General Support: HowTo: password protect albums

Bottom of Page

1 to 23 of 23

- CommentAuthorbauerman
- CommentTimeSep 8th 2007
hi,
I manged to implement password protection per album.
You just have to make some minor changes to the code!
(I think everybody, even without PHP-knowledge will manage it)
Thankful People: Huroman
- CommentAuthorbauerman
- CommentTimeSep 8th 2007
step 1)
add column "pass" to table albums
step 2)
create file auth.php in the themes folder (i.e plogger/themes/lucid) with the following content:
<?php
function authenticate()
{
Header("WWW-Authenticate: Basic realm=\"Test Authentication System\"");
Header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}
if ($_GET["level"]=="album" || $_GET["level"]=="picture"){
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate();
} else {
switch ($_GET["level"]){
case "album":
$sql="select pass from plogger_albums where id=".$_GET["id"];
break;
case "picture":
$sql="select pass from plogger_albums a,plogger_pictures p where p.id=".$_GET["id"]." and p.parent_album=a.id";
break;
}

connect_db();
$sql_result=run_query($sql);
$ret=mysql_fetch_assoc($sql_result);
$pass=$ret["pass"];
/*foreach ($ret as $i => $v) {
echo "x$i=$v x";
}*/
if ($_SERVER['PHP_AUTH_PW']!=$pass){
authenticate();
}
}
}
?>
step 3)
include auth.php to album.php in themes folder:
add "include("auth.php");" at the beginning of album.php
album.php:
<?php
include("auth.php"); //ADDED THIS LINE
plogger_get_header();
print '<div id="thumbnail_container">';
....
step 4)
do the same as in step 3 to picture.php
picture.php:
<?php
include("auth.php"); //ADDED THIS LINE
plogger_get_header();
if (plogger_has_pictures()) {
step 5)
to disable download button of a password protected album:
-edit plog-functions.php in plogger folder
-go to "function plogger_download_checkbox"
looks like this now:
function plogger_download_checkbox($id, $label = '') {
global $config;
if ($config["allow_dl"]){
connect_db();
$sql_result=run_query("select pass from plogger_albums where id=".$id);
$ret=mysql_fetch_assoc($sql_result);
if (empty($ret["pass"]) || $_SERVER['PHP_AUTH_PW']==$ret["pass"]){
return '<input type="checkbox" name="checked[]" value="'.$id.'" /> '. $label;
}
else{
return '(password protected)<br>';
}
}
else
return '';
}

THATS IT!
- CommentAuthorbauerman
- CommentTimeSep 8th 2007
How to use it:
every album you want to protect with a pass has to have some value in column "pass" of table "plogger_albums"

i do not care about username, you can enter what you want in the user-field of the password dialog.
(wouldnt be a challenge to add username functionality)

it also should be possible to implement the password protection on a global basis (independend of the theme). But I am happy that i managed to implement the functionality i need and do not want to invest more time for this at the moment.
- CommentAuthorbauerman
- CommentTimeSep 8th 2007
ITS NOT WORKING PROPERLY AT THE MOMENT
PLEASE STAND BY...
I WILL HAVE TO MAKE SOME CHANGES!
- CommentAuthorjammindice
- CommentTimeSep 8th 2007 edited
i think you would be better off to create a whole plogger_user table with user/pass and id, then create another table plogger_permissions and have entries for user_id and album_id and allow_deny

then just hit the user/pass db when they login if the user/pass is good then hit the permissions table to see if they are allowed in that album.

then add a tab in the admin for users and write some stuff that would manage the users/passwords and which albums they are allowed to login to.

this would allow other functionality, like to add extra users to the admin, or other possibilities, and would scale much better than the way you have currently written it.

