
The login system in Coppermine 1.4 has changes as compared to 1.3. Therefore
changes to the plugin were required. There were several possibilities to implement
the remote login procedure:

1. Duplicate the Coppermine login sytem into the plugin. The problem is that
that would require Coppermine and WordPress to share the same domain because of
the cookies.

2. Implement a WordPres bridge for Coppermine. While this would be an elegant solution,
it is also limited because the domains for WordPress and Coppermine have to be the same.

3. Add a login page that is usable by WordPress to the Coppermine site. The
original login.php cannot be used because it uses POST to pass the login and
password, and WordPress needs to redirect to that page to use it. 

3a) A page that would emulate login.php, but work with GET would work, but would
present a security problem because the credentials are visible in the address
bar of the browser.

3b) Use the coppermine database to confirm the identity of the person who wants to login, then transfer to a page in Coppermine that uses that data to set a cookie.



The last solution (3b) was retained, and works as follows:

  1. The plugin generates a session id, and opens a session by writing it to gal_sessions. The expiration time is set to a short period. (30s)
  2. The WordPress login page redirects to wp-login.php in Coppermine, passing the session id, the user id and the address of the page to load after login (/wp-admin) in the url.
  3. In wp-login.php a cookie is set, validating the session for that address, and the expiration time is set to normal.
  4. wp-login.php redirects back to WordPress, which continues the login process.

    


