Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Secure a directory, not a part of CM, possible?  (Read 4234 times)

0 Members and 1 Guest are viewing this topic.

oboi

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Secure a directory, not a part of CM, possible?
« on: June 19, 2009, 11:22:59 pm »

My client (and oh what a client) has a request I cannot fig how to work into Coppermine. As is, the gallery is secure with access only to registered users. My client has had me insert a section, not a part of CM, that can, of course, be accessed by anyone. These are HTML pages. Is it possible to only allow access to these pages by registered CM users? So basically, I have a folder, within the CM structure, that needs to be secured for CM users only.

Is there a way to do this?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Secure a directory, not a part of CM, possible?
« Reply #1 on: June 21, 2009, 09:02:23 am »

The files need to be PHP-driven and they need to reside in coppermine's folder. You can then create custom pages that respect coppermine's logic - just create a file named test.php that contains this:
Code: [Select]
<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
?>

Your custom stuff here
If the file is meant to have the same look that your coppermine-driven pages have, use this:
Code: [Select]
<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
pageheader('Your page title here');
?>

Your custom stuff here
<?php
pagefooter
();
?>
Finally: to make above mentioned code only accessible for registered users, change to this:
Code: [Select]
<?php
define
('IN_COPPERMINE'true);
require(
'include/init.inc.php');
if (!
USER_ID) {
    
cpg_die(ERROR'You need to register to access this page'__FILE____LINE__);
}
pageheader('Your page title here');
?>

Your custom stuff here
<?php
pagefooter
();
?>
There is however no secret protection available on folder level - coppermine's logic doesn't apply to folders on file system level.
This has been asked and answered often - especially since you claim to be a pro and get paid for your work (you said that you need this for a client) we could expect that you do your homework first and perform a thorough search.
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 19 queries.