Comments on: Password Protecting Your Image Galleries

By: DigitalOxygen

DigitalOxygen — Tue, 25 May 2010 21:40:19 +0000

FYI if you use .htaccess or other method of locking down the directories Fotomoto will not work as it will be denied access when it attempts to read the photos on the site. The Fotomoto servers can’t “login” to get access to the images so it won’t work. I had to move to a php password protection system for this reason. At least this is how it worked before. They may have added some magic when they recently changed their API, but I doubt it. Regardless similar things would happen when sharing on Facebook. It would most likely not be able to display the thumbnails as it usually does when you share a page with images. I suppose you might be able to add exceptions in to the .htaccess file to allow certain sites through without a password but I have not explored it. Not sure if it’s even possible.

By: DigiDoug

DigiDoug — Thu, 06 May 2010 17:10:30 +0000

Thanks Digital Oxygen, that’s what I was looking for.

By: DigitalOxygen

DigitalOxygen — Thu, 06 May 2010 16:30:10 +0000

Answering Matthew’s questions will help, but it sounds like you don’t have an index file in that directory in which case the user will be provided with a list of directory contents. Most hosting companies disable the directory browsing by default, but sounds like that is not the case for you. See this page for an example of what I mean: http://www.gobalakrishnan.com/turn-off-directory-browsing-to-protect-your-web-content/

Also this script is not designed to protect files in a directory. If a visitor knows the path to any file on your server (images, webpages, etc) they can type it in the address bar and view/download the file. The script will only prevent users from viewing pages that you have applied the script to.

The only way to protect against that direct file access is .htaccess or similar methods.

By: theturninggate

theturninggate — Thu, 06 May 2010 16:06:40 +0000

Without knowing the full structure of the site, I have no idea. What page are you trying to protect, and what is located in the /client/ folder?

By: DigiDoug

DigiDoug — Thu, 06 May 2010 12:42:17 +0000

Hi there,

I tried this out but if you type in http://www.yourdomain.com/client/ in to a browser, you get a list of files that can be accessed without going through the login panel. Is this the case (in which case is there any use for the login?) or have I missed something?

By: theturninggate

theturninggate — Mon, 18 Jan 2010 17:47:07 +0000

The logic seems sound; try it.

By: DigitalOxygen.ca

DigitalOxygen.ca — Mon, 18 Jan 2010 17:15:08 +0000

I have been toying with the idea of creating a template index file for either this script or the Zubrag.com to help avoid having to modify the lightroom gallery output directly. I have not tried either yet (although I intend to) but based on their descriptions it sounds like you need to modify the index.html file created by Lightroom. This isn’t too bad if you just export, modify, and upload the gallery once, but depending on the gallery I could upload it several times which means I would have to manually modify the gallery file(s) each time. My thought was to create a PHP file (index.php for example) that could simply be copied into the root folder of the gallery along side the index.html file. This PHP file would act as a wrapper for the index.html file and already contain the necessary security pieces in it and would use a Include or similar PHP function to display the contents of the index.html file. As long as the server looks for and loads the php files first (which I think most do) you could export and re upload the gallery as many times as you want and only have to do the initial setup once.

Let me know if I’m off base here.

Will post the solution if I get around to putting it together.

By: theturninggate

theturninggate — Mon, 18 Jan 2010 03:11:52 +0000

Not my scripts.

But the difference is that this one has a back end for managing users, while the other does not. This one also requires you to setup a database, while the other does not. And so this one is more complicated, but it’s also more robust.

By: mike

mike — Mon, 18 Jan 2010 00:33:50 +0000

What are the benefits of this script over your previous one?