It looks like it's being URL encoded or something though. I'm not sure why that would happen. I'll have to do some testing and see if I can maybe figure out an alternate way of feeding the javascript into the web browser.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Wed, 2011-06-01 20:08
@engineer: Does this work any better?
engineer
Joined: 2005-09-13
Posts: 84
Posted: Wed, 2011-04-27 18:00
rWatcher wrote:
@engineer: Does this work any better?
No, it has the same problem.
moasat
Joined: 2010-03-02
Posts: 8
Posted: Mon, 2011-05-02 19:01
I installed this module as I was looking for a way to hide albums like I did in G2 where you can only ciew them if you went to the correct URL. This sounds like it would be perfect but after installing and enabling, the album isn't actually being hidden at all. I've tried to set a password on it, I've tried setting a blank password on it. I've tried removing the password and setting it again. I've run the maintenance task, but nothing seems to actually hide the album. I've used a separate browser that is viewing the Gallery as a guest but it always sees the album.
What am I doing wrong?
P.S. If I uncheck the 'Do not require passwords' option, then clicking on an album (which has a password assigned) goes to a new Login page asking for a username and password (And a message like Dang.. that page doesn't exist). A blank username and the password I assigned does not work here.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Tue, 2011-05-03 04:18
moasat wrote:
I installed this module as I was looking for a way to hide albums like I did in G2 where you can only ciew them if you went to the correct URL. This sounds like it would be perfect but after installing and enabling, the album isn't actually being hidden at all. I've tried to set a password on it, I've tried setting a blank password on it. I've tried removing the password and setting it again. I've run the maintenance task, but nothing seems to actually hide the album. I've used a separate browser that is viewing the Gallery as a guest but it always sees the album.
What am I doing wrong?
P.S. If I uncheck the 'Do not require passwords' option, then clicking on an album (which has a password assigned) goes to a new Login page asking for a username and password (And a message like Dang.. that page doesn't exist). A blank username and the password I assigned does not work here.
Well, it sounds like its working fine if you require passwords so it should work fine without requiring them. Are you sure you're completely logged out (both the gallery account _and_ the album password)?
When passwords aren't required, it will automatically log you in with the album password when you access the album's url. While you're logged into the album you'll see it and its contents as normal. You'll have to select Protected albums -> clear password to log out (you may need to refresh the browser window before the Clear password option will show up).
[img]http://gallery.menalto.com/files/clearpassword.png[/img]
Thank you for your repsonse. I appreciate you helping me out.
Actually, I don't think its working even with passwords required. The album itself is still visible in the root album. I can still see it and click on it which is when it prompts for a password. Isn't the album supposed to be hidden from view? Maybe that is where I am misunderstanding. But that would make "no passwords required" irrelvant.
I am completely logged out of both Gallery and from the album. I see the Unlock albums tab at the top. I've tried clearing all browser caches and have tried on firefox(linux) and chrome(windows). The version of Gallery is 3.0.1 running on PHP 5.3.4.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Tue, 2011-05-03 15:24
moasat wrote:
Actually, I don't think its working even with passwords required. The album itself is still visible in the root album. I can still see it and click on it which is when it prompts for a password. Isn't the album supposed to be hidden from view? Maybe that is where I am misunderstanding. But that would make "no passwords required" irrelvant.
The album is supposed to be completely hidden from view, so this would mean it's not working right at all :/
Do you have the "hide" module enabled? There's some kind of compatibility issue between the two modules that causes things to not work properly when they're both turned on. I just tried enabling it on my end, and it seems to cause the exact behavior you're describing here. Disabling it solves the problem.
Does that help?
moasat
Joined: 2010-03-02
Posts: 8
Posted: Tue, 2011-05-03 15:34
Ah, yes. The 'hide' module was enabled. I disabled 'hide' and things seem to be working correctly now.
Thank you so much for the response!
RogueTrooper
Joined: 2008-03-20
Posts: 34
Posted: Wed, 2011-05-04 23:13
I'm still having issues with this..
I have the latest version installed, disabled the Hide module, but it's not working right..
My root contains 2 albums, 1 of which I want hidden which contains may other subalbums and looks like this:
so just going to www.domain.com or www.domain.com/gallery gets you my root album, then personal would be hidden along with anything else under it unless you know the full URL. So if someone knew the full URL they could get into /personal/user and see all of the albums within it, or would that not work?
Or maybe I'm misunderstanding how this all functions?
Right now if I set a password on /personal when I try to goto it or anything under it I get a login prompt, no matter if I set 'Use Blank Passwords' or not, doesn't seem to matter..
Do you think there is something odd with my host like a PHP or Apache option, or is the module just acting funny for me?
Thanks!
