http_auth January 17, 2012 / Updated: June 14, 2018

Tries to authorize user based on Apache HTTP authenitcation credentials

The PHP_AUTH_USER is mapped to a Zenphoto user the PHP_AUTH_PW must be in cleartext and match the Zenphoto user's password (If the User validation is set to trusted the PHP_AUTH_PW password will be ignored and need not be cleartext.)

Note that the HTTP logins are outside of Zenphoto so there is no security logging of them. Nor can Zenphoto "log off" the user. The normal logout links will not show for users logged in via this plugin.

Apache configuration:

• Run the Apache htpasswd utility to create a password file containing your first user: path to apache executables htpasswd -cp path to apache folder passwords user1
  
  htpasswd will prompt you for the password. You can repeat the process for each additional user or you can simply edit the passwords file with a text editor.
  
  Each user/password must match to a Zenphoto user/password or access to Zenphoto will be at a guest level. If a user changes his password in Zenphoto someone must make the equivalent change in the Apache password file for the Zenphoto user access to succeed. (However, see the User validation option.)

• Create a file named "groups" in your apache folder
• Edit the "groups" file with a line similar to: zenphoto: stephen george frank. This creates a group named zenphoto with the list of users as members
• Add the following lines to your Zenphoto root .htaccess file after the initial comments and before the rewrite rules:
  • AuthType Basic
  • AuthName "Zenphoto realm"
  • AuthUserFile c:/wamp/bin/apache/passwords
  • AuthGroupFile c:/wamp/bin/apache/groups
  • Require group zenphoto