I have run an OS/2 Apache server for a number of years, and have some programming background, so I decided to see if I could put together a simple application that would allow people to quickly and easily browse family photos, and make it easy enough for me to put them up that I would actually keep up to date. The result of that was a program I call PhotoCGI (http://www.aurora-systems.com/cgi-bin/photocgi.exe?control=/aurora/photocgi/photos.ini&base=0&length=5&selected=0) (go take a look.)
This program is at this point functional, but not particularly debugged or robust. It may work funny, cause unexpected results, or do other wierd things (I know the picture numbering at the bottom is a little funny, but I'm living with it.) Fix it if you like, but please let me know.
Partial source code for the program is supplied. I used a CGI parameter library from the book "HTML 3.2 Plus" (full reference below) and some cross-platform source code from some commercial projects that I am not able to provide. It should be fairly straightforward to use the provided base to port the program to any environment.
I protect my Photo Viewer pages from unauthorized viewers using Apache's password mechanism. Hackers can access photocgi.exe, but they can't get it to show you the password protected directories of photos.
One sure way to use this program to defeat the security of a web server is to allow users to upload files to anywhere on the server. If a user can upload a control file anywhere, PhotoCGI can reach it and be used to provide whatever files that nefarious person wants to download.
If you can find any other security holes in the program, please let me know.
The first line of the control file is the name of the control file as used in any URL's which access it. This is a cheap security measure to ensure that PhotoCGI is being told to access a valid control file. Note that this is a UNIX format filename with / path separators. The filename must be identical to what is provided in the URL for PhotoCGI to process it.
The second line of the control file is the maximum number of photos to support. The larger the number, the more memory the program needs to run. If you have more lines of photos than this number, you will get an error rendering the HTML page.
The third line of the control file is the name of the template HTML file to render the photo viewer onto. In the samples, this is main.html. Note that this is an OS/2 format filename with \ path separators.
The fourth line of the control file is the name of the HTML file to render error messages onto. In the samples, this is error.html. Note that this is an OS/2 format filename with \ path separators.
The fifth line of the control file is the name of the text log file where all requests are logged. This should generally be a file somewhere outside of where the web server can deliver, but this is up to you. Note that this is an OS/2 format filename with \ path separators.
Each subsequent line of the control file represents one photograph. The line must contain the ThumbFilename (mine are 100 pixels wide), PreviewFilename (I use 640x480 images so that the preview and thumbnails will fit on a 800x600 web browser window), # of downloadable different sized pictures (may be 0-9). All other fields are optional. Fields are space separated, and may be surrounded in "quotations" so that you can enter descriptions and file names containing spaces.
ThumbFilename PreviewFilename "# of sizes for download" downloadsize0 downloadfile0 downloadsize1 downloadfile1 ... downloadsizen downloadfilen "Text Description"
For example, say we create a control file called jim.ini:
150
\photos\main.html
\photos\error.html
\photos\log.txt
/jim/photo0thumb.jpg /jim/photo0preview.jpg 0 "Me."
/jim/photo1thumb.jpg /jim/photo1preview.jpg 2 (800x600) /jim/photo1-800.jpg (1024x768) /jim/photo1-1024.jpg "My week at the seashore taken at f16 1/1000s exposure."
/jim/photo2thumb.jpg /jim/photo2preview.jpg 1 (800x600) /jim/photo2-800.jpg "A shot of my foot (oops)."
/jim/photo3thumb.jpg /jim/photo3preview.jpg 2 (800x600) /jim/photo3-800.jpg (1024x768) /jim/photo3-1024.jpg "My week at the seashore taken at f2 15s exposure."
This will create a database of 4 photos, numbered 0 to 3. The first has just the thumbnail and preview. The second offers additional 800x600 and 1024x768 photos for download. The third has only an 800x600 download and the last has both again. Paths are absolute, so don't forget the folder, this will be /jim/ in this example. The program will support up to 150 photos, will use main.html as its template page and error.html as the error message page. Each access will be logged in log.txt.
In the event of an error, the file error.html is used instead and an error message placed in it.
control= - name of control file, must include full path information.
base=# - index number of first image to display starting at 0.
length=# - number of images to display on the page.
selected=# - index number of image in preview display starting at 0, relative to base.
Usage: /cgi-bin/photocgi.exe?control=/aurora/jim/control.ini&base=0&length=10&selected=0
{control} - setting file name parameter
{base} - base parameter
{length} - length parameter
{selected} - selected parameter
{next} - base + length with appropriate range fudging
{prev} - base - length with appropriate range fudging
{count} - count of available photos
{thumb #} - thumbnail photo # so {thumb 0} for thumbnail 0.
{thumbimg #} - thumbnail img tag of photo #
{preview #} - preview photo #
{description #} - description of photo #
{downloadphoto # #} - download photo #
{downloaddesc # #} - download description #
{downloadlink # #} - link to download, empty if doesn't exist.
{version} - CGI Photo viewer version information.
{copyright} - CGI Photo viewer copyright information.
This article is courtesy of www.os2ezine.com. You can view it online at http://www.os2ezine.com/20031016/page_2.html.