Would appreciate any ideas. My Gallery page is: http://northamericantuning.com/catalog/gallery.php Edited February 18, 2009 by nromain Quote Nick G. Romain Link to comment Share on other sites More sharing options...
paperjam Posted February 19, 2009 Share Posted February 19, 2009 (edited) FYI: Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in gallery_process.php. Hotfix: Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID'] and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php, search for: require('includes/application_top.php'); require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); and change to: require('includes/application_top.php'); if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); Micha Edited February 19, 2009 by paperjam Quote Link to comment Share on other sites More sharing options...
lildog Posted February 19, 2009 Share Posted February 19, 2009 Thank you for your help! I am going to add the changes in and upload a fixed version. lildog FYI: Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in gallery_process.php. Hotfix: Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID'] and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php, search for: require('includes/application_top.php'); require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); and change to: require('includes/application_top.php'); if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); Micha Quote Link to comment Share on other sites More sharing options...
nromain Posted February 20, 2009 Share Posted February 20, 2009 Thanks Micha. This a good way to restrict abusive use. Quote Nick G. Romain Link to comment Share on other sites More sharing options...
leveera Posted February 21, 2009 Share Posted February 21, 2009 (edited) Excellent contribution and thanks to authors! I actually looking for a feature what is not in current version, as I understand, but may probably be realised next. Can a registered users to see full path for their images? This will be greate to use some pictures out of OSC, like on forums, blogs where image upload is not allowed. Edited February 21, 2009 by leveera Quote Link to comment Share on other sites More sharing options...
rumi Posted February 22, 2009 Share Posted February 22, 2009 Hello Everyone. Ive installed Photo Gallery v8 and Im gettng this error in my admin area. Any Ideas? I too am using STSv4.5.8 Warning: Division by zero in /home8/twoalldo/public_html/admin/includes/functions/html_output.php on line 94 Im looking at admin/includes/functions/html_output.php. Also tryng to ad a variable for $gallery thanks Quote Link to comment Share on other sites More sharing options...
rumi Posted February 22, 2009 Share Posted February 22, 2009 I have added the js to a variable in my STS template, and put that in the header of my page, but it hasn't made any differences. Still transparent areas, and very unuseable. Here is the html output in my header for the java script: <script type="text/javascript" src="highslide/highslide.js"></script> <script type="text/javascript">hs.registerOverlay({ overlayId: 'closebutton', position: 'top right', fade: 2 // fading the semi-transparent overlay looks bad in IE }); hs.graphicsDir = 'highslide/graphics/'; //hs.padToMinWidth = true; //hs.minWidth = 400; </script> Thanks! Try adding <script type="text/javascript" src="$templatedir/highslide/highslide.js"></script> Quote Link to comment Share on other sites More sharing options...
Tomcat Posted February 22, 2009 Share Posted February 22, 2009 (edited) Hi all, Would it be possible to process images during upload? I guess there will be many problems with users trying to upload huge photos either in size or dimensions. There is an interesting class called class.upload that just does all the image processing, resizing, watermarking, etc. Does anybody know how to make it work together with photo gallery? Thank you Edited February 22, 2009 by Tomcat Quote Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
georgec Posted February 24, 2009 Share Posted February 24, 2009 ok... gallery.php infobox... this is lazy ass junk code: if($picture != '.' && $picture != '.' && $picture != '.' && $picture != '.DS_Store' && $picture != '' && $picture != ' '){ here's the right way (better way?) right on top replace $pictures = scandir($dir); with $pictures = array_diff(scandir($dir), array('.', '..', '.DS_Store')); Otherwise.. so far so good I guess.. still installing. Any idea if there ever be a voting/rating capability? Cheers, G Quote Link to comment Share on other sites More sharing options...
lildog Posted February 24, 2009 Share Posted February 24, 2009 I agree, I don't know everything about php and there were alot of changes I made to this contrib. I will try the fix and add it in. Thank you very much for your support! With out everyone helping out osc wouldn't be what it is. BTW, you will find ALOT more junk code. I made tons of changes, but got behind and had to move on. lildog ok... gallery.php infobox... this is lazy ass junk code:if($picture != '.' && $picture != '.' && $picture != '.' && $picture != '.DS_Store' && $picture != '' && $picture != ' '){ here's the right way (better way?) right on top replace $pictures = scandir($dir); with $pictures = array_diff(scandir($dir), array('.', '..', '.DS_Store')); Otherwise.. so far so good I guess.. still installing. Any idea if there ever be a voting/rating capability? Cheers, G Quote Link to comment Share on other sites More sharing options...
