An example of awsomeness

kassah

Joined: 2005-03-07
Posts: 5
Posted: Mon, 2005-03-07 09:53

This is a thank you to the developers of Gallary2.

After spending, 8 hours with 4images to get the first page of their system to work with my template (that includes installing 4images). I gave up on it, and a friend of mine pointed me to gallary2.

I don't really care that it's beta... I don't blame other people for problems.. I just try to fix them generally. Anyway, install was a cinch. As a professional PHP programmer myself, I'm very impressed in this aspect. It even handled permissions nicely.

So... the real reason I wanted to try something new, was the templates on 4images... well... their header and footer templates diddn't even match up in where they started and stopped. That bugged me a bit. I imagine it would have been easy there too, with decent templates.

But I loaded up Gallary2, after spending 20 minutes figuring out how it worked, (no docs) I spent a total of 10-15 minutes integrating my design (and that was because I made some stupid mistakes).

Now comes the part I was REALLY impressed with, the next morning, there was an upgrade. Normally this just kills me, especially during my normal specialty which is authentication integration. But upon upgrading (which itself was easy) I loaded it up, looked for where they changed the template path to... then proceeded to reintegrate.. and it took me a total of 5 minutes... YES 5 minutes! to reintegrate.

Thanks a billion for this happy experience... with a BETA! The last image archive I had used, I had literally rewritten line for line to get what I needed. This was a very pleasent experience in comparison.

THANK YOU =)

here's the site I'm talking about
http://images.kassah.net/
(this is a personal site for friends, design was obtained and modified from an OSWD design)

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Mon, 2005-03-07 10:00

- do use use embed.php for authentication integration or how do you do it?
- if you keep your template changes in templates/local/*.tpl, they will be kept even when you upgrade the codebase of G2

 
kassah

Joined: 2005-03-07
Posts: 5
Posted: Mon, 2005-03-07 10:11

valiant,

Quote:
- do use use embed.php for authentication integration or how do you do it?

Currently kassah.net doesn't have a central authentication database. Which may come eventually, the site usually takes a back seat for me, since it's non-work, and thus doesn't pay the bills.

However, I did peruse the docs for embed.php. I love the concept. Though if my opinion were asked, I would ask for a way to only add users when they initially logged in. One of my clients has around 50000 users, and just the inital import would not be a fun thing, not to mention the time required to setup a user each time a user was added. That's one place I liked Moodle authentication integration, their system is based on adding people as they login to the software.

I believe that both options are useful, however for larger projects, I would want my setup. Should I need an images gallary for a work project, I'll prolly code the change myself and submit it to SourceForge. But that proboly won't happen in the near future.

Quote:
- if you keep your template changes in templates/local/*.tpl, they will be kept even when you upgrade the codebase of G2

Upgrading from Alpha4 to Beta1 was a location change. They moved from templates/*tpl.local to the location you listed. I also found when I tried not redoing the template, that quite a bit ended up messing up. All of which is normal for a Alpha update, I was expecting worse really.

Please excuse my typos. I'm a sloppy typer when it comes to English.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Mon, 2005-03-07 11:00

@auth integration:
if you don't want to do an initial synchronization/import, you can just try to login. if an error missing object is returned, you know that you have to call GalleryEmbed::createUser first and then try to login again.
it's still a little bit hacky, but if you know a better way, let us know.

 
kassah

Joined: 2005-03-07
Posts: 5
Posted: Mon, 2005-03-07 11:31

Btw, the docs I read were earlier alpha docs. I just opened up the beta docs, they look much more detailed. I am reviewing now. I'll let you know my comments.

 
kassah

Joined: 2005-03-07
Posts: 5
Posted: Mon, 2005-03-07 11:52

Okay... first off, the most often tact I take is not what this seems built for. (this is more of a PostNuke style of approach, completely valid, just not how customers seem to be requesting things, at least in my case).

My thoughts on integration are comming from the point of view, of using an external user/pass/groups (and maybe other userinfo) database while still using the apps built in login/logout/session mechanisms. Though I am glad to see the previous is possible, it's not what I've been thinking of.

