Contents

Gallery 2

Welcome to Gallery 2. This is the official release of Gallery 2.2, code named “Double Double”. Please read through this document carefully before installing Gallery 2 and before asking for help. We have taken care to try to answer as many of your questions here as possible. If you don't read this and have problems, we may refer you back to this document as a first resource.

Quick Start

If you’re impatient like us, you just want to get going. The odds are that your system is all set to handle Gallery 2 so just skip right to the installer and start clicking. It should walk you through everything you need to get going. If you hit a snag, please come back here and read more before asking questions! Enjoy.

What is Gallery?

Gallery is a web based software product that lets you manage your photos on your own website. You must have your own website with PHP and database support in order to install and use it. With Gallery you can easily create and maintain albums of photos via an intuitive interface. Photo management includes automatic thumbnail creation, image resizing, rotation, ordering, captioning, searching and more. Albums and photos can have view, edit, delete and other permissions per individual authenticated user for an additional level of privacy. It's great for communities - give accounts to your friends and family and let them upload and manage their own photos on your website!

System requirements

Security

The Gallery team retained James Bercegay of Gulftech Research and Development to do a complete security audit of Gallery 2.2 Release Candidate 1.

Recently we have performed a very thorough audit of the Gallery2 code base. Our review consisted of both a complete source code audit, as well as us performing multiple "real world" attack scenarios against the Gallery2 application. During the audit we identified multiple minor security issues which have since been resolved by the Gallery2 developers. The result is a much more secure Gallery2 application with enhanced security features to keep your Gallery and its users as safe and secure as possible.

The Gallery team retained Paul Mutton of Intershot Limited to do a complete security audit of Gallery 2.1 Release Candidate 1.

The Gallery installer and Gallery application were subjected to a manual web application security test. It is important to note that such tests cannot be exhaustive and may not discover all vulnerabilities. All tests were carried out against a standalone installation of Gallery - no integrated installations were tested (e.g. with phpBB or phpnuke). The security of external tools used by the Gallery application, such as graphics toolkits, were not included in this test. No denial of service attacks were carried out against the application server.

The development team resolved the security issues raised by auditors during the release candidate phases.

Note

The Gallery project treats security issues very seriously. If you find a security flaw, do not hesitate to email us at:

security AT gallery.menalto.com

What’s new in this release?

Over four years of design and development have gone into making Gallery 2 the best online photo management product available. We have made it easy to add new features while keeping them in separate modules so that you can customize it to only have the ones that you want. For those of you who like standards, we have strict XHTML compliance but give plenty of power to our themes so that you can make it look the way that you want. It's a powerful application and you're in the driver's seat.

Highlight of changes in Gallery 2.2 (Double Double) -

  1. Downloadable Plugins. This feature allows you to download and install Modules and Themes directly via the Site Admin interface. You can select from different sets of plugins (officially released plugins, experimental plugins under development and plugins provided by the Gallery community). This makes it very easy to stay up to date with the latest changes.
  2. Added support for themes to display dynamic albums.
  3. Security fixes and improvements

    There are no known exploits for these issues. All of them were discovered during a private, internal security audit. However, we highly recommend that you upgrade to Gallery 2.2 to secure your Gallery installation.

