Passworda and Username Acceptance Passworda and Username Acceptance
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Passworda and Username Acceptance

Started by WillyWonderDog, October 18, 2012, 05:58:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

WillyWonderDog

I have a family area on my website that requires members to sign in with a user name and password (using 'basic authorization' - apache2. Inside that family area is Coppermine. If I setup a member in Coppermine with the same username/password, is there a way Coppermine can use that 'basic authorization' info and auto sign them into Coppermine when they enter the gallery? Thanks for the consideration.

Αndré

I don't think so, but I simply don't know.

Αndré

I just noticed that the user name and password are stored in $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. So it should be possible to add a check (e.g. somewhere in include/init.inc.php or as a plugin) if the visitor is currently logged in and if not, post the above data to Coppermine's login.php page. If it fails (wrong credentials), you'll have to make sure to avoid an infinite loop.

WillyWonderDog

Thanks for the info André. I have been trying, but so far no luck.
Side Note: I use  Wordpress Plugin, HTTP Authentication 4.5, by Daniel Westermann-Clark which works quite well.
I will keep trying to figure this out in Coppermine and I will post the solution. BTW, I use your mobile theme switcher plugin; works great.

Αndré

Quote from: WillyWonderDog on November 07, 2012, 03:29:24 PM
I use  Wordpress Plugin, HTTP Authentication 4.5, by Daniel Westermann-Clark which works quite well.
I don't know that plugin. But as you said you use Apache authentification, the credentials are probably stored in the $_SERVER array.

WillyWonderDog

Thanks Andre, your info put me on the right course; the following is my solution.
Using Apache/2.2.17 (Win32) PHP/5.2.17 Coppermine 1.5.20



in login.php, near line 162 find:

_____________

                      <td align="left" class="tablef">
                        <!--<input name="submitted" type="submit" class="button" value="{$lang_login_php['login']}" tabindex="4" />-->
                        <button type="submit" class="button" name="submitted" value="{$lang_common['ok']}"  tabindex="4">{$ok_icon}{$lang_common['ok']}</button>
                      </td>
                  </tr>

EOT;
_____________

after the </tr> and before the EOT; add

_____________

<tr>
<td colspan=2 align=center>
<Iframe src="loginchoice.php" width="100%" height="450" frameborder=0 seamless></Iframe>
</td>
</tr>
_____________

create a file named loginchoice.php, the working parts are below.

echo <<< EOT
<form action="login.php" method="post" name="loginbox" id="cpgform" target="_top">
<input type="hidden" name="username"  value="{$_SERVER['PHP_AUTH_USER']}" />
<input type="hidden" name="password" value="{$_SERVER['PHP_AUTH_PW']}" />
<input type="submit" class="buttonStyle0"  name="submitted" value="Auto-SignIn as {$_SERVER['PHP_AUTH_USER']}"  />
</form>

<form action="login.php" method="post" name="loginbox" id="cpgform" target="_top">
<input type="hidden" name="username"  value="themes" />
<input type="hidden" name="password" value="password" />
<input type="submit" class="buttonStyle2"  name="submitted" value="Auto-SignIn as Themes Name"/>
</form>

<form>
<input type="button" class="buttonStyle3" value="Enter Gallery As Guest" onClick="parent.location='index.php?cat=1'">
</form>

EOT;

WillyWonderDog

I should have mentioned that for this to work, the apache auth'ed username/password has to be the same as a current CPG username/password. Someday I would like to be able to accomplish what a afore mentioned wordpress plugin does. Among other options, it can login any apache auth'ed user into wordpress (regardless of current passwords) and optionally create a wordpress user.
Thanks again, Coppermine is a super Photo Gallery.