<?xml-stylesheet type="text/css" href="/zp-core/zp-extensions/rss/rss.css" ?>
		<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/">
			<channel>
				<title><![CDATA[ZenphotoCMS - The simpler media website CMS - User Guide (Latest news)]]></title>
				<link>https://www.zenphoto.org</link>
				<atom:link href="https://www.zenphoto.org/index.php?category=user-guide&amp;rss=news" rel="self"	type="application/rss+xml" />
				<description><![CDATA[ZenphotoCMS is a CMS for selfhosted, gallery focused websites. Our focus lies on being easy to use and having all the features there when you need them (but out of the way if you do not).
ZenphotoCMS features support for various media formats and integrated blog and custom pages. ZenphotoCMS is the ideal CMS for personal websites of illustrators, artists, designers, photographers, film makers and musicians.]]></description>
				<language>en-US</language>
				<pubDate>Mon, 13 Jul 2026 06:57:58 +0200</pubDate>
				<lastBuildDate>Mon, 13 Jul 2026 06:57:58 +0200</lastBuildDate>
				<docs>http://blogs.law.harvard.edu/tech/rss</docs>
				<generator>Zenphoto RSS Generator</generator>
				
										<item>
							<title><![CDATA[Translating Tutorial (Customizing, FAQ, Internationalisation & localisation, Tutorials, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/translating-tutorial/</link>
							<description><![CDATA[<p>
  <em><strong>Note:</strong> On some servers translations do not work because of a bug in Apache's <span class="inlinecode">mod_perl</span>. It concerns Apache version 2.4.46 and maybe earlier versions. Since Zenphoto does not require <span class="inlinecode">mod_perl</span> you may disable it to make translations work again.<br>
  If you use MAMP (MacOS) for local development go to</em> <em>/Applications/MAMP/conf/apache/httpd.conf and comment the line: LoadModule perl_module modules/mod_perl.so by prepending the line with a hash (#). If you don't have control over the server, contact your host.<br></em>
</p>
<h2>
  <a title="what-should-i-know" name="what-should-i-know" id="what-should-i-know"></a>What should I know before starting a translation?
</h2>
<p>
  All existing complete or uncomplete translations are included in the Zenphoto release package. The language selector on the backend options indicates the status of a current translation.&nbsp;
</p>
<p>
  It would be good if you were quite confident in written English and quite comfortable with Zenphoto itself and with web developement in general, although no coding is required to make a translation.<br>
  &nbsp;<br>
  Keep in mind that if you volunteer to make translations there will be the need of updating the languages files at least for every official release since Zenphoto is a work in progress. You may make your translation based on the current release of zenphoto.
</p>
<h3>
  Submitting a translation
</h3>
<p>
  If you made a translation file, you can of course host it as you like and offer as a download. In that case just let us know about it via the forum.
</p>
<p>
  You also can submit it for inclusion into the Zenphoto package.&nbsp;You will need a free GitHub account and have to create a Git controlled Zenphoto installation of the&nbsp;<a href="https://github.com/zenphoto/zenphoto" target="_blank" rel="noopener">GitHub development version</a>, preferably on a local server using WAMP, LAMP or MAMP.&nbsp;
</p>
<p>
  If you update the languages there you can directly update them via GitHub using a pull request. See instructions here:&nbsp;<a href="https://help.github.com/articles/using-pull-requests" target="_blank" rel="noopener">https://help.github.com/articles/using-pull-requests</a>
</p>
<h3>
  Translator entry on our site
</h3>
<p>
  If you prove to be a reliable and frequently committed translation contributor we also may ask you if you would like to get a translator entry on our&nbsp;<a href="/pages/zenphoto-team">Zenphoto team page</a>. Generally we add&nbsp;anyone who is contributing significantly&nbsp;to the <a href="/pages/contributors">contributors page</a>&nbsp;with the public info you provided via your contact anyway.
</p>
<p>
  We really do appreciate the time and work&nbsp;–&nbsp;two&nbsp;of our core team members&nbsp;maintain the Dutch and German translation and know about&nbsp;this –&nbsp;that needs to be put into a frequently updated translation and would like to honor frequent contribution this way.
</p>
<h3>
  Development build or official release?
</h3>
<p>
  It is recommended to make your translation against&nbsp;the <a href="https://github.com/zenphoto/zenphoto" target="_blank" rel="noopener">development build on GitHub</a>. This way it will be ready for and matched up to the next release of Zenphoto.The work will be outdated initially since there are changes all the time otherwise.
