OS/2 e-Zine - The Best OS/2 Reading Anywhere!

October 16, 2003

PhotoCGI

In the last year or so my family has gotten increasingly interested in digital photography. Unlike prints, digital photos are great for keeping family far away up on recent events. The problem is delivering them so that they are easy to browse, yet allow for them to download decent sized images to their own computers for printing or to use as desktop backgrounds.

I have run an OS/2 Apache server for a number of years, and have some programming background, so I decided to see if I could put together a simple application that would allow people to quickly and easily browse family photos, and make it easy enough for me to put them up that I would actually keep up to date. The result of that was a program I call PhotoCGI (http://www.aurora-systems.com/cgi-bin/photocgi.exe?control=/aurora/photocgi/photos.ini&base=0&length=5&selected=0) (go take a look.)

Photo Viewer CGI Program

The PhotoCGI program provides a pageable image viewer with thumbnails, preview images, and up to 9 different sized image downloads as well as image descriptions. You can have as many Photo Viewer galleries as you like, just create a separate control file for each one.

This program is at this point functional, but not particularly debugged or robust. It may work funny, cause unexpected results, or do other wierd things (I know the picture numbering at the bottom is a little funny, but I'm living with it.) Fix it if you like, but please let me know.

Partial source code for the program is supplied. I used a CGI parameter library from the book "HTML 3.2 Plus" (full reference below) and some cross-platform source code from some commercial projects that I am not able to provide. It should be fairly straightforward to use the provided base to port the program to any environment.

Installation

To install Photo Viewer, copy the photocgi.exe program to your web server's /cgi-bin folder. In the case of Apache, you may need to make some changes to httpd.conf to enable CGI programs. Place the example files in a folder accessible by your web server, and construct a URL in your web browser to call photocgi.exe using the sample files. You will need to add some photos to the control file before you can start, as none are included.

Security

This program defines "quick and dirty" so there is a good chance there are security problems with it. I have endeavoured to make this not the case by doing bounds checking on parameters and assigning reasonable default values where appropriate, however you have been warned.

I protect my Photo Viewer pages from unauthorized viewers using Apache's password mechanism. Hackers can access photocgi.exe, but they can't get it to show you the password protected directories of photos.

One sure way to use this program to defeat the security of a web server is to allow users to upload files to anywhere on the server. If a user can upload a control file anywhere, PhotoCGI can reach it and be used to provide whatever files that nefarious person wants to download.

If you can find any other security holes in the program, please let me know.

Setting up your Photos

Your photos should be in a web-friendly format, most cameras provide JPG's which are fine. I use a Windows program called IrfanView (http://www.irfanview.com/) to make the different sized images I provide and the thumbnails because it will easily convert and resize an entire directory of photos in one go. By making separate directories for my thumbnails and each size of photo, it becomes very easy to convert all your photos in one go, and updating the control file can be done by using cut/paste on a standard format line and then pasting the file name into the right spot as many times as you need to since you can use the same file name for the different sizes stored in the directories.

Control File Format

The control file provides all the information the Photo Viewer CGI program needs to provide photo viewing. It has a very specific and unforgiving format. Blank lines are NOT allowed. If you are having problems, check for spurious spaces in the file as the parsing of the control file is not particularly robust. There is a sample control .INI file in the download ZIP.

The first line of the control file is the name of the control file as used in any URL's which access it. This is a cheap security measure to ensure that PhotoCGI is being told to access a valid control file. Note that this is a UNIX format filename with / path separators. The filename must be identical to what is provided in the URL for PhotoCGI to process it.

The second line of the control file is the maximum number of photos to support. The larger the number, the more memory the program needs to run. If you have more lines of photos than this number, you will get an error rendering the HTML page.

The third line of the control file is the name of the template HTML file to render the photo viewer onto. In the samples, this is main.html. Note that this is an OS/2 format filename with \ path separators.

The fourth line of the control file is the name of the HTML file to render error messages onto. In the samples, this is error.html. Note that this is an OS/2 format filename with \ path separators.

The fifth line of the control file is the name of the text log file where all requests are logged. This should generally be a file somewhere outside of where the web server can deliver, but this is up to you. Note that this is an OS/2 format filename with \ path separators.

