Feature Question: Password Protected Albums Feature Question: Password Protected Albums
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Feature Question: Password Protected Albums

Started by NappilyEvahAftah, August 15, 2007, 04:45:27 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

NappilyEvahAftah

August 15, 2007, 04:45:27 AM Last Edit: August 16, 2007, 06:48:08 PM by Nibbler
I'm moving from Gallery, to Coppermine. One of the main reasons why is because password protected album pics can still be accessed, if a visitor does a search and happens to know the file name, or if they click on the recent comments (it will show the password protected pics, along with the comments). So, basically, password protecting an album is pointless.

With Coppermine, how does it work? Let's say I want to view a password protected album. Is the viewing of comments hidden also and only viewable once the correct password is entered? Can I search for a file, and view it, even though it's part of a password protected album (and I haven't entered the password)?

If so, is there a way to modify the code?

Joachim Müller

#1
August 15, 2007, 07:41:05 AM
Works as advertized in Coppermine - take a look at the demo: there is a password-protected album (don't visit it just yet, because if you visit it and authentify yourself by entering the correct password, you will later have access). Just try searching for a file that resides in the PW-protected album (go to the demo's search page, type in fruit 5 and tick the filename checkbox, then submit the search form) - you'll get zero results. The same thing applies for the "last comments" meta album: I just posted a comment on the pic that resides in the password-protected album, yet you won't be able to spot it on the demo's last comments page.
Now go to the PW-protected album and authentify yourself (password is "pass"). You'll be able to see the pic that resides in that album. Do the search that you already performed above once more - this time, the pic that resides in the PW-protected album will turn up as a search result, as well as the comment I posted on the last comments meta album. This is being accomplished by using a cookie stored on your PC: it just says that you already have authentificated and don't need to perform that twice - it does not contain the password itself.

As you can see, a PW-protected album truely protects the content within it.

Subsequently, you last question how to modify the code doesn't apply.

NappilyEvahAftah

#2
August 15, 2007, 03:34:38 PM
Okay,

But here's what I can't figure out:

I want the password protected albums to show up (in public view), so that folks can click on them to enter the password. Once I password protect the album, it's hidden — and even though I try to set it for public view, it's always
hidden and only viewable by me.

Plus, I don't want "Random Files" nor "Latest Additions" to show — they show pics in password protected albums, and I want a more streamlined view. So, I'm very confused.

Nibbler

#3
August 15, 2007, 04:08:19 PM
Both things you ask for are options on the config page. Please review the documentation.

http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#changing
Show private album Icon to unlogged user

NappilyEvahAftah

#4
August 16, 2007, 06:46:47 PM
Thanks for your help. The documentation link wasn't showing up in my IE browser. I could see it in Firefox — not sure why. Anyhow, I figured it out.

Thanks for all your help!
Print
Go Up Pages1
User actions