but i'm in no way discounting what you've done progress is progress and i'm sure others would like to use what you have.
- CommentAuthorbauerman
- CommentTimeSep 8th 2007
of course there are a lot of possibilities to implement album protection.
i have tried to implement it as easy as possible
I want to say sorry for my submission of buggy code!!
(the old code would lock collections even if there are no protected albums in it!)
sorry!!!
following the correct code which i tested already
- CommentAuthorbauerman
- CommentTimeSep 8th 2007
THE CORRECT SETUP FOR ALBUM PW PROTECTION
(does not care about usernames, you can leave them blank)

step 1)
add column "pass" to table albums

step 2)
create file auth.php in the themes folder (i.e plogger/themes/lucid) with the following content:
<?php
function authenticate()
{
Header("WWW-Authenticate: Basic realm=\"restricted area\"");
Header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}
if ($_GET["level"]=="album" || $_GET["level"]=="picture"){
switch ($_GET["level"]){
case "album":
$sql="select pass from plogger_albums where id=".$_GET["id"];
break;
case "picture":
$sql="select pass from plogger_albums a,plogger_pictures p where p.id=".$_GET["id"]." and p.parent_album=a.id";
break;
}
connect_db();
$sql_result=run_query($sql);
$ret=mysql_fetch_assoc($sql_result);
$pass=$ret["pass"];
if ($pass!=""){
if ($_SERVER['PHP_AUTH_PW']!=$pass) {
authenticate();
}
}
}
?>

step 3)
include auth.php to album.php in themes folder:
add "include("auth.php");" at the beginning of album.php
album.php:
<?php
include("auth.php"); //ADDED THIS LINE
plogger_get_header();
print '<div id="thumbnail_container">';
....

step 4)
do the same as in step 3 to picture.php
picture.php:
<?php
include("auth.php"); //ADDED THIS LINE
plogger_get_header();
if (plogger_has_pictures()) {
...

step 5)
step 5)
to disable download button of a password protected album:
-edit plog-functions.php in plogger folder
-go to "function plogger_download_checkbox"
looks like this now:
function plogger_download_checkbox($id, $label = '') {
global $config;
if ($config["allow_dl"]){
connect_db();
//if on page collections, have to look if albums are protected
if ($_GET["level"]==""){
$msg="";
$sql_result=run_query("select count(*) c from plogger_albums where pass is not null and parent_id=".$id);
$ret=mysql_fetch_assoc($sql_result);
if ($ret["c"] > 0){
$ret["pass"]="asdfqeeradfpoiejf";
}
else {
$ret["pass"]="";
}
}
else
{
$msg="(password protected)";
$sql_result=run_query("select pass from plogger_albums where id=".$id);
$ret=mysql_fetch_assoc($sql_result);
}
if (empty($ret["pass"]) || $_SERVER['PHP_AUTH_PW']==$ret["pass"]){
return '<input type="checkbox" name="checked[]" value="'.$id.'" /> '. $label ;
}
else{
return "$msg<br>";
}
}
else
return '';
}
- CommentAuthorGremi0
- CommentTimeOct 1st 2007
this must only work with plogger 3 i suppose?
- CommentAuthorbronxmonstah
- CommentTimeNov 30th 2007
I don't understand.. Where is this "step 1)
add column "pass" to table albums"...?
Thankful People: ssk
- CommentAuthorrobmatt78
- CommentTimeApr 30th 2008
Hi all,

thanks for this thread ... I did all of the above but keep getting this error:

Warning: Cannot modify header information - headers already sent by (output started at ..... index.php:27)..

as I am a php novice, any help would be greatly appreciated.

thanks,
Rob
- CommentAuthorcreativebin
- CommentTimeJun 10th 2008
I am getting the same error as Rob above. Anyone succeeded on implementing this? I am using the latest version (Beta 3.0)...
- CommentAuthormvpetrovich
- CommentTimeJun 12th 2008
Keep in mind that when you use the Header Authentication method, it will not work with PHP running in CGI mode, which you will find on a lot of shared hosting services. You actually need to set up a form to get the user and password.

I use an authentication system to view the entire gallery. In that case I have users and passwords from a membership database. It sounds like you want to have group passwords. You really then need a database table structure with a table for group names and passwords, and a table for group names and albums.

Also, you cannot modify header information if you have already output something. So, you need to do your Header Authentication before anything is output.
- CommentAuthormacmadman
- CommentTimeJul 19th 2009 edited
Hey I am getting the same error... mvpetrovich can you elaborate on how to do all of this? I am new to PHP and I dont understand. Can you please make a step-by-step?

