phpthumb, I think, is the "defacto standard" for any PHP application. It is reliable, easy to used, and flexible.
I have used it in a small script that gets invoked automatically if a thumbnail does not exist, in order to create one (and cache it) on-the-fly.
A directory can be set up through htaccess so that if you try to access MyFile-icon-small.gif and it does not exist, then phpthumb can be invoked to look for MyFile.gif and then create a thumbnail from it and write it to MyFile-icon-small.gif. That will only get called up once, since the second time the "icon-small" file is accessed, it already exists. What size "icon-small" represents is up to your application.
This release fixes a number of issues with Internet Explorer, which I could not get to work at all in previous versions (the "Attach a file" link being unresponsive to mouse clicks, for a start).
Another problem with using the original images for the thumbnails, is that it means direct HTTP access must be given to those images.
At the moment, downloading an image - or any file for that matter - goes through the FileUpload module and so it is possible to check whether a user has permissions to download the file. If the user has view privileges on a category in which the file is attached to a post, then the user is permitted to download the file; if not, the the user is not permitted to download the file (I would consider files attached to a post to be a part of that post, so should only be accessible through that post, taking into account the access rights a user has to that post). At least, I hope it works this way.
The site owner should be able to block all direct access to uploads/FileUpload/ to prevent people scanning those folders (using numeric filenames) to see what has been uploaded there. If that is done, the thumbnails from the source images cannot be accessed.
-- Jason
Edit: but with a little trickery, perhaps attempting to access images directly in uploads/FileUpload/ could actually just return the thumbnail by default? A bit of mod_rewrite and phpthumb would do it. It does not hide them completely from unprivileged prying eyes, but it's better than allowing free access to the World to download the original uploaded documents and files.
I'm working on this plugin today and have already implemented most of what you say. I was trying to figure out how to block access to uploads/FileUpload/ but I guess I *can* just leave that up to the site administrator.
Cool. I agree, leave it up to the administrator to block the folder, but it may be worth throwing in a htaccess just for completeness, along with a note in the readme for people using other platforms and to tell people where to copy the htaccess to.
There is no insert image button when you go to edit a post...?
The other nitpick is when you insert an image into the post the attached images thumbnails still appear - makes post look a little messy for an image heavy/art site.
Hi Tim, Unfortunately I can't find a way to make FileUplaod work on my website. When I activate the plugin and go to the Manage Plugins page, then click on Settings, a page appears that says:
"Permission Problem You do not have permission to access the requested resource."
Any idea on how to fix this? I am sure it has to do with my server; I have both WordPress and Vanilla installed on it, with two different mySQL databases. Well, any suggestion would be great!
I have a problem regarding the upload plugin - when i try to activate it on my dashboard (freshly installed Vanilla, Version 2.0.17.6), I only get an error message:
The addon could not be enabled because it generated a fatal error: Fatal error Class 'MediaModel' not found in myhbasedirectory/vanilla.mydomain.xx/plugins/FileUpload/class.fileupload.plugin.php on line 34
Since the plugin requires Vanilla 2.0.9 - do i have to downgrade my vanilla? Or am i doing anything wrong?
I have installed the plugin but It doesnt seem to be uploading files. I have checked the uploads folder and dont see a FileUpload directory. Permissions on uploads appear to be correct. Any help appreciated.
Comments
I have used it in a small script that gets invoked automatically if a thumbnail does not exist, in order to create one (and cache it) on-the-fly.
A directory can be set up through htaccess so that if you try to access MyFile-icon-small.gif and it does not exist, then phpthumb can be invoked to look for MyFile.gif and then create a thumbnail from it and write it to MyFile-icon-small.gif. That will only get called up once, since the second time the "icon-small" file is accessed, it already exists. What size "icon-small" represents is up to your application.
Thank you :-)
At the moment, downloading an image - or any file for that matter - goes through the FileUpload module and so it is possible to check whether a user has permissions to download the file. If the user has view privileges on a category in which the file is attached to a post, then the user is permitted to download the file; if not, the the user is not permitted to download the file (I would consider files attached to a post to be a part of that post, so should only be accessible through that post, taking into account the access rights a user has to that post). At least, I hope it works this way.
The site owner should be able to block all direct access to uploads/FileUpload/ to prevent people scanning those folders (using numeric filenames) to see what has been uploaded there. If that is done, the thumbnails from the source images cannot be accessed.
-- Jason
Edit: but with a little trickery, perhaps attempting to access images directly in uploads/FileUpload/ could actually just return the thumbnail by default? A bit of mod_rewrite and phpthumb would do it. It does not hide them completely from unprivileged prying eyes, but it's better than allowing free access to the World to download the original uploaded documents and files.
Vanilla Forums COO [GitHub, Twitter, About.me]
Vanilla Forums COO [GitHub, Twitter, About.me]
DenyFromAll
Vanilla Forums COO [GitHub, Twitter, About.me]
There is no insert image button when you go to edit a post...?
The other nitpick is when you insert an image into the post the attached images thumbnails still appear - makes post look a little messy for an image heavy/art site.
Cheers.
Unfortunately I can't find a way to make FileUplaod work on my website. When I activate the plugin and go to the Manage Plugins page, then click on Settings, a page appears that says:
"Permission Problem
You do not have permission to access the requested resource."
Any idea on how to fix this? I am sure it has to do with my server; I have both WordPress and Vanilla installed on it, with two different mySQL databases.
Well, any suggestion would be great!
The addon could not be enabled because it generated a fatal error:
Fatal error
Class 'MediaModel' not found in myhbasedirectory/vanilla.mydomain.xx/plugins/FileUpload/class.fileupload.plugin.php on line 34
Since the plugin requires Vanilla 2.0.9 - do i have to downgrade my vanilla? Or am i doing anything wrong?
Thanks in advance
Jan