</p>
<p>
  Currently there are over 4600 strings that need to be translated so it does not really make sense to start with an older Zenphoto version. Some of these strings are only single words, some are doubled for specific reasons. Since we change strings here and there all the time we recommend doing updates frequently at least once a week, so it will be much easier to match a given release date of the next version. You simply will have less work that way than doing all at once. So better think twice before your volunteer... :-) More on that in detail later.
</p>
<h3>
  License of your translation
</h3>
<p>
  Just to note: Since a translation falls under copyright, your submitted translation should be provided under a open license compatible to Zenphoto's <em>GPL v2 or later</em> license. If no special license note is attached, we will assume GPL.
</p>
<h2>
  <a title="translation-with-poedit" name="translation-with-poedit" id="translation-with-poedit"></a>How does Zenphoto's translation work?
</h2>
<p>
  Zenphoto uses the <a title="GNU gettext" href="https://www.gnu.org/software/gettext/" target="_blank" rel="noopener">gettext technology</a> to provide translation and localization capability. Currently this requires native gettext support, meaning gettext needs to be installed as a binary PHP extension on your server.&nbsp;<br>
  <br>
  Zenphoto uses the message-level for translation. We use the standard gettext functions gettext() and ngettext() to translate strings. If you are working with Zenphoto you might have spotted strings that look like this in the code:<br>
  <br>
  <em>Singular:</em>
</p>
<pre> <?php echo gettext("some text"); ?></pre>
<p>
  <br>
  <em>Plural (actually rarely used):</em>
</p>
<pre> <?php echo ngettext("1 apple","2 apples"); ?></pre>
<p>
  <br>
  If a translation is found, "some text" will be replaced by the translation string. If no...
</p>]]></description>
															<category><![CDATA[Customizing, FAQ, Internationalisation &amp; localisation, Tutorials, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/translating-tutorial/</guid>
							<pubDate>Sat, 24 Jan 2026 12:53:50 +0100</pubDate>
						</item>
												<item>
							<title><![CDATA[Deprecated themes - Some clarifications and recommendations (FAQ, Theming & Templating, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/deprecated-themes-some-clarifications-and-recommendations/</link>
							<description><![CDATA[<div class="Message userContent">
<p>All included official themes have been marked as deprecated since Zenphoto 1.6. A note is added on the backend. This leads to some confusion especially with new users.</p>
<p>These themes all are quite old and outdated and it does not make sense to update or rework them as their base is quite old. They will be removed with the next major release which is sadly still quite a while away. Untill then these themes will only get bugfixes and no actual feature updates anymore like special layouts. They will get the occasional plugin support if it is just a function to add. There will be at least one new official all-purpose theme included in the future.</p>
<p>There are also these third party themes with "limited support" from us. That means we roughly maintain and fix issues – primarily if made aware of theme – on these themes to keep them compatible with the latest Zenphoto release:</p>
<ul>
<li><a href="/theme/zpBootstrap/" rel="nofollow">https://www.zenphoto.org/theme/zpBootstrap/</a></li>
<li><a href="/theme/zpbase/" rel="nofollow">https://www.zenphoto.org/theme/zpbase/</a></li>
<li><a href="/theme/zenji/" rel="nofollow">https://www.zenphoto.org/theme/zenji/</a></li>
<li><a href="/theme/libratus/" rel="nofollow">https://www.zenphoto.org/theme/libratus/</a></li>
</ul>
<p>We welcome bug reports and/or pull requests with fixes.</p>
<p>There are also some good maintained third party themes you can use</p>
<ul>
<li><a href="/theme/multiverse/">https://www.zenphoto.org/theme/multiverse/</a> (the author bic is ZP team member so this is basically "half-official")</li>
<li><a href="/theme/paradigm/" rel="nofollow">https://www.zenphoto.org/theme/paradigm/</a></li>
<li><a href="/theme/collections/" rel="nofollow">https://www.zenphoto.org/theme/collections/</a></li>
</ul>
</div>]]></description>
															<category><![CDATA[FAQ, Theming &amp; Templating, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/deprecated-themes-some-clarifications-and-recommendations/</guid>
							<pubDate>Mon, 26 May 2025 00:00:00 +0200</pubDate>
						</item>
												<item>
