Zenphoto currently has a feature that can force users to enter a generic password to enter the site. I'd like to force actual user login.
In my previous jobs, I was a C++ junkie, so by no means a web/php developer, but I put together some simple code that seems to make this work. My request is that in the admin panel, there is an option to "Force User Login."
./zp-core/admin-functions.php`
//approx line 210
function printLoginForm($redirect=null, $logo=true) {
global $_zp_login_error, $_zp_current_admin;
//BEGIN FORCED LOGIN CODE
//* This will redirect the user to their requested page after login
//* Note that the default is root (i.e. index.php) and NOT admin
if (is_null($redirect)) { $redirect = "/"; }
else { $redirect = rawurldecode($_GET['redirect']); }
//END FORCED LOGIN CODE
$requestor = sanitize($_POST['user']);
//...same code
}`
./zp-core/admin.php`
//approx line 786
if (!zp_loggedin()) {
//BEGIN FORCED LOGIN CODE
if(!is_null($_GET['redirect'])) { $redirect = $_GET['redirect']; }
printLoginForm($redirect);
echo "n";
echo "n";
exit();
//END FORCED LOGIN CODE
} else { //...same code `
./index.php`
//approx line 17
$themepath = 'themes';
//BEGIN FORCED LOGIN CODE
//* This captures and encodes the requested URL if not logged in
//* NOTE: "/gallery" is my equivalent of "/zenphoto/" (wasn't sure of the global variable to use
if (!zp_loggedin()) {
$redirect = rawurlencode(str_replace("/gallery/","/",$_SERVER["REQUEST_URI"]));
header("Location: " . "
http://SERVER/gallery/zp-core/admin.php?redirect=$redirect");
}
//ENDFORCED LOGIN CODE
header ('Content-Type: text/html; charset=' . getOption('charset'));
//...same code`
If I should create a TRAC...just let me know. Also, any suggestions for the code is also appreciated. Or perhaps I'm the only one interested???
-JC
Zenphoto
Comments
How is this different from placing a password on the gallery? That requires a login (but does not require a user ID.)
This then keeps the pictures private (like having a global password as you mentioned), but also allows each user to have customized permissions. While I like the very basic permission rights ZP offers (keeping it simple), I do like restricting certain aspects.
In my specific case, I have a guest account which can only view pictures. Then, for each of my family members, I allow them upload rights to only their "collection" (which contains as many sub-albums as they want) and also the right to comment on anyones photos.
The code above accomplishes this...
Extending the existing gallery/album password login to allow an admin to login as well as allow a guest password. This is a fairly straight forward extension to what we have now.
So you would password protect your gallery with the guest password. Your family members would have their admin logins but would be able to enter them when they visit the gallery. The login would take them to the gallery page when successful.
Guests would simply enter the guest password. (They could enter "guest" or just about anything for the user, it will be ignored if it is not an admin user.) Perhaps an extension would be to add a "guest" user name to the album/gallery. That would complicate things a bit on the administration side, so if it is not needed I would prefer not to do it.
@carlyman - I think there is a small error/typo in your code for the printLoginForm function.
`if (is_null($redirect)) { $redirect = "/"; }
else { $redirect = rawurldecode($_GET['redirect']); }`
should be
`if (is_null($redirect)) { $redirect = "/"; }`
If $redirect is not NULL then it should be because you already set it to the appropriate $_GET['redirect'] value before calling the function from admin.php
It's always possible I'm mis-reading though.
The difference is that password protecting the gallery only requires you to enter the gallery password. This just makes the gallery viewable.
Forcing a login via printLoginForm in the admin functions requires you to use an actual user login which then provides you with a certain level of permission based upon your user id. That way you are set to edit your albums and view and comment on other albums.
The thing that this really changes compared to the way things currently work is to basically implement admin logins as a form of general user login by directing you to gallery pages instead of straight back to the admin page. It also allows a more generalized login concept compared to how you currently have to know where the login page is in order to access it.
I hope that makes sense. I think it is what carlyman is doing/needed with the code provided. I don't have a specific need for this feature myself, but I can definitely see the value in it for others. I will try to test out what you've implemented if I have time this weekend. I'm laying in sod in the backyard, so may not get around to it.
If a gallery is password protected, you get a gallery logon screen which is styled like your theme. This is almost the same as current. What is different is that you get a user field as well as a password. If you enter an admin user/password at the login, you will be logged in as an admin with the appropriate rights. If you enter the guest password you will be allowed to view the gallery as before, with no admin priviledges.
@sbillard: I'll try out the latest build later this week, but I assume when you say "admin" user/password you are referring to any user account, regardless if they have admin privileges; correct?