-RT
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Thu, 2011-05-05 01:11
RogueTrooper wrote:
so just going to www.domain.com or www.domain.com/gallery gets you my root album, then personal would be hidden along with anything else under it unless you know the full URL. So if someone knew the full URL they could get into /personal/user and see all of the albums within it, or would that not work?
It can work that way. Keep in mind that if you assign the password to "personal" then anyone with a url to an album anywhere inside of "personal" can access personal's entire contents, not just the sub-sub album that they have a URL to.
To set up a passworded album --
First, click into the "personal" album and select Album options -> edit permissions. Make sure View is set to everybody (green checkbox).
Second, select the Album options -> assign password, enter something in, and select "Save". You should now see a green "Password saved." message.
Finally, select Admin -> settings -> Album Password settings. Make sure the box labeled "Do not require passwords" is checked to allow the album to be unlocked with just the URL (if the box is labeled something other then "Do not require passwords" then you are not using the current version).
Is this how everything is set up?
RogueTrooper
Joined: 2008-03-20
Posts: 34
Posted: Thu, 2011-05-05 02:37
Ohhhhh!!
Now I get it!
I wasn't putting any passwords in, I just left it blank cause I thought when enabled the 'Do not require a password' setting you didn't need to put anything in there!
Stupid me!
Working great now!
Appreciate the module, and all the help!
Thanks again!
-RT
the_weird_one
Joined: 2011-05-27
Posts: 1
Posted: Fri, 2011-05-27 07:37
I seem to be suffering the same problem as @engineer, I've tried the latest version and the possible fix posted in this thread, is there anything else that I can try to get it to display properly.
I'm having this issue with Opera 11.11, IE 9 and Firefox 4.
surfa
Joined: 2011-03-02
Posts: 5
Posted: Sun, 2011-05-29 19:29
engineer wrote:
Install a fresh gallery3 and only add album password module. The problem is still existed.
Please see attached files.
P1.png : Set a password to an album.
P2.png : The window doesn't close and show the strange URL.
P3.png : Press "Reload" on browser, it shows correct result.
I restricted this to upgrade from 3.0.1 to 3.0.2. I checked the javascript shortly and I assume that print on this line has changed somehow:
--clip--
print "<html>\n<body>\n<script type=\"text/javascript\">\n$(\"#g-dialog\").dialog(\"close\");\nwindow.location.reload();\n</script>\n</body>\n</html>\n";
--clip--
I don't know which parts of G3 have changed during the update from 3.0.1 to 3.0.2, but it somehow looks to me that the target for the print is now changed. message::success however goes to correct place and otherwise the functionality seems to be just fine. The module just doesn't close the dialog and reload the page, but prints the corresponding javascript on the dialog box.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Wed, 2011-06-01 20:09
The weird "Password dialog doesn't close with Gallery 3.0.2" bug has now been fixed. I've tested this with the following web browsers, and everything appears to be working fine now:
Google Chrome 11.0.696.71
Safari 5.0.2
Firefox 4.0
Internet Explorer 8
I just download and test it, the bug is gone. Thank you very much!
rWatcher wrote:
The weird "Password dialog doesn't close with Gallery 3.0.2" bug has now been fixed. I've tested this with the following web browsers, ...
Mr. Electronic
Joined: 2011-06-02
Posts: 2
Posted: Thu, 2011-06-02 14:02
I was testing Albumpassword on Gallery 3.0.2 and I wanted to know if it is possible to filter the search result so that protected albums and images are not shown in the search results?
surfa
Joined: 2011-03-02
Posts: 5
Posted: Thu, 2011-06-02 18:36
Indeed. Thanks for the fixes for this and the case sensitiveness problem as well.
Any particular reason for going case insensitive instead of sensitive?
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Thu, 2011-06-02 19:08
surfa wrote:
Indeed. Thanks for the fixes for this and the case sensitiveness problem as well.
Any particular reason for going case insensitive instead of sensitive?
MySQL queries are case insensitive by default. It was easier to make the password prompt case insensitive then to figure out how to get kohana's query builder to run a case sensitive search.
Mr. Electronic wrote:
I was testing Albumpassword on Gallery 3.0.2 and I wanted to know if it is possible to filter the search result so that protected albums and images are not shown in the search results?
It seems that search doesn't use Galley's "normal" method of determining what a user can and cannot view. I'll have to look into it some more to see if it's something I can fix.
Mr. Electronic
Joined: 2011-06-02
Posts: 2
Posted: Fri, 2011-06-03 05:21
rWatcher wrote:
Mr. Electronic wrote:
I was testing Albumpassword on Gallery 3.0.2 and I wanted to know if it is possible to filter the search result so that protected albums and images are not shown in the search results?
It seems that search doesn't use Galley's "normal" method of determining what a user can and cannot view. I'll have to look into it some more to see if it's something I can fix.
Could it be possible to use a file proxy just like full size images with an .htaccess file? You could check if the image is public if not replace the picture with an protected image logo.