What I would like to see is more of a way to drop in hooks for where it checks for a valid user on login, at which point my code would kick in, see if their in the authentication database, fill the app in on the info for that user, then kick out a either "failed login" or a "sucessful login" code. Generally this code also hooks into the change password function on the app, which when they change their password on the app, it changes it in the authentication database.

Another place that I have run into trouble is agreeing with the app on a unique id to see if a user is already present. I have found usernames change, this was where Moodle disagreed with me. I generally end up adding a custom ID field to the app, which I restrict the user from changing. The authentication code then uses that as a lookup during authentication, updates it's username if it has changed and only then kicks back a successful return.

So looking at the docs (not the code):
- One of the first issues, is of language, PHP is not really callable from C/C++/Java/Python/Perl apps. (this is not so much of an issue with my tact) this could be solved by external API, but showing the API to the public via HTTP can get really sticky security wise.

- I don't see a way off hand to easily hook into running code with auth information before it hits internal authentication (thus giving the external auth DB (such as LDAP) time to change the required info).

- I do however see functions for changing the internal information of Gallary2, which is key in allowing authentication plugins be easily upgradable with the app (this is one area Moodle sorely lacks).

With that said... one question you might have, "Why do you use Moodle as an example so much?"
The reason is, it has the best suited as far as I have seen, external authentication system available in any app. (I will be reviewing FastFrame in this respect, as the feature list suggests that it might also have such capability)

I want to repeat this isn't me complaining about Gallary2... just suggesting ways that I could see it being improved if it were to make it easy for me to work with. I love the product overall =)

If you have a hackable workaround for my technique/requirements. I would love to hear about it.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Mon, 2005-03-07 13:26
kassah wrote:
Okay... first off, the most often tact I take is not what this seems built for. (this is more of a PostNuke style of approach, completely valid, just not how customers seem to be requesting things, at least in my case).

The goal of our integration API is rather integration/syndication/embedding than pluggable authentication. We target the integration of G2 with other php driven applications (CMS, forums, ...), to embed G2 visually in existing solutions as well as integrate functionality and more importantly the user and session management.

Quote:
My thoughts on integration are comming from the point of view, of using an external user/pass/groups (and maybe other userinfo) database while still using the apps built in login/logout/session mechanisms. Though I am glad to see the previous is possible, it's not what I've been thinking of.

What you have in mind is called "pluggable authentication" to my knowledge. I know the concept from xaraya (auth plugins to LDAP, phpbb, lots of other applications).

Quote:
What I would like to see is more of a way to drop in hooks for where it checks for a valid user on login, at which point my code would kick in, see if their in the authentication database, fill the app in on the info for that user, then kick out a either "failed login" or a "sucessful login" code. Generally this code also hooks into the change password function on the app, which when they change their password on the app, it changes it in the authentication database.

G2 has the notion of "events". If a user gets created, changed, deleted or if and entity gets changed, created, ...etc. there is an event and you can register your module as a listener to this event to hook some functionality related to these events. If you don't find an event in the core code that you need, we can talk about adding it. In the worst case, you'll have to add the event call every time you upgrade G2.

Quote:
Another place that I have run into trouble is agreeing with the app on a unique id to see if a user is already present. I have found usernames change, this was where Moodle disagreed with me. I generally end up adding a custom ID field to the app, which I restrict the user from changing. The authentication code then uses that as a lookup during authentication, updates it's username if it has changed and only then kicks back a successful return.

G2 maps users/groups based on their id in G2 (entityId, unique among all objects, be it users or items (albums, images)) and based on the externalId you provide when creating a user or creating a map. If you use ids in your application, provide these ids for the mapping, if you don't use special ids, use the unique usernames.

Quote:
So looking at the docs (not the code):
- One of the first issues, is of language, PHP is not really callable from C/C++/Java/Python/Perl apps. (this is not so much of an issue with my tact) this could be solved by external API, but showing the API to the public via HTTP can get really sticky security wise.

True. There is already a Gallery Remote Protocol, which is based on the protocol known from Gallery 1. A more elaborate protocol is in the works, AFAIK. And this new protocol will cover most funtionality of G2, AFAIK. In the end, you can code a client in any programming language to communicate with G2 with this protocol.

Quote:
- I don't see a way off hand to easily hook into running code with auth information before it hits internal authentication (thus giving the external auth DB (such as LDAP) time to change the required info).

