WebsiteBaker Community Forum
General Community => WebsiteBaker Website Showcase => Topic started by: Xagone on December 03, 2009, 01:40:32 PM
-
I dont know if it's a first, but here a Erotic website done entirely in WB.
the english version is not finish, well, the french version too... we are finishing that right now.
http://www.mea-culpa.com/
the pics are secured server side, so I'm not that effrayed that a loophole of WB will compromise the site.
i'll update you when the english version work properly
-
very nice design
-
to check and comment the other pages we need a testaccount..... :lol: :lol:
regards across the ocean!
martin
-
yea :) give us some test account :)
-
Looks like WB is growing mature: for being among the big boys it needs at least one erotic site. This is a mile stone!
Well done.
Vincent
-
Indeed a nice job did a quick check and the site looks good, nice design! I wonder how you did the login section, so what can we expect there, simple wysiwyg pages with FLV files or custom made modules with all kind of things.
-
O lá lá.
Design looks good, indeed.
-
custom made media gallery
this is what i'm working to get GPL :
Media Album
- create photo albums on the fly from a zip file
- create flash video like youtube does (need a linux server with vlc & mencoder installed)
- create pdf album (with image preview taken from the pdf)
the site is server side secured, there is a folder (/SECURED) blocked by appache and I use a php script to read all medias, this script verify your membership on WebsiteBaker so even if you take the image link and post it, it's unavailable (this is better than a member section, since media aren't protect by session based member area)
if somebody ask specifics on how to protect media from outside read in a member area, I can provide code and trics
-
cool, but you need to have SSL right ?
Could you post tips how to do it, please ? It is nice that everybody cant access media files just by typing exact url..
Specialy if you have different content for registered users only..
cheers
I.
-
Looks great!
but...is it a WB site??
hmmm
-
no ssl
just apache
"Deny from all"
check, i'll give you a link to a direct image :
http://www.mea-culpa.com/SECURED/33_jinny/56/images/10-mea-culpa.jpg
how ppl will see the image :
http://www.mea-culpa.com/imageread.php?fichier=%2FSECURED%2F33_jinny%2F56%2Fimages%2F10-mea-culpa.jpg
can you see it ? can you hack it ? :P
here the "imageread.php" code :
<?php
require("config.php");
if(isset($_SESSION['USER_ID']) && SESSION_STARTED) {
$allowedtypes = array('image/gif', 'image/png', 'image/jpeg');
$fichier = str_replace('../','',WB_PATH.'/'.urldecode($_GET['fichier']));
if(file_exists($fichier)) {
$mimetype = mime_content_type($fichier);
if(in_array($mimetype, $allowedtypes)) {
header("Content-Type: " . $mimetype);
header("Content-Length: " . filesize($fichier));
header("Cache-Control: private");
echo file_get_contents($fichier);
}
} else {
echo 'oups';
}
} else {
header('HTTP/1.0 403 forbidden', TRUE, 403);
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don\'t have permission to access '.urldecode($_GET['fichier']).'
on this server.</p>
</body></html> ');
}
?>
just for fun, i stand by my code :P
-
Hi,
The "oups" line is for registered groups right ?
And another dummy question: where to put this code :)
cheers
-
the code is for reading images in the member section.
you put it in a php file in the root of your site (the same place as your config.php)
and use it as such in your code :
<img src="/imageread.php?fichier=URLENCODED-ROOT-BASED-FILE-LINK(LIKE /SECURED/LALA/IPS.JPG)" />
it only verify if you are logged, not with what your logged at
the "oups" is for a file not found, or backtracking folder attempt (hacking calling a file outside your website folders)
here my "zipread.php" file, use like the imageread.php (with fichier=/secured...) but download the file you link it to.
