Shermbug, good idea. I will look in to hooking into the new permissions allowed in 2.4.
Offline
unclvito wrote:
Hey Piwigo developers, you know why you don't do a trigger_action for the permissions tab page? Are you doing things differently now in 2.4.x and on?
[Forum, topic 19897] make it easy for plugins to add tabs in admin screens
Offline
@unclvito, thanks to add directory language with EN;-)
Offline
Hi unclvito,
I'm testing [extension by unclvito] Protected Albums version 0.2.a. It works nicely with Piwigo 2.4.3, but we still have thi problem:
plg wrote:
2) [...] What is much more complex: if the photo can only be viewed from this album, then it must not be visible in any way. For example, with picture.php?/2189 or picture.php?/2189/tags/20-horse
As far as I'm concerned, I think it's a major issue because it gives a feeling of protection to the user, but in no way photos are really private :-/
Do you plan to fix it? Do you need some help on it?
Offline
Hi pig and unclvito -
Several months ago I had posted some ideas about different levels of security for Piwigo in topic 19857 (http://piwigo.org/forum/viewtopic.php?id=19857), as well as an idea about integrating user/group level permissions into the Protected Albums pulgin (earlier in this forum thread).
I think that unclivito has done a great job with the Protected Albums plugin, and I actually think that the features should be folded directly into the standard security features of Piwigo (some other gallery environments have this implemented in their base security options). This would allow the existing security architecture of Piwigo to handle what is now a security hole in Protected Albums and combine it with user/group level permissions to provide a greater range of security options in Piwigo.
Do others such as the main Piwigo developers and unclvito agree?
I am not much of a programmer/coder, but I would be happy to help out by providing ideas, testing future versions of this plugin and/or testing new versions of Piwigo.
All of that said, thank you to the Piwigo team and unclvito for all of your hard work :-)
Offline
Thanks for updating new version of protected albums, much better features than previous version and more stable.
I do have one issue though. I have the elegant theme for desktop viewers and works great with protected albums, but when i also enable Smart Pocket (Mobile) and access the gallery from iphone or android and select a password protected album and I get no images, just a blank page with navigation bars. I'm not sure if this belongs here or belongs on the themes topic.
Max_Photographer - Thanks for posting. I too have the same issue. When viewing my photos on mobile phone, there is no place to enter password for protected albums. Other than that, it is a very good plugin. Please resolve this problem.
Great plug in, but can you please make the password box of password type instead of text? It feels wrong typing a password in and being able to see it.
CowJam wrote:
Great plug in, but can you please make the password box of password type instead of text? It feels wrong typing a password in and being able to see it.
that's just one part of this plugin which makes it a 'false' security plugins : pictures inside 'protected' albums can be available by many others ways without a pwd
Offline
I doubt real protected albums can be achieved without intercepting the URL to images/albums and applying security at that level. Currently only the redirect from the album overview to the single images seems protected.
This feature should be provided by Piwigo itself because I dont know how complex it would be to add 'handlers' ontop of URI filters and make them available to plugins (I am a Java dev, so I have no real clue about PHP).
Other than that I was wondering how hard it would be to provide a password page/box for mobile systems?
Does Piwigo take care of mobile-detection? in that case it should be fairly straight forward, right?
Offline
No need of a such complicated things. The best and sure way is to use users/private album built in feature
Offline
Not knowing of the 'private' I made things ooooooverly complex. I take it all back. I like it :-)
Now what could be done about mobile? If that is added, that would make my gallery I really happy one :-)
PS: Thanks for your quick reply!
Offline
Sad to say, but I can easily circumvent the password protection of an album when I use one of the calendar views. All the pictures are shown without having to enter a password.
Hi, great plugin, seems to be working exactly as I hoped on my website.
One thing I have noticed tho is the plugin does not work on the default mobile theme in 2.4.6, that is, I can see the passworded albums on the mobile site but when trying to open it I would expect to see a password field, instead I get a blank screen.
Is this something I can fix? If so, can someone tell me how?
Cheers and keep up the great work!
I found a bug in index.inc.php line 40:
$_SESSION['protectalbum_redir'] = $_SERVER['REQUEST_URI'];
should be replaced by:
$_SESSION['protectalbum_redir'] = get_gallery_home_url().$_SERVER['REQUEST_URI'];