Allowing private albums

[msbt]

Hi there! I'm trying to use piwigo as an external image source for a blog to save space on the main server, This already works great, but I would also like to "hide" the albums on the second server, I can't have people snooping around in the whole image database. When using piwigos web api to show an image of a private album, you get <rsp stat="fail"><err code="401" msg="Access denied"/></rsp>

But when you invoke a pwg.session.login with username/password first, which results in <rsp stat="ok">1</rsp> you get all the image information. Any chance you could give me some pointers where or how to invoke that session.login and grab even private albums, that would be much appreciated. I've tried to implement that by myself, but it never shows any images.

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "https://link.to.page/ws.php?format=php&method=pwg.session.login");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE); 
curl_setopt($curl, CURLOPT_COOKIEFILE, COOKIE_FILE); 
curl_setopt($curl, CURLOPT_POSTFIELDS,
array('username'=>'test','password'=>'test'));
$result = curl_exec($curl);
curl_close($curl);
print($result);

I know it's been a long time, but maybe you could take a look at that.

Best regards, M

[joaoubaldo]

Hi @msbt. It's been a very long time indeed :smile: In order to support private galleries, the functions pwm_curl_get, pwm_curl_post might need to accept optional arguments for authentication. Either that or a session cookie, retrieved by some other means, must be passed during requests to Piwigo API. At the moment I don't have the time do look at this but you're more than welcome to fork and pull request :smile: I'll do my best to test and review it

[msbt]

Hey @joaoubaldo, thanks for getting back to me, I've found another solution which does somewhat work, cheers!