Posted: Fri Nov 09, 2007 10:29 am Post subject: Update
I think I've about got everything done now. The readme is mostly finished and is more thorough than ever. The integration seems to be all working and is more thorough than ever also. I'm really liking this version!
I'm going to do a clean fresh install and follow through the readme instructions to make sure not missed anything and grab some screen shots along the way to stick in the readme. Should have the next release version ready in a day or two depending on how much time I can put into it.
I would like to thank Sally, IngerK, Mike and Dari for their recent input, suggestions, coding and troubleshooting help. I know it requires a lot of time be invested in this sort of thing to make it all happen and it's appreciated. I know I have over 100 hours invested in this latest release over the past 3 or 4 weeks.
Posted: Tue Nov 13, 2007 11:44 pm Post subject: Re: Update
Well, the fresh clean install I did has turned up a problem that is still unresolved. I've beat my head on it all day today and got nowhere.
Anyone else had a problem with embedded gallery security violations in testing this integration? Only thing I've found so far is another user of an older version of this integration complaining of the same problem on the gallery forums.
I've searched the gallery forums, re-installed gallery, re-installed phpbb, re-installed the integration, deleted cache directories, deleted browser cache and the problem persists.
Seems to be a problem with the loss of phpbb sid or cookie after the first embedded gallery screen. Click Gallery 2 from the phpBB page and the embed gallery page is fine, click anything to do with Gallery after that and security violation. The debug output shows the user is no longer a logged in user, but rather the phpbb anonymous user.
Funny thing is I have one test server working fine, the other broken and I'm not seeing any real differences I'm working on it, but at the moment it's kicking my ass! I even put in the old release version of gallery2.php and g2helper.inc, which are the only files that have anything to do with displaying the embedded gallery pages, and still the same problem. I'm really missing something here!!!
Until it gets figured out we can't put out a release...
Last edited by jettyrat on Wed Nov 14, 2007 11:40 am; edited 1 time in total
Joined: Mar 03, 2003 Posts: 6284 Location: Washington Township, NJ, USA
Posted: Wed Nov 14, 2007 7:48 am Post subject: Re: Update
might it be a www vs non-www domain issue? this can be a problem when it comes to cookies (ie, if the cookie is set for www, but you're accessing via non-www or vice versa). _________________
Posted: Wed Nov 14, 2007 10:22 am Post subject: Re: Update
I suspect it is something like that, but I admit I'm not sure how to check for what you are saying. I don't think there is anything wrong with the integration itself. I thought maybe it was something hosed up in firefox, but IE gives the same error, so I'm assuming it is something server side. Odd thing is I haven't changed anything in the php or apache settings. Was simply going to do a clean install of gallery and phpbb and run the integration a final time when this came up. I'll beat on it some more today and hope something shakes out. Any ideas welcomed!
Dari- how would I investigate your concern? Both test machines are running on an intranet blocked by firewall to the internet, otherwise they are setup as generic out-of-the-box apache webservers. This is the same setup I've used for 2 years now on this integration and never had this before!
I tried playing with the gallery cookie settings in the admin-general tab. Even tried passing the phpbb sid along with the init string in galleryEmbed. Nothing seems to make a difference. The query strings passed back and forth between client and server look exactly the same on both test machines.
Joined: Mar 03, 2003 Posts: 6284 Location: Washington Township, NJ, USA
Posted: Wed Nov 14, 2007 10:29 am Post subject: Re: Update
IIRC, the cookie settings are configurable for both G2 and phpBB3 via their respective admin panels. I think that in order to make the cookie valid for both www and non-www, you'd have to set the cookie domain to .domain.com (making sure to include the dot in front of the domain.com part). _________________
Posted: Wed Nov 14, 2007 11:34 am Post subject: Re: Update
OK, finally!!! It's working again. I relieved to report that the issue has nothing to do with the integration itself!
Don't ask me why because I've never had to change this setting before, but for future reference- this is a phpBB3 cookie setting issue. After investigating the cookies being sent it turns out phpbb was not sending any cookies to the browser. Cleared the cookie domain and cookie path settings to nothing (blank) in phpBB, same as G2, and everything is happy now.
Dari- thanks for putting me on the right track! Let me sort through the files and do one more upload because I made a few small tweaks along the way yesterday while troubleshooting, then I think we are good to go. I'll shoot you an email when done...
Joined: Mar 03, 2003 Posts: 6284 Location: Washington Township, NJ, USA
Posted: Wed Nov 14, 2007 12:03 pm Post subject: Re: Update
glad to be of use here
basically, those two settings have to match. maybe something should be put into the integration setup to make sure they do, and warn if they don't... _________________
Joined: Mar 03, 2003 Posts: 6284 Location: Washington Township, NJ, USA
Posted: Wed Nov 14, 2007 12:38 pm Post subject: Re: Update
from the 'cookie settings' item in G2's site admin:
The gods of Gallery wrote: › If your Gallery is embedded and you leave the following fields empty, then all DownloadItem links (the URLs of the images and other items) in the embedded Gallery have an appended GALLERYSID string in the URL which is a minor security risk when your Gallery users start copy'n'pasting image URLs in forums, guestbooks, etc. The alternative is to set the cookie path. Gallery will then not append the GALLERYSID to the embedded DownloadItem URLs. E.g. when Gallery is reachable at http://www.example.com/application/gallery2/ and the embedding application is at http://www.example.com/application/, then you have to compare the path /application/gallery2/ with /application/. The cookie path is the part of the paths that is equal, in this case it is '/application/'. Most often it is just '/'.
The cookie domain is also only needed for embedded Gallery installs and only if you want to get rid of the GALLERYSID string in the embedded DownloadItem URLs. In most cases, the cookie domain can be left blank. Set it only, if Gallery and the embedding application are only reachable with different subdomains. E.g. when Gallery is at http://photos.example.com/ and the application is at http://www.example.com/, then you have to set the cookie domain example.com (the part of the host string that is common to both, Gallery and the embedding application).
Once you change the cookie settings, all registered users of your Gallery will have to clear their browser cookie cache. If they do not, they will experience login / logout / lost session problems.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Statistics
Search
Usergroups
I'm working on it, but at the moment it's kicking my ass! I even put in the old release version of gallery2.php and g2helper.inc, which are the only files that have anything to do with displaying the embedded gallery pages, and still the same problem. I'm really missing something here!!!