Do this module also protects the original folder when used in combination with the keeporiginal module?
surfa
Joined: 2011-03-02
Posts: 5
Posted: Fri, 2011-06-03 11:42
rWatcher wrote:
surfa wrote:
Indeed. Thanks for the fixes for this and the case sensitiveness problem as well.
Any particular reason for going case insensitive instead of sensitive?
MySQL queries are case insensitive by default. It was easier to make the password prompt case insensitive then to figure out how to get kohana's query builder to run a case sensitive search.
Mr. Electronic wrote:
I was testing Albumpassword on Gallery 3.0.2 and I wanted to know if it is possible to filter the search result so that protected albums and images are not shown in the search results?
It seems that search doesn't use Galley's "normal" method of determining what a user can and cannot view. I'll have to look into it some more to see if it's something I can fix.
Fair enough.
kbm
Joined: 2011-06-10
Posts: 3
Posted: Fri, 2011-06-10 16:40
Hi all,
This module is great - does exactly what I need for a photography site... however I'm having trouble with one thing.
I'd like to be able to present a login form (that just asks for a password) on a web page outside of gallery, and when it is submitted, drop the user onto the gallery root, with their 'album passwords' password already submitted.
Is there an easy way to do this?
Thanks!!
kbm
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Fri, 2011-06-10 18:30
I don't know about "easy", but it could probably be done. Off the top of my head, these three ideas come to mind:
Alternately, you could maybe embed the login form page into another page using an iframe or something, it's url is something like: http://www.example.com/gallery3/index.php/albumpassword/login
You might also need to rework the password accepted / rejected code in the end of the checkpassword function, so that you're site would know if the password was accepted or rejected.
Thirdly, if you removed the "access::verify_csrf();" line from the checkpassword function (which is a security check to prevent passwords from being submitted from external sites), you could probably copy the albumpassword/login form html and use it in an external page. Once again, you might also need to rework the password accepted / rejected code to do URL redirection to the Gallery url if the password is valid or to somewhere else if the password is not.
kbm
Joined: 2011-06-10
Posts: 3
Posted: Mon, 2011-06-13 15:03
Great - thanks for the reply! Will give those suggestions a try, and report back...
kbm
Joined: 2011-06-10
Posts: 3
Posted: Tue, 2011-06-14 17:51
Using your helpful suggestions, what I've ended up doing is this...
The outside website is in the same domain as the gallery website, so I've just done an SHTML include, which pulls in the form, complete with csrf :
Love this module, but I'm having an issue with it. I have what I guess is a pretty large site full of images of my family, vacations, adventures we have, etc. The site currently hosts about 13000 images or so, broken down into a bunch of different albums and sub-albums.
I'd like to password protect some of the albums, but not all. Only trouble is, when I add a password to one of the albums that contains pictures of my kids (the main thing I want to protect here) the gallery becomes so slow it is unusable, typically timing out in the browser when I try to connect.
Being a programmer myself, I looked a bit at the underlying database structure, and I see that you add an entry into the cache table for every single item or subitem in an album when a password is added for that album. It appears that you'll need to do some query optimization to help keep queries from taking several minutes to complete....
I tried this once before on a different site that hosts some professional photo shoots I've done, and found that as long as I kept the albums to <100 items, I could password protect them without a huge performance hit. This means, though, that I have to tell my clients to look at all the albums they see when they put in their password, as I've had to break their shoot of 600 or so items into 6 or more albums.
I've not taken the time to dig around in the actual sql that is being executed, or what may be done to improve the performance... figure that is best left to the experts.
Thanks!
chris-
Joined: 2009-01-28
Posts: 28
Posted: Wed, 2011-07-27 14:29
Hi rWatcher,
nice module.
In G2 I could assign a password or the "hide only" option on each album and not just global. Is that function planned in future?
Thanks!
defim
Joined: 2011-08-18
Posts: 21
Posted: Mon, 2011-08-22 02:28
If there are no protected items and "Rebuild Album Password ID Caches DB" is executed this error is logged
#1048: Column 'password_id' cannot be null [ INSERT INTO `gallery3_albumpassword_idcaches` (`password_id`, `item_id`) VALUES (NULL, NULL) ]
EDIT: A patch to fix this (maybe some tabs/space could be added, omitted for a small patch)
--- modules/albumpassword/helpers/albumpassword_task.php
+++ modules/albumpassword/helpers/albumpassword_task.php
@@ -130,6 +130,8 @@
$total_items = $task->get("total_items");
$last_id = $task->get("last_id");
+if ($total > 0) {
+
// If completed_items is 0, then we're just starting to process this
// album. Add the album to idcaches before adding it's contents.
if ($completed_items == 0 ) {
@@ -182,6 +184,7 @@
$task->set("last_id", $last_id);
$task->set("completed_albums", $completed_albums);
$task->set("completed_items", $completed_items);
+}
// Display the number of albums that have been completed before exiting.
if ($total == $completed_albums) {
jason442
Joined: 2008-07-12
Posts: 14
Posted: Wed, 2011-09-21 04:30
I like the idea of this plugin. My use is to hide albums, and to prevent "browsing". So, my only issue with this module is if an album is hidden and I give someone the link, once they are in, they can click home on the bread crumbs and have access to everything when my intent was to just share that one album. Am I the only one with this issue?
