Pages: 1 2
--------------------
EDIT:
I let the message below, but nowadays the "official topic" is [Forum, topic 15622] [Plugin] Event Cats, to easily share private categories.
--------------------
Hi ;
in a french discussion, P@t kindly helped me to implement the two following functions in my gallery, which I talk about here, in case some people are interested :
_ automatic identification : a user can log in into your gallery thanks to a single URL (the best is to use a generic account) ;
_ account duplication : a user can duplicate the current account (s)he's using, ie create a new account inherting the properties of the account from which the new one was created.
The typical situation is : after an event (a wedding for instance), you want to give access to some pictures, to people you don't know. Providing _ 1 URL + _ 1 username + _ 1 password, is too much, especially for aged people. But the pictures must not be in a public category, as you want them secured (a little bit, as the technique used here is very weakly secured).
Thanks to automatic id, you are able to give access to the event category, by providing only a URL. Thanks to account duplication, people can create their own account, and continue to navigate in the category without having to wait for your confirmation and access granting.
You can test these functionnalities in my test gallery by following this link :
lucmorizur.free.fr/piwigo/index.php?cat=15&autolog=Code02_pour_Piwigo03
It is better to not let this kind of link able to access some content you don't want to be public, for a very long time, as this is almost equal to no security.
I personnally think that these functionnalities should be included in plugin nbc UserAdvManager, or become a plain plugin.
Here is the translation I make from P@t's explanations to implement a Personal Plugin providing these functionalities :
P@t wrote:
(Well, P@t wrote that in french, but I translate it as close as possible.)
Code to be put in personal plugin (5th tab of LocalFiles Editor):Code:
add_event_handler('init', 'auto_log_user'); function auto_log_user() { global $conf; if (isset($_GET['autolog']) and isset($conf['auto_log'])) { if (isset($conf['auto_log'][$_GET['autolog']]) and ($userid = get_userid($conf['auto_log'][$_GET['autolog']]))) { log_user($userid, false); if (isset($_GET['cat']) and is_numeric($_GET['cat'])) { redirect(PHPWG_ROOT_PATH.'index.php?/category/'.$_GET['cat']); } else { redirect(make_index_url()); } } else { access_denied(); } } } add_event_handler('register_user', 'assign_perm_for_new_user'); function assign_perm_for_new_user($new_user) { global $user, $conf; if (isset($conf['auto_log']) and in_array($user['username'], $conf['auto_log'])) { // User access $query = 'SELECT cat_id FROM '.USER_ACCESS_TABLE.' WHERE user_id = '.$user['id'].';'; $result = pwg_query($query); $insert = array(); while ($row = mysql_fetch_assoc($result)) { $insert[] = '('.$new_user['id'].','.$row['cat_id'].')'; } if (!empty($insert)) { pwg_query('INSERT INTO '.USER_ACCESS_TABLE.' VALUES '.implode(',', $insert).';'); } // User groups $query = 'SELECT group_id FROM '.USER_GROUP_TABLE.' WHERE user_id = '.$user['id'].';'; $result = pwg_query($query); $insert = array(); while ($row = mysql_fetch_assoc($result)) { $insert[] = '('.$new_user['id'].','.$row['group_id'].')'; } if (!empty($insert)) { pwg_query('INSERT INTO '.USER_GROUP_TABLE.' VALUES '.implode(',', $insert).';'); } // Permission level $query = 'UPDATE '.USER_INFOS_TABLE.' SET level = '.$user['level'].' WHERE user_id = '.$new_user['id'].';'; pwg_query($query); } }Then let's create a generic account Toto, and why not another one Tutu.
Then in config_local.inc.php (1st tab of LocalFiles Editor), let's put :Code:
$conf['auto_log'] = array( 'f71dbe52628a3f83a77ab494817525c6' => 'Toto', 'i51dbefd5g56d5t5hcxab494817525c6' => 'Tutu', );Users will then be able to be automatically logged on as Toto by typing the following URL:
http://monsite/piwigo/index.php?log=f71dbe52628a3f83a77ab494817525c6
It is possible to redirect automatically identified users directly to a certain category by typing :
http://monsite/piwigo/index.php?log=f71dbe52628a3f83a77ab494817525c6&cat=5
By providing a link anywhere to register.php, you will let the user able to duplicate the account, to create his (her) own one.
Do post here if you need help or for comments. (I don't promise to answer very rapidly ; and I'm only the user of this trick, P@t wrote it ! ^^ )
Luc
EDIT :
_ link updated ;
_ $_GET['log'] replaced by $_GET['autolog'] ;
Last edited by LucMorizur (2010-01-03 17:51:50)
Offline
Thanks for translation LucMorizur!
Offline
P@t wrote:
Thanks for translation LucMorizur!
Tu es le bienvenu ! (French joke.)
Thanks for the code P@t !