Each subsequent line of the control file represents one photograph. The line must contain the ThumbFilename (mine are 100 pixels wide), PreviewFilename (I use 640x480 images so that the preview and thumbnails will fit on a 800x600 web browser window), # of downloadable different sized pictures (may be 0-9). All other fields are optional. Fields are space separated, and may be surrounded in "quotations" so that you can enter descriptions and file names containing spaces.

ThumbFilename PreviewFilename "# of sizes for download" downloadsize0 downloadfile0 downloadsize1 downloadfile1 ... downloadsizen downloadfilen "Text Description"

For example, say we create a control file called jim.ini:

150
\photos\main.html
\photos\error.html
\photos\log.txt
/jim/photo0thumb.jpg /jim/photo0preview.jpg 0 "Me."
/jim/photo1thumb.jpg /jim/photo1preview.jpg 2 (800x600) /jim/photo1-800.jpg (1024x768) /jim/photo1-1024.jpg "My week at the seashore taken at f16 1/1000s exposure."
/jim/photo2thumb.jpg /jim/photo2preview.jpg 1 (800x600) /jim/photo2-800.jpg "A shot of my foot (oops)."
/jim/photo3thumb.jpg /jim/photo3preview.jpg 2 (800x600) /jim/photo3-800.jpg (1024x768) /jim/photo3-1024.jpg "My week at the seashore taken at f2 15s exposure."

This will create a database of 4 photos, numbered 0 to 3. The first has just the thumbnail and preview. The second offers additional 800x600 and 1024x768 photos for download. The third has only an 800x600 download and the last has both again. Paths are absolute, so don't forget the folder, this will be /jim/ in this example. The program will support up to 150 photos, will use main.html as its template page and error.html as the error message page. Each access will be logged in log.txt.

Customizing the Appearance of the Photo Viewer

The general appearance of the photo viewer is controlled by main.html (or any other html file specified by the control file.) Strings which will be replaced by the photocgi.exe program are surrounded by {curly} braces and are described under CGI Replacement Strings below. You can use any HTML editor to change this file to look the way you want.

In the event of an error, the file error.html is used instead and an error message placed in it.

CGI URL Parameters

The photocgi.exe CGI program has a number of parameters, these will appear in the URL used to call the program and specify the control file to use, and which photos to display.

control= - name of control file, must include full path information.
base=# - index number of first image to display starting at 0.
length=# - number of images to display on the page.
selected=# - index number of image in preview display starting at 0, relative to base.

Usage: /cgi-bin/photocgi.exe?control=/aurora/jim/control.ini&base=0&length=10&selected=0

CGI Replacement Strings

Any instances of the following strings enclosed in {} will be replaced by the photocgi program with other information. See the main.html file for an example of their use.

{control} - setting file name parameter
{base} - base parameter
{length} - length parameter
{selected} - selected parameter
{next} - base + length with appropriate range fudging
{prev} - base - length with appropriate range fudging
{count} - count of available photos
{thumb #} - thumbnail photo # so {thumb 0} for thumbnail 0.
{thumbimg #} - thumbnail img tag of photo #
{preview #} - preview photo #
{description #} - description of photo #
{downloadphoto # #} - download photo #
{downloaddesc # #} - download description #
{downloadlink # #} - link to download, empty if doesn't exist.
{version} - CGI Photo viewer version information.
{copyright} - CGI Photo viewer copyright information.

Try it!

I currently have over a hundred photos in my Photo Viewer, and family members have made a number of their own Photo Viewer pages. If you use the program, drop me a note to let me know. I'd be interested to hear how it works for you or to hear if you have any ideas for improvements.

Download: Photo Viewer program and source code (65K) (http://www.aurora-systems.com/photocgi/)
Reference: "HTML 3.2 Plus The Definitive HTML 3.2 Problem-Solver" David Kerven, Jeff Fouse, John Zakour, Waite Group Press, 1997, ISBN 1-57169-091-3

Robert Basler is the president of Aurora Systems, Inc. (http://www.aurora-systems.com) and has been a dedicated OS/2 user since he tired of rebooting Windows 3.1 twenty times a day. He spends what free time he can manage travelling the world. Photo was taken at Franz Josef glacier, New Zealand.

This article is courtesy of www.os2ezine.com. You can view it online at http://www.os2ezine.com/20031016/page_2.html.