Thanks!
Jason
Louie
Joined: 2005-01-18
Posts: 8
Posted: Tue, 2011-10-04 19:49
jason442 wrote:
I like the idea of this plugin. My use is to hide albums, and to prevent "browsing". So, my only issue with this module is if an album is hidden and I give someone the link, once they are in, they can click home on the bread crumbs and have access to everything when my intent was to just share that one album. Am I the only one with this issue?
Jason
The only way I see that you can not allow access to more than the one album is to not nest albums (or at least do not nest albums you don't want people to have access). You can set up multiple password protected albums, just not as sub albums.
Louie
Joined: 2005-01-18
Posts: 8
Posted: Tue, 2011-10-04 19:50
I'm having problems with something:
Is there a way to have the password protected album show up (but appear empty)? Or does this module now work to hide the album until the password is input?
ipokkel
Joined: 2011-10-04
Posts: 1
Posted: Wed, 2011-10-05 16:00
@ rWatcher: Thanks, Just set up a gallery for a photographer friend of mine and this works perfectly for what we wanted.
dwdallam
Joined: 2006-11-19
Posts: 394
Posted: Mon, 2011-10-17 11:20
I'm trying to access a hidden album with a direct URL, while no being logged into G3, but it won't let me. G3 keeps wanting a password for a registered user.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Mon, 2011-10-17 17:25
Make sure the album is publicly viewable: Album options -> Edit permissions -> View / Everyone is checked.
Make sure album passwords is set to not require passwords: Admin -> Settings -> Album passwords settings -> Do not require passwords is checked.
dwdallam
Joined: 2006-11-19
Posts: 394
Posted: Mon, 2011-10-17 21:34
Not working, sorry. Confirmed everything. Password is set. Visible to everyone, no password needed.
dwdallam
Joined: 2006-11-19
Posts: 394
Posted: Mon, 2011-10-17 21:35
Link to album that is PW protected. pass: miranda
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Tue, 2011-10-18 05:13
dwdallam wrote:
Link to album that is PW protected. pass: miranda
I don't see a link, so I'm not sure what's wrong with it. I can say that I've just checked, and everything seems to work fine for me with Gallery 3.0.2. Is that the version you're using?
Did you upgrade the Album password module from an earlier version? If so there's two admin / Maintenance scripts that may need to be run.
So that's what it's suppose to do, right? Just hide the album? I've read the documentation but I'm a little unsure of exactly how passwords work with this module. I know if you have "Don't require passwords, then it acts as a hidden album only, correct? If you don't check the box to "Don't require passwords" do you need a G3 User account first to access the password module?
dwdallam
Joined: 2006-11-19
Posts: 394
Posted: Tue, 2011-10-18 06:55
I just wanted to let everyone know that if your host uses cPanel, you can password protect individual albums. But it looks like the album functions the same way as this module, with the exception that you can't hide albums, only password protect them.
So that's what it's suppose to do, right? Just hide the album? I've read the documentation but I'm a little unsure of exactly how passwords work with this module. I know if you have "Don't require passwords, then it acts as a hidden album only, correct? If you don't check the box to "Don't require passwords" do you need a G3 User account first to access the password module?
If "Don't require passwords" is checked, the module will hide the album and it's contents -- another visitor will need the URL to the album or it's password in order to access it.
If "Don't require passwords" is not checked, the module will still hide the album, but trying to access it with it's album URL will not work, only the album's password will allow a user to access it. This works separately from the existing Gallery user system, any user with or without an account can enter in the password to access the protected album.
dwdallam wrote:
I just wanted to let everyone know that if your host uses cPanel, you can password protect individual albums. But it looks like the album functions the same way as this module, with the exception that you can't hide albums, only password protect them.
cPanel is only available to the admin for the web site, where as album password is available to all registered Gallery users. If you're the only one using your Gallery and cPanel works for you then great. If you have multiple users who don't have access to your cPanel, but who want to be able to protect the photos they upload, then Album Passwords may be a better solution.
dkerlee
Joined: 2005-06-09
Posts: 42
Posted: Wed, 2012-05-30 05:35
I'd like to be able to send someone a link to a picture, and have them be able to see only that picture.
Currently, if I email a link to a picture (page) inside a password protected album, they can hit next next next and view all the pictures in that album, or hit a sub-tree link from the picture page and get access to the whole album.
Am I doing something wrong?
floridave
Joined: 2003-12-22
Posts: 26107
Posted: Wed, 2012-05-30 15:51
The module is album password. so it protects the album not the items.
I have some suggestions for your plugin, see the attached patch file. What do you think are the suggestions ok (so I can push the changes to github and make a merge request)?
That is an excellent point. Is there a plug in that will protect both albums and items, separate from having people login with username/passwords?
dwdallam
Joined: 2006-11-19
Posts: 394
Posted: Wed, 2012-06-06 22:35
All of this has been gone over and over. the password system in G3 is extremely dysfunctional. They already know that. The next release of G3 is suppose to address the password issue giving admin the power to assign simple passwords to albums.
LordZed
Joined: 2012-08-30
Posts: 9
Posted: Mon, 2012-09-03 09:03
Hi! Until now it's not possible to set a password to an album or hide an album with g3 buildin features. So I'm still using this module and it works pretty well. But what I'm missing is a per album setting to hide or password-protect the album. Until now it's only possible to set that global, isn't it?
dkerlee
Joined: 2005-06-09
Posts: 42
Posted: Mon, 2012-09-03 15:32
This password module must be assigned per-album. This only hides the album, but those people that have a link to the album, or any picture in the album, will still be able to get at it no problem.
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Mon, 2012-09-03 18:57
The setting to choose if visitors can access protected albums with just a link or if they need to use the password is a global setting only. There's no way to specify this on a per-album basis.
undagiga
Joined: 2010-11-26
Posts: 643
Posted: Tue, 2012-09-04 00:20
But it is possible to have some albums with a password and some not, non? So while the module might be applied gallery-wide, and the setting about whether the exact URL gets you in is also gallery wide, you don't have to assign a password to every album. That's how it works for me.
The real limitation of this module (and this is NOT a criticism of rWatcher) is that people can still find images in password protected albums via tags, searches, etc. I only use it in a G3 install with all these things disabled.
U-G
rWatcher
Joined: 2005-09-06
Posts: 716
Posted: Tue, 2012-09-04 03:59
undagiga wrote:
But it is possible to have some albums with a password and some not, non? So while the module might be applied gallery-wide, and the setting about whether the exact URL gets you in is also gallery wide, you don't have to assign a password to every album. That's how it works for me.
Correct.
undagiga wrote:
The real limitation of this module (and this is NOT a criticism of rWatcher) is that people can still find images in password protected albums via tags, searches, etc. I only use it in a G3 install with all these things disabled.
U-G
Actually, I think search is the only module that still has this issue, it should be fixed with everything else (tags, latest updates, etc.). Search seems to use raw database query's instead of tapping into Gallery's permission system like everything else.
undagiga
Joined: 2010-11-26
Posts: 643
Posted: Tue, 2012-09-04 13:23
rWatcher wrote:
Actually, I think search is the only module that still has this issue, it should be fixed with everything else (tags, latest updates, etc.)
I must have missed this. When did this happen? rWatcher - Can I suggest that you use a strict versioning numbering system with your modules, and reflect this in zip files as well? I really appreciate your modules, as you would know, but I find it hard to keep track of when I have the latest version. I know some of them such as Tag Albums have version numbers, but even there, there are different versions with the same version number. Just a suggestion.
Posts: 716
Well, that code is being generated on line 112:
http://github.com/rWatcher/gallery3-contrib/blob/master/3.0/modules/albumpassword/controllers/albumpassword.php
It looks like it's being URL encoded or something though. I'm not sure why that would happen. I'll have to do some testing and see if I can maybe figure out an alternate way of feeding the javascript into the web browser.
Posts: 716
@engineer: Does this work any better?
Posts: 84
No, it has the same problem.
Posts: 8
I installed this module as I was looking for a way to hide albums like I did in G2 where you can only ciew them if you went to the correct URL. This sounds like it would be perfect but after installing and enabling, the album isn't actually being hidden at all. I've tried to set a password on it, I've tried setting a blank password on it. I've tried removing the password and setting it again. I've run the maintenance task, but nothing seems to actually hide the album. I've used a separate browser that is viewing the Gallery as a guest but it always sees the album.
What am I doing wrong?
P.S. If I uncheck the 'Do not require passwords' option, then clicking on an album (which has a password assigned) goes to a new Login page asking for a username and password (And a message like Dang.. that page doesn't exist). A blank username and the password I assigned does not work here.
Posts: 716
Well, it sounds like its working fine if you require passwords so it should work fine without requiring them. Are you sure you're completely logged out (both the gallery account _and_ the album password)?
When passwords aren't required, it will automatically log you in with the album password when you access the album's url. While you're logged into the album you'll see it and its contents as normal. You'll have to select Protected albums -> clear password to log out (you may need to refresh the browser window before the Clear password option will show up).