							<title><![CDATA[Database password problems (FAQ, Installation & Upgrade, Troubleshooting, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/database-password-problems/</link>
							<description><![CDATA[<p><span class="warningnote">Although database passwords have no limitations in what characters can be used, the use of the <strong>$</strong> sign may cause failure on some hosts. An internal escaping of the character, introduced in Zenphoto 1.6.1, has been removed again in 1.6.7 as it actually broke such passwords that otherwise work on some hosts.</span></p>
<p><span class="warningnote">Tests showed a rather random behaviour regarding the position of the <strong>$</strong> within the password. On some hosts it matters and on some it does not. Also some hosts like our own do not allow the <strong>$</strong> sign (and even some other chars) at all.</span></p>
<p><span class="warningnote">If you encounter issues best contact your host or simply don't use the <strong>$</strong> sign. If needed you can always try to escape characters in the config file manually. </span></p>]]></description>
															<category><![CDATA[FAQ, Installation &amp; Upgrade, Troubleshooting, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/database-password-problems/</guid>
							<pubDate>Fri, 23 May 2025 13:10:37 +0200</pubDate>
						</item>
												<item>
							<title><![CDATA[Secure submitting of forms (Customizing, Development, News, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/secure-submitting-of-forms/</link>
							<description><![CDATA[<p>If you use a form to submit data that is stored in the database on your site it is recommended to use XRSF tokens to avoid unauthorized requests and prevent Cross Site Request Forgeries.</p>
<p>Here is a basic form that submits some data:</p>
<pre><code>&lt;form id="myform" action="&lt;?php echo html_encode(getRequestURI()); ?&gt;" method="post" accept-charset="UTF-8"&gt;<br />&nbsp; &nbsp;&lt;?php XSRFToken('myformaction'); // use a unique name of the action ?&gt;<br />&nbsp; &nbsp;&lt;input type="text" name="mytext" value=""&gt;<br />&nbsp;&nbsp; &lt;input type="submit" value="Submit"&gt;<br />&lt;/form&gt;</code></pre>
<p>The line <span class="inlinecode">&lt;?php XSRFToken('myformaction'); ?&gt;</span> prints an input field with the token. If you need the token itself, in a URL query for example, you can use <span class="inlinecode">$token = getXSRFToken('myformaction');</span>.<code></code></p>
<p>On processing the form data you would also have to check that XSRFtoken using <span class="inlinecode">XSRFdefender('myformaction');</span></p>
<p><code></code></p>
<p>If the token does not match this will stop the process. If it succeeds you can afterwards fetch your <span class="inlinecode">$_POST</span> or <span class="inlinecode">$_GET</span> data.</p>
<p>Always sanitize the data before using it:</p>
<pre><code>$mytext = sanitize($_POST['mytext'], 3);</code></pre>
<p>If you know your value will be numeric you can also use:</p>
<pre><code>$mytext = sanitize_numeric($_POST['mytext']);</code></pre>
<p>If you need to output fetched and sanitized data always use <span class="inlinecode">html_encode().</span></p>
<p><code></code></p>
<p><code>&nbsp;</code></p>
<p><code></code></p>
<p><code></code></p>]]></description>
															<category><![CDATA[Customizing, Development, News, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/secure-submitting-of-forms/</guid>
							<pubDate>Wed, 23 Oct 2024 15:00:00 +0200</pubDate>
						</item>
												<item>
							<title><![CDATA[Protecting your site from AI scraping (FAQ, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/protecting-your-site-from-ai-scraping/</link>
							<description><![CDATA[<p>
  AI is a frequent topic since last year. It is a constant problem of AI bots using – some may call it exploiting – text and images from any public site for training without actual consent which naturally collides with intellectual property rights. The EU even made a new law regarding this issue last year.
</p>
<p>
  This article will just focus on the ways that are available to protect your site.
</p>
<h2>
  Make your site non public via htaccess
</h2>
<p>
  This is actually the only really reliable way to cover all the different AI bots. Using the&nbsp; gallery protection of Zenphoto is a way but this is not a server side level protection for folders so bots may bypass that.
</p>
<p>
  But using htaccess to password protect your site is on server level. Drawback is of course that this blocks everything and everyone including search engines and visitors you actually want to visit your site.