so if you want only your users to download "thisdocument.doc" you link to zipread.php?fichier=/secured/thisdocument.doc
here the code (i've added some comments) :
<?php
require("config.php");
if(isset($_SESSION['USER_ID']) && SESSION_STARTED) {
# code the url
$DEC = urldecode($_GET['fichier']);
# set unalloewed file, so nobody want to read /config.php or something
$unallowed_to_read = array('php','html','htm','htaccess');
# remove any attempt to back up your folders
$fichier = str_replace('../','',WB_PATH.'/'.urldecode($_GET['fichier']));
#end(explode('.',$fichier)) = the remaining of an explosion of the filename of '.' (the extension)
if(file_exists($fichier) && (!in_array(end(explode('.',$fichier)),$unallowed_to_read))) {
header("Content-Type: " . mime_content_type($fichier));
header("Content-Length: " . filesize($fichier));
header("Content-Transfer-Encoding: binary");
header("Cache-Control: private");
header('Content-Disposition: attachment; filename="'.end(explode('/',$DEC)).'"');
echo file_get_contents($fichier);
} else {
# in case of absent file or attempt at hacking
echo 'oups';
}
} else {
# not logged ? forbidden!
header('HTTP/1.0 403 forbidden', TRUE, 403);
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don\'t have permission to access '.urldecode($_GET['fichier']).'
on this server.</p>
</body></html> ');
}
?>
-
Very nice.. eh... website! :wink:
-
Hi,
Could you please repost this SECURED solution to another - new post, so it would be easier for search.
I also suggest to post this to WB help pages..
cheers
-
i'll do, when the website is finished, we just did the english version
-
Hmm .. there are problems with IE8.. clicking on the 1(prelude) - 2.. - 3.. buttons doesnt have any effect.
Open with right click and choose "open link" does.
I have win7 & IE8 for a few days only - its still "factory default"..
-
Thanks, you are the first one to telll us that.
it seams WB made <ìnput type="image" /> insted of an <img tag...
-
Thanks, I signed up!
-
I was curious and I was strugling with the code for few days untill I figured it out.
It seems that mime_content_type is deprecated in php 5++
So dont forget to include following code after require(config.php); line..
if(!function_exists('mime_content_type')) {
function mime_content_type($filename) {
$mime_types = array(
'txt' => 'text/plain',
'htm' => 'text/html',
'html' => 'text/html',
'php' => 'text/html',
'css' => 'text/css',
'js' => 'application/javascript',
'json' => 'application/json',
'xml' => 'application/xml',
'swf' => 'application/x-shockwave-flash',
'flv' => 'video/x-flv',
// images
'png' => 'image/png',
'jpe' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'gif' => 'image/gif',
'bmp' => 'image/bmp',
'ico' => 'image/vnd.microsoft.icon',
'tiff' => 'image/tiff',
'tif' => 'image/tiff',
'svg' => 'image/svg+xml',
'svgz' => 'image/svg+xml',
// archives
'zip' => 'application/zip',
'rar' => 'application/x-rar-compressed',
'exe' => 'application/x-msdownload',
'msi' => 'application/x-msdownload',
'cab' => 'application/vnd.ms-cab-compressed',
// audio/video
'mp3' => 'audio/mpeg',
'qt' => 'video/quicktime',
'mov' => 'video/quicktime',
// adobe
'pdf' => 'application/pdf',
'psd' => 'image/vnd.adobe.photoshop',
'ai' => 'application/postscript',
'eps' => 'application/postscript',
'ps' => 'application/postscript',
// ms office
'doc' => 'application/msword',
'rtf' => 'application/rtf',
'xls' => 'application/vnd.ms-excel',
'ppt' => 'application/vnd.ms-powerpoint',
// open office
'odt' => 'application/vnd.oasis.opendocument.text',
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
);
$ext = strtolower(array_pop(explode('.',$filename)));
if (array_key_exists($ext, $mime_types)) {
return $mime_types[$ext];
}
elseif (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME);
$mimetype = finfo_file($finfo, $filename);
finfo_close($finfo);
return $mimetype;
}
else {
return 'application/octet-stream';
}
}
}
cheers