Logins

felgall

Joined: 2013-10-09
Posts: 16

Posted: Fri, 2013-10-11 21:09

I am configuring Gallery 3 within a membership area where everyone has already logged in.

So far I have succeeded in replacing the user table with a view of the table that controls access to the entire site. By substituting the id of the logged in member for 1 in the guest lookup I got Gallery 3 to recognise who is logged in provided that Gallery 3 believes that someone is logged in. Where the current login has expired I have to press the logout link in order to get Gallery 3 to recognise who is logged in. Is there a simple way to force Gallery 3 to always be logged in? Presumably it is just a matter of replicating part of the processing that would normally run after the login form (which I have hidden) is submitted but I am not yet familiar enough with the Gallery 3 code to find it (only been looking at this script in my spare time over the last four days so far).

tempg

Joined: 2005-12-17
Posts: 1857

Posted: Tue, 2013-10-15 18:57

Not sure I understand.
Maybe increase the time before session times out?
But I'm not sure; Gallery's default session is long; thinking I missed your point.

felgall

Joined: 2013-10-09
Posts: 16

Posted: Tue, 2013-10-15 20:37

Gallery is issuing a new session id on every single page load - even when you just hit the reload button in the browser to reload the current page. It is obviously some incompatibility between the way Gallery is set up to determine whether someone is logged in or not and the way the system I have embedded it in makes the same determination.

I have tried commenting out every single line of Gallery code that issues a regenerate with no effect so it isn't that.

The way I am using it, each and every single call to load a page in Gallery supplies the currently logged in user from the main system to Gallery where the Guest processing in Gallery then treats it as a new guest login. Presumably it is because every Gallery page load is a new guest login is the reason for the session id changing. Is there an alternative way that I can use to identify that a registered user is already logged in by the time the Gallery home page first displays that will not treat each and every page load as a new login?

As soon as Gallery decides is is a new login and resets the session that logs the person out of the main system and throws them back to the main system login screen. I have put a temporary workaround in place to be able to continue configuring Gallery by saving the essential session info in cookies when Gallery is first accessed and reloading the session fields from the cookie every time Gallery changes the session id but that still leaves the person logged out of the main system when they attempt to return to the main system after they have finished in Gallery.

The files I have updated - mostly to comment out unwanted validations and links to unneeded pages- are modules/gallery/controllers/admin.php, modules comment/models/comment.php, modules/users/helpers/users.php, and modules/users/views/admin-users.html.php - the rest of my code is in local.php so it runs first for each page so as to check that the person is logged in before any Gallery code is allowed to run. I'll look into how to convert those four changed files into a separate module and restore the original code to those files once I can get everything else working.

tempg

Joined: 2005-12-17
Posts: 1857

Posted: Tue, 2013-10-15 20:57

No idea what's going on with your sessions ("every Gallery page load is a new guest login"); doesn't sound like Gallery's default behaviour. (Unless you mean that every page checks for the login credential when loading--which it needs to do so that it only displays the appropriate items.)

A bit out of my zone. I may be totally getting this wrong or misunderstanding you (or both).

What are you using for users to log onto your website?
Have you looked at the openid module?
http://codex.galleryproject.org/Gallery3:Modules:openid

EDIT: Also, possible alternative starting point: http://galleryproject.org/node/94546

felgall

Joined: 2013-10-09
Posts: 16

Posted: Tue, 2013-10-15 21:42

The way I am trying to use it, users don't need to log in to Gallery as they can't even get to it unless they are already logged in to the system I am embedding it into. By the time any Gallery code runs anyone not logged in has already been redirected - the changes I have made to the code have been to remove any validations that would cause them to be treated as not being logged.

Basically what I am trying to do is to completely remove the login requirement from Gallery given that only people already logged in can get that far and it is stupid to require people to login twice.

The code I added in local.php tests if the person is logged in and if not redirects them to the login screen which is outside of Gallery. For everyone who is logged in it extracts their member number from the member table. Then in the user module I modified the guest() function so that instead of setting the user to 1 it sets the user to the currently logged in member number. All the other changes I have made are to remove validations in Gallery that have already been performed prior to calling Gallery in the first place - that way it doesn't give an error that the Gallery password is wrong when there is no separate Gallery password for members.

