Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000049 [Piwigo] users & groups feature N/A 2004.08.24 11:22 2005.07.17 16:26
Reporter glz View Status public  
Assigned To plg
Priority normal Resolution fixed Platform i386/P4
Status closed   OS FreeBSD
Projection none   OS Version 4.10
ETA none Fixed in Version 1.5 branch Product Version
  Target Version Product Build
Summary 0000049: Use of REMOTE_USER to identify PHPWebGallery user
Description Using PHPWebGallery together with other applications in a setting where the Apache does the authentication do not work as there is no way to map the remote user to a PHPWebGallery user.
Steps To Reproduce If authentication is set on the Apache for the PHPWebGallery location, first you get the HTTP authentication box but then is still required to login to PHPWebGallery.
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version 4.3.8
Web server Apache 2.0.50
Attached Files

- Relationships

-  Notes
plg (manager)
2004.08.24 21:48

Good idea :-) but not in branch 1.3, it would be a new feature for branch 1.4

What do you think about the following test : if $_SERVER['REMOTE_USER'] is set and no $_GET['id'] found, then PhpWebGallery create a session (so a ?id=xyz will be added to PhpWebGallery URLs) ?

A requirement would be that Apache authentication users have same usernames as PhpWebGallery users.
glz (reporter)
2004.08.24 22:35

Yes, it looks OK from what I would expect. And this type of mapping always have to be on userid.

If no match is found, I would assume that a mapping to 'guest' would make the logic for open/closed site work correctly.
plg (manager)
2005.07.10 05:06

A long time has passed (1 year) and the feature still does not exist. But, yesterday, I've been thinking about it. Here is what I propose more precisely :

The goal is to declare users only in your .htaccess associated user file. Once logged through Apache, if PWG is configured to search in Apache authentication method, the session used is the Apache session. No need to create a PWG session.

If no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application.

I plan to add this for branch 1.5
plg (manager)
2005.07.17 16:26

Feature added on development branch : https://mail.gna.org/public/phpwebgallery-cvs/2005-07/msg00004.html [^]

This feature will be available in stable branch 1.5

- Issue History
Date Modified Username Field Change
2004.08.24 11:22 glz New Issue
2004.08.24 21:48 plg Note Added: 0000022
2004.08.24 21:49 plg Assigned To => plg
2004.08.24 21:49 plg Reproducibility always => N/A
2004.08.24 21:49 plg Status new => assigned
2004.08.24 21:49 plg version 1.3.2 => 1.4
2004.08.24 22:35 glz Note Added: 0000026
2005.05.01 08:12 plg version 1.4 branch =>
2005.07.10 05:06 plg Note Added: 0000189
2005.07.17 16:26 plg Note Added: 0000196
2005.07.17 16:26 plg Status assigned => closed
2005.07.17 16:26 plg Resolution open => fixed
2005.07.17 16:26 plg Fixed in Version => 1.5 branch

Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker