Piwigo.org

agroszer · 2014-03-26 09:07:22

I want to have an all private gallery, publicly hosted on the internet, but only visible to user (family) members.
Nothing should be accessible without a login. Well, just the login form.

Piwigo version: 2.6.1

plg · 2014-03-26 09:33:56

Hi agroszer,

With plugin LocalFiles Editor, in local configuration, add:

Code:

<?php
$conf['guest_access'] = false;
?>

agroszer · 2014-03-26 09:51:02

Hi,

Thanks, but that does not protect the thumbnails and various pictures :-S

plg · 2014-03-26 10:00:49

Do you mean the direct URL to the picture?

agroszer · 2014-03-26 10:08:25

Yes, I mean those URLs.
Might be hard to guess, but still.

plg · 2014-03-26 10:19:54

Still in your local configuration, add:

Code:

$conf['original_url_protection'] = 'all';

TODO: manage .htaccess in "galleries" and "upload" folders

flop25 · 2014-03-26 11:06:42

Hi
[Forum, post 149395 by flop25 in topic 23288] Photo encryption first recommendation

agroszer · 2014-03-27 19:17:17

$conf['original_url_protection'] = 'all';

That seems to protect original images, but thumbnails and various sizes are still served directly...
Any chance to route those too via some php page?

rvelices · 2014-03-27 19:26:58

Code:

$conf['derivative_url_style'] = 2; //script

But it's going to be slow ...

agroszer · 2014-03-27 20:01:02

not so bad... protecting family photos goes first

rvelices · 2014-03-28 06:07:16

In fact I just realized that my example is not safe because even if we serve thumbs through our script, there is absolutely no check on permissions in this one.

agroszer · 2014-03-28 07:19:03

ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?

flop25 · 2014-03-28 09:31:28

agroszer wrote:
ouch! right.
i.php does not enforce being logged on.
I think this is a bug, isn't it?

No
it has been already discussed in the threads I gave. Only Gallery v3 protect like you want but that's very very heavy

agroszer · 2014-03-28 09:33:54

any chance to add an config-option to enforce being logged on?

flop25 · 2014-03-28 10:01:53

No
But the only way to get files would be to brute force name files which is obviously endless since the upload randomise the filename
and you will quickly see that someone is brute forcing

Piwigo.org

Announcement

#1 2014-03-26 09:07:22

all private gallery

#2 2014-03-26 09:33:56

Re: all private gallery

Code:

#3 2014-03-26 09:51:02

Re: all private gallery

#4 2014-03-26 10:00:49

Re: all private gallery

#5 2014-03-26 10:08:25

Re: all private gallery

#6 2014-03-26 10:19:54

Re: all private gallery

Code:

#7 2014-03-26 11:06:42

Re: all private gallery

#8 2014-03-27 19:17:17

Re: all private gallery

#9 2014-03-27 19:26:58

Re: all private gallery

Code:

#10 2014-03-27 20:01:02

Re: all private gallery

#11 2014-03-28 06:07:16

Re: all private gallery

#12 2014-03-28 07:19:03

Re: all private gallery

#13 2014-03-28 09:31:28

Re: all private gallery

agroszer wrote:

#14 2014-03-28 09:33:54

Re: all private gallery

#15 2014-03-28 10:01:53

Re: all private gallery

Board footer