Announcement

#1 2014-03-26 09:07:22

agroszer
Member
2014-03-26
7

all private gallery

I want to have an all private gallery, publicly hosted on the internet, but only visible to user (family) members.
Nothing should be accessible without a login. Well, just the login form.

Piwigo version: 2.6.1

Offline

 

#2 2014-03-26 09:33:56

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13519

Re: all private gallery

Hi agroszer,

With plugin LocalFiles Editor, in local configuration, add:

Code:

<?php
$conf['guest_access'] = false;
?>

Offline

 

#3 2014-03-26 09:51:02

agroszer
Member
2014-03-26
7

Re: all private gallery

Hi,

Thanks, but that does not protect the thumbnails and various pictures :-S

Offline

 

#4 2014-03-26 10:00:49

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13519

Re: all private gallery

Do you mean the direct URL to the picture?

Offline

 

#5 2014-03-26 10:08:25

agroszer
Member
2014-03-26
7

Re: all private gallery

Yes, I mean those URLs.
Might be hard to guess, but still.

Offline

 

#6 2014-03-26 10:19:54

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13519

Re: all private gallery

Still in your local configuration, add:

Code:

$conf['original_url_protection'] = 'all';

TODO: manage .htaccess in "galleries" and "upload" folders

Offline

 

#7 2014-03-26 11:06:42

flop25
Piwigo Team
2006-07-06
7036

Re: all private gallery


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#8 2014-03-27 19:17:17

agroszer
Member
2014-03-26
7

Re: all private gallery

$conf['original_url_protection'] = 'all';

That seems to protect original images, but thumbnails and various sizes are still served directly...
Any chance to route those too via some php page?

Offline

 

#9 2014-03-27 19:26:58

rvelices
Piwigo Team
2005-12-29
1960

Re: all private gallery

Code:

$conf['derivative_url_style'] = 2; //script

But it's going to be slow ...

Offline

 

#10 2014-03-27 20:01:02

agroszer
Member
2014-03-26
7

Re: all private gallery

not so bad... protecting family photos goes first

Offline

 

#11 2014-03-28 06:07:16

rvelices
Piwigo Team
2005-12-29
1960

Re: all private gallery

In fact I just realized that my example is not safe because even if we serve thumbs through our script, there is absolutely no check on permissions in this one.

Offline

 

#12 2014-03-28 07:19:03

agroszer
Member
2014-03-26
7

Re: all private gallery

ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?

Offline

 

#13 2014-03-28 09:31:28

flop25
Piwigo Team
2006-07-06
7036

Re: all private gallery

agroszer wrote:

ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?

No
it has been already discussed in the threads I gave. Only Gallery v3 protect like you want but that's very very heavy


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#14 2014-03-28 09:33:54

agroszer
Member
2014-03-26
7

Re: all private gallery

any chance to add an config-option to enforce being logged on?

Offline

 

#15 2014-03-28 10:01:53

flop25
Piwigo Team
2006-07-06
7036

Re: all private gallery

No
But the only way to get files would be to brute force name files which is obviously endless since the upload randomise the filename
and you will quickly see that someone is brute forcing


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2021 · Contact