</p>
<p>
  There are lots of tools and descriptions out there to help you like: <a href="https://www.web2generators.com/apache-tools/htpasswd-generator">https://www.web2generators.com/apache-tools/htpasswd-generator</a>&nbsp;
</p>
<p>
  [DONATE]
</p>
<h2>
  Block bots via htaccess
</h2>
<p>
  This actually works pretty well but you need to know the name of every bot you want to block. Sadly lots of new AI tools appear every day. A htaccess example for a few known bots will look like this:
</p>
<pre>RewriteEngine On<br>RewriteCond %{HTTP_USER_AGENT} (CCBot|ChatGPT|GPTBot|anthropic-ai|Omgilibot|Omgili|FacebookBot) [NC]<br>RewriteRule ^ – [F]</pre>
<p>
  You can add that to Zenphoto's htaccess. We have not included this because it is likey to frequently require changes.
</p>
<h2>
  Block bots via robots.txt
</h2>
<p>
  You can also advise bots via robots.txt just like with search engines. Here an example with some known bots:
</p>
<pre>User-agent: CCBot<br>Disallow: /<br>User-agent: ChatGPT-User<br>Disallow: /<br>User-agent: GPTBot<br>Disallow: /<br>User-agent: Google-Extended<br>Disallow: /<br>User-agent: anthropic-ai<br>Disallow: /<br>User-agent: Omgilibot<br>Disallow: /<br>User-agent: Omgili<br>Disallow: /<br>User-agent: FacebookBot<br>Disallow: /</pre>
<p>
  We also have not included this because it is likey to frequently require updates.
</p>
<p>
  <strong>This is basically a recommendation and no bot has to comply with it as the big search engines do (voluntary as well).</strong>
</p>
<h2>
  Spawning's ai.txt
</h2>
<p>
  There is also the Initiative Spawning that aims to create tools to provide a way to block or consent AI access by opting out. There you can add yourself to a registry and create a specific ai.txt which is similar to robots.txt: <a href="https://site.spawning.ai/spawning-ai-txt#ai-text-generator">https://site.spawning.ai/spawning-ai-txt#ai-text-generator</a>.
</p>
<p>
  <strong>Sadly it is&nbsp; more a concept of an opt-out infrastructure and so far only two AI companies seems to follow that registry. And the ai.text&nbsp; is no more a secure way of protection than a robots.txt as no one needs to comply with it.<br></strong>
</p>
<h2>
  Use html meta for blocking AI
</h2>
<p>
  You can use something like this code via the HTML head on your site:
</p>
<meta name="robots" content="noai, noimageai">
<p>
  The html_meta_tags plugin included in Zenphoto 1.6.1 does include options for this now.
</p>
<p>
  <strong>This is a recommendation and no bot has to comply with it.</strong>
</p>
<h2>
  Exif/IPTC: Use copyright notes
</h2>
<p>
  Some sites also recommend to indicate via EXIF/IPTC metadata that your images are copyrighted and AI usage is not allowed. There are <a href="https://www.iptc.org/news/plus-publishes-draft-standard-for-image-data-mining-restrictions/">plans to add an extra IPTC field specifially for AI</a>. Note that only the Imagick library can preserve metadata in resizing and processing images!
</p>
<p>
  <strong>Of course metadata will not make a bot comply but it may be useful for legal conflicts at some time.</strong>
</p>
<h2>
  Image modifications
</h2>
<p>
  Another recommendation is to use a watermark on the images itself. Of course a predominant watermark may disturb the image itself. But generally an indication of the source within a larger image size itself is not a bad idea.
</p>
<p>
  There are also various research projects that "posion" images with additions that should confuse AI usages like the projects <a href="https://glaze.cs.uchicago.edu/">Glaze</a> and <a href="https://nightshade.cs.uchicago.edu/whatis.html">Nightshade</a> of the University Of Chicago.
</p>
<h2>
  Add legal info
</h2>
<p>
  It does not keep any bot from crawling but for any legal issue it might be a good idea to add a legal notice&nbsp; on our legal/imprint page to prohibit usage of your content by bots. Some jurisdictions have paragraphs within their laws (e.g. the EU/German intellectual propertty rights).
</p>
<h2>
  Extra note: Social media
</h2>
<p>
  Note that if you are posting your images on social media platforms you may grant rights to use these for AI training. For example X formerly known as Twitter has this condition in its terms of...
</p>]]></description>
															<category><![CDATA[FAQ, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/protecting-your-site-from-ai-scraping/</guid>
							<pubDate>Tue, 26 Mar 2024 00:00:00 +0100</pubDate>
						</item>
												<item>
							<title><![CDATA[Debugging (Development, FAQ, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/debugging/</link>
							<description><![CDATA[<h2>
  Enabling debug modes
</h2>
<p>
  Since Zenphoto 1.6 it is possible to set the debug modes you need directly in your <span class="inlinecode">zp-data/zenphoto.cfg.php</span> file.
