Photography Archives – Migrating from Yappa-ng to ZENphoto

After several months of seeing my personal web server’s error log fill up with php deprecated errors due to the php commands used by the gallery software, I started looking for a replacement for yappa-ng, which I have been using for several years. The deprecated errors stem from the php commands used in the code being old and unsupported in the next version of php.  I checked with Fritz Berger the developer for yappa-ng to see if there was going to be a new version to fix it and his response was not by him. So the tryouts for a replacement started with one requirement, it had be almost as easy to create new photo album as it was with yappa-ng and the server would act as a backup to my full size images. To create a new album in yappa-ng, I simply copied a folder of images to the server and used an administrative interface to recognize the new folder. Yappa-ng did this without the use of a backend database like MySQL. My search quickly found that photo gallery applications that work without a backend database are few and far between. The one that came up regularly in my search was ZENphoto (ZP). The ZP tagline is “simpler web gallery management”. While ZP does require a backend database, I can add a new album by copying the folder like I did with yappa-ng and I don’t have to use an administrative interface to make the album show up in the gallery. It recognizes the new album automatically and I can leave it at that point unless I want to password protect the album or adjust some other settings available for the album.  So technically, ZP is easier than yappa-ng other than having to set up a database.

Installing ZP was fairly straightforward using the set up scripts provided. Where I ran into some issues was the database set up and some other errors the script reported. Each of the problems were fairly easy to fix with some google searches and looking at the very thorough FAQ on the ZP site. Since my web server is self hosted, I have to think that using a hosting provider might have helped avoid a couple of the problems I encountered. After installation, the gallery came up and I moved my albums folder into place with a symbolic link and set permissions on all of the directories and files at 0755 with the owner and group set to the appropriate web application user. From there it was basically tweaking the settings and adding password protection to albums that had a password in old yappa-ng gallery. The administrative interface is pretty simple to use, but there are a ton of settings under the options menu along with additional options to consider under plugins and themes.  The theme I have settled on is zpmasonry.  It has a front page slide show feature that can rotate images from several albums based on recent updates, popularity or rating.  The zpmasonry slide show needs the jcarousel plugin activated to work. So, if you don’t see the rotating slide show once activated, look for the plugin and make sure it is enabled/activated.

At this point, I think I am fairly committed to ZP for the ease of use around new album creation and aesthetics, but I have to mention some issues with one relating to security.  First, my ZP site is my photography archive.  I copy all my images over to the server and at this point I am getting close to 60,000 files.  Given that ZP needs to process the full size images down to smaller renditions, I needed to allow some time for ZP to create the smaller web-cache images. And 60,000 images takes sometime as well as cpu cycles.  On the security issue, ZP relies on the tiny_mce plugin that includes an ajax file manager.  Sadly, the ajax file manager had a vulnerability that allowed anyone to execute commands against the server that could create or change files.  Sites running ZP with this plugin were easy to find using a google dork and once the evil haxors had the information the compromise of many ZP sites was underway.  My site timbrown.us was compromised as well, but they broke it to the point where site visitors were returned a server error code 500 preventing any of the malicious links inserted into the php files from redirecting them to malicious sites. Right now there many sites that have been taken down or are reported by google as sources of malware. My recovery of the site was to install the latest release that is not vulnerable into a new directory and drop the zp_administrators table so I could be sure the passwords were reset for my installation.  I don’t think the compromise touched the database at this point, but I need to do some queries to make sure.

Bottom line: If you are looking for a php based photo gallery that is easy to use and manage, give ZENphoto a try. The developers have worked hard to get it where it is today and their continued support of the users that suffered recent compromises shows their dedication to the project.

Leave a Reply

Your email address will not be published. Required fields are marked *