[pmwiki-users] Please challenge me: Script idea

Mike mike at widowitz.com
Thu Oct 5 05:31:57 CDT 2006


Hello all,

I am in the process of writing a recipe, have encountered a difficulty,
am thinking about a solution, and would be very grateful if you could
challenge my thinking so that I avoid futile work just to discover that
it doesn't work.

I wrote a recipe for - yet another - picture gallery. Focus is on utmost
ease of use for the creator of new galleries. It works like this:
* Put all images into a directory on the server, e.g. /pictures/party
* On the page which should display the thumbnails, place the directive
along with the path, like (:showgallery /pictures/party:)
* The script will display all images in the folder as thumbnails, and -
if it's called for the first time - create wiki pages in wiki.d
according to a predefined template. When the user clicks an image, he
will be directed to the new wiki page, with all possibilities for
commenting, editing, etc.

All of the above already works and is quite useful IMO.

However, it gets problematic as soon as we talk about private, i.e.
password protected galleries. Simple reason: the script creates HTML
image tags and therefore requires the images to be in a publicly
accessible folder. Any user who knows or can guess an image name/path
can view the images, even if the gallery itself is password-protected
from within the wiki.


====

So I need a solution for this, and I've thought of three alternatives:

1) Store the images as pmwiki attachments, and then use the PmWiki
mechanisms (e.g. EnableDirectDownload=0 etc.) to process the images. Two
main drawbacks:
 - it gets more difficult to upload the pictures as one has to put them
into the correct PmWiki Uploads directory, and the pictures will get
mixed up with other attachments
 - this would probably require that uploads get stored by group, and all
images in a gallery belong to one, newly created group. I.e., one group
per gallery required - I wanted to avoid that

2) Protect the pictures directory with a .htaccess file, and then find a
way to make sure that the image remains readable as long as it's called
from the PmWiki script, e.g. by providing username/password as part of
the URL. If that is possible at all, but I think there might be a way in
the form <img src="user:pass at http://domain.com/pictures/party/*.jpg" />
Disadvantages:
 - username and password for the directory are part of the image link -
possible security issues
 - clumsy to deal with - have to administer both Apache directory
passwords and PmWiki group/page passwords

3) Write a new PmWiki action like ?action=showpic that will be used in
the <img> tag to display the pictures, much similar to ?action=download,
but with slight differences:
 - it gets passed another parameter like &picture_id=2
 - it reads the path of the picture which should be displayed from a
two-dimensional array $picture_paths[][] which needs to be defined like that
$picture_paths["group1/wikipage1"]["1"] = "/pictures/party/img456.jpg";
$picture_paths["group1/wikipage1"]["2"] = "/pictures/party/img567.jpg";
$picture_paths["group1/wikipage2"]["1"] = "/pictures/party/img267.jpg";
etc.

This means, that pmwiki.php will display e.g. the img567.jpg if, and
only if it's called
* from PmWiki page group1/wikipage1
* with the picture_id 2

One would have to find a way to cleverly define the picture_paths array,
e.g. via a separate file that get created/modified when the thumbnails
are being shown for the first time - that can be solved.

====





As you can see, I prefer idea 3, because I believe that if it works,
it's the best solution. Yet it's a bit complicated/complex, which means
that I might not be able to implement it, and it might have problems I'm
not yet aware of.

So, I'd be very very grateful for any feedback or confirmation that my
way is the right way to go, or even better, an easier solution!

Thank you,

Mike









More information about the pmwiki-users mailing list