In version 1.2.6, I wrote a customization that overrides the default lib-auth.php file by making a lib-auth_custom.php file, and rewriting alot of those functions in lib-auth.php. However, I would rather just give zenphoto the cookie it needs and insert the user into the db and let zenphoto do all of it's own things with authentication.
What is the zen-way(best way) of doing this in 1.2.9, and future versions? Specifically, where should I set my cookie, and do my db insert? I tried in my lib-auth_custom.php file requiring my authentication system to be logged in, setting the zenphoto cookie, doing a db insert, then requiring the lib-auth.php file. This works until you try to use the flash uploader, because it doesn't have access to the cookie so it is forced to redirect when it is uploading photos.
Is it possible that the next version of zenphoto could allow users to override the authentication with hooks in a plugin? There could be a hook for logging out, loggin in, etc. functions. OR is there already a way of doing this that I am now aware of?
Comments
lib-auth_custom.php
<?php
// pseudo code. some functions are my custom functions...
if (isset($_REQUEST['logout'])
logout();
$username = forceLoginWithRedirect();
$info = getUserInfo($username);
query('INSERT INTO zp_administrators /*this persons $info */);
zp_setcookie('zenphoto_auth', /*somefoo*/);
global $zp_admin_users[] = $info;
require_once('lib-auth.php');
?>
because the flash uploader doesn't keep the regular cookies, and so doesn't work with this approach.
Perhaps it would have been better if all of lib-auth.php were an object, then you could have extended it. However, it was not, so you will just have to modify the functions. Perhaps we will change this for the 1.3 release. Would you care to participate in the design/implementaton?
You would have to change your custom code `require_once` statements to supply this new path to the script.
I don't think that there is any relation with this to the flash uploader not supplying cookies with some browsers. The Zenphoto flash upload deals with this by passing an argument that allows the uploader script to determine which user requested the upload and authenticate with that user's credentials.
Probably I will make an update tonight with what I have so far. The basic design is to create a class for the "Authority". A global variable ($_zp_athority) is set to an instantiation of this class by your library. All of Zenphoto then uses the class methods for administrator handling.
The hope is that you can just "require" the zenphoto library in your library then create classes that extend the zenphoto ones as needed.
Please look this over. I think it best to move this conversation to a ticket so we do not waste the time of most forum users.
If there are things you would like changed in the implementation, open a new ticket and describe what you want. (Also include the "why" as it may help to get the best possible solution.)
Of course, if things do not work, also make note of that on the ticket.