• Welcome to the Chevereto User Community!

    Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.

    Please keep in mind:

    • This community is user-driven. Always be polite and respectful to others.
    • Support development by purchasing a Chevereto license, which also gives you priority support.
    • Go further by joining the Community Subscription for even faster response times and to help sustain this space

Some ideas to make it even more awesome

Status
Not open for further replies.
jzegers

jzegers

Core
Hi all,

I've been using Chevereto for a few days now and it's working fantastic so far. I've a few ideas/improvements to make it even better.

Note: these ideas are in no way urgent

reCAPTCHA v2
Chevereto currently uses reCAPTCHA v1 which is the version where you have to type a word from an photo. Since a few months, Google offers a new reCAPTCHA in which you only need to mark a checkbox "I'm not a robot"
Example attached.

It would be nice if there was an option to switch between the two versions or to totally replace it with the v2.


Blocking the sign-up link
In my current Chevereto environment, I've disabled guest-uploads and disabled the ability to sign-up. This way I'm the only one who can upload. But when I click the sign-up link in the window, I get redirected to a 404.
Example attached.

If sign-up is disabled, the sign-up button shouldn't be visible or lead to an information page which says that you cannot sign up.

Also, the 'forgot password' link seems to be in an odd place. (screenshot link above)


Creating users from the admin dashboard
TLDR; since I've disabled sign-up it would be nice if I could create users from the admin dashboard.


Force SSL
My whole site is SSL but it seems that Chevereto cannot handle it well. I've a few htaccess rules to force ssl and non-www but Chevereto leads to a 404 when enabling these rules.

Rule screenshot attached.

I've placed these in the htaccess file in the Chevereto root. These rules work in all other parts of my website but not in the Chevereto subdirectory. Could there be an option to enable SSL in the admin panel or could you look in the 404 error. (Placing the above rules in the htaccess file in the Chevereto root should result in the 404 I'm facing.


Two factor authentication
TLDR; having an option to enable two factor authentication via one-time-passwords for the administrator and possibly users. The otp codes can be send via email or an app like Google Authenticator.


Let me know what you think of these ideas!
 

Attachments

  • Login.png
    Login.png
    77.3 KB · Views: 10
  • reCAPTCHA.png
    reCAPTCHA.png
    21.4 KB · Views: 11
  • Rules.PNG
    Rules.PNG
    8 KB · Views: 10
Hey there, glad to know that you like the system.

reCaptcha
Chevereto supports both reCaptcha 1.X and 2.X and it auto detects your reCaptcha version based on the key and use the appropriate version.

Blocking the sign-up link
You can't block that because there will be always someone who can sign-up, like an admin.

Creating users from the admin dashboard
Dashboard > Users > Top right "add user" link.

Force SSL
Chevereto will use SSL/HTTPS anytime it is forced at server level and when you use https all links are used with that protocol. The rule you posted is wrong, you need this above everything:
Code: 
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

And keep the original index.php rule.

Two factor authentication
I have no problems in add 2-factor auth when some cheap provider gets available. Currently is somehow expensive so it doesn't target a large % of installations.

Cheers,
Rodolfo.
 
Thank you for the blazing fast reply. The only issue that remains is the Force SSL. I've tried your rules and it works great but only if the folder lying above doesn't have similar* https rules. My Chevereto is hosted in a subfoler and when there are https/non-www rules applied on the root (folder above Chevereto) it trows an 404. But when I remove the rules from the htaccess file on the root, Chevereto works again.

Do you have any ideas to setup https rules for both the root folder and chevereto folder? The rules I wrote in the first post are applied on other subfolder applications and there it works fine. Only Chevereto seems to dislike them.

Cheers
 
The rule that I posted should work in any scenario, basically you add a top rule so all the traffic will be redirected to https. Note that additional redirections could cause issues like redirect non-www to www and stuff like that. You will need to play with the rules to match exactly what you need.

Check this: http://stackoverflow.com/search?tab=votes&q=htaccess force https

Note that this redirect or rules gets often somehow cached by some web browsers, so you need to flush caches to try it properly.
 
jzegers said:
Blocking the sign-up link
In my current Chevereto environment, I've disabled guest-uploads and disabled the ability to sign-up. This way I'm the only one who can upload. But when I click the sign-up link in the window, I get redirected to a 404.
Example attached.

If sign-up is disabled, the sign-up button shouldn't be visible or lead to an information page which says that you cannot sign up.
Click to expand...
Inclose it in is_admin() ?
 
Status
Not open for further replies.
Back
Top