The other change I made was to delete the user table and replace it with a view that references the equivaqlent fields from the member table.

Everything is working the way I want except for the constantly changing session id. I have resolved that while the person is in Gallery by saving the info to cookies when Gallery is first accessed and reading them back from the cookie on every page load but with that code in local.php it is still logging the person out of the main system as soon as the first Gallery page finishes loading because the session id has changed.

tempg

Joined: 2005-12-17
Posts: 1857

Posted: Tue, 2013-10-15 21:53

Quote:

users don't need to log in to Gallery as they can't even get to it unless they are already logged in to the system I am embedding it into. By the time any Gallery code runs anyone not logged in has already been redirected

Reading the last comment (and still not knowing how they're logging into the main site), why not just ignore permissions altogether? If you just make the Gallery "public" your issues should be solved. (I put "public" in quotes because it won't really be public if no one can otherwise access the page.) Basically install Gallery as it is out of the box, without permissions, users, etc. and let that be that.

If you do that, the only way you have an issue is if Gallery and your website are using the exact same login--which they're not (or at least were not before the customizations).

Again, maybe this is just above my head?? I'll shut up for a while to see if anyone else chimes in with a different understanding.

felgall

Joined: 2013-10-09
Posts: 16

Posted: Wed, 2013-10-16 01:30

Making it public will not work as different members will have different access inside Gallery - unfinancial members not allowed to add images, only some members allowed to perform edits or access the admin area.

They are logged in on the main site via a token stored in a session variable and also stored in their entry in the database - so that by reading the token and looking up the associated member all the details of the member can be retrieved.

I wouldn't be having any problems with Gallery if it were to leave the session that is already in use alone and not replace the session id - which loses access to the session token that identifies who is logged in.

felgall

Joined: 2013-10-09
Posts: 16

Posted: Thu, 2013-10-17 20:50

I have now got it working - but only by copying the session token to a cookie and back on every page view. That way the fact that Gallery regenerates the session on every page view ceases to be a problem because the new session then gets given the login token from the cookie.

So I have now effectively embedded Gallery 3 into a membership site where the access to Gallery is controlled by the main membership site.

The changes I made are as follows:

1. Replace the user table in Gallery with a view of the member table from the main site. So all the "user" details are extracted from the membership data and no information need be duplicated.
2. Add a local.php file that tests if the person is logged into the membership site and works out what access they are allowed to have to Gallery. Insert or delete user/group data based on which groups that particular type of member belongs to.
3. Update modules/users/helpers/users.php to substitute the member_number for 1 in the guest() lookup
4. Created a new theme that wraps some of the main site navigation etc around Gallery so as to provide a way to get to the rest of the site from within Gallery.

To clean up the options displayed that no longer make sense because the user table is gone I removed a few links from modules/users/views/admin_users.html.php and modules/comment/models/comment.php
I also removed the reauthenticate code from modules/users/views/admin_users.html.php since Gallery no longer has access to any meaningful passwords (but I am thinking of putting that code back and updating the view so that it uses a fixed password for everyone with admin access - perhaps 12345 since the hash for that is in the FAQ.

I first looked at Gallery about 10 days ago so I haven't really figured out much of how it works yet. Presumably there's a way of incorporating all of the small changes I made to code within Gallery into a module so that the original code can be left alone but I haven't had time to look into how the module system works yet (I wanted to make sure that it could be embedded into the membership site first before starting to look into how it does what it does).

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Fri, 2013-10-18 15:15

Sounds like you are making significant strides in a short period of time.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

tempg

Joined: 2005-12-17
Posts: 1857

Posted: Sat, 2013-10-19 16:46

@felgall: I don't think I will ever need to integrate Gallery in this way, but I especially appreciate you coming back to outline the steps and what's working for you. I'm more than sure that there are others that will benefit from your shared knowledge.

And I echo @floridave: if you've just looked at Gallery for the first time 10 days ago, you've done a ton!

felgall wrote:

Presumably there's a way of incorporating all of the small changes I made to code within Gallery into a module so that the original code can be left alone but I haven't had time to look into how the module system works yet

I'm more of a Gallery code hacker for the things that I do, so not sure I can help much here. Hope you're able to get that part working.

felgall Joined: 2013-10-09 Posts: 16	Posted: Fri, 2013-10-11 21:09
	I am configuring Gallery 3 within a membership area where everyone has already logged in. So far I have succeeded in replacing the user table with a view of the table that controls access to the entire site. By substituting the id of the logged in member for 1 in the guest lookup I got Gallery 3 to recognise who is logged in provided that Gallery 3 believes that someone is logged in. Where the current login has expired I have to press the logout link in order to get Gallery 3 to recognise who is logged in. Is there a simple way to force Gallery 3 to always be logged in? Presumably it is just a matter of replicating part of the processing that would normally run after the login form (which I have hidden) is submitted but I am not yet familiar enough with the Gallery 3 code to find it (only been looking at this script in my spare time over the last four days so far).
	XUser login Username: * Password: * Create new account Request new password
tempg Joined: 2005-12-17 Posts: 1857	Posted: Tue, 2013-10-15 18:57
	Not sure I understand. Maybe increase the time before session times out? But I'm not sure; Gallery's default session is long; thinking I missed your point.

felgall Joined: 2013-10-09 Posts: 16	Posted: Tue, 2013-10-15 20:37
	Gallery is issuing a new session id on every single page load - even when you just hit the reload button in the browser to reload the current page. It is obviously some incompatibility between the way Gallery is set up to determine whether someone is logged in or not and the way the system I have embedded it in makes the same determination. I have tried commenting out every single line of Gallery code that issues a regenerate with no effect so it isn't that. The way I am using it, each and every single call to load a page in Gallery supplies the currently logged in user from the main system to Gallery where the Guest processing in Gallery then treats it as a new guest login. Presumably it is because every Gallery page load is a new guest login is the reason for the session id changing. Is there an alternative way that I can use to identify that a registered user is already logged in by the time the Gallery home page first displays that will not treat each and every page load as a new login? As soon as Gallery decides is is a new login and resets the session that logs the person out of the main system and throws them back to the main system login screen. I have put a temporary workaround in place to be able to continue configuring Gallery by saving the essential session info in cookies when Gallery is first accessed and reloading the session fields from the cookie every time Gallery changes the session id but that still leaves the person logged out of the main system when they attempt to return to the main system after they have finished in Gallery. The files I have updated - mostly to comment out unwanted validations and links to unneeded pages- are modules/gallery/controllers/admin.php, modules comment/models/comment.php, modules/users/helpers/users.php, and modules/users/views/admin-users.html.php - the rest of my code is in local.php so it runs first for each page so as to check that the person is logged in before any Gallery code is allowed to run. I'll look into how to convert those four changed files into a separate module and restore the original code to those files once I can get everything else working.

tempg Joined: 2005-12-17 Posts: 1857	Posted: Tue, 2013-10-15 20:57
	No idea what's going on with your sessions ("every Gallery page load is a new guest login"); doesn't sound like Gallery's default behaviour. (Unless you mean that every page checks for the login credential when loading--which it needs to do so that it only displays the appropriate items.) A bit out of my zone. I may be totally getting this wrong or misunderstanding you (or both). What are you using for users to log onto your website? Have you looked at the openid module? http://codex.galleryproject.org/Gallery3:Modules:openid EDIT: Also, possible alternative starting point: http://galleryproject.org/node/94546

felgall Joined: 2013-10-09 Posts: 16	Posted: Tue, 2013-10-15 21:42
	The way I am trying to use it, users don't need to log in to Gallery as they can't even get to it unless they are already logged in to the system I am embedding it into. By the time any Gallery code runs anyone not logged in has already been redirected - the changes I have made to the code have been to remove any validations that would cause them to be treated as not being logged. Basically what I am trying to do is to completely remove the login requirement from Gallery given that only people already logged in can get that far and it is stupid to require people to login twice. The code I added in local.php tests if the person is logged in and if not redirects them to the login screen which is outside of Gallery. For everyone who is logged in it extracts their member number from the member table. Then in the user module I modified the guest() function so that instead of setting the user to 1 it sets the user to the currently logged in member number. All the other changes I have made are to remove validations in Gallery that have already been performed prior to calling Gallery in the first place - that way it doesn't give an error that the Gallery password is wrong when there is no separate Gallery password for members. The other change I made was to delete the user table and replace it with a view that references the equivaqlent fields from the member table. Everything is working the way I want except for the constantly changing session id. I have resolved that while the person is in Gallery by saving the info to cookies when Gallery is first accessed and reading them back from the cookie on every page load but with that code in local.php it is still logging the person out of the main system as soon as the first Gallery page finishes loading because the session id has changed.

