Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2 3   Go Down

Author Topic: Password Protect Albums - Theory and Practice  (Read 28427 times)

0 Members and 1 Guest are viewing this topic.

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« on: October 29, 2003, 05:10:01 pm »

this brings us back to the topic of password protected albums!  :D
With password protected albums this would be much simpler...

gaugau, please DO consider this..  :)
I am getting requests for this feature every few days...
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

aymeric

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Password Protect Albums - Theory and Practice
« Reply #1 on: October 29, 2003, 05:53:59 pm »

Quote from: "oasis"
With password protected albums this would be much simpler


yes! that's a good idea :)
Logged

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« Reply #2 on: October 29, 2003, 06:32:18 pm »

gaugau, here is something that might work:

first, create a new column in the TABLE_ALBUMS called "albumpass".
When users specify a password while editing an album, then visibility becomes (FIRST_USER_CAT + USER_ID) and the password they specify is written into the albumpass column.

Then, in functions.inc.php where the script specifes which albums the user can't see
Quote
       $result = db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE visibility != '0' AND visibility !='".(FIRST_USER_CAT + USER_ID)."' AND visibility != '".$USER_DATA['group_id']."'");

add an extra criteria
Quote
AND albumpass != '".$HTTP_POST_VARS['albumpass']."'

Then all you have to do is show a form with an input box for users to type in a password, whenever they click on a private album that has a nonempty "albumpass" field.

OK, I don't know if this is actually feasible (I recall posting before that I hardly know any php...  :) ), but from what I have learnt in the past few months fiddling around with code, it seems to me that it should work. And  it doesn't seem to compromise the original authentication system (one of the concerns pointed out in the previous post on this subject)...
What do you think? Would it work?
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

DJMaze

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 831
    • Dragonfly CMS
Password Protect Albums - Theory and Practice
« Reply #3 on: October 29, 2003, 07:11:37 pm »

The password protection you mention could work if...
All options like Lasts uploads, most views, etc. also block password protected albums from showing.

So it would be some more changes as you say.
Logged
There are 2 kinds of users in this world: satisfied and complainers.
Why do we never hear something from the satisfied users?
http://coppermine-gallery.net/forum/index.php?topic=24315.0

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« Reply #4 on: October 29, 2003, 08:08:57 pm »

OK I've tried it out, but I had to use HTTP_GET_VARS instead of POST because I don't know where to change the code to add the password box.

Anyway, here are the results of my test:

Quote
The password protection you mention could work if...
All options like Lasts uploads, most views, etc. also block password protected albums from showing


It seems to do that automatically, since it is just processing that extra criteria. To show you what is happening, I created a new user called passwordtest.
Its user albums are at http://photo.enctu.org/passwordtest
There are two albums, both set to private (show only to owner). One of them has the albumpass set to "hello", the other is set to "world".

Now look at this:
http://photo.enctu.org/passwordtest&albumpass=hello
http://photo.enctu.org/passwordtest&albumpass=world
(Note the topviewed toprated random and lastuploaded pictures)

The same thing goes with the thumbnails:
No albumpass varible
http://photo.enctu.org/thumbnails.php?album=1630
Specified albumpass
http://photo.enctu.org/thumbnails.php?album=1630&albumpass=hello

So it seems that it could work, but it still needs an interface to type the password that only appears when it should... And maybe the variable could be kept accross pages, so if you entered it once it will be active throughout the session.

By the way, I jut found out a slight problem with my original idea. That is if no albumpass is specified, all albums with no password will be viewable (because the password matches...both blank). So I added a line so that if $albumpass is blank it will  be replaced by "hahahanoonewilleverusethispassword". I'm sure there is abetter way though.  :lol:
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« Reply #5 on: October 31, 2003, 08:25:53 pm »

OK so is anyone going to give me a clue on how to display the password box? I really can't find the place.
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

hyperion

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 1317
  • - retired -
Password Protect Albums - Theory and Practice
« Reply #6 on: November 01, 2003, 05:16:42 am »

For a start, you should just be able to detect no password and then redirect to a password form. The use of empty instead of isset will also screen for blank password entries. This will output the form with the action to return to the same script.

-----------------------------------------------------
Code: [Select]

if (empty($_POST['password'])) {

    pageheader('Password Protected Album');
    print "<form action=\"$_SERVER['PHP_SELF']\" method=\"post\">";    
    print "Password:</td><td><input type=\"password\" name=\"password\"><br><input type=\"submit\" value=\"Log in\">";
    print "</form>";
    pagefooter();  
}

-----------------------------------------------------

Also, you could make it more elegant by adding another field to the album database.