[img]http://gallery.menalto.com/files/clearpassword.png[/img]
Does that help?
Posts: 8
Thank you for your repsonse. I appreciate you helping me out.
Actually, I don't think its working even with passwords required. The album itself is still visible in the root album. I can still see it and click on it which is when it prompts for a password. Isn't the album supposed to be hidden from view? Maybe that is where I am misunderstanding. But that would make "no passwords required" irrelvant.
I am completely logged out of both Gallery and from the album. I see the Unlock albums tab at the top. I've tried clearing all browser caches and have tried on firefox(linux) and chrome(windows). The version of Gallery is 3.0.1 running on PHP 5.3.4.
Posts: 716
The album is supposed to be completely hidden from view, so this would mean it's not working right at all :/
Do you have the "hide" module enabled? There's some kind of compatibility issue between the two modules that causes things to not work properly when they're both turned on. I just tried enabling it on my end, and it seems to cause the exact behavior you're describing here. Disabling it solves the problem.
Does that help?
Posts: 8
Ah, yes. The 'hide' module was enabled. I disabled 'hide' and things seem to be working correctly now.
Thank you so much for the response!
Posts: 34
I'm still having issues with this..
I have the latest version installed, disabled the Hide module, but it's not working right..
My root contains 2 albums, 1 of which I want hidden which contains may other subalbums and looks like this:
http://www.domain.com/gallery/personal/user
so just going to www.domain.com or www.domain.com/gallery gets you my root album, then personal would be hidden along with anything else under it unless you know the full URL. So if someone knew the full URL they could get into /personal/user and see all of the albums within it, or would that not work?
Or maybe I'm misunderstanding how this all functions?
Right now if I set a password on /personal when I try to goto it or anything under it I get a login prompt, no matter if I set 'Use Blank Passwords' or not, doesn't seem to matter..
Do you think there is something odd with my host like a PHP or Apache option, or is the module just acting funny for me?
Thanks!
-RT
Posts: 716
It can work that way. Keep in mind that if you assign the password to "personal" then anyone with a url to an album anywhere inside of "personal" can access personal's entire contents, not just the sub-sub album that they have a URL to.
To set up a passworded album --
First, click into the "personal" album and select Album options -> edit permissions. Make sure View is set to everybody (green checkbox).
Second, select the Album options -> assign password, enter something in, and select "Save". You should now see a green "Password saved." message.
Finally, select Admin -> settings -> Album Password settings. Make sure the box labeled "Do not require passwords" is checked to allow the album to be unlocked with just the URL (if the box is labeled something other then "Do not require passwords" then you are not using the current version).
Is this how everything is set up?
Posts: 34
Ohhhhh!!
Now I get it!
I wasn't putting any passwords in, I just left it blank cause I thought when enabled the 'Do not require a password' setting you didn't need to put anything in there!
Stupid me!
Working great now!
Appreciate the module, and all the help!
Thanks again!
-RT
Posts: 1
I seem to be suffering the same problem as @engineer, I've tried the latest version and the possible fix posted in this thread, is there anything else that I can try to get it to display properly.
I'm having this issue with Opera 11.11, IE 9 and Firefox 4.
Posts: 5
I restricted this to upgrade from 3.0.1 to 3.0.2. I checked the javascript shortly and I assume that print on this line has changed somehow:
--clip--
print "<html>\n<body>\n<script type=\"text/javascript\">\n$(\"#g-dialog\").dialog(\"close\");\nwindow.location.reload();\n</script>\n</body>\n</html>\n";
--clip--
I don't know which parts of G3 have changed during the update from 3.0.1 to 3.0.2, but it somehow looks to me that the target for the print is now changed. message::success however goes to correct place and otherwise the functionality seems to be just fine. The module just doesn't close the dialog and reload the page, but prints the corresponding javascript on the dialog box.
Posts: 716
The weird "Password dialog doesn't close with Gallery 3.0.2" bug has now been fixed. I've tested this with the following web browsers, and everything appears to be working fine now:
Google Chrome 11.0.696.71
Safari 5.0.2
Firefox 4.0
Internet Explorer 8
Posts: 84
I just download and test it, the bug is gone. Thank you very much!
Posts: 2
I was testing Albumpassword on Gallery 3.0.2 and I wanted to know if it is possible to filter the search result so that protected albums and images are not shown in the search results?
Posts: 5
Indeed. Thanks for the fixes for this and the case sensitiveness problem as well.
Any particular reason for going case insensitive instead of sensitive?
Posts: 716
MySQL queries are case insensitive by default. It was easier to make the password prompt case insensitive then to figure out how to get kohana's query builder to run a case sensitive search.
It seems that search doesn't use Galley's "normal" method of determining what a user can and cannot view. I'll have to look into it some more to see if it's something I can fix.
