Configuring access control
In default configuration anonymous access is allowed to all images and there is
an administrator who can do album reindexing and/or change .albumdef.ini
files. It is possible to change this configuration of course.
For example, there are three users:
and four albums:
-
Tremblant (can be viewed by an anonymous user - no need to log in)
-
Private (by admin only)
-
Drinking party (by any authenticated user, but not the anonymous )
-
Family only (by admin and family only)
In order to add users, login as admin (default password is admin)
and proceed to user manager by clicking "Users" button. Alternatively you can
manually edit the users file as described in notes below.
Then you need to modify .albumdef.ini files. Login as admin and
use 'Edit' link next to the album title to open the file. Set Allowed users: field
in every album as follows:
Album |
Allowed users: |
Tremblant
|
all |
Private
|
admin
|
Drinking party |
valid-user
|
Family only |
admin, family |
After making these changes, reindex your photo album.
Note:
-
Access control is cumulative. For example, if you have folder MyFolder
accessible only to user admin, and allow anonymous access to
MyFolder/SubFolder, only admin will be able to access MyFolder/SubFolder
anyway.
-
User list is contained in /photo/private/.htpasswd file. In
order to modify the file you need a htpasswd command-line
utility which is a part of Apache web-server. If you don't have the utility,
download Win32 binary from
http://users.tibus.com/support/passwd.php
Multiple administrator accounts
By default only user admin has access to album reindexing. You can change your
administrators by editing config.php
$g_sAdminUsers=array("admin","friend");
Having multiple administrators can be useful if you decide to share
web-space between several users. For example, user friend
can create his own albums under /pictures/friend directory and
user family under /pictures/family. DAlbum
by itself does not contain any code to handle image upload, but you
can setup FTP permissions accordingly or use Comet
WebFileManager.
Please note than only first administrator has access to the
user manager. The other administrators are allowed to reindex only.
Access control modes
DAlbum can authenticate users in two modes: session mode and Basic
HTTP Authentication.
Session mode (default) is used when $g_bHTTPAuth is set to false
in config.php. In this case users are authenticated
by using a custom logon page, which will set a session cookie to authenticate a
user. The good thing is that session mode works on any web-server and
any PHP configuration (CGI or Apache module), and there is a nice "Log out"
button. However, this mode is slower than "Basic HTTP Authentication"
and does not work with browser cookies disabled.
Basic HTTP Authentication is used when $g_bHTTPAuth is
set to true in config.php. This mode currently requires
Apache web server and PHP installed as Apache module. In this case users are
authenticated by Apache automatically according to .htaccess files which are
created by DAlbum during reindexing, and standard "Enter your password"
dialog is used instead of the custom page. This method is slightly faster than
the first one and works well if cookies are disabled. The drawback is that it
is not possible to log out without restarting the browser.
URL login in Session mode
Starting version 1.38 it is possible to login a user from the URL with username and password separated with colon:
www.delx.ca/dalbum/sample/index.php?login=user:user. Very convenient for
sending links by e-mail.
Another new feature is that you can add "temporary" users who do not need a password, but are allowed to view explicitly
allowed albums only.
For example, you want to send a link to DAlbum sample album "Tremblant" to a friend, but don't want to
create a special user for him or to allow him to see your other personal pictures.
Now it is possible to set album access list to "user,-tremblant2222" and hurrah! - a link
www.delx.ca/dalbum/sample/index.php?login=-tremblant2222
will give access to the album, and, more good news, automatically direct the user to the album "Tremblant".
Should it become necessary to revoke this url - remove "-tremblant2222" from the access list and that's it!
|