</p>
<p>
  Any of the following debug modes may be used. The default is false for all. Add <span class="inlinecode">a define</span> anywhere in your <span class="inlinecode">zenphoto.cfg.php</span> file (exept where it says "<em>Do not edit above/below this line</em>")
</p>
<ul>
  <li>
    <span class="inlinecode">$conf['test_release'] = true;</span>&nbsp;– Enables test release mode, supports the markRelease plugin. All PHP errors are written into the <span class="inlinecode">Debug</span> log.
    <ul>
      <li>This enableds three debug modes:&nbsp;<span class="inlinecode">debug_error</span>, <span class="inlinecode">debug_image_err</span> and <span class="inlinecode">debug_404</span>.This can be overridden by setting a mode explicitly to <span class="inlinecode">false.</span>
      </li>
      <li>
        <span class="inlinecode">test_release</span> mode is automatically enabled if the release is a pre-release version. This can be disabled by setting <span class="inlinecode">$conf['test_release'] = false;</span> (since 1.6.6)
      </li>
    </ul>
  </li>
  <li>
    <span class="inlinecode">$conf['debug_login'] = true;</span> – Log admin saves and login attempts.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_error'] = true;</span> – Log the calling sequence with zp_error messages.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_image'] = true;</span> –&nbsp;Log image processing information.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_image_err'] = true;</span> –&nbsp;Flag image processing errors.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_404'] = true;</span> – Log 404 error processing debug information
  </li>
  <li>
    <span class="inlinecode">$conf['debug_exif'] = true;</span> –&nbsp;Log start/finish of exif processing.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_plugins'] = true;</span> –&nbsp;Log plugin load sequence.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_filters'] = true;</span> – Log filter application sequence.
  </li>
  <li>
    <span class="inlinecode">$conf['explain_selects'] = true;</span> –&nbsp;Log the "EXPLAIN" of SELECT queries.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_locale'] = true;</span> –&nbsp;Used for examining language selection problems.
  </li>
  <li>
    <span class="inlinecode">$conf['debug_mail'] = true;</span> – Used for examining language selection problems (since 1.7a)
  </li>
  <li>
    <span class="inlinecode">$conf['display_errors'] = true;</span> – Enable displaying errors on the site itself and therefore not recommended for production sites (since 1.6.6)
  </li>
</ul>
<p>
  <span class="articlebox-left">These modes do not display more "error" notes. They primarily provide some more extra info within the process to hopefully help narrow down the issue you may be encountering.</span>
</p>
<h2>
  Debug logs
</h2>
<p>
  Zenphoto has two logs enabled by default. The <span class="inlinecode">Debug</span> log and <span class="inlinecode">Setup</span> log. By activating the <span class="inlinecode">security-logger</span> plugin you can also enable the <span class="inlinecode">Security</span> log.
</p>
<p>
  All log files are located in the <span class="inlinecode">zp-data</span> folder, in the root of your installation. The log files are created automatically when an error or action triggers them. So when there are no PHP errors or setup is not run, these log files are not yet present. When log files are present they can be viewed on the backend under the <span class="inlinecode">Logs</span> tab, which is only visible when you are logged-in with full admin rights.
</p>
<ul>
  <li>
    <span class="inlinecode">Debug log:</span> logs all PHP errors, warnings and notices, following PHP's E_ALL reporting level. Note that very early PHP errors may occur before Zenphoto is triggered. These errors can only be viewed in the PHP error log on your server. Ask your host where to find this.
  </li>
  <li>
    <span class="inlinecode">Setup log:</span> logs all system checks, the loading of themes, plugins and extensions.
  </li>
  <li>
    <span class="inlinecode">Security log:</span> logs the following:
    <ul>
      <li>IP address of the client browser (the IP may be anonymized as defined on the related option)
      </li>
      <li>type of entry/action
      </li>
      <li>user ID/user name
      </li>
      <li>success/failure of an action (installation, login, etc.)
      </li>
      <li>
        <em>authority</em> granting/denying the request
      </li>
      <li>Additional information, for instance on failure, the password used
      </li>
    </ul>
  </li>
</ul>
<p>
  There are options to set a max file size for the <span class="inlinecode">Debug</span> and <span class="inlinecode">Security</span> logs in <em>Options -&gt; General</em> (<em>debug log limit</em> and <em>security log limit</em>). Additional log files will be created sequentialy when their specified size is exceeded.<br>
  There is no need to have an option for a max file size for the <span class="inlinecode">Setup</span> log since this file is refreshed each...
