hi,
im desperate in looking for a gallery solution
and right now zen is exactly what i want
i want to stick with it but i have one problem though
i tried password protecting an album, and then since i have the recent photo feature appear on the main page, the content of that password protected album also appears there. when you click on it, it takes me to the content of that album with full access to all the pictures.
it appears that its only the link of the album that is restricted. so if the image appears in recent photo/album and you click on it the album is still accesible
its true for me.
http://gallery.bartyfly.com/index.php
Your link does not display. So, a couple of questions:
First, are you using a standard theme or one you have created? If the latter you need to add a call if (checkForPassword() { } around the part of your image.php page that you do not want to display.
Also, for passwords to work correctly you need to be running the nightly build.
im sorry:
correction for the link: http://gallery.bratyfly.com/index.php
no i wasn't login as admin. in fact i was using firefox to edit the gallery and view as guest using safari. its simpy not working. i had to switch back to gallery 2 while i still couldnt figure out how to protect the pictures.
hi sbilard, what you probably see was the gallery (another gallery cms)
do i still have to install the nightly build even though i have just downloaded the zenphoto 2 days ago? i presummed that the download link at maimn site gives the updated version.
thanks for you answers guys
Gallery link: http://bratyfly.com/zengallery/
note: i dont own the pictures. use for testing purposes.
I did now and upload the nightly build. I made some test. Here are my observations. Hope this could help us improve future updates.
There is an album named BOO, boo is password protected.
There is an album named ANIMALS and its NOT password protected.
I uploaded a picture in ANIMALS and showed up in the recent images as expected.
I uploaded a picture in BOO and did not showed up in the recent images which is fine.
I accessed BOO using the password and copy the direct link of one of the picture (http://bratyfly.com/zengallery/index.php?album=boo&image=vote.jpg).
I cleared my cache, cookies etc.
I accessed again BOO and I was prompted again to enter the password but I DID NOT.
Then I paste the direct link of the picture from BOO in the addresbar and I was able to access the picture without being asked to enter the password. And the picture has 2 links beside it. The link on the left was the previous picture, the link on the right is the next picture. Which gives a full access to the gallery. And if you click to the name of the gallery above, that's the only time you will be asked to enter the password
Now what i'm worried is, if there is a certain pattern i named my pictures, one could guess what is the filename and try to access the album by simply typing the link below:
http://bratyfly.com/zengallery/index.php?album=boo&image=name.jpg -- name.jpg as the filename guessed.
Another scenario. If a certain guest sent the link of the image from a password protected album to someone via email, the recipient will just click on the link and they will be able to access the picture (and all pictures of the album via the next and previous links) without being prompted to enter the password.
What I actually expecting was if I try to access a certain link of a picture which is password protected, I should be prompted to enter the password of the album.
If this could be done, then showing up the images from a password protected gallery in the recent images is not a problem since the moment you click on it, you will be ask to enter the password.
Thanks and I hope i am not wasting your time.
Bratyfly
Of course you are not wasting our time. We appreaciate your feedback, especially on this sensible topic. Unfortunatly you are indeed right that you can access a image in an password protected album directly.
As for recent images: If you use the latest nightly build that should not show images from password protected albums anymore.
Thanks for the reply acrylian
Any plans in the future to prevent from accessing a image in a password protected album directly?
Yes i have noticed with the build release last night, recent images does not show anymore from a password protected gallery. It only shows up now on the recent images if you have an access to the album.
ALSO, i'm just wondering if those images in the password protected gallery being crawled by search engines?
Of course an image should not be accessible directly if in an protected album (and I could swear that worked before...) But sbillard is the architect of the protection, I am sure he finds the error real quick!
If you don't be able to access a protected album, a crawler/spider shouldn't have access too, since it follow links.
bratyfly:
In order to protect the image, the theme must include password checking in the image.php file. Unfortunately, it appears that stopdesign does not do this. I will see if I can decypher the theme well enough to add the code. Stopdesign is a very complex difficult to work with theme.
The solution was posted in last night's nightly build. Seems a few other themes were missing the code as well, I think something must have got lost along the way. Anyway, now all distributed themes support image page password protection.
If anyone is developing his own theme, the code if checkforPassword() { } must be placed around anything you don't want displayed if the album is passoword protected.
This same goes for album pages if you want to supress anything more than the thumbnail list.
noticed that images in a password protected album show up in the search page if search word for example contains it's filename. the password protected albums don't.
did this in the imageloop on the search.php to prevent images showing up;
`
`
I'm having trouble with password protection too. I added password protection to one album, and initially it seemed to have no effect, but then I found this post and realized it might be because I was logged in as admin. So I logged out, clicked on that album - and got no photos, just a blank image page, but also no password prompt! So there appears to be no way to enter a password.
Also, there are two related problems: it still uses a thumbnail from the protected album to represent it on the main page, so that means at least one image from the protected album is publicly visible, and it also pulls content from the protected album for the random image block on the main page. Both of these seem to kind of go against the idea of being able to protect an album...
I suppose I could get around the random image thing by removing that feature entirely (although that would probably mean commenting it out in the code and then messing with the CSS so that the layout doesn't break, since there doesn't seem to be any way of disabling that feature in the admin), but I'm not sure what to do about the thumbnail issue. It would be nice if protected albums showed a blank image with the words "password required" instead of a thumbnail.
BTW, the theme I'm using is a modified version of Thinkdreams, if that helps (modified mainly by me commenting out everything relating to comments, and the image descriptions and titles).
With the current release you should not be getting protected images for the random image. However, since you are using a modified (not part of the release) theme, it may not be using the template-functions getRandomImage() function. No guarentees then.
The theme may also be the problem with your getting no photos, just a blank page. Typically, blank pages are due to script errors. Check your CGI log and see what it says. The way password protection works, When the theme calls next_image() or next_album() zenphoto checks to see if the current album is password protected. (There have been some fixes here, so you might need the nightly build.)
While album thumbs are returned for protected albums, there is a class="password_protected" on the image saying it is protected. Your CSS could do something to mask it.