Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution

Pretty much you use this when you want to keep the SSL certificete working on pages that people may use [IMG] tag's without https://.

When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.

Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.



NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!



Upload the files into your root directory, and that's it.

Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:

Code:

$link_parsed = parse_url($link);
if ($link_parsed['host'] != '[LINK_TO_YOUR_WEBSITE]')
{
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}

Plugin is active: Yes


edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: www.dragonbyte-tech.com or www.internot.info etc. etc.

Then you are done.

It should be secure as the actual directory for the images is not available.(deny from all in htaccess)


I would also suggest adding this to robots.txt

Code:

User-agent: *
Disallow: /cache.php

Also I suggest you add something like this to .htaccess:

Code:

<FilesMatch "cache\.php$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>

======
I only give support to people who have pressed 'installed' this.
======


Source&stuff can be found here: https://github.com/MegaManSec/IMG

For vB3.8 solution, go here: https://vborg.vbsupport.ru/showthrea...75#post2411575 (Thanks to Kh99)

[RichieBoy67]

Quote:

Originally Posted by Kane@airrifle

Sorted out the url problem. (SQL search and replace).

But, found a new issue. Whenever a poster edits a post in WYSIWYG mode all the image urls are saved with the cacher paths rather than the original image urls.

?

Is this addressed?

[Kane@airrifle]

Quote:

Originally Posted by RichieBoy67

Is this addressed?

Did not work out for me so I went with this instead: https://vborg.vbsupport.ru/showthread.php?t=253309

[tuRiver]

Hi, any ideas?
Facebook images are not working

https://www.turiver.com/foros/cache....Boe%3D58E2D4A8

[tuRiver]

I've made a little change, to avoid caching SSLs images.
----
$link_parsed = parse_url($link);
if ($link_parsed['scheme'] != 'https')
{
$link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="' . $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}
----

[kylek]

Quote:

Originally Posted by hakkuo23

Here is a version that just displays the image, and doesn't save it, to save server space

PHP Code:

<?phpfunction curlHeaderCallback($query, $header){    global $mime;    if(stripos($header, "content-type")!==false){        header(trim($header));    }    return strlen($header); }$image = $_GET['img'];$query = curl_init($image);curl_setopt($query, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9");curl_setopt($query, CURLOPT_CONNECTTIMEOUT ,0);curl_setopt($query, CURLOPT_TIMEOUT, 10);curl_setopt($query, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback'); curl_setopt($query, CURLOPT_RETURNTRANSFER, 1);$ret = curl_exec($query);echo $ret;

Really need this, can you tell us what to do with this?

[Stratis]

Uninstalled, it has effect in domain upload center... [IMG] images with the forum domain. It would be nice if it had an option of whitelist.

Any way thanks

[DSemen]

Quote:

Originally Posted by hakkuo23

Here is a version that just displays the image, and doesn't save it, to save server space

PHP Code:

<?php

function curlHeaderCallback($query, $header){
    global $mime;
    if(stripos($header, "content-type")!==false){
        header(trim($header));
    }
    return strlen($header); 
}

$image = $_GET['img'];

$query = curl_init($image);
curl_setopt($query, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9");
curl_setopt($query, CURLOPT_CONNECTTIMEOUT ,0);
curl_setopt($query, CURLOPT_TIMEOUT, 10);
curl_setopt($query, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback'); 
curl_setopt($query, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($query);
echo $ret;

Please tell me how to install it correctly.

[adnedarn]

For the "[LINK_TO_YOUR_WEBSITE]" part, does it matter if I put www.terraforums.com or www.terraforums.com/forums ? I didn't do the suggested edits to .htaccess or .robots yet since my testing is showing that images are being removed (which shows the page secured) but not replaced by images saved to my server.
Thanks,
Andrew

[Dave]

Quote:

Originally Posted by adnedarn

For the "[LINK_TO_YOUR_WEBSITE]" part, does it matter if I put www.terraforums.com or www.terraforums.com/forums ? I didn't do the suggested edits to .htaccess or .robots yet since my testing is showing that images are being removed (which shows the page secured) but not replaced by images saved to my server.
Thanks,
Andrew

It would be www.terraforums.com.

[adnedarn]

Thanks Dave! Any idea why I'm just getting all the images removed? The page is secure after, but no images so that doesn't help much.