Simple Password Protected Client Proofing

[robertwatcher]

On request from one of my web clients last night for a nicer looking interface (than the ugly password protected folder dialogue box that the server displays) to present her Lightroom Galleries that she uses for proofing, to her customers - - - I decided to build this Simple Password Protected Client Proofing script that does exactly that. A webpage is displayed where a client can enter the supplied password, and then the script goes through the containing folder where all proofing galleries are stored - and if the password and folder name match, the gallery is displayed. This OnePage simplicity follows the way that I approach all of my scripts and web coding.



Here is a sample that you can try (3 gallery folders are in the container folder - - - they are "toronto", "benmiller", and "stcatherines" - and so those folder names are the passwords to use)

http://phpcrazysite.com/clients/index2.php

----

The OnePageClientLogin is a FREE DOWNLOAD (you do have to register to see the download) for any who may find value in such an app  

http://finchandchimps.com/index.php?topic=113.0

[john beardsworth]

It's a sensible approach and nicely displayed, but you know it's hardly the first time the world has seen such a password = folder name script! In reality I wouldn't know a toronto folder was there, but I just guessed http://phpcrazysite.com/clients/toronto/ and bypassed it. As it's working server side, maybe add some form variables and check for those, or add some other way of transforming the password (eg a prefix/suffix such as pfxtoronto6) which would keep it reasonably simple while more secure.

John

[robertwatcher]

It's a sensible approach and nicely displayed, but you know it's hardly the first time the world has seen such a password = folder name script! In reality I wouldn't know a toronto folder was there, but I just guessed http://phpcrazysite.com/clients/toronto/ and bypassed it. As it's working server side, maybe add some form variables and check for those, or add some other way of transforming the password (eg a prefix/suffix such as pfxtoronto6) which would keep it reasonably simple while more secure.

John

Thanks John. I have been coding for 25 years and know that there is a ton of stuff out there that does similar work. Nothing on earth is NEW. I have designed this code with my mentality and approach from a photography perspective using methods and code snippets that I have built in my scrips for many years now. If anyone wants more security there are many more complex database driven shopping carts available. I and many others like me, are not interested in this approach for what we need.

There is really no heavy security need other than a simple password entry page that uses the folder names (which don't have to be toronto - but can be any letter combination desired)  for the type of proofing I and anyone using this package, do. I only threw up "toronto" for the demo because I already had it together as a sample - - - there is a "81R23P" named folder in there also. It is up to the user to make their folder names unique if they want a little more complexity to the security.

In most cases though, it really doesn't matter if someone spends the time figuring out the name of the folders and is able to see the pictures from a portrait or portrait session (which most won't) - - - if it is a concern, find a complex database driven solution. This package is to give a professional looking password protected entry into the self contained galleries - instead of having to maintain a webpage of links that need to be designed and then changed every time a gallery is uploaded or deleted, and then to have the ugly browser Password dialogue box pop up for entry into the password protected folder. Simply - it does that - - - and at a security level that will be satisfactory for  many photographers.  

[feppe]

I'm not sure what additional functionality this offers. Why not just give them a direct link to the gallery in question? If you don't link to the gallery from anywhere on your site, it is highly unlikely to be found by random visitors. For added security use robots.txt to exclude it from google searches.

This should be all you need, assuming you don't do forensic photography  

[robertwatcher]

I'm not sure what additional functionality this offers. Why not just give them a direct link to the gallery in question? If you don't link to the gallery from anywhere on your site, it is highly unlikely to be found by random visitors. For added security use robots.txt to exclude it from google searches.

This should be all you need, assuming you don't do forensic photography  

You are right - it is exactly the same - - - and that is how I did it for years. Going this Entry Gateway way, gives the appearance of professionalism to some and is something I have been asked to provide by many photographers who were using webpages with links so that their clients could access their proofing galleries. They and myself are the ones  I wrote it for and the ones who see the value in such a simple solution.


Many of the ones wanting the OnePageClientLogin use my phpCrazySite and wanted it to fit in - - - that was one of my main motivations for going at it and writing it the other night:

http://phpcrazysite.com/trypcs/index.php?pg=9

I've told anyone on the forums where I am storing the galleries - the general public or clients have no idea what folder they are stored in to be able to try and figure out the folder names for accessing - - - my approach with this package is most certainly a reasonable and simple security solution.