Code: [Select]

Password_Protected             Password
        Y                        flip
        N
        Y                        flop
        N
        N


-Hyperion
Logged
&quot;Then, Fletch,&quot; that bright creature said to him, and the voice was very kind, &quot;let&#039;s begin with level flight . . . .&quot;

-Richard Bach, Jonathan Livingston Seagull

(http://www.mozilla.org/products/firefox/buttons/getfirefox_small.png)

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« Reply #7 on: November 01, 2003, 12:52:35 pm »

Thanks for the tip hyperion!  :)

OK I have a question... you know when we type
"index.php?lang=english"
and it is english throught the session (and even subsequent sessions)
how do I do the same do the same for $albumpass?

currently what i have managed to do is when you click into a private album, it asks you for a password. When they enter the right password, the pics in the album are shown... BUT when they click on the pictures themselves, the albumpass variable is not passed on and is lost, so the album goes back to being private, and it tells you that there are no images to display..

how do I make the variable pass on to displayimage.php?

here, you can take a look: http://photo.enctu.org/passwordtest
but the language is hardcoded, so you're gonna see only chinese but I'm sure you can guess what it's saying.
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

Oasis

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 252
  • iNSiGNiA
    • Pixnet Gallery
Password Protect Albums - Theory and Practice
« Reply #8 on: November 01, 2003, 02:21:21 pm »

OK I figured it out...  :D

in init.inc.php
Quote
if (isset($HTTP_POST_VARS['albumpass'])) {
    $USER['albumpass'] = $HTTP_POST_VARS['albumpass'];
}


and then GLOBAL $user in function get_private_album_set()

OK, I have completed the guest side of the password protection scheme (you can try it here: http://photo.enctu.org/passwordtest.the passwords should be obvious from the album names)
HOWEVER, I have had to make extensive changes to many parts of the code in various files, so it's gonna take me some time to write the changes out... Also, what I have done required changes in the theme.php, so I can see this isn't going to be an easy hack to implement...

I will now try to code the part for setting the password. I will post here if I have any news.
Logged
Pixnet Gallery: http://www.pixnet.net
iNSiGNiA Weblog: http://www.jayliu.org

gazon_zaseyan

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
Password Protect Albums - Theory and Practice
« Reply #9 on: January 15, 2004, 05:08:27 pm »

Hi guys,

 Can somebody tell me the whole process of installing that option? I did read the whole topic, but it looks kinda complicated... I don't wanna mess it up by changing wrong things...

is there a ready manual or something for installing this MOD?!

Thank you !
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Password Protect Albums - Theory and Practice
« Reply #10 on: January 15, 2004, 05:13:18 pm »

no, there's no manual or similar. This is not even considered a mod, but more a theoretical discussion. If you're not feeling comfortable with it (if you're not familiar with webserver stuff), my advice is to not play with it (i.e. not use/apply this).

GauGau
Logged

gazon_zaseyan

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
Password Protect Albums - Theory and Practice
« Reply #11 on: January 15, 2004, 05:23:38 pm »

Quote from: "gaugau"
no, there's no manual or similar. This is not even considered a mod, but more a theoretical discussion. If you're not feeling comfortable with it (if you're not familiar with webserver stuff), my advice is to not play with it (i.e. not use/apply this).

GauGau


I probably wont :) thanks.

So isn't there any other MOD for password protected albums? :( That would be a really helpfull MOD, and I think not only for me...

are you planning on writing a MOD like that?

Thanks
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Password Protect Albums - Theory and Practice
« Reply #12 on: January 15, 2004, 05:44:35 pm »

one step at a time: we (dev team) have our workload set up for the current dev version (that will become the next coppermine release): passwords-protected pics won't be in it I'm afraid. If the next version is being released, we'll be going through the "feature requests" board and decide on which features will go into the future release.
Usually the dev team members don't write mods, but add code to the actual releases. Maybe someone else (who needs the modification as well) will take up the task and write a password-protection-mod.

GauGau
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
How is the password protected album mod going?
« Reply #13 on: April 15, 2004, 09:22:50 am »

I have read this post:

http://forum.coppermine-gallery.net/index.php?topic=1112

and I have found this cpg gallery applied password protection for each album successfully. But this album is in Chinese only. I think you can guest the opperation if you are familiar with cpg.

http://www.enjoyalbum.net/main.php?cat=13730

I have an account for your test: 123456 pass: test

However, the author havn't give any information about how he did it.

Can anyone follow this and provide a helpful hand to people who really want this function?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Password Protect Albums - Theory and Practice
« Reply #14 on: April 15, 2004, 09:43:31 am »

is http://www.enjoyalbum.net/ your page?

GauGau
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Password Protect Albums - Theory and Practice
« Reply #15 on: April 15, 2004, 10:01:32 am »

No, if it were my page I would not ask for this feature at here. :cry:
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Password Protect Albums - Theory and Practice
« Reply #16 on: April 18, 2004, 07:34:54 am »

enjoyalbum uses an illegal copy of coppermine, with modifications built in that are not within the "regular" coppermine files (it's not illegal to add features, but you mustn't remove the "powered by" tag at the bottom, that's why it's illegal). Hard to say how they did this and that feature, but I'm rather sure they won't tell :wink: . Please do not contact enjoyalbum on this, the dev team already has and will take care of the copyright issue.

GauGau
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Password Protect Albums - Theory and Practice
« Reply #17 on: April 18, 2004, 06:12:27 pm »

OK. Hope that somebody can do us a favour and get the password protection to work.
Logged

doggystyle

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 43
Password Protect Albums - Theory and Practice
« Reply #18 on: April 18, 2004, 06:23:03 pm »

so oasis, can you please send the changes you did to the files to get the pw-protection work?! :(
Logged

kieranmullen

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 48
Re: Password Protect Albums - Theory and Practice
« Reply #19 on: April 22, 2004, 05:59:08 pm »

Would it be much easier than password protection to user tables that already exist?

Private Album Name would be made into a group. Admin could grant permisson to that group or the album owner could. Only album members would be able to view pictures from that album.
Logged
Pages: [1] 2 3   Go Up
 

Page created in 0.029 seconds with 20 queries.