Using GalleryEmbed to auto login to site. Restricted user sees Site Admin button
|
medaughs
Joined: 2009-03-31
Posts: 5 |
Posted: Tue, 2009-03-31 20:01
|
|
Hello, We are using GalleryEmbed to allow a login "pass through". In doing so, the restricted user can see the Site Admin option and should not be able to. The auto login appears to be working as expected. Below is the customized php that is being called by the external site. We are trying to limit exposure of anything but a specific Album to a specific user. In this case, user with a uid of 1231.
<?php
$url = $_SERVER['HTTP_REFERER'];
$url = parse_url($url);
$refurl = strtolower($url["host"]);
//if ($refurl == "www.somedomain.com") {
if ($refurl == "") {
$g2_Config['path'] = dirname(__FILE__) . '/';
$g2_Config['embedPath'] = '/';
$g2_Config['g2Uri'] = '/';
$g2_Config['loginRedirect'] = '/main.php?g2_itemId=1351';
$g2_Config['embedUri'] = '/gallery2/main.php';
$g2_Config['uid'] = '1231';
require_once( $g2_Config['path'] . '/embed.php');
if (!headers_sent()) {
header('Content-Type: text/html; charset=UTF-8');
}
$ret = GalleryEmbed::init(array(
'g2Uri' => $g2_Config['g2Uri'],
'loginRedirect' => $g2_Config['loginRedirect'],
'embedUri' => $g2_Config['embedUri'],
'activeUserId' => $g2_Config['uid'],
'fullInit' => 'false',
'apiVersion' => array(1,0)
));
GalleryCapabilities::set('login',true);
// handle the G2 request
$g2moddata = GalleryEmbed::handleRequest();
// show error message if isDone is not defined
if (!isset($g2moddata['isDone']))
{
print 'isDone is not defined, something very bad must have happened.';
exit;
}
// die if it was a binary data (image) request
if ($g2moddata['isDone'])
{
exit; /* uploads module does this too */
}
if ($ret)
{
print $ret->getAsHtml();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<?php
list($title, $css, $javascript) = GalleryEmbed::parseHead($g2moddata['headHtml']);
echo "<title>" . $title . " -- MySite</title>\n";
foreach ($css as $item) {
echo $item . "\n";
}
foreach ($javascript as $item) {
echo $item . "\n";
}
?>
<style type="text/css"> <!-- /*#gsHeader { display : none; } #gsFooter { display: none; }*/ --> </style>
</head>
<body class="gallery">
<?php
echo $g2moddata['bodyHtml'];
?>
</body>
</html>
<?php
}
else {
// Else if they are not coming for the authorized site send then do nothing
exit;
}
?>
|
|
Posts: 10
What Gallery2 groups does the 'restricted user' belong to? And what permissions do those groups have? Given that you can actually log in using that user ID I'm guessing there are no issues with the user syncronisation between the two apps. What theme are you using for Gallery2?
Also, if I've correctly interpreted your setup, you have the emApp code in the Gallery2 folder? Personally I don't think that's a great idea - they should really be kept separate for maintainability. What's more, the 'g2uri' seems to be pointing to the root of your web directory, when it should be pointing to the Gallery2 path (i.e. '/gallery2/' I think...)
Posts: 5
The restricted user belongs to his own group with rights to only one album in the collection. We have the gallery directory set up as the root of our web site as this is the only thing it serves out. I am not 100% certain as to where the emApp is living as the connection information is passed in a call from a 3rd party website.
Posts: 10
Fair enough. Can the user actually do anything in the admin panel? Or does he just see the link to it? And can he see the other albums?
Posts: 8339
http://codex.gallery2.org/Integration
or
http://www.flashyourweb.com/staticpages/index.php?page=gallery2_embed-o-rator
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2