tempg Joined: 2005-12-17 Posts: 1857	Posted: Tue, 2013-10-15 21:53
	Quote: users don't need to log in to Gallery as they can't even get to it unless they are already logged in to the system I am embedding it into. By the time any Gallery code runs anyone not logged in has already been redirected Reading the last comment (and still not knowing how they're logging into the main site), why not just ignore permissions altogether? If you just make the Gallery "public" your issues should be solved. (I put "public" in quotes because it won't really be public if no one can otherwise access the page.) Basically install Gallery as it is out of the box, without permissions, users, etc. and let that be that. If you do that, the only way you have an issue is if Gallery and your website are using the exact same login--which they're not (or at least were not before the customizations). Again, maybe this is just above my head?? I'll shut up for a while to see if anyone else chimes in with a different understanding.

felgall Joined: 2013-10-09 Posts: 16	Posted: Wed, 2013-10-16 01:30
	Making it public will not work as different members will have different access inside Gallery - unfinancial members not allowed to add images, only some members allowed to perform edits or access the admin area. They are logged in on the main site via a token stored in a session variable and also stored in their entry in the database - so that by reading the token and looking up the associated member all the details of the member can be retrieved. I wouldn't be having any problems with Gallery if it were to leave the session that is already in use alone and not replace the session id - which loses access to the session token that identifies who is logged in.

felgall Joined: 2013-10-09 Posts: 16	Posted: Thu, 2013-10-17 20:50
	I have now got it working - but only by copying the session token to a cookie and back on every page view. That way the fact that Gallery regenerates the session on every page view ceases to be a problem because the new session then gets given the login token from the cookie. So I have now effectively embedded Gallery 3 into a membership site where the access to Gallery is controlled by the main membership site. The changes I made are as follows: 1. Replace the user table in Gallery with a view of the member table from the main site. So all the "user" details are extracted from the membership data and no information need be duplicated. 2. Add a local.php file that tests if the person is logged into the membership site and works out what access they are allowed to have to Gallery. Insert or delete user/group data based on which groups that particular type of member belongs to. 3. Update modules/users/helpers/users.php to substitute the member_number for 1 in the guest() lookup 4. Created a new theme that wraps some of the main site navigation etc around Gallery so as to provide a way to get to the rest of the site from within Gallery. To clean up the options displayed that no longer make sense because the user table is gone I removed a few links from modules/users/views/admin_users.html.php and modules/comment/models/comment.php I also removed the reauthenticate code from modules/users/views/admin_users.html.php since Gallery no longer has access to any meaningful passwords (but I am thinking of putting that code back and updating the view so that it uses a fixed password for everyone with admin access - perhaps 12345 since the hash for that is in the FAQ. I first looked at Gallery about 10 days ago so I haven't really figured out much of how it works yet. Presumably there's a way of incorporating all of the small changes I made to code within Gallery into a module so that the original code can be left alone but I haven't had time to look into how the module system works yet (I wanted to make sure that it could be embedded into the membership site first before starting to look into how it does what it does).

floridave Joined: 2003-12-22 Posts: 27300	Posted: Fri, 2013-10-18 15:15
	Sounds like you are making significant strides in a short period of time. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

tempg Joined: 2005-12-17 Posts: 1857	Posted: Sat, 2013-10-19 16:46
	@felgall: I don't think I will ever need to integrate Gallery in this way, but I especially appreciate you coming back to outline the steps and what's working for you. I'm more than sure that there are others that will benefit from your shared knowledge. And I echo @floridave: if you've just looked at Gallery for the first time 10 days ago, you've done a ton! felgall wrote: Presumably there's a way of incorporating all of the small changes I made to code within Gallery into a module so that the original code can be left alone but I haven't had time to look into how the module system works yet I'm more of a Gallery code hacker for the things that I do, so not sure I can help much here. Hope you're able to get that part working.

XUser login