I have integrated Gallery with an application I am working on.
Gallery is not integrated as an embeded application entirely, but I have it working like Single Sign On (ie when the user logs into the Parent App it logs them into Gallery Automatically) However when they then go to gallery they are still going to main.php.
I make this call to log the user in:
$ret = GalleryEmbed::init(array('embedUri' => 'twreq.php',
embedPath => '/gallery',
'relativeG2Path' => '',
'loginRedirect' => '/login.do',
'activeUserId' => $activeUserId,
'gallerySessionId' => $ssid));
GalleryEmbed::handleRequest();
Passing in both the external ID of the user in the parent app, and also the sessionId from the parent app.
I then create a cookie on the users browser with 'GALLERYSID' as the name, and the sessionId from above with the path '/gallery/' (expires in a year from today).
The behavior I am getting is this:
On windows XP (As server) the user gets logged in (ie printing the active user directly after the init give the right id) and works fine. However, if I dont create the cookie it fails on useralbum.inc (line 55) on subsequently trying to access the users album.
On Linuz (As server) the user gets logged in (ie printing the active user directly after the init give the right id), however it then always fails when trying to access the useralbum (again line 55 of useralbum.inc).
Please help: I am stuck... I have tried everything, and nothing seems to work for me on my linux server.
Am I doing something wrong with the way I am using GalleryEmbed ??
When logging in directly to Gallery on Linux it works just fine !!
Thanks for any assitance.
If you dont understand the question maybe you could let me know what lines of code need to be called to log someone in remotely ie calling a url: /remotelogin.php?username=XXXX
What needs to be in remotelogin.php to log the user in, and make sure he stays logged in?
Thanks again,
Reuven
Posts: 32509
passing the sssion to g2 is really just a plus, it only helps people who don't accept cookies. for all others, it works without.
what's remotelogin.php ? in what directory is this file? doesn't seem to be a g2 file.
'embedUri' => 'twreq.php',
embedPath => '/gallery',
'relativeG2Path' => '',
don't know if these values are correct.
could you describe how your application works?
what i need to know:
- has your application a single entry file, e.g. something like main.php in g2/ in g2, all request go to main.php, and we then decide what to do.
how do you decide in your application that it should be handled by G2?
e.g. in my xaraya integretion, all requests go to index.php. and all g2 URLs in xaraya look like index.php?module=gallery2.
xaraya detects the module and then loads my wrapper script.
in my wrapper, i include embed.php and call GalleryEmbed::init and ::handleRequest().
is it the same in your application and how does such a embedded G2 URL look like?
and where is the application root and where is the gallery2 root?
Posts: 22
Hey Valiant,
Thanks for the quick reply.
Instead of explaining what I did I will tell you what I want to do.
I want to create a new file: remotelogin.php that will be called from another application, passing in a username, and will call whatever it needs to in gallery to make the user logged in.
I want the other application lets call it X (that may even be running on a different server) to call Gallery to log someone in. So that when that person is redirected to the gallery apps main.php (the standard one) they are already logged in.
for example application X (on http://www.galleryserver.com) will call: http://localhost/remotelogin.php?username=bobsmith
After this call user bobsmith will be logged in and when he browses over to http://www.galleryserver.com he will already be logged in.
Thats all
Thanks
Posts: 32509
short answer, not (easily) possible.
longer answer>
i may be wrong, and it's getting late, but this is my reasoning;
the problem is the "other host" aspect and it has to do with cookies. am a pseudo expert for cookies, had to research a lot for g2.
let's call remotelogin.php on server localhost Y.
you want: X communicates with Y. goal: create a session for the current user of X in Y such that the current user is recognized as logged in / authenticated when he requests something from Y at a later point.
X requests something from Y, and Y can only send back a cookie to X, but not to the user. so the user has no cookie from Y. X cannot send a cookie to the user in the name of Y, the cookie specs don't allow this, this would be a whole for attacks.
so now the user visits Y and how should Y know that the user is logged in? Y didn;t receive a cookie from the user etc.
workaround:
X submits Y username, useragent string, ip, y returns GALLERYSID
all links from X to Y for the actuve user have g2_GALLERYSID=... in the url.
and don't wanna think about security know. making this really secure is difficult, since everyone who wants to listen can see all this happen in cleartext.
Posts: 22
I have figured out the problem, and just want to post the solution for future reference.
The problem I was having was because of the security features of gallery. The GallerySession contains something called remoteIdentifier that is partially composed of the remoteAddress (ip) see GalleryUtilities::getRemoteHostAddress.
The problem was that the ip address in the session was the one of the system that logged me on, and when I then went to my gallery account the ip did not match.
I solved this by having the system that logs the user in pass the IP address to gallery and have gallery use that rather than the one it gets from getRemoteHostAddress.
Hope this helps someone,
Reuven
Posts: 21
Can you post your solution source?