Groggo Posted February 26, 2009 Share Posted February 26, 2009 (edited) In admin area in the link Gallery i get Warning: Cannot modify header information - headers already sent by (output started at /var/www/xxxx.se/htdocs/admin/includes/languages/english/gallery.php:41) in /var/www/xxxx.se/htdocs/admin/includes/functions/general.php on line 186 Edited February 26, 2009 by Groggo Quote Link to comment Share on other sites More sharing options...
leveera Posted March 1, 2009 Share Posted March 1, 2009 Im beleive this 2 lines in galery.php are to get out a picture and autor copyright echo "\n".'<td align="center"><a id="autoload'.$fotos['cID'].$fotos['pID'].'" href="' . tep_href_link($dir.$file) . '" class="highslide" onclick="return hs.expand(this,{headingText: \''.$fotos['title'].'\'})">'.tep_image($dir . $file, '', 150, 150, 'hspace="5" vspace="5"').'</a><br>'.stripslashes($fotos['title']); echo '<div class="highslide-caption"><div style="text-align:center;margin-top:-2px;">'.AUTEUR.' '.$auteur['customers_firstname']." ".$auteur['customers_lastname']."</div><p>"; Is it possible to modify first echo to display URL path to a picture? May be to build one more echo line... Thanks for advice! Quote Link to comment Share on other sites More sharing options...
leveera Posted March 2, 2009 Share Posted March 2, 2009 (edited) 1. Following warnings and error page appears in admin on upload if customer is not selected Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /.../admin/gallery_upload.php on line 23 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /..../admin/gallery_upload.php on line 44 Warning: Cannot modify header information - headers already sent by (output started at /.../admin/gallery_upload.php:23) in /..../includes/functions/general.php on line 22 2. Im trying to make it UTF-8 compatable by change collate in SQL injection and converting language files in UTF-8 but still have in catalog/gallery_user.php unreadable preloaded text in Edit pop-up window 3. catalog. (gallery_process.php?edit=yes&pID=.... ) second try to edit title and description show Login page in pop-up window 4. Still not able to load image by customer, no errors but redirect to index.php I have RC1, no STS Would be greateful for help Edited March 2, 2009 by leveera Quote Link to comment Share on other sites More sharing options...
leveera Posted March 2, 2009 Share Posted March 2, 2009 Sorry to say but one more problem in catalog/gallery.php No full size pop-up picture, it just open jpg file in the same window (in catalog/gallery_user.php pop-ups work fine) Quote Link to comment Share on other sites More sharing options...
lildog Posted March 2, 2009 Share Posted March 2, 2009 Groggo, Usually this means there are extra characters(usually spaces or line feeds) after the final '?>' also check the appropriate language files for the same thing. That is almost always the answer. lildog In admin area in the link Gallery i get Warning: Cannot modify header information - headers already sent by (output started at /var/www/xxxx.se/htdocs/admin/includes/languages/english/gallery.php:41) in /var/www/xxxx.se/htdocs/admin/includes/functions/general.php on line 186 Quote Link to comment Share on other sites More sharing options...
lildog Posted March 2, 2009 Share Posted March 2, 2009 Im beleive this 2 lines in galery.php are to get out a picture and autor copyright echo "\n".'<td align="center"><a id="autoload'.$fotos['cID'].$fotos['pID'].'" href="' . tep_href_link($dir.$file) . '" class="highslide" onclick="return hs.expand(this,{headingText: \''.$fotos['title'].'\'})">'.tep_image($dir . $file, '', 150, 150, 'hspace="5" vspace="5"').'</a><br>'.stripslashes($fotos['title']); echo '<div class="highslide-caption"><div style="text-align:center;margin-top:-2px;">'.AUTEUR.' '.$auteur['customers_firstname']." ".$auteur['customers_lastname']."</div><p>"; Is it possible to modify first echo to display URL path to a picture? May be to build one more echo line... Thanks for advice! the url to the photo would be: HTTP_SERVER.$dir.$file lildog Quote Link to comment Share on other sites More sharing options...
