Revision 13.f (2023-07-07)
About: Check Piwigo files for unexpected modifications
Changes: add 13.8.0
Revision 1.1.0 (2023-01-05)
About: This plugin enables you to set Security Headers for your website and make your website safer for use.
Upgrade the Security of your site to A level.
Content-Security-Policy is tricky, because of (possible) inline CSS and JS in Piwigo or its plugins, which can break if CSP is set wrongly.
Changes: Added config for strict-transport-security directive, contributed by @Vodkapic
Revision 12.0.0c (2022-07-09)
About: This extension will display an overlay (partially or full-screen) with a certain text regarding cookies. You can alter the text and change the 'More Info' link.
When the user has accepted the cookies, a parameter will be set in the session table for that session so this popup wont show again.
Changes: v12.0.0c - Fix width issue on mobile devices
* Icelandic (Íslenska [IS])
* Slovenian (Slovenščina [SL])
* Ukrainian (Українська [UA])
Revision 0.1Beta (2022-06-02)
About: Warning ! This plugin is currently in BETA, it may have bugs and missing features.
Allow a Two-factor Authentication by mail (by a 6 digit temporary code).
Make sure that your piwigo admin user email address is correct and that you have access to it before activating this plugin !
Work with a correct SMTP server linked to piwigo.
Changes: Working Beta of the plugin.
Contain email Authentication by mail with settings in the admin.
Revision 0.5.0 (2022-05-28)
About: The External Authentication plugin supports login based on the identity provided by the webserver (aka the Remote User), which is usually supplied via proxy servers or webserver modules (eg. "Basic Auth"). It differs from the Piwigo "apache_authentication" option by providing a greater degree of flexibility, including:
- Control over which variable(s) are used for authentication
- Piwigo login will always follow changes in (recognized) Remote Users
- Native Piwigo logins possible when the Remote User is considered a guest
- Option to copy webserver supplied passwords to Piwigo accounts
- External login/logout URLs replacing or co-existing with native ones
- Possibily to auto-register unknown Remote Users as new Piwigo users
- Control over auto-registration profiles, passwords, status and notifications
- Flexible list of Remote Users considered guests
This plugin is incompatible with the $conf['apache_authentication'] option, and will auto-disable if it's set.
Fallback Authentication is optional, and permits native Piwigo logins when the current Remote User is considered a guest. NOTE: If Remote User auto-registration is disabled, any Remote User unknown to Piwigo is considered a guest. If Fallback is disabled, Piwigo logins will always match the current Remote User.
The plugin makes every effort to prevent un-intentional account lockout, and is always disabled upon activation to permit configuration before login enforcement is enabled (which may immediately log the current session out!).
Debug logging can be enabled on the plugin's admin page, or by setting $conf['externalauth_debug'] = true
Changes: - Update templates to work correctly with Piwigo 11+.
- Added icons to settings.