Revision 1.0.4 (2021-09-24)
About: OpenID Connect is a Piwigo plugin which allows single sign-on logins using the OpenID Connect protocol. The protocol utilizes both the OpenID Connect Core and the OpenID Connect Discovery specifications. The plugin supports both the authorization code flow, as well as the (legacy) resource owner credentials flow, otherwise known as the password flow. Although legacy and recommended against, by enabling this flow, login through the Piwigo webservice API is enabled.
Changes: Added compatibility with Piwigo 12
Added the 'pwg.session.login_oidc' webservice for token authentication
Revision 0.4.1 (2020-05-18)
About: The External Authentication plugin supports login based on the identity provided by the webserver (aka the Remote User), which is usually supplied via proxy servers or webserver modules (eg. "Basic Auth"). It differs from the Piwigo "apache_authentication" option by providing a greater degree of flexibility, including:
- Control over which variable(s) are used for authentication
- Piwigo login will always follow changes in (recognized) Remote Users
- Native Piwigo logins possible when the Remote User is considered a guest
- Option to copy webserver supplied passwords to Piwigo accounts
- External login/logout URLs replacing or co-existing with native ones
- Possibily to auto-register unknown Remote Users as new Piwigo users
- Control over auto-registration profiles, passwords, status and notifications
- Flexible list of Remote Users considered guests
This plugin is incompatible with the $conf['apache_authentication'] option, and will auto-disable if it's set.
Fallback Authentication is optional, and permits native Piwigo logins when the current Remote User is considered a guest. NOTE: If Remote User auto-registration is disabled, any Remote User unknown to Piwigo is considered a guest. If Fallback is disabled, Piwigo logins will always match the current Remote User.
The plugin makes every effort to prevent un-intentional account lockout, and is always disabled upon activation to permit configuration before login enforcement is enabled (which may immediately log the current session out!).
Debug logging can be enabled on the plugin's admin page, or by setting $conf['externalauth_debug'] = true
Changes: Updated tag to fix Piwigo version checking
Revision 1.0.2 (2019-01-22)
About: [Deprecation warning]: I am currently not using Piwigo and therefore stopped supporting this plug-in. Please take the code and update it. Contact me, if you need initial help in taking over this plugin!
Please follow the instructions provided at:
- You need the LocalFiles Editor plugin (https://piwigo.org/ext/extension_view.php?eid=144)
- You must get recaptcha v2 keys for your domain
- You must define three config variables:
The first one changes the function, which verifies the users password
The second one is the "Website Key" (or similar).
The third and last one is the "Secret key".
Please put the two keys inside ' as shown below:
$conf['password_verify'] = 'reisishot_password_verify';
$conf['recaptcha_public'] = 'mypublickey1415';
$conf['recaptcha_secret'] = 'myprivatekey1425';
That's it :D!
PS: URL fopen (http://php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen) must be enabled!
Changes: Tried to improve JS even more
Revision 1.0.9 (2018-11-25)
About: A small and lightweight Captcha solution to keep your installation free from bot spam comments and bot fake registrations.
It does not rely on any remote resources - like Recaptcha from Google or any others. This means you do not have to mention it in your GDPR compliance declaration. If Google enables Recaptcha V3 soon, Recaptcha will act like a tracker, since the advice is to implement it on every single page of your website. You will dislike Google for this, hopefully.
Installation is as easy as with any other plugin. Since this plugin does not use any database tables it does not matter which MySQL version you are using.
The Captcha works the classic way. There are some configuration options like colors, OCR confusion, dimensions and length of challenge. Just explore the possibilities in the plugin area of Piwigo admin.
Yes, it is the 5th or so Captcha solution, but all other solutions rely on remote resources or are not maintained anymore.
You can protect comments below pictures, comments below categories (plugin Comments on Albums), user registration, guestbook entries (plugin GuestBook) and the contact form (plugin Contact Form).
The plugin is based on work of mistic and Stefan Petre.
Would love to receive feedback.
Changes: Added support for Guestbook and Contactform, Bugfix in session house keeping, added some credits for those this work is based on (mistic, Stefan Petre)