</p>]]></description>
															<category><![CDATA[Development, FAQ, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/debugging/</guid>
							<pubDate>Mon, 12 Dec 2022 00:00:00 +0100</pubDate>
						</item>
												<item>
							<title><![CDATA[Translations (gettext) not working on some servers with mod_perl enabled (News, Troubleshooting, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/translations-gettext-not-working-on-some-servers/</link>
							<description><![CDATA[<p>In case you notice that translations are not working on your site: This is out of our hands. The reason is a bug in Apache's <span class="inlinecode">mod_perl</span> module on some server configurations which conflicts with the native PHP <span class="inlinecode">gettext</span> functionality we use for translations. For example our local development environment MAMP 6.3 &nbsp;is affected by this as well. We have no idea when this will be fixed or how similar software (XAMPP, WampServer, etc) or your host's server may be affected.</p>
<p>Translations work if the <span class="inlinecode">mod_perl</span> module is disabled and Zenphoto does not require Perl anyway. Should you notice this and have control over your server disable it or contact your host about it.</p>
<p>More info about this issue: <a href="https://www.claudiokuenzler.com/blog/1023/php-gettext-translations-not-working-apache-mod_php-cli-works" target="_blank" rel="noopener">https://www.claudiokuenzler.com/blog/1023/php-gettext-translations-not-working-apache-mod_php-cli-works</a></p>]]></description>
															<category><![CDATA[News, Troubleshooting, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/translations-gettext-not-working-on-some-servers/</guid>
							<pubDate>Sat, 20 Feb 2021 00:00:00 +0100</pubDate>
						</item>
												<item>
							<title><![CDATA[Using Zenphoto on local servers (Development, FAQ, Installation & Upgrade, Troubleshooting, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/using-zenphoto-on-local-servers/</link>
							<description><![CDATA[<p>Local virtual server packages like <a href="https://www.mamp.info">MAMP</a>*, <a href="https://www.wampserver.com/en/">WAMP</a> or <a href="https://www.apachefriends.org/de/index.html">XAMPP</a> are very useful to test your ZenphotoCMS website while developing themes, plugins or before applying a ZenphotoCMS update to your site.</p>
<p>ZenphotoCMS generally works out of the box with these tools. But it is important that you configure them to use the standard web ports instead of other default ports they may have set. Here is an example from MAMP (it may be similar with the other tools):</p>
<p><a class="zenpage_imagelink" title="mamp-standardports-config-EN" href="/index.php?album=storage/troubleshooting&amp;image=mamp-standardports-config-EN.png"><img class="zenpage_customimage" src="/cache/storage/troubleshooting/mamp-standardports-config-EN_522.png?cached=1552039656" alt="mamp-standardports-config-EN" /></a></p>
<p>*Since we work on Mac we use MAMP ourselves for years</p>]]></description>
															<category><![CDATA[Development, FAQ, Installation &amp; Upgrade, Troubleshooting, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/using-zenphoto-on-local-servers/</guid>
							<pubDate>Fri, 08 Mar 2019 09:59:01 +0100</pubDate>
						</item>
												<item>
							<title><![CDATA[Privacy considerations (Customizing, Development, FAQ, Troubleshooting, Tutorials, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/privacy-considerations/</link>
							<description><![CDATA[<p>
  If you run a website and especially if you are located in the EU you should have heard about this General Data Protection Rule (GDPR) by now and be prepared for it already. So we can’t and won’t go into detail about the GDPR here.
</p>
<p>
  That has been done on numerous sites already in the past months. You’ll find info about it on the official EU GDPR website: <a href="https://eugdpr.org/">https://eugdpr.org/</a>.
</p>
<p>
  <span style="font-weight: 400;">You will surely find numerous good articles in your own language about how to comply with your website. In any case we can’t and are not allowed, not being lawyers, to provide any legal advice how it applies to your website as every website is different anyway. &nbsp;But we can tell you a bit about Zenphoto and data privacy.</span>
</p>
<h2>
  Zenphoto as the CMS on your site
</h2>
<p>
  Some features mentioned here are only available in Zenphoto 1.5. Zenphoto does not store much personal user data by itself. Of course it does use cookies and session cookies, primarily for login status or for keeping the search context within search results. You can read more about which cookies Zenphoto may use on <a href="http://www.zenphoto.org/news/cookies/">https://www.zenphoto.org/news/cookies/</a>.