  4. Watermarking changes
  5. New themes:
  6. New WebDAV module to mount Gallery as network device on your computer. This allows you to easily manage your Gallery with any WebDAV client like Windows Explorer.
  7. New module to send Ecards.
  8. New Digibug module for prints from digibug.com.
  9. Added support for Flash Video and Windows ASF video.
  10. Added support for mp3 audio using a Flash based player.
  11. Added support for HTTP authentication through the new httpauth module.
  12. Photo auto-rotation based on camera sensors or on settings from other applications.
  13. Automatically detect dimensions of Flash animations and video.
  14. Option in MIME module to restrict file types that may be uploaded.
  15. Image Block changes
  16. Added some user contributed image frames and icon packs including the Silk Icon set by Mark James.
  17. You can now add color to item title, description, comments, etc. Click on the "color" button and choose from a handy popup; or just use [color=red] bbcode syntax.
  18. Comment module improvements:
  19. Added support in Link Items module to make thumbnails for URL links using webpage snapshots generated by an external program like khtml2png. Also, the arrow watermark on thumbnails is now optional.
  20. Added RSS functionality: Comments for this album and its subalbums.
  21. Added Quotas Block: This allows the site administrator to display a block in the theme that displays the current and total usage of any user that has a quota assigned.
  22. Added an option to lock a user account to the current account settings. Useful if one wants to use a single user account for a group of users.
  23. Newly created albums from User Albums module now properly inherit permissions from the parent album, for settings like comments, ratings, etc.
  24. Moved some functionality out of core and into optional modules: Add items module for adding from local server or other web pages, and Replica module for creating item copies sharing the same original data file.
  25. Option in EXIF/IPTC module to set title for new items from IPTC/ObjectName.
  26. Improved usability in administration interface for installing modules and themes.
  27. New Multiroot module assists in creating alternate guest views of a single Gallery.
  28. Added exactSize and link parameters for image block.
  29. Resize dimensions now accept percentages of full size in addition to pixel size.
  30. Added support for PHP mysqli extension (newer version of mysql interface).
  31. Support for MSSQL database.
  32. Minimum PHP version now 4.3.0.
  33. Microsoft IIS doesn't work with PHP-CGI due to a PHP/IIS bug. Microsoft recommends FastCGI instead and doesn't support PHP-CGI. Please use ISAPI PHP or FastCGI with IIS instead. Users of Apache on Windows can still use PHP-CGI (and mod_php or FastCGI).

Highlight of changes in Gallery 2.1 (Blackjack) +

Highlight of changes in Gallery 2.0 (Unpossible!) +

Highlight of changes in Gallery 2 RC 2 (kthxbye) +

Highlight of changes in Gallery 2 RC 1 (+5 Insightful) +

Highlight of changes in Gallery 2 Beta 4 (Flippin' Sweet!) +

Highlight of changes in Gallery 2 Beta 3 (Bingo!) +

Highlight of changes in Gallery 2 Beta 2 (Holy Hand Grenade) +

Highlight of changes in Gallery 2 Beta 1 (Dark Fibre) +

Highlight of changes in Gallery 2 Alpha 4 (Nice Commits) +

Highlight of changes in Gallery 2 Alpha 3 (Farva) +

Highlight of changes in Gallery 2 Alpha 2 (Grand Theft Photo) +

Highlight of changes in Gallery 2 Alpha 1 (Cowbell) +

Choosing a package

You can choose from four different packages:

You get to pick and choose which modules you activate, so even if you download a package that has more modules than you need you can always choose not to activate the ones you don't want. You can also activate a module and test it out for a while, then later deactivate and uninstall it. You can also delete any modules/themes that you're not using if you want to save space.

All of our modules and themes are available separately so if you install a smaller package you can still add more functionality later on, either by downloading yourself or using the new Downloadable Plugins feature in Gallery 2.2.

Download Gallery packages, modules and themes from the Gallery Download Page.

Preparing to install

  1. Latest Version - There are four ways to get the code.
  2. Storage - Create a directory for gallery to store photos. This must be writeable by the web server, but for security reasons we suggest that you do not put it in the web root. If you put it in the web root, then anybody can get directly to your images with their web browser which circumvents Gallery 2’s security.

    Unix Example

    $ cd $HOME
    $ mkdir g2data
    $ chmod 777 g2data

    Windows Example

    C:\> mkdir g2data

    In the Unix example, you may note that modes of 777 on your g2data directory are not all that secure. However, making it more secure depends on how your system is configured. Talk with your system administrator about ways to change the permissions on that directory to make it so that Gallery can still write to the files but that others can’t. Refer to the Gallery 2 Security Guide for more information.
  3. Database - Right now we support MySQL, PostgreSQL, Oracle, IBM DB2 and Microsoft SQL Server. The databases most commonly used with Gallery 2 are MySQL and PostgreSQL. MySQL is generally faster than PostgreSQL. We require you to create the database yourself. In our examples below, we’ll be creating a database called gallery2. You can use any database name that you choose.
    Grant all required privileges to your database user. This includes but is not confined to: CREATE TABLE, ALTER TABLE, DROP TABLE in the gallery2 database; SELECT, INSERT, UPDATE, DELETE on all (gallery2) tables in the gallery2 database; CREATE INDEX and some other privileges that are specific to the different database management systems. CREATE/DROP DATABASE and the ability to GRANT privileges to other database users are not required.

