Home General support

Security (.htacces) issue

MajorGlory Member
in General support
Goodevening All,

First of all, English is not my native language so I hope I can get my point across. Second: This question might have been asked here before, in that case I do apologize, but I haven't found it. Here is my issue:

I have a NAS at home (Synology DS211J) with a good photoalbum (like Zen, but way more basic). When I secure a folder in this album with a password, it is secure. No matter what URL I type in my browser, it will always redirect to a login screen. Even if I type the full path to the image in the browser. However: Using the NAS I am always limited by the upload of my internet provider (in my case 5 Mbps). This is to slow occasionaly.

So: I bought my self a proper domain and installed Zen (version: 1.4.2.3) and installed the zpGallerific Theme (with some visual adaptations of my own). Now this theme (as does the default theme) has an option to secure a folder/album. I have done this with the images of my 1-year old son.

It seems to work fine! However! Typing the full image path in the browser i.e: www.mydomain.com/zenfolder/albums/kidname/picture.jpg will reveal the image! without any checks.

So, I added a .htacces file to that specific folder. Result: Everything works fine, except colorbox or other means of fullscreen viewing. Colorbox will say 'image could not be loaded'.

So: Please ZenPhoto experts: How to completely secure an album, whilst keeping ZenPhoto fully functional.

I really hope you know how to do this.

Thanx in advance, and if I dont answer the next couple of days, I'm on vacation, but hope to get this sorted tonight.

Regards,

MG

EDIT (11-5-2012 21:09)

I have some PHP knowledge and have tried working with an alternative full-image.php including iframe's etc. but then I still have to remove the htaccess and right clicking an image will reveal full path, so I stopped that.

Comments

  • MajorGlory Member
    SOLVED: Hotlinking trick (never knew that could be done that way!) fixed my issue!
  • sbillard Member
    Understand that any link directly to the albums folders will fail when you apply that .htaccess restriction. (Which is of course what you want.) So if your theme wishes to display images in a colorbox (or any where else) it cannot use the unprotected image link as that links directly to the album folders. You can set full image protection, then image access goes through Zenphoto. But you will probably also have to tell colorbox it is dealing with a "photo" because the full image links will not have a normal "image" suffix.

    The easiest thing to do, though, is to change the displays to a custom sized image. Then the image will be cached and after the caching is done, colorbox will recognize it as a photo from its suffix.
Sign In or Register to comment.