Posts: 2
Could it be possible to use a file proxy just like full size images with an .htaccess file? You could check if the image is public if not replace the picture with an protected image logo.
Do this module also protects the original folder when used in combination with the keeporiginal module?
Posts: 5
Fair enough.
Posts: 3
Hi all,
This module is great - does exactly what I need for a photography site... however I'm having trouble with one thing.
I'd like to be able to present a login form (that just asks for a password) on a web page outside of gallery, and when it is submitted, drop the user onto the gallery root, with their 'album passwords' password already submitted.
Is there an easy way to do this?
Thanks!!
kbm
Posts: 716
I don't know about "easy", but it could probably be done. Off the top of my head, these three ideas come to mind:
Idea #1: If the outside web site is on the same domain / subdomain as the gallery web site, you could probably write up a php script to set the login cookie the same way albumpassword does, and then redirect to the gallery url. The code albumpassword uses to login a user is in the checkpassword function, lines 122-147:
https://github.com/rWatcher/gallery3-contrib/blob/master/3.0/modules/albumpassword/controllers/albumpassword.php
Alternately, you could maybe embed the login form page into another page using an iframe or something, it's url is something like:
http://www.example.com/gallery3/index.php/albumpassword/login
You might also need to rework the password accepted / rejected code in the end of the checkpassword function, so that you're site would know if the password was accepted or rejected.
Thirdly, if you removed the "access::verify_csrf();" line from the checkpassword function (which is a security check to prevent passwords from being submitted from external sites), you could probably copy the albumpassword/login form html and use it in an external page. Once again, you might also need to rework the password accepted / rejected code to do URL redirection to the Gallery url if the password is valid or to somewhere else if the password is not.
Posts: 3
Great - thanks for the reply! Will give those suggestions a try, and report back...
Posts: 3
Using your helpful suggestions, what I've ended up doing is this...
The outside website is in the same domain as the gallery website, so I've just done an SHTML include, which pulls in the form, complete with csrf :
I've then modified albumpassword.php (line 141/142) so that it doesn't display a message, but instead just loads the gallery root page:
header("location: /gallery"); //message::success(t("Password Accepted.")); //json::reply(array("result" => "success"));Seems to work OK!
Thanks for the help.
Posts: 5
Love this module, but I'm having an issue with it. I have what I guess is a pretty large site full of images of my family, vacations, adventures we have, etc. The site currently hosts about 13000 images or so, broken down into a bunch of different albums and sub-albums.
I'd like to password protect some of the albums, but not all. Only trouble is, when I add a password to one of the albums that contains pictures of my kids (the main thing I want to protect here) the gallery becomes so slow it is unusable, typically timing out in the browser when I try to connect.
Being a programmer myself, I looked a bit at the underlying database structure, and I see that you add an entry into the cache table for every single item or subitem in an album when a password is added for that album. It appears that you'll need to do some query optimization to help keep queries from taking several minutes to complete....
I tried this once before on a different site that hosts some professional photo shoots I've done, and found that as long as I kept the albums to <100 items, I could password protect them without a huge performance hit. This means, though, that I have to tell my clients to look at all the albums they see when they put in their password, as I've had to break their shoot of 600 or so items into 6 or more albums.
I've not taken the time to dig around in the actual sql that is being executed, or what may be done to improve the performance... figure that is best left to the experts.
Thanks!
Posts: 28
Hi rWatcher,
nice module.
In G2 I could assign a password or the "hide only" option on each album and not just global. Is that function planned in future?
Thanks!
Posts: 21
If there are no protected items and "Rebuild Album Password ID Caches DB" is executed this error is logged
EDIT: A patch to fix this (maybe some tabs/space could be added, omitted for a small patch)
--- modules/albumpassword/helpers/albumpassword_task.php +++ modules/albumpassword/helpers/albumpassword_task.php @@ -130,6 +130,8 @@ $total_items = $task->get("total_items"); $last_id = $task->get("last_id"); +if ($total > 0) { + // If completed_items is 0, then we're just starting to process this // album. Add the album to idcaches before adding it's contents. if ($completed_items == 0 ) { @@ -182,6 +184,7 @@ $task->set("last_id", $last_id); $task->set("completed_albums", $completed_albums); $task->set("completed_items", $completed_items); +} // Display the number of albums that have been completed before exiting. if ($total == $completed_albums) {Posts: 14
I like the idea of this plugin. My use is to hide albums, and to prevent "browsing". So, my only issue with this module is if an album is hidden and I give someone the link, once they are in, they can click home on the bread crumbs and have access to everything when my intent was to just share that one album. Am I the only one with this issue?
Thanks!
Jason
Posts: 8
The only way I see that you can not allow access to more than the one album is to not nest albums (or at least do not nest albums you don't want people to have access). You can set up multiple password protected albums, just not as sub albums.
