Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

photo gallery for oscommerce


Recommended Posts

for those of you having the login redirect problem try to change the form constructor for uploading images located in gallery_user.php from:

 

<form enctype="multipart/form-data" action="gallery_user.php" method="POST">

 

to:

<?php echo tep_draw_form('fotouploaden', 'gallery_user.php?osCsid=' . $osCsid  ,'post', 'enctype="multipart/form-data"');?>

Outside links in signatures are not allowed!

Link to comment
Share on other sites

  • Replies 320
  • Created
  • Last Reply

Top Posters In This Topic

Some unscrupulous genius keep posting spam and ads in the Comments of my customer's photos...

I constantly have to delete the comments in Admin.

 

How can I prevent bad users from adding their stupid ads to my customer's photos?

 

Would appreciate any ideas.

 

My Gallery page is: http://northamericantuning.com/catalog/gallery.php

Edited by nromain

Nick G. Romain

Link to comment
Share on other sites

FYI:

 

Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in

gallery_process.php.

 

Hotfix:

 

Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID']

and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php,

search for:

 

require('includes/application_top.php');

require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');

 

and change to:

 

require('includes/application_top.php');

if (!tep_session_is_registered('customer_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

}

require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');

 

Micha

Edited by paperjam
Link to comment
Share on other sites

Thank you for your help! I am going to add the changes in and upload a fixed version.

 

lildog

 

 

FYI:

 

Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in

gallery_process.php.

 

Hotfix:

 

Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID']

and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php,

search for:

 

require('includes/application_top.php');

require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');

 

and change to:

 

require('includes/application_top.php');

if (!tep_session_is_registered('customer_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

}

require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');

 

Micha

Link to comment
Share on other sites

Excellent contribution and thanks to authors!

 

I actually looking for a feature what is not in current version, as I understand, but may probably be realised next.

Can a registered users to see full path for their images? This will be greate to use some pictures out of OSC, like on forums, blogs where image upload is not allowed.

Edited by leveera
Link to comment
Share on other sites

Hello Everyone. Ive installed Photo Gallery v8 and Im gettng this error in my admin area. Any Ideas? I too am using STSv4.5.8

 

 

Warning: Division by zero in /home8/twoalldo/public_html/admin/includes/functions/html_output.php on line 94

 

Im looking at admin/includes/functions/html_output.php. Also tryng to ad a variable for $gallery

thanks

Link to comment
Share on other sites

I have added the js to a variable in my STS template, and put that in the header of my page, but it hasn't made any differences. Still transparent areas, and very unuseable. Here is the html output in my header for the java script:

<script type="text/javascript" src="highslide/highslide.js"></script>
<script type="text/javascript">hs.registerOverlay({
	overlayId: 'closebutton',
	position: 'top right',
	fade: 2 // fading the semi-transparent overlay looks bad in IE
	});

	hs.graphicsDir = 'highslide/graphics/';
	//hs.padToMinWidth = true;
	//hs.minWidth = 400;
	</script>

Thanks!

Try adding

<script type="text/javascript" src="$templatedir/highslide/highslide.js"></script>
Link to comment
Share on other sites

Hi all,

 

Would it be possible to process images during upload?

I guess there will be many problems with users trying to upload huge photos either in size or dimensions.

 

There is an interesting class called class.upload that just does all the image processing, resizing, watermarking, etc.

Does anybody know how to make it work together with photo gallery?

 

Thank you

Edited by Tomcat

Outside links in signatures are not allowed!

Link to comment
Share on other sites

ok... gallery.php infobox... this is lazy ass junk code:

if($picture != '.' && $picture != '.' && $picture != '.' && $picture != '.DS_Store' && $picture != '' && $picture != ' '){

 

here's the right way (better way?) right on top replace

$pictures = scandir($dir);

 

with

 

$pictures = array_diff(scandir($dir), array('.', '..', '.DS_Store'));

 

 

Otherwise.. so far so good I guess.. still installing.

Any idea if there ever be a voting/rating capability?

 

Cheers,

G

Link to comment
Share on other sites

I agree, I don't know everything about php and there were alot of changes I made to this contrib. I will try the fix and add it in. Thank you very much for your support! With out everyone helping out osc wouldn't be what it is.

 

BTW, you will find ALOT more junk code. I made tons of changes, but got behind and had to move on.

 

lildog

 

 

ok... gallery.php infobox... this is lazy ass junk code:

if($picture != '.' && $picture != '.' && $picture != '.' && $picture != '.DS_Store' && $picture != '' && $picture != ' '){

 

here's the right way (better way?) right on top replace

$pictures = scandir($dir);

 

with

 

$pictures = array_diff(scandir($dir), array('.', '..', '.DS_Store'));

 

 

Otherwise.. so far so good I guess.. still installing.

Any idea if there ever be a voting/rating capability?

 

Cheers,

G

Link to comment
Share on other sites

In admin area in the link Gallery i get

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/xxxx.se/htdocs/admin/includes/languages/english/gallery.php:41) in /var/www/xxxx.se/htdocs/admin/includes/functions/general.php on line 186

Edited by Groggo
Link to comment
Share on other sites

Im beleive this 2 lines in galery.php are to get out a picture and autor copyright

echo "\n".'<td align="center"><a id="autoload'.$fotos['cID'].$fotos['pID'].'" href="' . tep_href_link($dir.$file) . '" class="highslide" onclick="return hs.expand(this,{headingText: \''.$fotos['title'].'\'})">'.tep_image($dir . $file, '', 150, 150, 'hspace="5" vspace="5"').'</a><br>'.stripslashes($fotos['title']);									 
echo '<div class="highslide-caption"><div style="text-align:center;margin-top:-2px;">'.AUTEUR.' '.$auteur['customers_firstname']." ".$auteur['customers_lastname']."</div><p>";

Is it possible to modify first echo to display URL path to a picture? May be to build one more echo line...