Thanks
Thankful People: ssk
- CommentAuthorssk
- CommentTimeNov 25th 2009
I can do every step besides 1), maybe it's just late and I should go to bed. I'm a totally new to php, just trying to learn. Any further direction on where exactly I "add column "pass" to table albums"?

Please, before my head explodes.
- CommentAuthormpwj2
- CommentTimeDec 7th 2009
I have tried to make my own password protect code but I keep getting this error below. can anyone help?

If no password is entered it works and you get the message "please go back and enter a password" as expected. But if you type anything into te password box you get this:

Notice: Undefined variable: current_picture in public_html/plog/plog-includes/plog-functions.php on line 2556

Fatal error: Cannot redeclare plogger_stats_count_total_collections() (previously declared in /home/moulton/public_html/plog/plog-content/themes/lucid/theme_functions.php:5) in /public_html/plog/plog-content/themes/lucid/theme_functions.php on line 4

I have edited collection.php collections.php and album.php. The coce for these is below:

for collection and collections I added this bit.



<form action="<?php echo plogger_get_album_url(); ?>" method="post">
<P class="style1">Password: <input type="text" name="Passw" size="20"> <INPUT TYPE=submit NAME=Submit VALUE="Send"></P>  

</form>


For album.php I recreated it as this:

<?php $con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("user_plog", $con);

//grab the user entered password

$pass = $_POST['Passw'];
if (strlen($pass) <1) {
echo( "Please go back and enter a password" ); exit;
}

plogger_get_header();
$img_id = "thumb-".plogger_get_picture_id();

//checks to see if the password matches the one on file
$checkpass = mysql_query("SELECT pass FROM plogger_albums WHERE id = $img_id");
//while($row = mysql_fetch_array($checkpass))
// {
// $result=($row['pass']);
// echo "<br />";

// }
//end of checking

if ($pass==$checkpass)
{

plogger_get_header(); ?>

<div id="thumbnail-container">
<?php if (plogger_has_pictures()) : ?>
<div id="overlay"> </div>
<ul class="slides">
<?php while(plogger_has_pictures()) : plogger_load_picture();
// Find thumbnail width/height
$thumb_info = plogger_get_thumbnail_info();
$thumb_width = $thumb_info['width']; // The width of the image. It is integer data type.
$thumb_height = $thumb_info['height']; // The height of the image. It is an integer data type.
$li_width = $thumb_width + 10; // Account for padding/border width
// Generate XHTML with thumbnail and link to picture view.
$img_id = "thumb-".plogger_get_picture_id();
$imgtag = '<img id="'.$img_id.'" onmouseout="document.getElementById(\'overlay\').style.visibility = \'hidden\';" onmouseover="display_overlay(\''.$img_id.'\', \''.plogger_picture_comment_count().'\')" class="photos" src="'.plogger_get_picture_thumb().'" width="'.$thumb_width.'" height="'.$thumb_height.'" title="'.plogger_get_picture_caption('clean').'" alt="'.plogger_get_picture_caption('clean').'" />';
?>
<li class="thumbnail" style="width: <?php echo $li_width; ?>px;">
<a href="<?php echo plogger_get_picture_url(); ?>"><?php echo $imgtag; ?></a>
<?php echo plogger_download_checkbox(plogger_get_picture_id()); ?>
<div class="tag"><?php echo plogger_get_picture_caption(); ?></div>
</li>
<?php endwhile; ?>
</ul>
<?php else : ?>
<div id="no-pictures-msg">
<h2><?php echo plog_tr('No Images') ?></h2>
<p><?php echo plog_tr('Sorry, but there are no images in this album yet.') ?></p>
</div>
<?php endif; ?>
</div>

<?php plogger_get_footer();

