Basic integration

dregin

Joined: 2007-02-08
Posts: 1

Posted: Sun, 2007-02-11 20:46

Hi. I've been trying to integrate gallery 2 with Torrent Trader (http://www.torrenttrader.org) to no avail. I've followed the documentation here and also tried to apply what's been done here.

I've created a file called gallery.php (a.k.a. embed.php) which looks like this:

#!/usr/bin/php4-cgi
<?php
require_once(dirname(__FILE__) . '/gallery/embed.php');
$userid = $_COOKIE["uid"];
$ret = GalleryEmbed::init(array( 'embedUri' => '/home/paddypunk/paddypunk/gallery2.php', 'g2Uri' =>
'/home/paddypunk/paddypunk/gallery', 'loginRedirect' => '/home/paddypunk/paddypunk/account-login.php',
'activeUserId' => $userid));
if ($ret) {
  // $ret->getAsHtml() has error details..
  exit;
}
$g2data = GalleryEmbed::handleRequest();
if ($g2data['isDone']) {
  exit; // Gallery 2 has already sent output (redirect or binary data)
}
// Use $g2data['headHtml'] and $g2data['bodyHtml']
// to display Gallery 2 content inside embedding application
// if you don't want to use $g2data['headHtml'] directly, you can get the css,
// javascript and page title separately by calling...
if (isset($g2moddata['headHtml'])) {
  list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']);
}



?>

I'm also dealing with two other files, account-login.php and account-logout.php:

account-login.php:

#!/usr/bin/php4-cgi
<?
//
// CSS and Language updated 30.11.05
//
ob_start();
require_once('gallery/embed.php');
require_once("backend/functions.php");
dbconn();

unset($returnto);
if (!empty($_GET["returnto"])) {
        $returnto = $_GET["returnto"];
        if (!$_GET["nowarn"]) {
                $message = "" . SORRY_MEMBERS_ONLY . "";
        }
}

if (mkglobal("username:password")) {
        $password = md5($password);

        $res = mysql_query("SELECT id, password, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirm$
        $row = mysql_fetch_array($res);

        if (!$row)
                $message = "" . USERNAME_WRONG . "";
        elseif ($row["password"] != $password)
                $message = "" . PASSWORD_WRONG . "";
        elseif ($row["enabled"] == "no")
                $message = "" . ACCOUNT_DISABLED . "";
        else {
                logincookie($row["id"], $row["password"], hash_pad($row["secret"], 20));
                if (!empty($_POST["returnto"])) {
                        header("Refresh: 0; url=" . $_POST["returnto"]);
                        die();
                }
                else {
                        header("Refresh: 0; url=index.php");
                        die();
                }
        }
}

logoutcookie();

stdhead("Login");

begin_frame("" . LOGIN . "");

if ($message != "")
        bark2("Access Denied", $message);
?>

<form method="post" action="account-login.php">
        <div align="center">
        <table border="0" cellpadding=5>
                <tr><td><B><?echo "" . USERNAME . "";?>:</B></td><td align=left><input type="text" size=40 name="username" /></td></tr>
                <tr><td><B><?echo "" . PASSWORD . "";?>:</B></td><td align=left><input type="password" size=40 name="password" /></td></tr>
                <tr><td colspan="2" align="center"><input type="submit" value="<?echo "" . LOGIN . "";?>" class=btn><BR><BR><i><?echo "" . C$
        </table>
        </div>
<?

if (isset($returnto))
        print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($returnto) . "\" />\n");

?>

</form>
<p align="center"><a href="account-signup.php"><?echo "" . REGISTERNEW . "";?></a> | <a href="account-recover.php"><?echo "" . RECOVER_ACCOU$

<?
end_frame();
stdfoot();
?>

account-logout.php

#!/usr/bin/php4-cgi
<?
// Logout of site, clear cookie and return to index
require_once("backend/functions.php");
//require_once('/home/paddypunk/paddypunk/gallery/embed.php');
dbconn();
logoutcookie();
Header("Location: $SITEURL/index.php");

?>

As you can see account-logout.php doesn't contain any gallery 2 related code yet.
I'm really lost as to how I'm supposed to be using the code in the documentation and any helpful info would be much appreciated.

Thanks in advance,
Bernard

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Sun, 2007-02-11 21:33

1. embedUri / g2Uri /loginRedirect is wrong. you have filesystem paths there. but they should be URLs (internet website addresses). you referenced a documentation page in your forum post. that documentation page has some examples.

2. your way to acquire the user id from the cookie is very bad. remove that code quickly. it's very insecure. that code basically says that anyone that can browse to your webserver can act as G2 admin by submitting a cookie with the proper uid value.

