This patch adds a "media firewall" to PGV. This allows users to put some or all of their media files into the index directory (out of the web root) so the media files themselves can be protected by PGV's authentication mechanism. Without this patch we can hide the link to media files, but if someone knows (or guesses) the url they can still access it.
It works like this:
* User applies appropriate privacy settings to their media using the "Privacy settings by ID" functionality in the admin area.
* User moves the images they want to protect out of the webroot (i.e. /phpGedView/media/path/image.jpg) to the media directory in their index folder (i.e. index/media/path/image.jpg).
* When someone requests the file /phpGedView/media/path/image.jpg, a custom 404 handler is invoked that checks whether the current user is allowed to view the image. If so, it serves the file from its actual location in the index directory.
The four main changes to the site are:
* mediafirewall.php - new file that serves the media out of the index directory when a 404 error occurs
* media/.htaccess - new file that tells tells apache to load mediafirewall.php when someone requests a media file that does not exist in the webroot
* includes/controllers/media_ctrl.php - updated to read server variables to see what media file was requested when a 404 error occurs
* includes/functions_mediadb.php - add two functions (media_exists and media_filesize) that look for media files in two places on the server, first in the normal webroot and second in the protected index directory.
The rest of the changes deal with telling PGV to look for media files in both directories, generally by calling media_exists or media_filesize instead of file_exists and filesize. A lot of files are touched here, but the changes are minor.
There are two areas that I have not yet worked on:
* The generate_thumbnail() routine in functions.php should be changed so that thumbnails of protected files are created in the protected thumbnail directory.
* The addmedia.php file needs to be modified so that when a user uploads a file they get the choice of whether to put the file in the normal webroot folder or the protected folder. I don't use that feature, so I have not tried to implement the change.
The good news is that this patch could be introduced into SVN with very little impact on users. Users who keep their media files in the webroot will not be affected by these changes, and if users who move files to the index directory discover a critical bug, they can simply move the images back to the webroot directory until the bug is fixed.
This change does have one dependency - the ability to specify a custom 404 ErrorDocument when the requested file does not exist in the webroot. This should be available by default in Apache, unless their host has disabled that function for some reason. I assume that IIS has this ability, but I don't know how to set it up.
Future versions of this could also add watermarks to the protected images, along the lines of this patch:
For now I left that out as I didn't want to complicate this or add additional dependencies.
Oh - all of the files I changed are based on 4.1b6. Only two of the files have changed as of the current SVN (1254):
so it shouldn't be too hard to merge this in.
The concept and even the implementation of this are really quite simple :) I hope all this detail doesn't scare anyone away. Is there a developer willing to work on this with me and add it to the system?