I want to have an all private gallery, publicly hosted on the internet, but only visible to user (family) members.
Nothing should be accessible without a login. Well, just the login form.
Piwigo version: 2.6.1
Offline
Hi agroszer,
With plugin LocalFiles Editor, in local configuration, add:
<?php $conf['guest_access'] = false; ?>
Offline
Hi,
Thanks, but that does not protect the thumbnails and various pictures :-S
Offline
Do you mean the direct URL to the picture?
Offline
Yes, I mean those URLs.
Might be hard to guess, but still.
Offline
Still in your local configuration, add:
$conf['original_url_protection'] = 'all';
TODO: manage .htaccess in "galleries" and "upload" folders
Offline
Hi
[Forum, post 149395 by flop25 in topic 23288] Photo encryption first recommendation
Offline
$conf['original_url_protection'] = 'all';
That seems to protect original images, but thumbnails and various sizes are still served directly...
Any chance to route those too via some php page?
Offline
$conf['derivative_url_style'] = 2; //script
But it's going to be slow ...
Offline
not so bad... protecting family photos goes first
Offline
In fact I just realized that my example is not safe because even if we serve thumbs through our script, there is absolutely no check on permissions in this one.
Offline
ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?
Offline
agroszer wrote:
ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?
No
it has been already discussed in the threads I gave. Only Gallery v3 protect like you want but that's very very heavy
Offline
any chance to add an config-option to enforce being logged on?
Offline
No
But the only way to get files would be to brute force name files which is obviously endless since the upload randomise the filename
and you will quickly see that someone is brute forcing
Offline