}

else
{

plogger_get_header(); ?>

<div id="thumbnail-container">
<?php if (plogger_has_albums()) : ?>
<div id="collections">
<?php while(plogger_has_albums()) : plogger_load_album();
// Find thumbnail width/height
$thumb_info = plogger_get_thumbnail_info();
$thumb_width = $thumb_info['width']; // The width of the image. It is integer data type.
$thumb_height = $thumb_info['height']; // The height of the image. It is an integer data type.
?>
<div class="collection">
<a href="<?php echo plogger_get_album_url(); ?>"><img class="photos" src="<?php echo plogger_get_album_thumb(); ?>" width="<?php echo $thumb_width; ?>" height="<?php echo $thumb_height; ?>" title="<?php echo plogger_get_album_description(); ?>" alt="<?php echo plogger_get_album_description(); ?>" /></a>
<h2><a href="<?php echo plogger_get_album_url(); ?>"><?php echo plogger_get_album_name(); ?></a></h2>
<?php echo plogger_download_checkbox(plogger_get_album_id()); ?>

<span class="meta-header"><?php echo plog_tr('Contains'); ?> <?php echo plogger_album_picture_count() . ' '; echo (plogger_album_picture_count() == 1) ? plog_tr('Image') : plog_tr('Images'); ?></span>
<p class="description"><?php echo plogger_get_album_description(); ?></p>


<form action="<?php echo plogger_get_album_url(); ?>" method="post">
<P class="style1">Password: <input type="text" name="Passw" size="20"> <INPUT TYPE=submit NAME=Submit VALUE="Send">
Password incorrect. Please try again</P>  

</form>


</div>
<?php endwhile; ?>
</div>
<?php else : ?>
<div id="no-pictures-msg">
<h2><?php echo plog_tr('No Albums') ?></h2>
<p><?php echo plog_tr('Sorry, but there are no images or albums in this collection yet.') ?></p>
</div>
<?php endif; ?>
</div>
<?php plogger_get_footer();

}
?>
- CommentAuthordzmoore
- CommentTimeDec 27th 2009
Hello,
I had a need for password-protecting albums as well. Below, I have attempted to relay my method of accomplishing this.

Step 1: Within the plogger database, I added the following:
create table plogger_user_groups ( groupname varchar(50) primary key, password varchar(50) ); alter table plogger_albums add groupname varchar(50) default 'default_group'; insert into plogger_user_groups (groupname) values ('default_group'); alter table plogger_albums add foreign key (groupname) references plogger_user_groups(groupname);
First I created a new table to hold the "password group" name to password mapping. Next, I alter the plogger_album table to include a new column which will map each album to a single password group. After that I add a default group name named "default_group". Finally, I restructure the plogger_albums table to reference plogger_user_groups 's groupname column.

Step 2: Create a password dialog. Below is "plog-auth.php" which I placed in the root plogger directory (mine is titled 'plogger').
<?php /* This file is part of an addition to plogger made by Dylan Moore. � 2009 by Dylan Moore */ session_start(); $_SESSION['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; ?> <html> <head> <title>Please login.</title> <style type="text/css"> table { background-color:cornflowerblue; //login box color } body {background-color:white} //background color </style> </head> <?php if (isset($_GET['msg']) && $_GET['msg'] == "noauth") { echo "Problem with username/password"; } ?> <table width="50%" border="0"> <form name="form1" method="post" action="plog-auth-continue.php"> <tr><td colspan="3" align="center"> <?php if( isset($_GET['group']) ) { echo "Password required for content marked as: " . '<b>' . $_GET['group'] . '<br>'; } ?> </td></tr> <tr> <td align="right">Password</td><td align="center">:</td> <td><input name="passw" type="password" id="passw"></td> </tr> <tr> <td colspan="3" align="center"><input type="submit" name="Submit" value="Login"></td> </tr> </form> </table> </html>

This file is the front-end for grabbing a password from a user. It will be called from a function within plogger.php (I reference this later). First this file saves a "referer address". So if I am, for example, going from page_A to a password-protected page_B, the referer address will be the address for page_A and it will be stored in the session variable 'referer' ($_SESSION['referer']). The other php bits simply reference the $_GET variables 'msg' and 'group'. The 'msg' variable is simply a variable I have used in other scripts for more complicated things, but I have used in this script to test for an incorrect password. In other words, if a user tries to login previously, but the password is not the same as the group password, this dialog will be called with the 'msg' variable set to "noauth". The 'group' variable simply stores the groupname for the convenience of the user. For example, a user might have several passwords (for several album group types), and need to know which password to enter (i.e. group "easy" has the password "aaa", but group "hard" has the password "3.14pi"; the dialog should therefore tell the user whether the album is of type "easy" or "hard" so that s/he may type the relevant password).

