forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: zac on August 28, 2005, 10:25:44 am

Title: Users and password protected albums
Post by: zac on August 28, 2005, 10:25:44 am

Hello.. I am delving into a new realm of coppermine and trying to figure out the user controls.  I want to use them in such way that they are just controlling who can see which albums.  If I have like 20 albums up, I only want user A to be able to see album A.  Is this possible?  The only options I can find are to make the albums visible to either everyone or only regestired, banned, etc... If this does not work is there a way to password protect each individual album?

Thanks for any help!

Zac

oops.. i just noticed this should be in the permissions and access rights board.... sorry.

Title: Re: Users and password protected albums
Post by: zac on August 28, 2005, 10:31:46 am

Ack... I figured it out.  Have to go into groups in the admin mode and create new ones.

Title: Re: Users and password protected albums
Post by: amol on August 29, 2005, 05:51:10 pm

I have a follow up question...
Lets say coppermine root is domain.com/photos

And I setup album A such that it is only accessible to group A, in which there is only one user, user A.
So only user A should be able to see this album.
If unregistered user or some other user logs in, they cannot see album A in the list of albums. So far so good.

BUT...if they point to a url like
domain.com/photos/albums/userpics/10001/photoname.jpg, anyone can view the photos.

Which is something that I dont want.

Question: Is there any way to _really_ restrict access to photos and albums?

Title: Re: Users and password protected albums
Post by: Joachim Müller on August 30, 2005, 07:40:35 am

has been discussed many times, please search the board. There's no absolute safety though: if a determined user who knows his way around in coppermine is able to guess the url of an individual pic, he'll be able to see it. However, there are several methods (discussed on the other threads that I told you to search for) to make it harder (or nearly impossible) to do so. Additionally, there's a method outlined in a thread on how a complete protection could be achieved (by storing the pics outside the webroot and serving it only on the "legitimate" page), but don't expect code ready for copy'n paste - you have to be an expert to accomplish this sort of protection.