Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 24. Nov 2024, 08:43

This forum is readonly now. Please use the new forum if you don't find the answer to your question here. The new forum is at https://www.tinywebgallery.com/blog/forum/


All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Login Expires?
PostPosted: 29. Aug 2009, 14:38 
Offline

Joined: 9. Feb 2009, 18:16
Posts: 80
Location: Rochester, MN USA
Hi Michael,

I'm a little confused on when someone has to re-enter their user name and password after they have already logged into the site.

I have the following set:

    $password_file='.htprivate';
    $encrypt_passwords=true;
    $user_login_mode=true;

I am not using the multi-root mode.

I have a single .htprivate file in the pictures folder which contains "intermediate,admin". My intention is that a login is required to view any area of the gallery, but once someone is logged in, they can view any part of the gallery freely.

If I link to a subdirectory I get a username/password login dialog so I know the .htprivate file is covering the subfolders as well.

Here's where I get confused. When I login and move around in the different folders, sometimes I get another login prompt. I can't quite figure out the logic of when this happens. It seems that if I link and login to the pictures folder I can move around a lot more before I get another login. If I login to a subfolder, at some point I get another login request. It doesn't seem to be simply backing up above the folder where I logged in.

Under what conditions should I be getting additional login dialogs when navigating around my galleries? Does this depend on my initial subfolder? Is there a way to make it so that no matter where I enter the gallery, I can go anywhere without getting another login dialog?

And a sub-question: Is there a mechanism to make a login timeout after no activity? I'm thinking about people logging into the gallery in a coffee house and walking away.


Top
 Profile  
 
 Post subject:
PostPosted: 29. Aug 2009, 15:43 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
you should not get any additional login requests if you have only one .htprivate file - dor do you have other .htprivate file in the subfolders with different users?

About the logout. It is session based. Once the session if over he gets logged out. If you protect only subfolders you can click on the small lock to lock a folder again.

- Michael


Top
 Profile  
 
 Post subject:
PostPosted: 29. Aug 2009, 15:48 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
btw.

$encrypt_passwords=true;
and
$user_login_mode=true;

do not make sense at the same time because in the private.txt file is only the username ;).

- Michael


Top
 Profile  
 
 Post subject:
PostPosted: 30. Aug 2009, 16:49 
Offline

Joined: 9. Feb 2009, 18:16
Posts: 80
Location: Rochester, MN USA
Hi Michael,

• I have "$user_login_mode=true;" to force a "full" login with user name rather than just a password when you enter the gallery. Anyone who has permission to view the gallery should also have permission to upload so I don't want them to have enter the password to view the gallery and then click "login" to upload or edit.

• "$encrypt_passwords=true;" is set because I thought that otherwise passwords, wherever they are stored, were stored in clear text.

• I have only one .htprivate file and it is in the "pictures" folder.

I played with the gallery some more this morning. The problem does not seem to be time related. The time before another login request came up ranged from less than 30 seconds to 2-3 minutes. It also doesn't seem to be related to where I start or go. In one case I linked to a folder in the middle of the gallery which contains 20 sub folders. I simply clicked around between these folders and about 2 minutes later I got another login request.

I checked the system php logs while I was doing this last test and found this stuff:

After the first login, this was in the log:

Code:
[Sun Aug 30 06:39:05 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor%2FChristiansen&twg_show=


After a couple of minutes I got another login dialog. After that, these additional lines were in the log:

Code:
[Sun Aug 30 06:40:49 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor%2FKellagher
[Sun Aug 30 06:40:52 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor%2FBrossoit
[Sun Aug 30 06:40:55 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F010-StCloud

[Sun Aug 30 06:40:58 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor%2FBrossoit

[Sun Aug 30 06:41:05 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor

[Sun Aug 30 06:41:11 2009] [crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /home2/rochesu2/public_html/twg/cache/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.rochesterfsc.org/twg/index.php?twg_album=300-RhythmBlades%2F500-Intermediate%2F2009-2010%2F020-AnnArbor%2FMcNiven


There is no .htaccess file in the cache folder. Here is a list of all .ht* files below the twg directory:

Code:
[~/public_html/twg]# find . -name ".ht*"
./pictures/.htprivate
./admin/_config/.htusers.php
./admin/_config/.htaccess
./admin/_include/.htaccess
./examples/.htaccess_example
./examples/.htaccess
./.htaccess
./inc/.htaccess


Does this give you any ideas? I am still at 1.7.7 but I will be upgrading to 1.7.8 shortly.

Let me know if you want to take a look around the site. I can send you a login by PM.

Thanks,

T.


Top
 Profile  
 
 Post subject:
PostPosted: 30. Aug 2009, 22:18 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
Thats a strange error - TWG does not look for any .htaccess files.

TWG does register the global error handler. So other errors can show up in the debug log as well.

I have tested your setup and your error did not happen on my system.

The passwords for users are always encrypted.

- Michael


Top
 Profile  
 
 Post subject:
PostPosted: 30. Aug 2009, 22:34 
Offline

Joined: 9. Feb 2009, 18:16
Posts: 80
Location: Rochester, MN USA
The errors weren't in the debug log, they were in the system php log.


Top
 Profile  
 
 Post subject:
PostPosted: 30. Aug 2009, 22:45 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 11232
same problem - TWG does not look for a .htaccess file by default.

Please check if the problem still happens at TWG 1.7.8.

- Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 85 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
powered by phpbb | Datenschutz/ Privacy policy