Offline
I don't know if some people tried the account duplication on my gallery, as I explained it here above, but I just discovered it was not working for a while. This was due to the fact that I had put a group ("Invités") to be automatically linked to new accounts (Admin\Identification\Groups, icon ) ; together with the fact that the account which could be duplicated when being automatically identified thanks to the above link (account "Piwigo" on my gallery) was itself also linked to the same group "Invités". So actually PWG was trying to associate the new account (created thanks to duplication) two times to the same group "Invités".
So one should not associate accounts which can be duplicated, to the group(s) which is (are) marked as being associated automatically to new accounts.
I didn't try this case too, but obviously, if one or some group(s) have been set to be associated to new accounts automatically, then once someone has dupilcated an account, the newly created account cannot be itself immediately duplicated without an error, as it has been associated to the "default" group(s), which then should be twice associated to the new account one would try to create thanks to duplication.
If someone really understands what I meant here, many thanks to tell it 8-/ ...
Offline
Hello LucMorizur,
I find this feature very interesting. It's indeed a real need to make authentication simpler for a specific event category (and in other cases as well).
Here comes my suggestions and issues:
1. in the URL, the parameter should be "autoid=..." or "autolog=..." but not "log=..."
2. the "account duplication" feature is really nice BUT you should not label the link "duplicate". Users have no clue what it may mean. Just call it "register" and behind the scene, duplicate the current generic account. Users don't have to understand the smart system, make it as simple as possible for them (autoid was created to make users life simpler, right?)
3. As far as I understand it, autoid makes the user life simpler, but not the admin life simpler. As an admin, you still have to make the category private, create a generic user account, give permissions to this generic user, generated an auto_id for this user and send the link to the user by email. That's complex.
I like the idea of the autoid, but one step further would be even better : in the administration screen of a private category, you have form to send the category URL by email to a list of email addresses. In the email, you find something like index.php?/123&autoid=abcdef1234. If anyone follow the link, Piwigo creates a generic account with permission to see the category. What I mean is to simplify the permission management system.
Does it sound interesting?
Offline
Hi z0rglub, and thanks for your interest :-)
1. OK. Done on test gallery. Cannot be done on "real" gallery, as all people I gave an auto id URL, have it with 'log' and not 'autolog' !
2. The thing is, that to my opinion the duplication feature can have two different usages :
_ after an event, you distribute an auto id with a generic account, allowing people to visit your gallery. Thanks to duplication, people can create their own personal account and visit the gallery the same way as with the generic account, without waiting for you to validate their registration -- that's the usage linked to auto id ;
_ generally speaking, you can, thanks to duplication, allow anyone already registered in your gallery, to duplicate his (her) account, for instance to allow a mutual friend to have his (her) own account, or to allow the son to post comments with his own name...
Thus in order to show that this is possible, in my mind I had to show the difference between registration and duplication.
3.
As far as I understand it, autoid makes the user life simpler, but not the admin life simpler. (...)
Maybe you don't know how much you're right ;-) ... my son was almost late at his judo event this week-end because of that... (Because I created all this before participating to the event, in case some people would try to log before I would have added the pictures... and therefore I even printed a few times the URL on a blank page to distribute it to people I didn't know the e-mail address, during the event...)
I like the idea of the autoid, but one step further would be even better : in the administration screen of a private category, you have form to send the category URL by email to a list of email addresses. In the email, you find something like index.php?/123&autoid=abcdef1234. If anyone follow the link, Piwigo creates a generic account with permission to see the category. What I mean is to simplify the permission management system.
Does it sound interesting?
Yes, it looks great :-)) ! I will think about it, but I don't think I will have something to add to this idea.
But, if I can imagine how works a computer and a little bit a web site, I have no clue in PHP and Piwigo's architecture, and I'm not able to write such a code :-( .
But, I would (I will ?) be testing it as soon as possible :-) !
Have a nice night !
Luc
Last edited by LucMorizur (2009-06-10 15:10:59)
Offline
I will do a better plugin with this great ideas...
Offline
Great !
I can proceed to tests, if needed.
Thanks to both :-) .
Luc
Offline
Rapidly, one more idea : a possibility to redirect someone using an autolog URL, on an Additional Page : this to be able to cancel an autolog URL, and say to the visitor using it after it is canceled, that this URL is not valid any more. The main idea being that, as this authentication is very poor concerning security, autolog URLs can be valid for a not too long time. This, I think I can code it ; anyway it is normally very simple. I think I can try that this evening.
One could even create an Additional Page being the target of an autolog URL, saying : "Hi, this autolog will be valid only 24 hours (or two weeks, or...), please <a href="identification.php">register</a> to be able to come back later.<br>Apart of that, <a href="index.php?/category/15">click here</a> to navigate to the stuff I wanted to show you".
Offline
Both ideas implemented : outdated auto log : lucmorizur.free.fr/piwigo/index.php?autolog=Code_perime_pour_Piwigo03 and auto log with "prior page" : lucmorizur.free.fr/piwigo/index.php?autolog=prior_page_pour_Piwigo03 (not sure that "prior page" is very english :-/ ... thus : it means that the visitor is logged in, but is compelled to go through a certain page (from plugin Additional Pages) first).