Posts: 8
I'm having problems with something:
Is there a way to have the password protected album show up (but appear empty)? Or does this module now work to hide the album until the password is input?
Posts: 1
@ rWatcher: Thanks, Just set up a gallery for a photographer friend of mine and this works perfectly for what we wanted.
Posts: 394
I'm trying to access a hidden album with a direct URL, while no being logged into G3, but it won't let me. G3 keeps wanting a password for a registered user.
Posts: 716
Make sure the album is publicly viewable: Album options -> Edit permissions -> View / Everyone is checked.
Make sure album passwords is set to not require passwords: Admin -> Settings -> Album passwords settings -> Do not require passwords is checked.
Posts: 394
Not working, sorry. Confirmed everything. Password is set. Visible to everyone, no password needed.
Posts: 394
Link to album that is PW protected. pass: miranda
Posts: 716
I don't see a link, so I'm not sure what's wrong with it. I can say that I've just checked, and everything seems to work fine for me with Gallery 3.0.2. Is that the version you're using?
Did you upgrade the Album password module from an earlier version? If so there's two admin / Maintenance scripts that may need to be run.
Also are you using the latest version of the module? It can be found here:
http://gallery.menalto.com/files/albumpassword.zip
Posts: 394
OK watcher it's working I think. I can't see the album unless I have the URL to it.
http://www.dwdallam.com/G3_DWDALLAM/index.php/Fred-Miranda
So that's what it's suppose to do, right? Just hide the album? I've read the documentation but I'm a little unsure of exactly how passwords work with this module. I know if you have "Don't require passwords, then it acts as a hidden album only, correct? If you don't check the box to "Don't require passwords" do you need a G3 User account first to access the password module?
Posts: 394
I just wanted to let everyone know that if your host uses cPanel, you can password protect individual albums. But it looks like the album functions the same way as this module, with the exception that you can't hide albums, only password protect them.
Posts: 716
If "Don't require passwords" is checked, the module will hide the album and it's contents -- another visitor will need the URL to the album or it's password in order to access it.
If "Don't require passwords" is not checked, the module will still hide the album, but trying to access it with it's album URL will not work, only the album's password will allow a user to access it. This works separately from the existing Gallery user system, any user with or without an account can enter in the password to access the protected album.
cPanel is only available to the admin for the web site, where as album password is available to all registered Gallery users. If you're the only one using your Gallery and cPanel works for you then great. If you have multiple users who don't have access to your cPanel, but who want to be able to protect the photos they upload, then Album Passwords may be a better solution.
Posts: 42
I'd like to be able to send someone a link to a picture, and have them be able to see only that picture.
Currently, if I email a link to a picture (page) inside a password protected album, they can hit next next next and view all the pictures in that album, or hit a sub-tree link from the picture page and get access to the whole album.
Am I doing something wrong?
Posts: 26107
The module is album password. so it protects the album not the items.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 195
Hi,
I have some suggestions for your plugin, see the attached patch file. What do you think are the suggestions ok (so I can push the changes to github and make a merge request)?
Posts: 42
That is an excellent point. Is there a plug in that will protect both albums and items, separate from having people login with username/passwords?
Posts: 394
All of this has been gone over and over. the password system in G3 is extremely dysfunctional. They already know that. The next release of G3 is suppose to address the password issue giving admin the power to assign simple passwords to albums.
Posts: 9
Hi! Until now it's not possible to set a password to an album or hide an album with g3 buildin features. So I'm still using this module and it works pretty well. But what I'm missing is a per album setting to hide or password-protect the album. Until now it's only possible to set that global, isn't it?
Posts: 42
This password module must be assigned per-album. This only hides the album, but those people that have a link to the album, or any picture in the album, will still be able to get at it no problem.
Posts: 716
The setting to choose if visitors can access protected albums with just a link or if they need to use the password is a global setting only. There's no way to specify this on a per-album basis.
Posts: 643
But it is possible to have some albums with a password and some not, non? So while the module might be applied gallery-wide, and the setting about whether the exact URL gets you in is also gallery wide, you don't have to assign a password to every album. That's how it works for me.
The real limitation of this module (and this is NOT a criticism of rWatcher) is that people can still find images in password protected albums via tags, searches, etc. I only use it in a G3 install with all these things disabled.
U-G
Posts: 716
Correct.
Actually, I think search is the only module that still has this issue, it should be fixed with everything else (tags, latest updates, etc.). Search seems to use raw database query's instead of tapping into Gallery's permission system like everything else.
Posts: 643
I must have missed this. When did this happen? rWatcher - Can I suggest that you use a strict versioning numbering system with your modules, and reflect this in zip files as well? I really appreciate your modules, as you would know, but I find it hard to keep track of when I have the latest version. I know some of them such as Tag Albums have version numbers, but even there, there are different versions with the same version number. Just a suggestion.
U-G