Step 3. Add the password dialog helper file "plog-auth-continue.php" (copied below):
<?php session_start(); $formpassw = $_POST['passw']; // protects against MySQL injection // and md5 's the password $formpassw = stripslashes($formpassw); $formpassw = mysql_real_escape_string($formpassw); $formpassw = md5($formpassw); //------------------------------------------------ $_SESSION['password'] = $formpassw; if( isset($_SESSION['referer']) ) { header("location:".$_SESSION['referer']); } else { header("location:index.php"); } ?>
This script does some simple input sanitisation and hashes the password into the session variable 'password'. This session variable will be checked later by plogger.php within a new function.

Step 4. Add the authorisation function within the "plogger.php" file. I arbitrarily added my function between the_plogger_head and the_plogger_gallery. Here is the function's code:
function auth_album() { if( $GLOBALS['plogger_level'] == 'picture' || $GLOBALS['plogger_level'] == 'album' ) { $sql = 'select * from ' . 'plogger_user_groups u, plogger_albums a where ' . 'a.id=' . $GLOBALS['plogger_id'] . ' and u.groupname = a.groupname'; connect_db(); $sql_result = run_query( $sql ); $ret = mysql_fetch_assoc($sql_result); $password = $ret['password']; if( isset( $password )){ $groupname_ending = 'group=' . $ret['groupname']; //echo "db pw == " . $ret['password'] . '<br/>'; //echo "dialog pw == " . $_SESSION['password']; // if there is a password for this album // but no password has been set by the user, // go to password dialog if( !isset($_SESSION['password']) ) { header('location:plog-auth.php?' . $groupname_ending ); } // otherwise, check the password else if( $password != $_SESSION['password'] ) { header('location:plog-auth.php?' . $groupname_ending . '&msg=noauth'); } } } }
This function queries the database for the group name and password associated with the current album. If the group name associated with this album does not have a password (i.e. has a null password), then the password checking does not occur. If the password for this album is set, then the function checks the 'password' session variable.

Step 5. Call the auth_album function within plogger.php before the call to plogger_init():
... // Authenticate if necessary auth_album(); // Initialize Plogger plogger_init(); // Throw 404 headers if a 404 error has occurred if ($GLOBALS['plogger_level'] == '404' && !headers_sent()) { ...

The password authentication should now be set up. Of course, for each album that you need password protected, the album will need to reference a user group with a non-null password. For example:
INSERT INTO plogger_user_groups (groupname, password) VALUES ('group_name_here', md5('password_here')); UPDATE plogger_albums SET groupname='group_name_here' WHERE name='album name here';

This is not the most efficient method of password authenticating albums, but it will get the job done (of keeping out prying eyes :P ).
- CommentAuthorgeorge
- CommentTimeMay 6th 2010
Hello all

I have installed the password protection for each album per instructions of dzmoore in this post: http://www.plogger.org/forum/discussion/1430/howto-password-protect-albums/#Item_0 .

However I can't get it to work. (I don't understand the last insturction).

Can anyone help? Please!
- CommentAuthordzmoore
- CommentTimeOct 3rd 2010
Posted By: georgeHello all

I have installed the password protection for each album per instructions of dzmoore in this post: http://www.plogger.org/forum/discussion/1430/howto-password-protect-albums/#Item_0 .

However I can't get it to work. (I don't understand the last insturction).

Can anyone help? Please!