</p>
<p>
  If you have enabled the search cache it caches search queries and their results in the database. But it does not cache any data about who performed the search.
</p>
<p>
  Also a Zenphoto install does not “phone home”. There is a plugin to check for new releases and a plugin that can display the latest news from our site. But both just use the RSS feed from our site. We don’t collect any data from anyone.
</p>
<h2>
  Zenphoto sites in general
</h2>
<p>
  It is strongely recommended to setup your site with SSL which is a good idea anyway since it is becoming a SEO ranking factor now. Ask your host if your webspace supports it. Maybe it even supports the free Let’s Encrypt certificates. We also use them. More info on those on <a href="https://letsencrypt.org">https://letsencrypt.org.</a>
</p>
<p>
  Including CSS or JS scripts from external sources can be a privacy issue since every request transfers data. This also applies to embeded webfonts. However it is not clear yet if this is really an issue. In any case you can easily host yourself if you must.<br>
  But any widget using external scripts from social media platforms like Facebook, Twitter and the likes could be privacy problematic.
</p>
<p>
  You can easily check if a theme or plugin does load from exernal sources by using web inspectors all modern browser include or one of the various tracking script blocker plugins available for all browsers.
</p>
<p>
  Enable the “Anyonymize IP” option on the Options &gt; Security. The IP address is considered private information and it is strongely recommended to anonymize it (hashing may not be enough!). Some plugins may use it and also cookies may store it if you enabled the “IP tied cookies” option.
</p>
<p>
  Add a privacy policy page - either statically or via the Zenpage CMS plugin in capable themes - and note detailed what data you store and process. Also define that page in the general privacy policy page option so it may appear on form plugins.
</p>
<h2>
  User accounts
</h2>
<p>
  User accounts of a Zenphoto site only store the info you can see on the user account. If you run a multi-user Zenphoto site also make sure that all users have “User” rights assigned so they can access their own acccount to change it and also export their own user data. “User” rights is the minimum rights any user should have and you should have good reasons to revoke this right.
</p>
<h2>
  Plugins
</h2>
<p>
  Especially form plugins involve user data being submitted and stored:
</p>
<ul>
  <li>comment_form: May also store the IP of a commenter
  </li>
  <li>contact_form
  </li>
  <li>register_user
  </li>
</ul>
<p>
  If you use these you should enable the new privacy confirmation option to add a checkbox for users to agree with data storage and usages. It is also recommended to limit the required form fields to the absolute minimum needed for the purpose. For example for a contact form an e-mail address, subject and the message itself would be enough. Data economy is the key word here.
</p>
<p>
  Several official plugins may be problematic as they do use external scripts and/or store IP’s in order to work:
</p>
<ul>
  <li>class-Webdocs: Uses external services to display certain file formats.
  </li>
  <li>GoogleMaps: Uses Google scripts from Google’s servers and requires registering for an API key. So it may also collect some data from visitors. The openstreetmap plugin is an alternative.
  </li>
  <li>hitcounter: Storing a list of full IP’s to ignore could be problematic but it is optional.
  </li>
  <li>Matomo (formerly Piwik): This plugin itself does not do much but Matomo as a separate statistic tool collects various data. But you can set it up to comply with privacy: ...
