🌍
English
Hi,
it would be great if piwigo supported http authentication, see e.g.
http://php.net/manual/en/features.http-auth.php
I believe that would also be the most easy way to offer something to users that would like to have only private galleries on the net, see e.g. these threads:
http://piwigo.org/forum/viewtopic.php?id=20372
http://piwigo.org/forum/viewtopic.php?id=21104
Http basic auth should be relatively simple to implement in the current piwigo auth process - while not beeing a good solution for people who want public AND private galleries in the same piwigo instance, this feature would provide a very good solution for people that host only private images.
Yes, more differentiated access to albums based on groups or users would require much more work, but for those who can accept an all-or-nothing solution this is a quick fix and might be a strong selling point for piwigo as a privacy-supporting gallery software.
Thanks for your attention,
John
Offline
hello again :)
Piwigo already supports Apache authentication (see config file)
I never used it and don't know how it works, but won't the result be the same ?
of course it's limited to Apache servers
Offline
Hi,
oops, did not see this yet - I will take a look at this, of course this is great if it is fully integrated with piwigo user management!
Other webservers, like e.g. nginx mostly support http auth, but there are several implementation specifics, the same with php running as fast-cgi or more exotic setups, but mostly people figured out some kind of fix. However, supporting apache is still a good thing :)
I will check, how this works!
Thanks again for your quick replies!
Have a nice day,
John
Offline
Hi,
great news: seems to work ok - this makes my day, thanks!
I had some headaches with using piwigo for a private gallery because of the pictures beeing accessible with known urls, but this helps to solve this.
I just tested this with a few different user accounts on my test instance and I see no problems or broken things right now, everything seems to work so far, but I am not testing with some automated test tool, so I can not speak of "100% test coverage", but looks good!
A minor quirk is that there is no "logout" option anymore, but this was expected, as there is no way to logout a user remotely, see e.g. here for explanation - you need to restart the browser to login as another user. I do not see this is a show stopper.
However, one drawback for users fearing direct file access on their servers is that changes in the user database are not reflected to the AuthUserFile, so when you add new users or change passwords in piwigo, you will have to manually update this file - but this is really a simple operation for any user who understands what ascii files are - for others there are lots of tutorials out there about using htpasswd and many web hosting companies offer web guis for generating the AuthUserFile.
One simple tutorial on first Google search result page is this one:
http://www.colostate.edu/~ric/htpass.html
For reference:
http://httpd.apache.org/docs/2.2/programs/htpasswd.html
You should try it, it is a good solution for people who want private albums and do not want their pics have accessible! For mixed setups (private/public) this will not work, also users will not be able to change their passwords without this manual step described above, but with small userbase this is managable.
There are some php implementations for writing AuthUserFile out there, it would be a great addition to piwigo to implement this as well, so the changes of username / password will be reflected to AuthUserFile - this is no big thing for an experienced developer and will allow even easier setup and management of privat-only galleries, so expect a wave of frustrated G3 users coming to piwigo when implementing this! :)
Have a nice day,
John
Offline