hi,
im desperate in looking for a gallery solution
and right now zen is exactly what i want
i want to stick with it but i have one problem though
i tried password protecting an album, and then since i have the recent photo feature appear on the main page, the content of that password protected album also appears there. when you click on it, it takes me to the content of that album with full access to all the pictures.
it appears that its only the link of the album that is restricted. so if the image appears in recent photo/album and you click on it the album is still accesible
its true for me.
http://gallery.bartyfly.com/index.php 
Zenphoto
Comments
First, are you using a standard theme or one you have created? If the latter you need to add a call `if (checkForPassword() { }` around the part of your image.php page that you do not want to display.
Also, for passwords to work correctly you need to be running the nightly build.
correction for the link: http://gallery.bratyfly.com/index.php
hi sbilard, what you probably see was the gallery (another gallery cms)
do i still have to install the nightly build even though i have just downloaded the zenphoto 2 days ago? i presummed that the download link at maimn site gives the updated version.
thanks for you answers guys
note: i dont own the pictures. use for testing purposes.
I did now and upload the nightly build. I made some test. Here are my observations. Hope this could help us improve future updates.
There is an album named BOO, boo is password protected.
There is an album named ANIMALS and its NOT password protected.
I uploaded a picture in ANIMALS and showed up in the recent images as expected.
I uploaded a picture in BOO and did not showed up in the recent images which is fine.
I accessed BOO using the password and copy the direct link of one of the picture (http://bratyfly.com/zengallery/index.php?album=boo&image=vote.jpg).
I cleared my cache, cookies etc.
I accessed again BOO and I was prompted again to enter the password but I DID NOT.
Then I paste the direct link of the picture from BOO in the addresbar and I was able to access the picture without being asked to enter the password. And the picture has 2 links beside it. The link on the left was the previous picture, the link on the right is the next picture. Which gives a full access to the gallery. And if you click to the name of the gallery above, that's the only time you will be asked to enter the password
Now what i'm worried is, if there is a certain pattern i named my pictures, one could guess what is the filename and try to access the album by simply typing the link below:
http://bratyfly.com/zengallery/index.php?album=boo&image=name.jpg -- name.jpg as the filename guessed.
Another scenario. If a certain guest sent the link of the image from a password protected album to someone via email, the recipient will just click on the link and they will be able to access the picture (and all pictures of the album via the next and previous links) without being prompted to enter the password.
What I actually expecting was if I try to access a certain link of a picture which is password protected, I should be prompted to enter the password of the album.
If this could be done, then showing up the images from a password protected gallery in the recent images is not a problem since the moment you click on it, you will be ask to enter the password.
Thanks and I hope i am not wasting your time.
Bratyfly
As for recent images: If you use the latest nightly build that should not show images from password protected albums anymore.
Any plans in the future to prevent from accessing a image in a password protected album directly?
Yes i have noticed with the build release last night, recent images does not show anymore from a password protected gallery. It only shows up now on the recent images if you have an access to the album.
ALSO, i'm just wondering if those images in the password protected gallery being crawled by search engines?
If you don't be able to access a protected album, a crawler/spider shouldn't have access too, since it follow links.
In order to protect the image, the theme must include password checking in the image.php file. Unfortunately, it appears that stopdesign does not do this. I will see if I can decypher the theme well enough to add the code. Stopdesign is a very complex difficult to work with theme.
I am amaze of the response of zemphoto's support. Great Job!
If anyone is developing his own theme, the code `if checkforPassword() {` <protected code> `}` must be placed around anything you don't want displayed if the album is passoword protected.
This same goes for album pages if you want to supress anything more than the thumbnail list.
did this in the imageloop on the search.php to prevent images showing up;
`
<?php while (next_image(true)): ?>
<?php global $_zp_current_image;<br />
$check = $_zp_current_image->getAlbum();
$check = $check->getPassword();
if ($check == 0){?>
<?php printImageThumb(); ?>
<?php }?>
<?php endwhile; ?>
`
Also, there are two related problems: it still uses a thumbnail from the protected album to represent it on the main page, so that means at least one image from the protected album is publicly visible, and it also pulls content from the protected album for the random image block on the main page. Both of these seem to kind of go against the idea of being able to protect an album...
I suppose I could get around the random image thing by removing that feature entirely (although that would probably mean commenting it out in the code and then messing with the CSS so that the layout doesn't break, since there doesn't seem to be any way of disabling that feature in the admin), but I'm not sure what to do about the thumbnail issue. It would be nice if protected albums showed a blank image with the words "password required" instead of a thumbnail.
BTW, the theme I'm using is a modified version of Thinkdreams, if that helps (modified mainly by me commenting out everything relating to comments, and the image descriptions and titles).
The theme may also be the problem with your getting no photos, just a blank page. Typically, blank pages are due to script errors. Check your CGI log and see what it says. The way password protection works, When the theme calls next_image() or next_album() zenphoto checks to see if the current album is password protected. (There have been some fixes here, so you might need the nightly build.)
While album thumbs are returned for protected albums, there is a `class="password_protected"` on the image saying it is protected. Your CSS could do something to mask it.
Also, I checked the code of the index page and it is not assigning the password_protected class to the thumbnail for that gallery at all. And I haven't changed the CSS in any way.
Just to verify whether or not it was a theme issue, I switched back the default theme. This did result in the password prompt showing up - but the image thumbnail for the protected gallery still appeared in the main listing, and did not have the password_protected class. I tried a couple of other themes with basically the same result, and when I found one that included the random image block, it still showed images from the protected gallery among the random ones.
So those two problems are not theme-specific - *none* of the themes I tried (including default!) gives protected albums' thumbnail that class, or excluded protected images from the random image block if they had one.
Then, just to see if the problem with the password prompt not appearing was due to anything I did or not, I uploaded an unmodified version of Thinkdreams - and it doesn't show the password prompt either. So apparently that problem is in the Thinkdreams theme itself, not in any of my changes. Which sucks because it's the only theme that looks relatively similar to what the photographer I'm doing this site for wants. :-(
Any ideas how the password prompt could be restored to Thinkdreams? I'm not afraid of editing code...
seem all image request should go through this php. I found this php will redirect the request to the location of physical path, it is quite easy to guest other protected album image path. Perhaps there could be an option in admin page for turn on i.php to read and output the image rather than redirect it, for someone who may sacrifice performance for better security.
I looked at the theme and can't see any reason why the log-on prompt would not show. But then, when I tried the them, I could not get links to work at all.
Is that thanks to mod_rewrite and the image suffix?
<Files *>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
That'll stop anyone from browsing the albums folder.
I had to add a search password and remove the slideshow plugin to prevent this. I have most images as public put I have one personal album with subalbums which contain images of my family and friends which I don't want to be accessible by anyone one the web.
It seems I have to tune the ZenPage theme and the slideshow to prevent this.