Gallery1:Securing - Gallery Codex
Personal tools

Gallery1:Securing

From Gallery Codex

The paths and URLs in this guide are examples. Be sure to replace them with the paths and URLs specific to your installation.

Basic Authentication

Basic HTTP Authentication allows you to add a second layer of security to your Gallery. It also prevents people being able to "hotlink" albums directly from your albums directory. The disadvantage is that basic HTTP authentication isn't compatible with Gallery authentication. This means that if you want to give user permissions with the Gallery authentication system (e.g. to add pictures) they will have to login twice. As such, this may not be the best solution for everyone, though it is the most secure.

Basic-auth.gif

Setting up basic authentication is relatively simple. It can get a little complex or annoying if you don't do certain things, however. For instance, I recommend putting your albums directory inside your main Gallery directory, as a sub-directory. This makes it easier to protect. If it's not already there, it's easy to move, just move it and rerun the configuration wizard.

Now that you have the preliminaries, edit the .htaccess file in your gallery directory. Add the following

AuthName "My Gallery"
AuthUserFile /path/to/gallery/directory/.htpasswd
AuthType Basic
require valid-user  

Now you need to create the .htpasswd file which will contain usernames and passwords. If you have shell access, use the htpasswd command, e.g. htpasswd -c /path/to/gallery/directory/.htpasswd [username] After you add one username, run the same command for the next user, without the -c flag.

If you don't have shell access, you'll have to create the .htpasswd file manually. There are some web-based pages that will help you, for instance this page. Enter the username and password, and add it to the .htpasswd file in your Gallery directory. Each username and password crypt should be on a separate line.

After you have that setup, basic authentication should work!

Note: Because you edited your .htaccess file in your Gallery directory, you will have to re-add these lines if you re-run the configuration wizard.

Additional Album Security

Because of Gallery 1.x's design, the albums directory must be in a publicly accessible directory. So, some people who want extra privacy will want to prevent spiders, search servers, and hotlinkers from stealing the images and bandwidth, but still grant regular users access (and without basic authentication described above).

To do this, we will use Apache's mod_rewrite module. Your server must have this module installed to do these steps. See the Apache documentation for more information. Additionally, if when you installed Gallery the config wizard instructed you to add lines to your httpd.conf to allow .htaccess files to work, then you should review those lines and add something similar to httpd.conf for your albums directory. Otherwise, your changes to .htaccess may not have any effect.

Basically, what we'll do is only allow Apache to serve the images to people who are coming from your site. To do this, we'll check the referrer (misspelled in the HTTP RFC as "referer"). To do this, add the following lines to a .htaccess file in your albums directory NOT YOUR GALLERY DIRECTORY (you will have to create the .htaccess file in your albums directory, unless you've added something before).

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://www.example.com/gallery.*$ [NC]
    RewriteCond %{REMOTE_HOST} ^.*\.shutterfly.com$  [NC]
    RewriteRule ^/albums/.*\.(jpg|gif|avi|png)$  -  [F]
</IfModule>  

^/albums/.*\.(jpg|gif|avi|png)$ is the pattern to your albums directory. It uses regular expressions. You can find more information about regular expressions by searching Google or buying a book. The line regarding shutterfly.com exempts addresses coming from shutterfly.com from the ban. This allows users to still be able to use ShutterFly. You may add others sites to exempt also.

Other Methods

(Thanks to Similac)

Here is a compilation of the most common and easy ways to protect your images with Gallery 1.5.x. which includes how-to disable right-clicking, disable IE6 toolbar, disable caching, and redirect printing. Before utilizing any of these scripts, be warned that this does not provide you with full image protection. There are ways to get around these scripts, and a determined user will find ways around them. It does however provide a small extra level of security of image theft.

Each of these goes into the albums.php, slideshow.php, view_photo.php, and view_album.php files, so you might want to pick out what you want ahead of time and do one paste per file.


These scripts are courtesy of dynamicdrive.com and need to be placed under the <html> tag in albums.php, slideshow.php, view_photo.php, and view_album.php. If you want your own custom message to be displayed then edit the text after var message=

Script I: Disabling right clicks on the entire page

<script language=JavaScript>
<!--

//Disable right mouse click Script
//By Maximus (maximus@nsimail.com) w/ mods by DynamicDrive
//For full source code, visit http://www.dynamicdrive.com

var message="Function Disabled!";

///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}

function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
 
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}

document.oncontextmenu=new Function("alert(message);return false")
 
// --> 
</script>

Script II: Disabling right clicks on images only

<script language="JavaScript1.2">

/*
Disable right click script II (on images)- By Dynamicdrive.com
For full source, Terms of service, and 100s DTHML scripts
Visit http://www.dynamicdrive.com
*/

var clickmessage="Right click disabled on images!"

function disableclick(e) {
if (document.all) {
if (event.button==2||event.button==3) {
if (event.srcElement.tagName=="IMG"){
alert(clickmessage);
return false;
}
}
}
else if (document.layers) {
if (e.which == 3) {
alert(clickmessage);
return false;
}
}
else if (document.getElementById){
if (e.which==3&&e.target.tagName=="IMG"){
alert(clickmessage)
return false
}
}
}

function associateimages(){
for(i=0;i<document.images.length;i++)
document.images[i].onmousedown=disableclick;
}

if (document.all)
document.onmousedown=disableclick
else if (document.getElementById)
document.onmouseup=disableclick
else if (document.layers)
associateimages()
</script>

Script III: Disabling right clicks on the entire page with now no alert pop-up

<script language=JavaScript>
<!--

//Disable right click script III- By Renigade (renigade@mediaone.net)
//For full source code, visit http://www.dynamicdrive.com

var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if 
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers) 
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

document.oncontextmenu=new Function("return false")
// --> 
</script>

Printing Redirect

This code makes it so that whenever a user tries to print a page it prints a page of your choosing instead of what they are viewing.

  • Step 1: Create the HTML page that you want to be printed.

For example I use a file named noprint.htm with the following code:

<html>
<body>
<table width="400" cellpadding="3" cellspacing="5">
  <tr>
    <td id="tableProps2" align="left" valign="middle" width="360"><h1 id="errortype"
    style="COLOR: black; FONT: 13pt/15pt verdana"><span id="errorText">Copyright Jennifer Dzumba 2006</span></h1>
    </td>
  </tr>
</table>
</body>
</html>
  • Step 2: Insert code,

This code also needs to be placed under the <html> tag in albums.php, slideshow.php, view_photo.php, and view_album.php changing the example.com address so that it points to your noprint.htm file.

<link rel="alternate" media="print" type="text/html" a href="http://www.example.com/index.html">

Disabling the IE Toolbar on images

This code disables the popup toolbar that comes up after holding your mouse over an image with allow users to save and print your images. This code also needs to be placed under the <html> tag in albums.php, slideshow.php, view_photo.php, and view_album.php.

<META HTTP-equiv="imagetoolbar" CONTENT="no">

Disabling the caching of your Gallery

Insert this code under the <html> tag in albums.php, slideshow.php, view_photo.php, and view_album.php to disable your pictures from being cached into the users temporary internet files.

<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">

Disabling the drag-and-drop off pictures off of your Gallery

Again insert this code under the <html> tag in albums.php, slideshow.php, view_photo.php, and view_album.php to disable users from dragging your pictures off of your Gallery and onto their desktop.

<body ondragstart="return false" onselectstart="return false">
advertisements