Hi, (updated urls)
First of all: I love Gallery! Thanks for the great work.
I run into some problems when denying all rights for Everybody at the top level. My issues seem identical to http://galleryproject.org/node/96719 - was this ever solved?
I want to allow only logged in (registered) users to access the gallery. So they would have to log in first, and then they should go directly go into the top level album. And they can go into deeper albums where allowed. I use this so that my family and relatives can see albums they are interested in, and groups of friends see other albums.
My gallery has 4 red "circles" for Everybody at the highest level, and allows View rights for Registered users (and some other groups). And of course some other rights in deeper albums.
In all cases now, when accessing the site, the user will be presented with the login screen, so that is fine.
But then the trouble starts:
1. Only when using IE8 (yes, I am still on XP), and accessing sfrauenfelder p nl (without any subdomain), the login button brings a user to the top level album, and things work as expected.
Edit: Just remembered & tested that the worst and most unexpected browser is successful here: My Blackberry Bold 9780! With sfrauenfelder p nl and www p sfrauenfelder p nl (case 2 right under here).
2. When using IE8, with www p sfrauenfelder p nl (with subdomain), the login button brings the user to the same login screen again and again, etc.
3. When using Firefox, with sfrauenfelder p nl or www p sfrauenfelder p nl, the user gets the login page, and pressing the login button displays the "Dang" screen. This is regardless of username.
So what is wrong here? Am I trying something less intelligent? Am I trying to do it the wrong way? Is this a bug in Gallery, or a special feature? Should I use a module for it?
Please help! I have spent many hours on this already in the past weeks, thinking it was my apache setup. Only after finding the topic I referenced above, I have decide it must be the permissions. I have also tested that of course. When I grant View for Everybody at the highest level, albums load fine. But of course the whole world can see al my photos.
Below follow technical details, including some log messages.
Thanks.
====================================================
Gallery stats
Version: 3.0.9 (Chartres)
Albums: 18
Photos: 323
Platform Information
Host name: Centurion-NAS
Operating system: Linux 2.6.32.11-svn70860
Apache: Apache
PHP: 5.3.3-7+squeeze14
MySQL: 5.1.49-3
Server load: 1 1 1.01
Graphics toolkit: imagemagick
It is actually a Western Digital My Book Live.
It runs apache2.
Log files for cases described above:
1. IE8 sfrauenfelder p nl
The gallery error log displays a 302 warning for the POST, after which the client gets the index successfully at the top level, with all albums in it:
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:12:27:51 +0200]] p:[80] r:[POST /gallery3/index.php/login/auth_html HTTP/1.1] q:[] f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/login/auth_html] s:[302] b:[128] R:[http://sfrauenfelder p nl/] UA:[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E)]
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:12:27:52 +0200]] p:[80] r:[GET /gallery3/index.php/ HTTP/1.1] q:[]
f:[/usr/share/gallery3/index.php] U:[/gallery3index.php/] s:[200] b:[14417] R:[http://sfrauenfelder p nl/] UA:[Mozilla/4.0 compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E)]
More successful GETs follow.
1.b Blackberry Bold 9780, sfrauenfelder p nl
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:22:05:13 +0200]] p:[80] r:[POST /gallery3/index.php/login/auth_html HTTP/1.1] q:[] f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/login/auth_html] s:[302] b:[128] R:[http://sfrauenfelder p nl/] UA:[Mozilla/5.0 (BlackBerry; U; BlackBerry 9780; en-GB) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+]
1.c Blackberry Bold 9780, www.sfrauenfelder p nl
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:22:03:57 +0200]] p:[80] r:[POST /gallery3/index.php/login/auth_html HTTP/1.1] q:[] f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/login/auth_html] s:[302] b:[136] R:[http://www p sfrauenfelder p nl/] UA:[Mozilla/5.0 (BlackBerry; U; BlackBerry 9780; en-GB) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+]
2. IE8, www p sfrauenfelder p nl
The gallery3 error log again has a POST 302, and gets the same index.php, but this time it displays the login screen again:
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:12:30:56 +0200]] p:[80] r:[POST /gallery3/index.php/login/auth_html HTTP/1.1] q:[] f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/login/auth_html] s:[302] b:[136] R:[http://www p sfrauenfelder p nl/gallery3/index.php/] UA:[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E)]
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:12:30:57 +0200]] p:[80] r:[GET /gallery3/index.php/ HTTP/1.1] q:[]
f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/] s:[200] b:[5169] R:[http://www p sfrauenfelder p nl/gallery3/index.php/] UA:[Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; .NET4.0C; .NET4.0E)]
3. Firefox
Here the POST returns a 500 error, and the Dang page appears:
h:[62.163.7.57] l:[-] u:[-] t:[[22/Oct/2013:12:43:51 +0200]] p:[80] r:[POST /gallery3/index.php/login/auth_html HTTP/1.1] q:[] f:[/usr/share/gallery3/index.php] U:[/gallery3/index.php/login/auth_html] s:[500] b:[1274] R:[http://sfrauenfelder p nl/] UA:[Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Firefox/24.0]
Posted: Tue, 2013-10-22 15:21
Posts: 13
Some additional info: the Gallery log.
