Options
Invalid Gallery ID Weirdness
mikegrb
Registered Users Posts: 9 Beginner grinner
I have a webpage where a customer can enter a photo shoot or event ID into a box to be brought to the corresponding private SmugMug gallery. Unfortunately SmugMug seems to be doing some odd stuff if the gallery doesn't exist.
Here is the response from the perl script redirecting the person's browser to http://prints.michaelgreb.com/gallery/123
The browser then properly requests the invalid URL:
But then the odd part, SmugMug redirects again:
I'm guessing that a user that once existed with the nick 'LightGiver' was the proud owner of the gallery with id 123? At any rate, is there any way to prevent this from happening and instead give the user a an error message in a skinned page? If not, it seems using the API to retrieve a list of valid gallery ids and check against that before sending would be necessary.
On the subject of the API, I would like to release the source code for my script for others to use, if I end up using the API, that means the API key would need to be in the source, is this kosher or should I leave it out and let users get their own API key?
Here is the response from the perl script redirecting the person's browser to http://prints.michaelgreb.com/gallery/123
HTTP/1.x 302 Moved Date: Sun, 04 Mar 2007 09:48:04 GMT Server: Apache/2.2.3 (Debian) Location: http://prints.michaelgreb.com/gallery/123 Content-Length: 0 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/x-perl ---------------------------------------------------------- http://prints.michaelgreb.com/gallery/123
The browser then properly requests the invalid URL:
GET /gallery/123 HTTP/1.1 Host: prints.michaelgreb.com <snip>
But then the odd part, SmugMug redirects again:
HTTP/1.x 302 Found Date: Sun, 04 Mar 2007 09:51:52 GMT Server: Apache X-Powered-By: smugmug/1.2.0 Set-Cookie: SMSESS=80188e6b70a0df1569e49ef3af2cf056; path=/; domain=.michaelgreb.com Cache-Control: private, max-age=1, must-revalidate Location: http://LightGiver/gallery/123 Etag: "39d1f48e3d68e230ce15bde34f2cf480" Content-Length: 28 Keep-Alive: timeout=10000 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
I'm guessing that a user that once existed with the nick 'LightGiver' was the proud owner of the gallery with id 123? At any rate, is there any way to prevent this from happening and instead give the user a an error message in a skinned page? If not, it seems using the API to retrieve a list of valid gallery ids and check against that before sending would be necessary.
On the subject of the API, I would like to release the source code for my script for others to use, if I end up using the API, that means the API key would need to be in the source, is this kosher or should I leave it out and let users get their own API key?
0
Comments
</snip> I guess I am confused as to how you would end up with the wrong gallery id if you are using the api method correctly. SmugMug does automatically redirect to the correct owner's website if a user attempts to manufacture a url which includes a gallery that doesn't belong to them.
What api method are you using to retrieve the gallery ids ?
</snip> There are two lines of thought here. One is to provide the API Key in the script as you mentioned or the other is to provide instructions that an API Key is required and the person using the script must request their own key. Either method is acceptable imo.
Cheers,
David
</snip>
SmugMug API Developer
My Photos
I think I may have found an alternative solution that won't require the API key. Since I'm not dealing with password protected (just private) galleries, I can simply attempt to retrieve the RSS feed for the entered gallery and verify that the link is for my gallery and not another user.
Is this why, when an incorrect image name is used with a correct path that the user is directed to another person's site?
For example, the correct link might be http://DaRPhotos.smugmug.com/photos/133761018-M.jpg
The incorrect link http://DaRPhotos.smugmug.com/photos/33761018-M.jpg (missing the leading "1" in the filename) takes your browser to someone else's site (http://neskora.smugmug.com/photos/33761018-M.jpg). Seems to me that an error message should be generated?
GreyLeaf PhotoGraphy
Yes, I agree. The current behavior is definately the wrong behavior, no offense to the other photographer's on the site
Portfolio • Workshops • Facebook • Twitter
This is logical. I couldn't think of a logical reason for the current behavior on my own
My initial thought for checking id validty before redirecting my customer was to retreive the rss feed and check the links there. Turns out rss feeds aren't available for private galleries so I came up with a different solution that was actually better.