It works, but I must say the coding is... quite rough, let's say, as here is the funtion auto_log_user() originally from P@t :
function auto_log_user() { global $conf; if (isset($_GET['autolog']) and isset($conf['auto_log'])) { if (isset($conf['outdated'][$_GET['autolog']])) { redirect(PHPWG_ROOT_PATH.'index.php?/additional_page/'.$conf['outdated'][$_GET['autolog']]); } elseif (isset($conf['auto_log'][$_GET['autolog']]) and ($userid = get_userid($conf['auto_log'][$_GET['autolog']]))) { log_user($userid, false); if (isset($conf['prior_page'][$_GET['autolog']])) { redirect(PHPWG_ROOT_PATH.'index.php?/additional_page/'.$conf['prior_page'][$_GET['autolog']]); } elseif (isset($_GET['cat']) and is_numeric($_GET['cat'])) { redirect(PHPWG_ROOT_PATH.'index.php?/category/'.$_GET['cat']); } else { redirect(make_index_url()); } } else { access_denied(); } } }
And here is the part of config_local.inc.php dedicated to Event Cat :
// Pour le plugin personnel Event Cat, la table des codes pour permettre l'identification automatique des comptes listés ici : $conf['auto_log'] = array( 'Code02_pour_Piwigo03' => 'Piwigo', 'prior_page_pour_Piwigo03' => 'Piwigo', ); // Pour le plugin personnel Event Cat, la table des codes périmés avec l'identifiant de la page Additional Pages correspondant : $conf['outdated'] = array( 'Code_perime_pour_Piwigo03' => '2', ); // Pour le plugin personnel Event Cat, la table des codes passant d'abord par une page Additional Pages, // avec l'identifiant correspondant : $conf['prior_page'] = array( 'prior_page_pour_Piwigo03' => '3', ); // Autoriser la duplication de compte : $conf['allow_user_registration'] = true;
I already know what I'm going to be told : this is a dirty mess... mainly because the username which must go through the "prior page" first, must be declared exactly identically in two different $conf[] variables... so it's the reason why I tag all this "tracks for new features" :-)
At last I could show examples.
Thanks for reading me :-) !
Luc
Offline
Why don't you create a plugin? This way you can distribute it, with several revisions, a changelog for each revision. Users can install it from the plugin manager. Only many advantages.
Offline
Until now it was a priori not so much destined to become a plain plugin, as it was only one file and very simple to add as a personal plugin (and also "économie de plugins", you know, and the fact that I had no clue in publishing a plugin). But now, with all the new ideas, and mainly all the configurations settings, requiring some administration tool, of course a real plugin will be better.
I'm working on it this night, and I will have time for that next week ; and also P@t is likely to give suggestions, so obviously something should arise. To be completely honest I'm not certain there will be so many users interested, as for the moment I feel we're only three, but that's someting which can change thanks to a plugin.
Many thanks for your suggestions.
Offline
LucMorizur wrote:
(and also "économie de plugins", you know
I'm not so sure VDigital advises to avoid creating a real plugin and use personal plugin instead. I seriously doubt about that. As soon as a feature is not specific, if you want to contribute to Piwigo and improve the project, you should publish a plugin.
Here is an example of what can be done in a personnal plugin that has no reason to go into a real plugin : send an email to a someone when a specific picture is visited. Another example : [Forum, topic 14873] Permission to view high quality pictures, is too specific for a dedicated plugin.
In my opinion the feature your plugin will add deserves a plugin, I have no doubt about this.
LucMorizur wrote:
I'm not certain there will be so many users interested, as for the moment I feel we're only three, but that's someting which can change thanks to a plugin.
Trust me: more than 3 people are interested in your plugin. How can you conclude that only 3 people are interested while you have only written about it in a forum topic. Do you think all Piwigo users read the forum each day?
In addition to creating a plugin, I also encourage you to [Forum, topic 15099] Host your extension code on Piwigo Subversion repository
Offline
plg wrote:
In my opinion the feature your plugin will add deserves a plugin, I have no doubt about this.
That was my feeling too -- of course, I would say, as I was feeling this need -- but mainly I imagine that thousands of plugins is really not convenient.
Trust me: more than 3 people are interested in your plugin. How can you conclude that only 3 people are interested while you have only written about it in a forum topic. Do you think all Piwigo users read the forum each day?
Well, that's I'm doing, why other people would behave another way ?? ^^ (The last sentence does be a plain joke !)
No, of course, that's obvious that the fact that only three (five, actually) people participating to the discussion does not represent efficiently the amount of potentially interested people.
In addition to creating a plugin, I also encourage you to [Forum, topic 15099] Host your extension code on Piwigo Subversion repository
Yes, of course, this just goes together with creating the plugin.
Offline
LucMorizur wrote:
I imagine that thousands of plugins is really not convenient.
My opinion: the more plugins Piwigo has, the best it is.
Offline
Pages: 1 2