  </li>
</ul>]]></description>
															<category><![CDATA[Customizing, Development, FAQ, Troubleshooting, Tutorials, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/privacy-considerations/</guid>
							<pubDate>Fri, 25 May 2018 00:00:00 +0200</pubDate>
						</item>
												<item>
							<title><![CDATA[Path constants (Customizing, Development, FAQ, Tutorials, User Guide)]]></title>
							<link>https://www.zenphoto.org/news/path-constants/</link>
							<description><![CDATA[<p>Zenphoto uses several path related constants internally&nbsp;you should always use these if you work with paths so your themes and plugins are safe for any possible name changes. These constants are defined in <span class="inlinecode">/zp-core/global-definitions.php</span>.</p>
<p>For all URL's to actual items (albums, image, news and pages) you should rather use&nbsp;<a href="/news/zenphotos-object-model-framework">Zenphoto's object model framework</a>&nbsp;or the related template functions.</p>
<h2>Available constants</h2>
<dl>
<dt>ALBUMFOLDER</dt>
<dd><span class="inlinecode">/albums/</span> &ndash; stores all albums and images. If you use a custom name it of course stores that name.</dd>
<dt>ALBUM_FOLDER_WEBPATH</dt>
<dd><span class="inlinecode">http(s)://yourdomain.com/albums/</span> &ndash; full webpath to the /albums folder</dd>
<dt>ALBUM_FOLDER_SERVERPATH</dt>
<dd><span class="inlinecode">/var/www/html/zenphoto/albums/</span> &ndash; The path to the albums folder but with the full server path if you installed in a subfolder "zenphoto" (exact path depends on the host)</dd>
<dt>BACKUPFOLDER</dt>
<dd><span class="inlinecode">/backup/</span> &ndash; stores the database backup made with the backup utility</dd>
<dt>CACHEFOLDER</dt>
<dd><span class="inlinecode">/cache/</span> &ndash; stores all the cached images</dd>
<dt>COMMON_FOLDER</dt>
<dd><span class="inlinecode">/zp-core/zp-extensions/common/</span> &ndash; stores some files that several official plugins make use of</dd>
<dt>DATA_FOLDER</dt>
<dd><span class="inlinecode">/zp-data/</span> &ndash; stores the configuration and log files</dd>
<dt>FULLWEBPATH</dt>
<dd>The full web path to your installation, e.g. <span class="inlinecode">http://www.yourdomain.com/zenphoto/</span> if you installed Zenphoto in a folder "zenphoto".</dd>
<dt>PLUGIN_FOLDER</dt>
<dd><span class="inlinecode">/zp-core/zp-extensions/</span>&nbsp;&ndash; stores all officially included plugins</dd>
<dt>PROTOCOL</dt>
<dd><span class="inlinecode">http</span> or <span class="inlinecode">https</span>&nbsp;&ndash; The server protocol as set on its&nbsp;option. If you use it you need to add <span class="inlinecode"><em>://</em></span></dd>
<dt>SERVER_HTTP_HOST</dt>
<dd>The host part of the url, e.g. <span class="inlinecode">http://www.yourdomain.com</span></dd>
<dt>SERVERPATH</dt>
<dd>The full path on your server. e.g.<span class="inlinecode"> /var/www/html/zenphoto</span> if you installed in a subfolder "zenphoto" (the exact path depends on the host)</dd>
<dt>STATIC_CACHE_FOLDER</dt>
<dd><span class="inlinecode">/cache_html/</span> &ndash; stores all the cached static HTML files of your site pages if using the static_html_cache plugin and also the RSS feeds if the RSS cache is enabled.</dd>
<dt>THEMEFOLDER</dt>
<dd><span class="inlinecode">/themes/</span> &ndash; stores all themes</dd>
<dt>UPLOAD_FOLDER</dt>
<dd><span class="inlinecode">/uploaded/</span> &ndash; the default folder for general non gallery files</dd>
<dt>USER_PLUGIN_FOLDER</dt>
<dd><span class="inlinecode">/plugins/</span> &ndash; stores all 3rd party plugins</dd>
<dt>UTILITES_FOLDER</dt>
<dd><span class="inlinecode">/zp-core/utilities/</span> &ndash; stores offcially included utiltiy plugins which appear as buttons on the main overview page on the backend.</dd>
<dt>WEBPATH</dt>
<dd>stores the path to your install. If you installed in a folder called "zenphoto" resolves to <span class="inlinecode">zenphoto</span>.</dd>
<dt>ZENFOLDER</dt>
<dd><span class="inlinecode">/zp-core/</span> &ndash; The Zenphoto core folder</dd>
</dl>
<h2><strong>Usage</strong></h2>
<p><span class="articlebox-left"><strong>Note:</strong> The constants do not include the slashes.</span></p>
<p>Path to a 3rd party plugin:<br /><span class="inlinecode">FULLWEBPATH.'/'.USER_PLUGIN_FOLDER.'/yourplugin.php</span></p>
<p>Path to an included plugin:<br /><span class="inlinecode">FULLWEBPATH.'/'.ZENFOLDER.'/'.PLUGIN_FOLDER.'/officialplugin.php</span><span class="articlebox-left">If you print out URL's using these constants, don't forget to escape them using <span class="inlinecode">html_encode()</span> to be sure.</span></p>]]></description>
															<category><![CDATA[Customizing, Development, FAQ, Tutorials, User Guide]]></category>
															<guid>https://www.zenphoto.org/news/path-constants/</guid>
							<pubDate>Wed, 10 Sep 2014 00:00:00 +0200</pubDate>
						</item>
									</channel>
		</rss>
		