From 95b85be502f639fb2080ae92d4d33c013b18aa94 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@users.sourceforge.net>
Date: Mon, 31 Dec 2012 20:08:30 +0100
Subject: Add support for password protected albums

This adds support for simple password protected areas (albums and
all subalbums) through webserver HTTP authentication. CGG simply
generates .htaccess and password files and it's up to the user to
set up the rest on server side.

No UI changes at this point. Limited to one user per album for
the moment.
---
 sample/src/passwd_protect/index.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 sample/src/passwd_protect/index.xml

(limited to 'sample/src/passwd_protect/index.xml')

diff --git a/sample/src/passwd_protect/index.xml b/sample/src/passwd_protect/index.xml
new file mode 100644
index 0000000..10225fa
--- /dev/null
+++ b/sample/src/passwd_protect/index.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<gallery type="album">
+  <general>
+    <ID>Restricted area</ID>
+    <title>Restricted area</title>
+    <description><![CDATA[Welcome to restricted area! You should have been presented a standard HTTP authentication dialog. If that didn't happen, your web server configuration is probably incorrect. Note that this natually doesn't work when opened locally (<code>file://</code> URL).
+                          <br/><br/>
+                          This feature requires web server user htaccess override enabled as well as the particular authentication modules loaded. All subdirectories (including the current album images) should be protected the same way through automatic parenting. It's usually sufficient to only set password for top-level path you want to protect. Please note this implementation is not bulletproof in any way, a simple configuration error or missing file will bypass any protection. See <a href="http://httpd.apache.org/docs/2.2/howto/auth.html">httpd.apache.org/docs/2.2/howto/auth.html</a> for more information.
+                          <br/><br/>
+                          CGG will automatically create new password file and will add necessary lines in <code>.htaccess</code> file (appending if it exists). By default, MD5 hash is used. The <code>htpasswd</code> tool needs to be installed as Apache uses it's own MD5 hash modification. Check e.g. <code>apache-tools</code> package.
+                          <br/><br/>
+                          All of this has a culprit however. For security reasons, the webserver (Apache) disallows relative pathnames to the password file and requires either absolute path or relative path to ServerRoot (basically document root for the domain). Also, storing the password file within the document tree is discouraged though it's fully satisfactory for our needs. A new &lt;location&gt; section in <code>setup.xml</code> file has been introduced. Having a correct path in the &lt;local_path&gt; tag is the key to success.
+                          ]]></description>
+
+    <auth>
+      <!-- ID of the area, the message will also be presented to user -->
+      <realm>Secret pictures</realm>
+      <username>test</username>
+      <!-- plain text password please, will be encrypted during processing -->
+      <password>test</password>
+      <!-- we only support mod_auth_basic, adding support for mod_auth_digest would be nice -->
+      <type>Basic</type>
+    </auth>
+  </general>
+  
+</gallery>
+
-- 
cgit v1.2.3