[RELEASE] Image Gallery Hack v0.9

How do all..

I am going to release my image gallery hack (in action http://www.overgrow.com/edge/index.php) without the admin piece.. I am still trying to finish it up without having to re-write all the vB delete routines.. Plus some of you may want to write your own way of administering the images that get uploaded and keeping things clean..

When my admin piece is finished I will post it here as well..

Features: Not too many.. very basic..

-- Only allows gif or jpg files to be uploaded.. I'm sure you can easily modify this for other file types.. PHP really makes things easy..

-- To start a thread in the gallery you must upload an image.. (doesn't apply when replying)

-- You can set a file size limit for upload..

-- Stores information in a new vB table for use later.. (ie; admin stuff. Currently the admin piece is in progress..)

You can download the instructions here - http://www.overgrow.com/tmp/imggalhack.zip

It is a fairly simple hack with a few mods to global.php, newthread.php and newreply.php and a few new templates.. It is not automated, the download is just a text file with the modification intructions..

Please let me know if I made the instructions to confusing and what ya think..

Have Fun..
Herb

Whoa Thanks a lot for the fast reply and help!
I can't wait to install this hack!

Herb, While evaluating PHP forum software I found the AGORA open source project http://www.araxe.fr/w-agora
with some examples of the forum implemented for use with uploading image attachments. In fact two are use as photo galleries. I've listed the sites
below. Maybe these can give you some ideas.

Two being used as Q&A forums:
http://www.lymanboats.com/agora/w-ag..._qna&expnd=all
http://www.lbsna.org/lymanboard/w-ag...n_Boat_Society
One being used as a news page:
http://www.highlandsofohio.com/agora...3?bn=news_news
And a similar setup being used as a photo gallery:
http://www.lbsna.org/agora/w-agora.php3?bn=lbsna_photo

http://www.Synfibers.com
http://www.cj.synfibers.com
http://www.akulscarpets.com used as photo gallery

Herb
I installed the hack and it works fine, but the remove part gives me a Parse error! on the newthread.php file, and I checked and double checked, and I have no idea why, I thought it was an extra } but it didn't work even then, could you please help me solve this problem?
Thanks again for all your help!

scott - thanks for the links I will have to look those over..

conan - I am sorry I am not following you.. A parse error could be something as simple as a missing ;

Maybe you can post the portion of code you think is giving you a problem..

To everyone who's currently using this hack:

I suggest you temporarily remove it, as it leaves a very large security problem in your board. I couldn't find a way to contact Herb, but if he'd be so kind as to contact me (ICQ: 16435685) I'll help him develop a resolution for the problem.

Once again, the issue is quite large, and can be used to retrieve anything from your /etc/passwed to your mysql database info.

Stay tuned.

I've notified Herb via email and PM, he should respond shortly. I've shown him what you were able to do and I agree that anyone using this hack should remove it until the security hole is patched.

Well let us know what it is soon enough so we can avoid doing it in another hack.

Are we manipulating showthread to send something else instead of the intended picture?

Well, it's kinda (really kinda) equivalent to taint checking in Perl. It involves the PHP upload feature. It's easily abuseable so we're trying to avoid posting it

Herb- I'd say you've got the file types covered with
.JPG and .GIF for now but in the future other small size files allowable would be .txt, .doc, and acrobat files.

I could not ever see any video or music files as they are too large.

something else to think about is limiting max file size
and displaying the file size so a user will know what to expect as far as load time etc. No one likes surprises.

Have you considered some hashing routine to store the attachment files in folders by hashed names as function
of file name ? as the attachments begin to number in thousands that will be important.

Well my hack has an upload feature so why don't you just email me the problem please.