Hello,
I have integrated ZenPhoto for a client and am having a problem with a feature I'm trying to implement. The client is a photographer, as well as the normal galleries, he has password protected galleries for his clients.
He has a link on his homepage "Client Login", I'd like to link that to a form, take the username and password from the form:-
-Using the username, direct the user to his client gallery
-Use the username and password to log the user in so that he doesn't need to fill in the form that appears when you're not logged in (seeing as that would mean asking for the details twice!)
Is there anyway of doing this?
You can create a zenphoto cookie from his usercode and password. The zenphoto login is handled circa line 37 in auth_zp.php. There you will see how the cookie is created when one logs into zenphoto. You will have to create zenphoto admin users with the same user/password for this to work.
There is documentation on setcookie in the PHP documents: http://us2.php.net/manual/en/function.setcookie.php. The above reference will show you what zenphoto does.
Hi, I actually sorted the problem by copying the file to /zenphoto and using zp_setcookie.
Could you please let me know how I can verify the username and password entered by the client is correct before I create the cookie!
I know the answer is in auth_zp.php file - but I'm having difficulty locating it!
Thanks in advance!
Hello,
Just to add,
If I login using my login form, the authentication part works fine, it redirects me to the gallery but the cookie is not set as I get the username and password form.
If I try to login again through my form, it works! It's just the first time that it doesnt work - do you know why this could be?
Cookies cannot be set after you have generated output. If you echo "wrong username / password" shows up in anything but a blank page then you have already sent headers so your cookie is not saved. This processing must be done before any headers, etc. are sent. So you would have to have some error variable set so that later you can display your error message.
In answer to your original question, checkLogon() checks a user/password for authentication. checkAuthorization() matches a stored authorization such as a cookie.
Hi there, I still have the same problem:
If I visit the plain HTML site, click on my login form, submit the correct user details --> I get the user + password form from Zen, the cookie appears not to be set.
If I then click on the same login link and try again, I get logged in and the cookie is set.
My code is as follows - I feel I'm really close to the solution so I hope you can help me wrap things up!
Hi there,
I modified the code slightly:
`
if(checkLogon($post_user, $post_pass))
{
setcookie("zenphoto_auth", md5($post_user . $post_pass), time()+5184000, "/");
$_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth'));
if ($_zp_loggedin) {
header('Location: http://www.mysite.com/script/' . $post_user);
}
}
`
This results in a blank screen which means the cookie is not being set on the first attempt but does get set on subsequent attempts - I don't understand why this happens!
I have figured it out. Basically, the cookie does not cross web boundries. I have created a hack that will do what you wish. http://www.zenphoto.org/2008/07/zenphoto-single-login/
The hack works perfectly, thanks for all your help over the last few days. I'll try and find your email address to send you the URL to the finished site.
p.s. http://www.zenphoto.org/2008/07/zenphoto-single-login/ < I had some problems copying and pasting the code, there's some formatting errors on the page