Photographers often have need to password protect galleries of images, whether providing clients with a layer of security or for other reasons. In a previous article, I proposed using a password protection script from Zubrag.com as one possible solution. Another solution was recently brought to my attention by TTG user Steen Brogaard. After testing the script, I find that it’s a little more complicated to get up and running, but well worth the effort in the end.
The script is called Login Redirect, and is a free download from mpdolan.com. This script not only protects specified pages, but also provides an admin area from which user accounts and redirect targets can be managed.
To get up and running with this, you will need to setup a MySQL database on your server. This can usually be done from within your hosting control panel. If you don’t know how to do this, consult documentation or support with your web host for assistance.
Here are some tips to get this setup:
Download and unzip the Login Redirect package to your desktop. On your web server, create a folder in which to store the Login Redirect stuff; “client” or “clientarea” might be a good name, but it’s entirely up to you. An example location might be http://www.domain.com/client, and this is the example that will be used for all URLs for the remainder of this article.
To get rolling with the install, browse to http://www.domain.com/client/index.html. Read through the information, then hit the “Begin Installation” link in the top right corner of the page.
On the next page, fill in your database information as completely as possible. For the Installation URL, do not include the trailing slash ( ‘/’ ) on the URL, as this will cause problems. The URL should be http://www.domain.com/client and NOT http://www.domain.com/client/.
Be sure to set values for minimum and maximum password length, as leaving this blank will cause all passwords to break, as I found the hard way.
Submit, and setup your admin user on the next page. Do not change the redirect location. If you filled in your Installation URL correctly, as described above, then it will be correct.
On the final page of installation, you will be given code and told to create a config.php file in your client folder. There’s already an empty config.php file at that location, so just open that up and paste your code inside.
To finish the installation process, you should find a login link at the bottom of the page. Go ahead and login, and you should be directed to your admin area.
In the future, you will login from the URL http://www.domain.com/client/login.html. Your clients will also login from this address, and you should use this as your target URL if you wish to create a Client Area menu item in your TTG galleries.
With installation complete, return to your FTP application and delete the install folder from the Login Redirect files.
Any page you wish to protect will need to be modified manually, as documented on the page http://www.domain.com/client/index.html.
Using this script you can protect any individual image gallery or gallery index created by TTG Auto Index, with clients being redirected to their galleries on login.
And before you ask, the answer is “No, this is not something that I can build into TTG Pages or any other web engine. This setup process must be performed manually, and cannot be automated from within Lightroom.”
Finally, keep in mind that this is only one of many possible solutions for password protecting your galleries. The Zubrag.com script from my previous article remains a valid method of protecting galleries, and there are many other scripts to be found by performing a search for “password protection scripts” in your favorite search engine.
{ 9 comments… read them below or add one }
What are the benefits of this script over your previous one?
Not my scripts.
But the difference is that this one has a back end for managing users, while the other does not. This one also requires you to setup a database, while the other does not. And so this one is more complicated, but it’s also more robust.
I have been toying with the idea of creating a template index file for either this script or the Zubrag.com to help avoid having to modify the lightroom gallery output directly. I have not tried either yet (although I intend to) but based on their descriptions it sounds like you need to modify the index.html file created by Lightroom. This isn’t too bad if you just export, modify, and upload the gallery once, but depending on the gallery I could upload it several times which means I would have to manually modify the gallery file(s) each time. My thought was to create a PHP file (index.php for example) that could simply be copied into the root folder of the gallery along side the index.html file. This PHP file would act as a wrapper for the index.html file and already contain the necessary security pieces in it and would use a Include or similar PHP function to display the contents of the index.html file. As long as the server looks for and loads the php files first (which I think most do) you could export and re upload the gallery as many times as you want and only have to do the initial setup once.
Let me know if I’m off base here.
Will post the solution if I get around to putting it together.
The logic seems sound; try it.
Hi there,
I tried this out but if you type in http://www.yourdomain.com/client/ in to a browser, you get a list of files that can be accessed without going through the login panel. Is this the case (in which case is there any use for the login?) or have I missed something?
Without knowing the full structure of the site, I have no idea. What page are you trying to protect, and what is located in the /client/ folder?
Answering Matthew’s questions will help, but it sounds like you don’t have an index file in that directory in which case the user will be provided with a list of directory contents. Most hosting companies disable the directory browsing by default, but sounds like that is not the case for you. See this page for an example of what I mean: http://www.gobalakrishnan.com/turn-off-directory-browsing-to-protect-your-web-content/
Also this script is not designed to protect files in a directory. If a visitor knows the path to any file on your server (images, webpages, etc) they can type it in the address bar and view/download the file. The script will only prevent users from viewing pages that you have applied the script to.
The only way to protect against that direct file access is .htaccess or similar methods.
Thanks Digital Oxygen, that’s what I was looking for.
FYI if you use .htaccess or other method of locking down the directories Fotomoto will not work as it will be denied access when it attempts to read the photos on the site. The Fotomoto servers can’t “login” to get access to the images so it won’t work. I had to move to a php password protection system for this reason. At least this is how it worked before. They may have added some magic when they recently changed their API, but I doubt it. Regardless similar things would happen when sharing on Facebook. It would most likely not be able to display the thumbnails as it usually does when you share a page with images. I suppose you might be able to add exceptions in to the .htaccess file to allow certain sites through without a password but I have not explored it. Not sure if it’s even possible.