Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Passworda and Username Acceptance  (Read 10384 times)

0 Members and 1 Guest are viewing this topic.

WillyWonderDog

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 19
Passworda and Username Acceptance
« on: October 18, 2012, 05:58:51 pm »

I have a family area on my website that requires members to sign in with a user name and password (using 'basic authorization' - apache2. Inside that family area is Coppermine. If I setup a member in Coppermine with the same username/password, is there a way Coppermine can use that 'basic authorization' info and auto sign them into Coppermine when they enter the gallery? Thanks for the consideration.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Passworda and Username Acceptance
« Reply #1 on: October 24, 2012, 09:25:15 am »

I don't think so, but I simply don't know.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Passworda and Username Acceptance
« Reply #2 on: October 31, 2012, 10:07:33 am »

I just noticed that the user name and password are stored in $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. So it should be possible to add a check (e.g. somewhere in include/init.inc.php or as a plugin) if the visitor is currently logged in and if not, post the above data to Coppermine's login.php page. If it fails (wrong credentials), you'll have to make sure to avoid an infinite loop.
Logged

WillyWonderDog

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 19
Re: Passworda and Username Acceptance
« Reply #3 on: November 07, 2012, 03:29:24 pm »

Thanks for the info André. I have been trying, but so far no luck.
Side Note: I use  Wordpress Plugin, HTTP Authentication 4.5, by Daniel Westermann-Clark which works quite well.
I will keep trying to figure this out in Coppermine and I will post the solution. BTW, I use your mobile theme switcher plugin; works great.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Passworda and Username Acceptance
« Reply #4 on: November 12, 2012, 12:06:38 pm »

I use  Wordpress Plugin, HTTP Authentication 4.5, by Daniel Westermann-Clark which works quite well.
I don't know that plugin. But as you said you use Apache authentification, the credentials are probably stored in the $_SERVER array.
Logged

WillyWonderDog

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 19
Re: Passworda and Username Acceptance
« Reply #5 on: February 18, 2013, 01:28:21 am »

Thanks Andre, your info put me on the right course; the following is my solution.
Using Apache/2.2.17 (Win32) PHP/5.2.17 Coppermine 1.5.20



in login.php, near line 162 find:

_____________

                      <td align="left" class="tablef">
                        <!--<input name="submitted" type="submit" class="button" value="{$lang_login_php['login']}" tabindex="4" />-->
                        <button type="submit" class="button" name="submitted" value="{$lang_common['ok']}"  tabindex="4">{$ok_icon}{$lang_common['ok']}</button>
                      </td>
                  </tr>

EOT;
_____________

after the </tr> and before the EOT; add

_____________

<tr>
<td colspan=2 align=center>
<Iframe src="loginchoice.php" width="100%" height="450" frameborder=0 seamless></Iframe>
</td>
</tr>
_____________

create a file named loginchoice.php, the working parts are below.

echo <<< EOT
<form action="login.php" method="post" name="loginbox" id="cpgform" target="_top">
<input type="hidden" name="username"  value="{$_SERVER['PHP_AUTH_USER']}" />
<input type="hidden" name="password" value="{$_SERVER['PHP_AUTH_PW']}" />
<input type="submit" class="buttonStyle0"  name="submitted" value="Auto-SignIn as {$_SERVER['PHP_AUTH_USER']}"  />
</form>

<form action="login.php" method="post" name="loginbox" id="cpgform" target="_top">
<input type="hidden" name="username"  value="themes" />
<input type="hidden" name="password" value="password" />
<input type="submit" class="buttonStyle2"  name="submitted" value="Auto-SignIn as Themes Name"/>
</form>

<form>
<input type="button" class="buttonStyle3" value="Enter Gallery As Guest" onClick="parent.location='index.php?cat=1'">
</form>

EOT;
Logged

WillyWonderDog

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 19
Re: Passworda and Username Acceptance
« Reply #6 on: February 18, 2013, 02:00:24 am »

I should have mentioned that for this to work, the apache auth'ed username/password has to be the same as a current CPG username/password. Someday I would like to be able to accomplish what a afore mentioned wordpress plugin does. Among other options, it can login any apache auth'ed user into wordpress (regardless of current passwords) and optionally create a wordpress user.
Thanks again, Coppermine is a super Photo Gallery.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.