3. please see http://codex.gallery2.org/Gallery2:Embedding and http://codex.gallery2.org/Gallery2:Embedding:Integration#An_entry_point

--------------
Enter the Gallery 2 Theme Contest today!

dregin Joined: 2007-02-08 Posts: 1	Posted: Sun, 2007-02-11 20:46
	Hi. I've been trying to integrate gallery 2 with Torrent Trader (http://www.torrenttrader.org) to no avail. I've followed the documentation here and also tried to apply what's been done here. I've created a file called gallery.php (a.k.a. embed.php) which looks like this: #!/usr/bin/php4-cgi <?php require_once(dirname(__FILE__) . '/gallery/embed.php'); $userid = $_COOKIE["uid"]; $ret = GalleryEmbed::init(array( 'embedUri' => '/home/paddypunk/paddypunk/gallery2.php', 'g2Uri' => '/home/paddypunk/paddypunk/gallery', 'loginRedirect' => '/home/paddypunk/paddypunk/account-login.php', 'activeUserId' => $userid)); if ($ret) { // $ret->getAsHtml() has error details.. exit; } $g2data = GalleryEmbed::handleRequest(); if ($g2data['isDone']) { exit; // Gallery 2 has already sent output (redirect or binary data) } // Use $g2data['headHtml'] and $g2data['bodyHtml'] // to display Gallery 2 content inside embedding application // if you don't want to use $g2data['headHtml'] directly, you can get the css, // javascript and page title separately by calling... if (isset($g2moddata['headHtml'])) { list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']); } ?> I'm also dealing with two other files, account-login.php and account-logout.php: account-login.php: #!/usr/bin/php4-cgi <? // // CSS and Language updated 30.11.05 // ob_start(); require_once('gallery/embed.php'); require_once("backend/functions.php"); dbconn(); unset($returnto); if (!empty($_GET["returnto"])) { $returnto = $_GET["returnto"]; if (!$_GET["nowarn"]) { $message = "" . SORRY_MEMBERS_ONLY . ""; } } if (mkglobal("username:password")) { $password = md5($password); $res = mysql_query("SELECT id, password, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirm$ $row = mysql_fetch_array($res); if (!$row) $message = "" . USERNAME_WRONG . ""; elseif ($row["password"] != $password) $message = "" . PASSWORD_WRONG . ""; elseif ($row["enabled"] == "no") $message = "" . ACCOUNT_DISABLED . ""; else { logincookie($row["id"], $row["password"], hash_pad($row["secret"], 20)); if (!empty($_POST["returnto"])) { header("Refresh: 0; url=" . $_POST["returnto"]); die(); } else { header("Refresh: 0; url=index.php"); die(); } } } logoutcookie(); stdhead("Login"); begin_frame("" . LOGIN . ""); if ($message != "") bark2("Access Denied", $message); ?> <form method="post" action="account-login.php"> <div align="center"> <table border="0" cellpadding=5> <tr><td><B><?echo "" . USERNAME . "";?>:</B></td><td align=left><input type="text" size=40 name="username" /></td></tr> <tr><td><B><?echo "" . PASSWORD . "";?>:</B></td><td align=left><input type="password" size=40 name="password" /></td></tr> <tr><td colspan="2" align="center"><input type="submit" value="<?echo "" . LOGIN . "";?>" class=btn><BR><BR><i><?echo "" . C$ </table> </div> <? if (isset($returnto)) print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($returnto) . "\" />\n"); ?> </form> <p align="center"><a href="account-signup.php"><?echo "" . REGISTERNEW . "";?></a> \| <a href="account-recover.php"><?echo "" . RECOVER_ACCOU$ <? end_frame(); stdfoot(); ?> account-logout.php #!/usr/bin/php4-cgi <? // Logout of site, clear cookie and return to index require_once("backend/functions.php"); //require_once('/home/paddypunk/paddypunk/gallery/embed.php'); dbconn(); logoutcookie(); Header("Location: $SITEURL/index.php"); ?> As you can see account-logout.php doesn't contain any gallery 2 related code yet. I'm really lost as to how I'm supposed to be using the code in the documentation and any helpful info would be much appreciated. Thanks in advance, Bernard
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Sun, 2007-02-11 21:33
	1. embedUri / g2Uri /loginRedirect is wrong. you have filesystem paths there. but they should be URLs (internet website addresses). you referenced a documentation page in your forum post. that documentation page has some examples. 2. your way to acquire the user id from the cookie is very bad. remove that code quickly. it's very insecure. that code basically says that anyone that can browse to your webserver can act as G2 admin by submitting a cookie with the proper uid value. 3. please see http://codex.gallery2.org/Gallery2:Embedding and http://codex.gallery2.org/Gallery2:Embedding:Integration#An_entry_point -------------- Enter the Gallery 2 Theme Contest today!

Basic integration

XUser login