can't get checkAccess() to work

ERamseth

So I've written a script which serves videos to jplayer from a directory that isn't normally visible to web browsers.

I'm trying to incorporate checkAccess() into the script so it can only pull files for a user who should be able to access said files.

So far I've added

`define('SERVERPATH',str_replace('\\','/',dirname(__FILE__)).'/zp');

define('WEBPATH','/'.basename(dirname(__FILE__)).'/zp');

require_once(SERVERPATH.'/zp-core/template-functions.php');`

to my script and have done

`zp_load_gallery();

zp_load_album('$albumName');

zp_load_image($albumName, $imageName);`

with valid directory and file names.

when I try

`print $_zp_current_image->checkAccess();`

I never get a result (I assume that means it thinks I don't have access). I have tried it both logged in and logged out and it makes no difference. I know the $_zp_current_image seems to be working in other areas... I can get valid width and height; and isProtected() returns 1.

Is there anything glaringly wrong with what I've done in my code that might be causing me problems?

acrylian

`zp_load_album('$albumName');` the single quote is not needed here. Note that the album name is not just the folder but the path if a subalbum (level1/level2/level3).

`print $_zp_current_image->checkAccess();` returns a bool values so not really something to "print".

Did you look at this? http://www.zenphoto.org/news/zenphoto-as-a-plug-in-using-zenphoto-functions-from-outside-zenphoto
The makeImage/AlbumCurrent functions are probably worth a try if you are outside Zenphoto.

ERamseth

I did see that documentation page.

So yeah I should remove those quotes for the album name. I initially tried with makeImage but I wasn't sure if I was creating a new "image" (not what I want to do) or referencing an existing "image" (which IS what I want to do). For whatever reason in my mind I thought I had todo zp_load_gallery() first or else I was just creating an orphaned image object.

Initially, for debugging my script, I had something like

`if ($image->checkAccess()) print "OK";`

Where $image was a creation of makeImage. No matter what I tweaked, I couldn't get that to seemingly return true.

As far as the album name, what I need is the relative path to the album inside of the albums directory right? So if my install is at domain.com/zenphoto and my structure is something like domain.com/zenphoto/albums/person1/album2 and I want to reference the sub-album "album2" I need to pass on "person/album2" right?

EDIT: Also, I think that if I try to print a bool I get back 0 or 1? I might be mistaken in that though.

sbillard

Images do not have access control. Only albums

acrylian

However, the image class has a method checkAccess(). Which of course checks the rights of its album technically.

ERamseth

I didn't realize individual images didn't have access control.

Please let me know if the below sounds right...

If I want to see if a user who is already logged in has access to an image (really a video)--in order to validate if they should be allowed to view and download the video through my script--I should use checkAccess() on the image object created with makeImage() after adding in the zenphoto template functions. And when I call checkAccess() on an image, it is really checking access to the album in which the image resides.

(also, thanks for the help so far!)

ERamseth

So quick thing I realized... in my first post I wrote that I did zp_load_album('$albumName'); (notice the erroneous single quotes).

Since checkAccess() depends on the album rights and per the above mistake I would've attempted to define an album incorrectly... could this be the reason I wasn't getting a reply from checkAccess()?

Obviously I'm going to fix this when I get the chance and try it again, but I just thought I'd post here in case someone else was having similar issues.

acrylian

The quotes are wrong indeed. Best you try again as I lack the time to try myself right now.