 

Thanks for advice!

Link to comment
Share on other sites

1. Following warnings and error page appears in admin on upload if customer is not selected

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /.../admin/gallery_upload.php on line 23
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /..../admin/gallery_upload.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /.../admin/gallery_upload.php:23) in /..../includes/functions/general.php on line 22

 

2. Im trying to make it UTF-8 compatable by change collate in SQL injection and converting language files in UTF-8 but still have

in catalog/gallery_user.php unreadable preloaded text in Edit pop-up window

 

3. catalog. (gallery_process.php?edit=yes&pID=.... )

second try to edit title and description show Login page in pop-up window

 

4. Still not able to load image by customer, no errors but redirect to index.php

 

I have RC1, no STS

 

Would be greateful for help

Edited by leveera
Link to comment
Share on other sites

Groggo,

Usually this means there are extra characters(usually spaces or line feeds) after the final '?>' also check the appropriate language files for the same thing. That is almost always the answer.

 

lildog

 

 

In admin area in the link Gallery i get

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/xxxx.se/htdocs/admin/includes/languages/english/gallery.php:41) in /var/www/xxxx.se/htdocs/admin/includes/functions/general.php on line 186

Link to comment
Share on other sites

Im beleive this 2 lines in galery.php are to get out a picture and autor copyright

echo "\n".'<td align="center"><a id="autoload'.$fotos['cID'].$fotos['pID'].'" href="' . tep_href_link($dir.$file) . '" class="highslide" onclick="return hs.expand(this,{headingText: \''.$fotos['title'].'\'})">'.tep_image($dir . $file, '', 150, 150, 'hspace="5" vspace="5"').'</a><br>'.stripslashes($fotos['title']);									 
echo '<div class="highslide-caption"><div style="text-align:center;margin-top:-2px;">'.AUTEUR.' '.$auteur['customers_firstname']." ".$auteur['customers_lastname']."</div><p>";

Is it possible to modify first echo to display URL path to a picture? May be to build one more echo line...

 

Thanks for advice!

 

the url to the photo would be: HTTP_SERVER.$dir.$file

 

 

lildog

Link to comment
Share on other sites

What is your url? I had the popup problem when I applied the pagination mod and had to fix it by supplying the full url to the pic. I will see if I can add a check to make sure a customer is selected to remedy #1. As far as #2 I don't know anything about converting stuff to utf-8. If you have any info I will try to help.

 

lildog

 

 

1. Following warnings and error page appears in admin on upload if customer is not selected

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /.../admin/gallery_upload.php on line 23
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /..../admin/gallery_upload.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /.../admin/gallery_upload.php:23) in /..../includes/functions/general.php on line 22

 

2. Im trying to make it UTF-8 compatable by change collate in SQL injection and converting language files in UTF-8 but still have

in catalog/gallery_user.php unreadable preloaded text in Edit pop-up window

 

3. catalog. (gallery_process.php?edit=yes&pID=.... )

second try to edit title and description show Login page in pop-up window

 

4. Still not able to load image by customer, no errors but redirect to index.php

 

I have RC1, no STS

 

Would be greateful for help

Link to comment
Share on other sites

What is your url? I had the popup problem when I applied the pagination mod and had to fix it by supplying the full url to the pic. I will see if I can add a check to make sure a customer is selected to remedy #1. As far as #2 I don't know anything about converting stuff to utf-8. If you have any info I will try to help.

lildog

Sent you message with url.

 

The photo_gallery08 unfortunately is not multilingual compatible i.e uft-8 encoded

This cause a problem like pictured

gallery1.jpg

good article about utf-8 can be read here -

ARTICLE

 

It is actually not a problem to convert, just couple of changes, except catalog/gallery_process.php because I cannt understand where in the file to set encoding like this

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

Link to comment
Share on other sites

If I had to guess I would say you don't have to. Also, you may have done this already though, I THINK you will have to change the encoding of the sql tables also from latin1_general_ci to utf-8.

 

lildog

 

Sent you message with url.

 

The photo_gallery08 unfortunately is not multilingual compatible i.e uft-8 encoded

This cause a problem like pictured

gallery1.jpg

good article about utf-8 can be read here -

ARTICLE

 

It is actually not a problem to convert, just couple of changes, except catalog/gallery_process.php because I cannt understand where in the file to set encoding like this

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

Link to comment
Share on other sites

If I had to guess I would say you don't have to. Also, you may have done this already though, I THINK you will have to change the encoding of the sql tables also from latin1_general_ci to utf-8.

 

lildog

 

Thank for attention and suggestion. I had to be more clear, my RC1 already is in utf-8 included sql tables as well as the photo gallery tables. Now I think what it could be a problem in hightslide code, why it cant decode utf-8 text from sql tables.

Link to comment
Share on other sites

Ok I fixed broken hightslide script link in catalog/gallery.php

 

I think it is reasonable to have the same syntax of link to highslide in gallery.php and gallery_user.php

 

now in gallery.php, line 25 and 40

hs.graphicsDir = '<?php echo HTTP_SERVER ?>/highslide/graphics/';

 

and it doesnt functional

 

change path like it is in gallery_users.php

hs.graphicsDir = 'highslide/graphics/';

 

so now both files will work fine

Link to comment
Share on other sites

There is another trick I cant solve

Where is in CSS to edit a font size and syle for a picture title? It is visible on catalog/gallery.php under thumbnails.

Whenever I change it doesnt responce :huh:

 

OK, this is because class is not set

add in line 116 after

echo "\n".'<td align="center"

class="main"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...