True, we didn't have pluggable authentication in mind when designing the GalleryEmbed class. But still, you can do this quite easily. All G2 integrations (xaraya, postnuke, phpbb, drupal, ...) are based on a wrapper file that first calls GalleryEmbed::init(array(some arguments)); and then GalleryEmbed::handleRequest(); or other G2 API functions. Then you paste the returned html into your template or print it out directly and your done.
The authentication is part of GalleryEmbed::init(). Before, you said you wished you don't have to create a G2 account for all users existing in the LDAP (50'000) because only a small subset will ever use G2.
So, what you do is call GalleryEmbed::init(array(...,'activeUserId' => $idFromLDAP)); if the return value is an error and the error is error missing object (see error codes in G2), then you know that this user doesn't exist in G2, i.e. there is no mapping for this user in G2.
Then you call GalleryEmbed::createUser(array('externalId'=>$idFromLDFAP, otheruser data as username,.. )); and then you can call login and handlerequest. If there was no error missing object, you can call handlerequest immediately.
As I said, this is a first solution to this problem. Probably, we will come up with a better solution if you don't with to import the whole LDAP user base in the beginning.
If you want to change username / password in LDAP when it is changed in G2, just create a G2 module and register a listener for user creation/update/deletion events.

Quote:
With that said... one question you might have, "Why do you use Moodle as an example so much?"
The reason is, it has the best suited as far as I have seen, external authentication system available in any app. (I will be reviewing FastFrame in this respect, as the feature list suggests that it might also have such capability)

I don't know moodle at all. I know lots of CMS, most from cmsmatrix, oscom. How would you compare moodle to modular, flexible CMS that feature hooks and events like xaraya? or typo3? And how does it compare to high end java based CMS?

 
kassah

Joined: 2005-03-07
Posts: 5
Posted: Mon, 2005-03-07 16:08

You answered my questions for the most part.

As for the moodle part:

Quote:
I don't know moodle at all. I know lots of CMS, most from cmsmatrix, oscom. How would you compare moodle to modular, flexible CMS that feature hooks and events like xaraya? or typo3? And how does it compare to high end java based CMS?

Moodle is an academic specific CMS system much like the popular WebCT application. It would proboly benifit from being apart of a high end CMS. However that is not it's target audience.

So as you put it, my work is better described as 'Pluggable Authentication' thanks for the correction. Moodle is to a high end CMS, what live journal is to a Bullitin Board such as phpBB2. They both have CMS, and could theorhetically accomplish the same purpose, however live journal is much more suited to blogging, and phpBB2 is much more suited to threaded discussion.

I compare it because it does have 'Pluggable Authentication' =) which is what I was trying to describe.

 
McFacts

Joined: 2005-03-11
Posts: 1
Posted: Fri, 2005-03-11 19:59

I've been using Typo3 for a while. It works wonders, but its handling of images and files is horrible. If gallery2 can be integrated into Typo3 it would help both projects. Gallery would get an easy-to-use and complete CMS, while Typo would have a better file/image catalog.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Fri, 2005-03-11 20:47

I talked to typo3 devs a while ago. It won't be easy, but it's feasible, if someone starts it.

 
colech

Joined: 2005-12-01
Posts: 5
Posted: Thu, 2006-05-18 20:40

I would be an immediate user of a "gallery2" extension in Typo3 :) There are other options but my opinion is that Typo3 is still lacking in the area of a gallery. If you want to see an example of a sweet upcoming calendar implementation search for the "cal" extension on the TER... http://typo3.org/extensions/

 
colech

Joined: 2005-12-01
Posts: 5
Posted: Thu, 2006-05-18 20:45

...by the way, LightBox2 has been implemented into Typo3 now and it RULZ (although it adds quite a bit of bulk to the page download)! There is no customization required.

 
coostax

Joined: 2006-06-23
Posts: 1
Posted: Wed, 2006-09-06 11:03

Do you have a working example of an LDAP authentication on Gallery 2? can you post it?
If there are no examples of it can you at least explain what parameters to I put on GalleryEmbed::createUser() because i'm trying to create new users with information extracted from the LDAP directory and I always obtain errors when I try to create them...