Trying to install on an SSL server and found that many header() calls had "Location: http://" hardcoded in. This obviously breaks https urls to access zenphoto.
I hate to run admin login over non-ssl session so...
I modified the header() calls to use a new define "WEBPROT" and defined WEBPROT in the same spot WEBPATH gets defined in functions.php.
Also modified the email notification to include the proper http/https url.
works for me (so far)
oh yeah, i added a bit to setcookie() to prevent sending cookie over non-ssl connection. seems more proper to allow controlling that in config.php, but for now it's simply determined by the http/https method used which caused "functions.php" to get included.
Oops!. I made a mistake on the setcookie() change. I didnt' check the number of parameters present for the setcookie() call I didnt' realize the "domain" paramter wasn't present. Since i just added a boolean arg for secure parameter onto the end of the parameter list, it got interpreted as the domain paramter instead.
Ijust modified the previous patch since it's a trivial fix to auth_zp.php
from:
setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, SECLOGIN);
to:
setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, "", SECLOGIN);
sorry!
You are correct, there are still hardcoded http://'s in the 1.0.3 version.
1.0.4 will be released this week for bugfixes and performance improvements in this interim before subalbums are finished, and it has this fix in it.
Actually, I just went through all the header()s and made sure they have the protocol parameter, which some of them did not! Thanks for the update. I'll release it soon, if you can't wait, grab the latest /branches/subalbums from SVN. It will be moved to /trunk before the release.