A Better Member-Based ASP Photo Gallery Version 1.2 released February 9, 2009 - Fixed SQL injection bug - Fixed remaining thumbnail after invalid filetype removals By Mike L (ontarioabandonedplaces.com) Introduction ============ I had been looking for a photo gallery program written in ASP that would allow my members to upload photos to my website. The search was frustrating because I could only find galleries that were designed for a webmaster to use. Any MEMBER based-galleries that I tried, failed to work or were not suited to my needs. I decided to write my own gallery script instead that would allow my members to upload photos from their browser. It's a little rough in places but it does the job! Features: ========= This script is a slightly modified version of the script that I use on my own page. It may not be suited to your needs and therefore may require modification. It will allow a member of your site to upload 10 photos at a time . * There are protections to ensure only JPEG files are uploaded, all other files are deleted. * A watermark option is available where users may put embed their name, etc. into the images. * True thumbnails are automatically created. * Images are resized to a preset size (default 600 pixels wide by xxx pixels high). This means that large files are automatically reduced, saving disk space. * The member is able to go to Google Maps before uploading the photos and enter in co-ordinates for where the photos were taken. When the photos are viewed, a link is displayed that allows the visitor to bring up the Google Map showing where the photos originated from. * Progress bar shown when uploading files (from ASPJPEG site's sample code) * Ability for original uploader to go back and delete images or upload more at a later date. * Administrator override to delete images * Each album is stored in a seperate subdirectory in the GALLERIES folder and is numbered according to its corresponding database ID number (beginning with 1). In my original version (used on my website) the user is also able to enter in a description for where the photos were taken. This is not available in this script. Also note that unlike all of the other ASPJPEG scripts I experimented with, this is the only one that thumbnails ALL uploaded files instead of just the first uploaded batch file. Requirements ============ ASP driven website ASPJPEG/ASPUPLOAD components (many Windows hosts offer this as part of their package) Access database (included) Installation/Setup ================== 1) Copy the contents into a subdirectory named GALLERY. For example if your website is www.mysite.com then the contents would go into "www.mysite.com/gallery". 2) Edit the create.asp file. The following may need to be changed: -> session.time = 35 (Currently 35 maximum minutes before session timeout.) -> objconn.ConnectionString = "Data Source=" & Server.Mappath ("\database\photodb.mdb") Change the session.time or remove it entirely. I have it in the script so that a user doesn't take longer than half an hour to complete the entire uploading process. Change the Server.Mappath accordingly. By default the directory is set to a folder named 'database' and an Access database named 'photodb.mdb'. If you move the database to another folder then edit the create.asp file and change this path. (example: some hosts like you to put databases into a specific folder) Also make sure you set WRITE/MODIFY permissions for this file!!!!!!!!!!!!!!!!!! 3) Important! The variable 'username' is set to "Joe User". In the create.asp file you will want to change this to set the variable username to whatever user is logged on to your site. Whatever authentication methods you use when a user logs onto your site, just pass that user's name into the 'username' variable. This is important because only the user who created the photo album may edit it (administrator is the only exception). Accordingly you may also want to redirect the user to a login page if the username variable is not set (thus no actual user is logged in). I trust that you have a cookie or session variable already set to determine who is logged in. Just transfer it into "username" and if that cookie or session is null and nobody is logged in, redirect them to your login. 4) Edit the "coordinates.asp" file and again change the Server.Mappath accordingly to reflect where your photodb.mdb database is located (if not using my default location). objconn.ConnectionString = "Data Source=" & Server.Mappath ("\database\photodb.mdb") 5) In the uploader.asp file, you will see this line: Server.ScriptTimeout = 500 This causes the script to timeout after 500 seconds. This is important because I found that uploading large JPEG files caused timeout errors. 500 seconds gives a person approximately 8 minutes to upload files. Change it accordingly. 6) In the view.asp file you will see this line of code: if whomade = username or username = "admin" then allowdel = 1 Change the "admin" to whatever username the administrator logs on with. Also be sure to change the first line of the file which reads: username= "Joe User" The line of code sets "allowdel" to 1 if the person whomade the gallery is the user who is logged in OR the admin is logged on. This gives the person delete/upload priviledge. 7) Make sure the GALLERIES folder has write/modify permissions because this is where the photo albums are uploaded. How it works ============ A user creates a photo album TITLE which is then entered into the Access database. It is then given an ID (the autonumber ID that Access uses for a new recordset). This ID number is used throughout the process in the form of a session variable . The user then enters co-ordinates for the place that the photos were taken. The Google Map URL is then stripped of everything but the co-ordinates which are then entered into the database. These co-ordinates will be shown along with the thumbnails later on. The files are then uploaded, from 1-10 files at a time. Thumbnails begin with "SMALL_". This is important because "showpics.asp" will read the directory looking only for files beginning with that, and display them as thumbnails. The user is then taken to the "view.asp" file which displays the photos, the co-ordinates and a link to view the Google map. The view.asp file uses a querystring of "entry" to determine what folder to view. Example: www.yoursite.com/gallery/view.asp?entry=4 (show photo album #4) You can refer to the "browse.asp" file to see how to browse albums. Notes ===== session("title") contains the ID of the photo album entry in Access database. When a new album is created, a new ID is generated in the database. I use this to make sure that a person isn't able to link directly to any of the other files (eg. coordinates.asp) without having first gone to create.asp and created an entry for the images. Once an album is created, the session variable is created and acts as a passkey for the other files to run. =================================================================== "Operation must use an updateable query" error messages mean that your database doesn't have write permission. This is a standard error message in Active Server. =================================================================== In the uploader.asp file "Upload.SetMaxSize 2500000, True", the 2500000 is 2.5 megs which is the largest file size that will be accepted PER FILE. You may change this. For example if you put "Upload.SetMaxSize 400000, True" then a person could only upload 400k files. =================================================================== In the upload.asp file you will see two lines of code: if curwid >= 600 then dvsr = curwid / 600 The curwid represents the current width of the image. If it is greater than 600, then the variable dvsr (divisor) divides the image by 600 pixels. Change the 600's to whatever maximum width you'd like the images to be after they are processed. The height is proportionate to the width. =================================================================== In uploader.asp: Jpeg.Canvas.Font.Color = &H000000 The six zeros following the H(ex) represent the hex value for the color of the water mark used in the images. 000000 = black, FFFFFF = white, etc. =================================================================== In uploader.asp: jpeg.Width = "80" jpeg.Height = "80" The size of the thumbnails. Change the 80 to whatever number of pixels you'd like. =================================================================== Files: ====== BAR1.ASP, FRAMEBAR1.ASP, LOGO.GIF, NOTE.HTML are the progress indicator files for the upload. * CREATE.ASP * - The file you call when you want to create a new album. (1st step) coordinates.asp - Where user enters Google map coordinates (2nd step) googlemap.jpg - Googlemap image shown in coordinates step selectfiles.asp - Where user selects up to 10 files to upload plus watermark (3rd step) uploader.asp - file which processes images and saves them to folder showpics.asp - shows the thumbnails (called from view.asp file) view.asp - File which displays a given photo album index.asp - The main file browse.asp - A file to show all photo albums and how to link to them. It may appear to be somewhat confusing but it isn't that difficult. Try running the index.asp file first to see it in action :) http://www.mysite.com/gallery/index.asp Finally... if you would like to see this script in action and how it should work when it is installed properly, visit: www.ontarioabandonedplaces.com/ipguardian License ======= These scripts are free to distribute as long as they are distributed in their original format and not modified. You are free to modify them for your own needs.