lildog Posted March 2, 2009 Share Posted March 2, 2009 What is your url? I had the popup problem when I applied the pagination mod and had to fix it by supplying the full url to the pic. I will see if I can add a check to make sure a customer is selected to remedy #1. As far as #2 I don't know anything about converting stuff to utf-8. If you have any info I will try to help. lildog 1. Following warnings and error page appears in admin on upload if customer is not selected Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /.../admin/gallery_upload.php on line 23 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /..../admin/gallery_upload.php on line 44 Warning: Cannot modify header information - headers already sent by (output started at /.../admin/gallery_upload.php:23) in /..../includes/functions/general.php on line 22 2. Im trying to make it UTF-8 compatable by change collate in SQL injection and converting language files in UTF-8 but still have in catalog/gallery_user.php unreadable preloaded text in Edit pop-up window 3. catalog. (gallery_process.php?edit=yes&pID=.... ) second try to edit title and description show Login page in pop-up window 4. Still not able to load image by customer, no errors but redirect to index.php I have RC1, no STS Would be greateful for help Quote Link to comment Share on other sites More sharing options...
leveera Posted March 2, 2009 Share Posted March 2, 2009 What is your url? I had the popup problem when I applied the pagination mod and had to fix it by supplying the full url to the pic. I will see if I can add a check to make sure a customer is selected to remedy #1. As far as #2 I don't know anything about converting stuff to utf-8. If you have any info I will try to help.lildog Sent you message with url. The photo_gallery08 unfortunately is not multilingual compatible i.e uft-8 encoded This cause a problem like pictured good article about utf-8 can be read here - ARTICLE It is actually not a problem to convert, just couple of changes, except catalog/gallery_process.php because I cannt understand where in the file to set encoding like this <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> Quote Link to comment Share on other sites More sharing options...
lildog Posted March 3, 2009 Share Posted March 3, 2009 If I had to guess I would say you don't have to. Also, you may have done this already though, I THINK you will have to change the encoding of the sql tables also from latin1_general_ci to utf-8. lildog Sent you message with url. The photo_gallery08 unfortunately is not multilingual compatible i.e uft-8 encoded This cause a problem like pictured good article about utf-8 can be read here - ARTICLE It is actually not a problem to convert, just couple of changes, except catalog/gallery_process.php because I cannt understand where in the file to set encoding like this <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> Quote Link to comment Share on other sites More sharing options...
leveera Posted March 3, 2009 Share Posted March 3, 2009 If I had to guess I would say you don't have to. Also, you may have done this already though, I THINK you will have to change the encoding of the sql tables also from latin1_general_ci to utf-8. lildog Thank for attention and suggestion. I had to be more clear, my RC1 already is in utf-8 included sql tables as well as the photo gallery tables. Now I think what it could be a problem in hightslide code, why it cant decode utf-8 text from sql tables. Quote Link to comment Share on other sites More sharing options...
leveera Posted March 3, 2009 Share Posted March 3, 2009 Ok I fixed broken hightslide script link in catalog/gallery.php I think it is reasonable to have the same syntax of link to highslide in gallery.php and gallery_user.php now in gallery.php, line 25 and 40 hs.graphicsDir = '<?php echo HTTP_SERVER ?>/highslide/graphics/'; and it doesnt functional change path like it is in gallery_users.php hs.graphicsDir = 'highslide/graphics/'; so now both files will work fine Quote Link to comment Share on other sites More sharing options...
leveera Posted March 4, 2009 Share Posted March 4, 2009 There is another trick I cant solve Where is in CSS to edit a font size and syle for a picture title? It is visible on catalog/gallery.php under thumbnails. Whenever I change it doesnt responce :huh: Quote Link to comment Share on other sites More sharing options...
leveera Posted March 6, 2009 Share Posted March 6, 2009 There is another trick I cant solveWhere is in CSS to edit a font size and syle for a picture title? It is visible on catalog/gallery.php under thumbnails. Whenever I change it doesnt responce :huh: OK, this is because class is not set add in line 116 after echo "\n".'<td align="center" class="main" Quote Link to comment Share on other sites More sharing options...
leveera Posted March 8, 2009 Share Posted March 8, 2009 Is any way to permit upload vertical 800px (height) x 600 px images? Also have to report what first try to upload by admin/gallery_upload.php forward to admin login page, after loging upload goes normaly. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.