It shows nothing for cases 1 and 2.
And it shows this for case 3. Firefox:
2013-10-22 12:43:51 +02:00 --- error: Kohana_Exception [ 403 ]: @todo FORBIDDEN
/usr/share/gallery3/modules/gallery/helpers/access.php [ 202 ]
#0 /usr/share/gallery3/modules/gallery/helpers/access.php(425): access_Core::forbidden()
#1 /usr/share/gallery3/modules/gallery/controllers/login.php(52): access_Core::verify_csrf()
#2 [internal function]: Login_Controller->auth_html()
#3 /usr/share/gallery3/system/core/Kohana.php(331): ReflectionMethod->invokeArgs(Object(Login_Controller), Array)
#4 [internal function]: Kohana_Core::instance(NULL)
#5 /usr/share/gallery3/system/core/Event.php(208): call_user_func_array(Array, Array)
#6 /usr/share/gallery3/application/Bootstrap.php(67): Event_Core::run('system.execute')
#7 /usr/share/gallery3/index.php(116): require('/usr/share/gall...')
#8 {main}
Posts: 13
I have done some more testing: now changed my setup as follows:
- Everybody is allowed to View the top level
- All albums in the top level have no permissions for Everybody, but they do for Registered users and some groups.
- Setup to have a root page
Now when a user goes my site sfrauenfelder p nl (no subdomain), using IE8, he first comes to the root page. This displays several login links, and the latest picture and a link named "Enter site". The login links allow to login (pop-up like), and then return the user to the root page. He then has to click the Enter Site button or the latest photo to actually see albums and photo's.
It does not work with IE8 and www p sfrauenfelder p nl (with subdomain), nor with Firefox.
I have the exact same issues as before, described above. Plus I don't like that everybody can now see my latest photo, and for my users things got worse: they now have to login, and then click on link to enter the site.
What's wrong here?
Posts: 27300
First lets work on one issue at a time. I will leave the movie_overlay and other issues for now till this is resolved.
Do you have gallery installed at:
sfrauenfelder.nl or sfrauenfelder.nl/gallery3 ?
Seems some rewrite rules in a .htaccess file is messing some things up. I'm no server rewrite expert so can only guess. there might be some server config that redirects when using the subdomain. Why not just use one or the other and be done?
Also we should only troubleshoot with the default wind theme so we can eliminate as many variables as we can.
Dave
____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 13
Allright.
Gallery is installed in the standard location /usr/shares/gallery3. And it has the virtual host setup in /etc/apache2/conf.d/gallery3, stating:
DocumentRoot = /usr/share/gallery3
I dont have rewrite rules.
I have changed to the Wind theme.
Let's ignore that www p sfrauenfelder p nl does not work, as this may be caused by something other than Gallery.
Then I still have the issue that Firefox does not work for sfrauenfelder p nl.
Just found out that Chrome works, for both sfrauenfelder.nl and www p sfrauenfelder p nl !
That's interesting. I am doing some more testing right now.
Posts: 13
Firefox is still not working. It displays the error message after logging in.
But IE8 works for both urls.
It seems the theme has quite some influence here...
Posts: 27300
That means nothing to me so I don't know if this helps or hinders.
Perhaps others have an idea. I have never had to set up virtual hosts so don't know anything about them.
Different browsers work on my two test sites and I suspect others don't have such issues.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 13
Solved this a while ago. Sorry for my very very late reply now. I had some other urgent issues to sort.
I found I had to delete some cookies from gallery, and/or theme greydragon. After that things got better. These "old" cookies had been saved before setting up strict security, and then interfered later when I had the security.
Floridave, Thanks for your efforts.
Best regards, Sander