The last instruction is saying to go into a database commandline/visualizer and creating a new group, and then tagging an album with a particular group. If you look at the code above, it should be adding a 'group' column to the plogger album table (in the db). When a user asks plogger to display an album, the other parts of the code above decides whether

(A) that albums group column is null
- or -
(B) that albums group column is some group name (not null)

if (A), plogger functions as it did before the code additions (no password protect)
if (B), plogger directs to the password page, where, upon user input, the above code additions verify the password against the group's password (stored in the group password table)

TL;DR example:
first create a group (only need to do this the first time)
INSERT INTO plogger_user_groups (groupname, password) VALUES ('group_one', md5('a_passw3rd_f0r_gr0up1'));

for each album (this example assumes an album exists in plogger called 'partying') you want to tag with "group_one", execute the following
UPDATE plogger_albums SET groupname='group_one' WHERE name='partying';

after doing this, any user attempting to view pictures in the album 'partying' will be prompted to type the password for group_out, which is a_passw3rd_f0r_gr0up1 .

hope this helps
- CommentAuthorSlapshot
- CommentTimeOct 22nd 2010
I have a little problem too and as I'm not an expert with php and barely managed to get all the steps done (I did finally ;-) ) a last obstacle occured. All the steps are done and I get a password dialog with my group indicated but after entering the password I get the error message below. Please help.

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'MYLOGIN'@'localhost' (using password: NO) in /var/www/MYLOGIN/html/gallerie/plog-auth-continue.php on line 8

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /var/www/MYLOGIN/html/gallerie/plog-auth-continue.php on line 8

Warning: Cannot modify header information - headers already sent by (output started at /var/www/MYLOGIN/html/gallerie/plog-auth-continue.php:8) in /var/www/MYLOGIN/html/gallerie/plog-auth-continue.php on line 13

Anyone got a hint how to solve this? Thank you very much in advance

Nils
- CommentAuthorchewbears
- CommentTimeOct 22nd 2010
Link to your gallery.
- CommentAuthorSlapshot
- CommentTimeOct 23rd 2010
login is password

Thank you for taking a look

click
- CommentAuthorpomstock
- CommentTimeMar 27th 2011
Hi,
I found out a not-so-nice but very simple way to password protect specific albums or collections.
I use htaccess files referring to a password config file, and I put them in every album/collection folder I need to protect, with a 401 bad auth redirection to a fully transparent gif to make it nicer.

Pros :
- Very simple to implement
- Highly customisable
- Perfectly working
- Nice layout (forbidden picture appear just transparent)
Cons :
- Always need to access server through FTP to modify permissions.
- Might be annoying for people navigating on your gallery if they don't have the password, because if you didn't authenticate properly, it will ask you for the password every time you load a page and try to watch a password-protected picture.
How to implement it :
1)create a file named pwd.htpasswd
2)Go to http://www.htaccesstools.com/htpasswd-generator/ to generate your password file and copy the content to pwd.htpasswd using your notepad.
3)create a file named rp.php
4) Fill it with :
<? echo realpath("rp.php"); ?>
5)Connect to your server with FTP, and put the two files rp.php and pwd.htpasswd to your domain root folder (that is, the one where you have your main index file).
6) Rename pwd.htpasswd to .htpasswd
7) Go to yourdomain.com/rp.php and get the absolute path to access your domain root folder (just remove rp.php from what is shown)
8) The absolute path to your .htpasswd file is absolute/path/to/domain/root/folder/.htaccess
9) remove the file rp.php
10)create a file named file.htaccess
11)open it with your notepad and fill it with the following code :
ErrorDocument 401 "http://upload.wikimedia.org/wikipedia/commons/c/ce/Transparent.gif" AuthUserFile absolute/path/to/htpassword/file AuthGroupFile /dev/null AuthName "Restricted access" AuthType Basic <LIMIT GET POST> Require valid-user </LIMIT>
Don't forget to replace "absolute/path/to/htpassword/file" with the path to your .htpasswd file.

To password protect the collection "mycollection"
12) Put the file file.htaccess in the folder plogger/plog-content/images/mycollection/
13) rename it to .htaccess
14) Put the file file.htaccess in the folder plogger/plog-content/thumbs/mycollection/
15) rename it to .htaccess

To password protect the album "myalbum" in collection "mycollection"
12) Put the file file.htaccess in the folder plogger/plog-content/images/mycollection/myalbum/
13) rename it to .htaccess
14) Put the file file.htaccess in the folder plogger/plog-content/thumbs/mycollection/myalbum/
15) rename it to .htaccess

And that's it !

If you feel like you want to password protect only specific pictures, htaccess files can also do this, but I let you google it ;)

Hope this helped you.

1 to 23 of 23

Feeds

General Support: HowTo: password protect albums