    MySQL

    $ mysqladmin -uroot create gallery2
    $ mysql gallery2 -uroot -e"GRANT ALL ON gallery2.* TO
      username@localhost IDENTIFIED BY 'password'"

    PostgreSQL

    $ createdb gallery2 -E UNICODE

    If it complains that UNICODE is not a valid encoding name, then try:
    $ createdb gallery2 -E SQL_ASCII

    If it complains about that, too then try:
    $ createdb gallery2

    Oracle

    $ create database gallery2 {additional parameters};

    IBM DB2

    $ db2 "create database gallery2 using codeset utf-8 territory us pagesize 32 k"

    Microsoft SQL Server

    C:\>sqlcmd -S myhostname\SQLEXPRESS -e

    1>create database gallery2

    2>go

    1>use gallery2

    2>go

    1>create schema g2user

    2>go

    1>create login g2user with password = "g2pwd"

    2>go

    1>create user g2user for login g2user with default_schema = g2user

    2>go

    1>use master

    2>go

    1>grant CONTROL SERVER to g2user

    2>go

    1>quit

  4. Graphics Toolkits - Gallery 2 works with many different toolkits (NetPBM, ImageMagick, GD or GraphicsMagick). You need to activate at least one or you won't get any thumbnails, but there's no limit on how many you can have. In fact, more is better because they can work together. Here are some interesting points about the main supported toolkits (mostly reported by users, your mileage may vary). Limitations:

Installing

Gallery 2 is a web application and must be installed on your web server in order for you to use it. If you've unpacked it on your desktop, you will have to upload it to your server as part of the install process. Then you can configure it using your web browser.
As an alternative to the lengthy upload via FTP, take a look at the Gallery 2 Pre-Installer.

  1. Upload - Copy the Gallery 2 files to a directory on your webserver. There are several alternatives for this step: Note: After uploading, you should close this version of the README and browse to the version that you just uploaded. That way all the links in this document will point to the right places in your Gallery 2 install.
  2. Begin Installing - Open up your web browser and browse to the install directory. Gallery 2 will walk you through the process of validating that your system is properly configured and will set everything up for you.
  3. Authenticate - You will be asked to create and save a small text file in order to authenticate. You may not proceed until you do this. That’s how Gallery 2 knows that you’re authorized to use the installer.
  4. System Checks - The installer checks your system to make sure that it will support Gallery 2. Make sure that all checks are successful!
  5. Installation Type - Gallery can support multiple independent sites with a single installation of the code. Here you will select a standard single install or the location of a new multisite install. There is more information about multisite in the Gallery Codex.
  6. Storage Setup - Read the instructions on the installer to set up a storage location for Gallery 2. This is where Gallery 2 will store all of your images, as well as other cache information.
  7. Database Setup - Select your database type and enter your database authentication information. If this is not your first Gallery 2 installation and there are still some remains of the old installation, it will check the state of the installed version and offer a clean install option which will delete all your data in the storage directory and in the database. If the installed version seems to be fine, it will also offer to reuse the existing database tables. Select this option if you did not start the installer with the intent to start from scratch.
  8. Admin User Setup - You are prompted for an administrator username and password. Type in a password and type it again to validate it. The full name and the email address are optional. But entering an email address is highly recommended. Once you’re finished, click ’Create’ to create the admin user for this installation of Gallery 2.
  9. Create Config File - Gallery 2 will create the config.php file in your Gallery 2 directory. This contains all the answers you’ve provided in the installer and is necessary for Gallery 2 to function properly. At this point, there’s also a sanity check to prevent you from damaging your Gallery install by running the installer when you should rather have started the upgrader.
  10. Install the Core module - Here’s where we create all the database tables and initial users and albums to get you started. Unless something goes wrong, there’s nothing for you to do here.
  11. Install other modules - Gallery 2 has lots of different modules that provide useful functionality. Choose which ones you want to use. You can always go to the Site Admin page later on to install, activate, deactivate or uninstall modules, so it’s ok to experiment here.
  12. Check Security - Gallery 2 walks you through the process of locking down your new config.php.
  13. Finished! - Congratulations! You have successfully installed Gallery 2!

