1.44 build 178


Please rate DAlbum at HotScripts.com
Please rate DAlbum at @ PHP-Resource.de
Rate DAlbum @ The PHP Resource Index
Script Rating:
Access control   

Configuring access control

In default configuration anonymous access is allowed to all images and there is an administrator who can do album reindexing and/or change .albumdef.ini files. It is possible to change this configuration of course.

For example, there are three users:

  • admin
  • friend
  • family

and four albums:

  • Tremblant (can be viewed by an anonymous user - no need to log in)
  • Private (by admin only)
  • Drinking party (by any authenticated user, but not the anonymous )
  • Family only (by admin and family only)

In order to add users, login as admin (default password is admin) and proceed to user manager by clicking "Users" button. Alternatively you can manually edit the users file as described in notes below.

Then you need to modify .albumdef.ini files. Login as admin and use 'Edit' link next to the album title to open the file. Set Allowed users: field in every album as follows:

Album Allowed users:
Tremblant all
Private admin
Drinking party valid-user
Family only admin, family

After making these changes, reindex your photo album.

Note:

  1. Access control is cumulative. For example, if you have folder MyFolder accessible only to user admin, and allow anonymous access to MyFolder/SubFolder, only admin will be able to access MyFolder/SubFolder anyway.
  2. User list is contained in /photo/private/.htpasswd file. In order to modify the file you need a htpasswd command-line utility which is a part of Apache web-server. If you don't have the utility, download Win32 binary from http://users.tibus.com/support/passwd.php

Multiple administrator accounts

By default only user admin has access to album reindexing. You can change your administrators by editing config.php

$g_sAdminUsers=array("admin","friend");

Having multiple administrators can be useful if you decide to share web-space between several users. For example, user friend can create his own albums under /pictures/friend directory and user family under /pictures/family. DAlbum by itself does not contain any code to handle image upload, but you can setup FTP permissions accordingly or use Comet WebFileManager.

Please note than only first administrator has access to the user manager. The other administrators are allowed to reindex only.

Access control modes

DAlbum can authenticate users in two modes: session mode and Basic HTTP Authentication.

Session mode (default) is used when $g_bHTTPAuth is set to false in config.php. In this case users are authenticated by using a custom logon page, which will set a session cookie to authenticate a user. The good thing is that session mode works on any web-server and any PHP configuration (CGI or Apache module), and there is a nice "Log out" button. However, this mode is slower than "Basic HTTP Authentication" and does not work with browser cookies disabled.

Basic HTTP Authentication  is used when $g_bHTTPAuth is set to true in config.php. This mode currently requires Apache web server and PHP installed as Apache module. In this case users are authenticated by Apache automatically according to .htaccess files which are created by DAlbum during reindexing, and standard "Enter your password" dialog is used instead of the custom page. This method is slightly faster than the first one and works well if cookies are disabled. The drawback is that it is not possible to log out without restarting the browser.

URL login in Session mode

Starting version 1.38 it is possible to login a user from the URL with username and password separated with colon: www.delx.ca/dalbum/sample/index.php?login=user:user. Very convenient for sending links by e-mail.

Another new feature is that you can add "temporary" users who do not need a password, but are allowed to view explicitly allowed albums only.

For example, you want to send a link to DAlbum sample album "Tremblant" to a friend, but don't want to create a special user for him or to allow him to see your other personal pictures.

Now it is possible to set album access list to "user,-tremblant2222" and hurrah! - a link www.delx.ca/dalbum/sample/index.php?login=-tremblant2222 will give access to the album, and, more good news, automatically direct the user to the album "Tremblant".

Should it become necessary to revoke this url - remove "-tremblant2222" from the access list and that's it!