Using GalleryEmbed to auto login to site. Restricted user sees Site Admin button

medaughs

Joined: 2009-03-31
Posts: 5
Posted: Tue, 2009-03-31 20:01

Hello,

We are using GalleryEmbed to allow a login "pass through". In doing so, the restricted user can see the Site Admin option and should not be able to. The auto login appears to be working as expected.

Below is the customized php that is being called by the external site. We are trying to limit exposure of anything but a specific Album to a specific user. In this case, user with a uid of 1231.

<?php

$url = $_SERVER['HTTP_REFERER'];
$url = parse_url($url);
$refurl = strtolower($url["host"]);

//if ($refurl == "www.somedomain.com") {
if ($refurl == "") {
        $g2_Config['path'] = dirname(__FILE__) . '/';
        $g2_Config['embedPath'] = '/';
        $g2_Config['g2Uri'] = '/';
        $g2_Config['loginRedirect'] = '/main.php?g2_itemId=1351';
        $g2_Config['embedUri'] = '/gallery2/main.php';
        $g2_Config['uid'] = '1231';
        require_once( $g2_Config['path'] . '/embed.php');
        if (!headers_sent()) {
                header('Content-Type: text/html; charset=UTF-8');
        }
        $ret = GalleryEmbed::init(array(
        'g2Uri' => $g2_Config['g2Uri'],
        'loginRedirect' => $g2_Config['loginRedirect'],
        'embedUri' => $g2_Config['embedUri'],
        'activeUserId' => $g2_Config['uid'],
        'fullInit' => 'false',
        'apiVersion' => array(1,0)
        ));

GalleryCapabilities::set('login',true);

// handle the G2 request
        $g2moddata = GalleryEmbed::handleRequest();
// show error message if isDone is not defined
        if (!isset($g2moddata['isDone']))
        {
                print 'isDone is not defined, something very bad must have happened.';
                exit;
        }
// die if it was a binary data (image) request
        if ($g2moddata['isDone'])
        {
                exit; /* uploads module does this too */
        }
        if ($ret)
        {
                print $ret->getAsHtml();
        }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<?php
        list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']);
        echo "<title>" . $title . " -- MySite</title>\n";
        foreach ($css as $item) {
                echo $item . "\n";
        }
        foreach ($javascript as $item) {
                echo $item . "\n";
        }
?>
<style type="text/css"> <!-- /*#gsHeader { display : none; } #gsFooter { display: none; }*/ --> </style>
</head>
<body class="gallery">
<?php
      echo $g2moddata['bodyHtml'];
?>
</body>
</html>
<?php
}
else {
// Else if they are not coming for the authorized site send then do nothing
exit;
}
?>
 
josno

Joined: 2007-09-17
Posts: 10
Posted: Wed, 2009-04-01 13:15

What Gallery2 groups does the 'restricted user' belong to? And what permissions do those groups have? Given that you can actually log in using that user ID I'm guessing there are no issues with the user syncronisation between the two apps. What theme are you using for Gallery2?

Also, if I've correctly interpreted your setup, you have the emApp code in the Gallery2 folder? Personally I don't think that's a great idea - they should really be kept separate for maintainability. What's more, the 'g2uri' seems to be pointing to the root of your web directory, when it should be pointing to the Gallery2 path (i.e. '/gallery2/' I think...)

 
medaughs

Joined: 2009-03-31
Posts: 5
Posted: Wed, 2009-04-01 18:12

The restricted user belongs to his own group with rights to only one album in the collection. We have the gallery directory set up as the root of our web site as this is the only thing it serves out. I am not 100% certain as to where the emApp is living as the connection information is passed in a call from a 3rd party website.

 
josno

Joined: 2007-09-17
Posts: 10
Posted: Wed, 2009-04-01 18:35

Fair enough. Can the user actually do anything in the admin panel? Or does he just see the link to it? And can he see the other albums?

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Tue, 2009-12-15 13:27