Using your new Gallery

Once you’ve successfully got Gallery 2 installed, you should take a look at the Gallery 2 Quick Start Guide. It will help you get started with Gallery and will walk you through the steps from zero to managing your first photo album in your freshly installed Gallery. Below are some links to your gallery that will make it easier for you to follow the Quick Start Guide. Note: You may need to activate certain modules to be able to use some of these links.

Take a look at the list of User Contributions to find even more modules, themes, utilities, mods and more.

Updating your Gallery 2 Installation

Updating is quick and easy and should not lose any of your data.

Warning When Upgrading from Gallery 2.0!

Third party modules and themes designed for Gallery 2.0 will not work with Gallery 2.2. During the upgrade process, these modules and themes will be automatically deactivated for you. You can find updated versions for most of these modules and themes here: http://codex.gallery2.org/Gallery2:User_Contributions

  1. If you have a busy site, consider putting your Gallery in maintenance mode before updating the code and performing the upgrade. This gives visitors a message that the site is temporarily offline, rather than showing everybody the upgrade page. Edit your config.php file to activate maintenance mode. This feature is new starting in 2.1, so it is not available in an upgrade from 2.0.x.
  2. Download the latest code for any active third party modules that you're using, or deactivate them. If in doubt, deactivating is safe.
  3. Get the latest code and unpack it over your existing copy of Gallery 2. Keep your existing config.php in place, and don't touch your (g2data) data folder or the database. If you're using Subversion, you can just do "svn update" at any time. Alternatively, you can also use the Gallery 2 Pre-Installer to get the latest code onto the webserver.
  4. If you use a PHP accelerator / cache (e.g. Turk mmCache, Ioncube PHPA, eaccelerator, Zend Studio, etc.), flush (clear) the cache of the accelerator. Omitting this step can sometimes lead to errors during and after the upgrade process.
  5. Browse to the upgrader and follow the instructions there. Make a backup of your data (g2data folder and especially the database) when it tells you to! Should you lose your data due to a bug in the upgrader, the first thing we're going to tell you to do is to restore from your backups! (Then we'll probably ask you to help us reproduce the bug.)
  6. Enjoy your new version of Gallery 2.

Getting Help

There are many resources available to you if you're having problems with Gallery:

Remember – reporting bugs is good. Even if you think it’s silly, go ahead and report it. We can always close the bug or refile it (please don’t be offended in this case) but it’s harder to find bugs than it is to fix them so we’re counting on you to help us with the finding part.

Known Issues / Bugs

Check our Known Issues list and Bug Tracker for information and some workarounds for known problems.

Advanced Topics

Unit Tests - Gallery 2 was designed using Extreme Programming methodologies. This means that we have over 2,000 unit tests that ensure code quality. If you want to help us out, you can try running the unit tests and report back to us if any of them fail.

Note - these tests shouldn’t change your Gallery 2 settings at all, but if they fail, they may leave things in a weird state. Be warned that there's a slim chance that you might have to ditch your Gallery 2 data and start over if something catastrophic happens.

For Themers - There is now some theme documentation that you should read if you want to change the look of your Gallery 2 by customizing an existing theme and its templates or by creating your own theme.

Localization - If you’re interested in localizing Gallery 2 into another language, you can review the current state of localization and then read the localization how-to and get started. Submit your localizations early and often - no need to wait until you’re entirely done.

For Developers - We've gotten started on some developer documentation that you should read if you want to start hacking on Gallery 2. Some of the information is a little bit out of date or in early drafts, but it's a start.

Embedding - To learn more about embedding Gallery 2 into your website and about existing integrations in content management systems, portals, blogs etc. please see Gallery 2 Embedding.

This page is valid XHTML 1.0 Gallery 2


Copyright (C) 2000-2007 Bharat Mediratta       $Id: README.html 16039 2007-03-16 22:17:57Z mindless $