Skip to main content

User Logins

User logins allows you to limit access and create users with unique permissions and config options. For example, you might want a public gallery without login and an "admin" user with login that can manage the gallery, edit settings and create other users.

Usage Examples

  • Allow public non-login access while allowing admin login for file manager actions.
  • Create multiple users each assigned to different root folders.
  • Assign unique permissions and config options per user.

Users Demo

A few examples with different user logins.
* For each login example, you will first need to logout from the topbar.

Users Demo

  • guest guest
    Default guest login with view-only permissions.* Username and password is assigned in default config for this user, so login is strictly required.
  • admin abracadabra
    Admin user with full permissions to manage files, edit settings and create users.
  • galleries aurora
    User with 'root' assigned to 'galleries' and permission to upload image files only.
  • someone elixir
    A few dirs excluded, forced German language, all dirs preloaded and start path set to 'forests'.
Tip

You can view the config for each of the users above by logging in as the admin user, clicking the [settings] button in the topbar and selecting users from the select menu.

How to Create Users

In install mode or with allow_settings enabled, you can easily create users directly from the interface by clicking the [settings] button in the topbar. Optionally, you can also create users manually.

Create Users Demo

  1. Click the [New User] button.
  2. Assign a unique username.
  3. Edit or add the config options that you require for the specific user and click save.
Config Inheritance

User options are inherited from your main _files/config/config.php and you only need to include options that are unique for each user in the user config file.

User Config Examples

Below are a few user config examples. Although you can use any config options in your user config, you will normally only require a few user-specific options.

_files/users/UserA/config.php
<?php

// A typical user with unique `root` and `allow_all` file manager capabilities.
// Un-comment the parameters you want to edit.
return [
  'root' => './userdir',            // assign a different root dir for this user
  //'start_path' => '',
  'password' => '8~1zja-RuvQY0gdp', // password (will be encrypted on save)
  'allow_all' => true,              // allow all file manager operations for this user
  //'allow_settings' => false,
  //'files_exclude' => '',
  //'dirs_exclude' => '',
  //'upload_allowed_file_types' => '',
];

Creating Users Manually

Although it's easiest to create users directly from the interface in install mode or with config option allow_settings enabled, you can also create users manually. Simply create the user dir in storage path _files/users/{username} with the user's config.php inside.

_files
├── cache
├── config
└── users
    ├── usernameA
    │   └── config.php
    ├── usernameB
    │   └── config.php
    └── usernameC
        ├── config.php
        └── css
            └── custom.css

Required Login

If your gallery strictly requires login, you will need to assign username and password in your default _files/config/config.php settings file. This effectively means that login will be enforced, and default config becomes the default login user.

  • You can have many users with different permissions, but login is always required.
  • Login form will always appear, unless the user is already logged in.
  • There will be a logout button in the topbar, but you can also logout with ?logout=1 in url.

Optional Login

If your gallery is public with optional login, you will need to keep username and password options empty in your default _files/config/config.php. This effectively means that your gallery is accessible without login, while optional login is available from the login-button in the topbar.

  • You can have many users with different permissions, but default access is public non-login.
  • Login form will only appear when clicking the login-button or by appending ?login=1 to the url.
  • On logout, the login page will appear with options to re-login or [Cancel] without logging in.

Javascript Login Options

There are also a few Javascript config options available for login and settings_editor.

_files/js/custom.js
_c.config = {
  // login-related options
  login: {
    login_button: true,     // display login button in topbar if there is login and user is not already logged in
    logout_button: true,    // display logout button in topbar if user is logged in
    ping: 60,               // ping server every x seconds to check login status and trigger `on_logout` if logged out
    on_logout: 'form',      // show login form on logout | 'refresh', 'form', 'toast', false
  },

  // options related to the settings editor when `'allow_settings' => true`
  settings_editor: {
    show_button: true,      // show settings button in topbar / if disabled, must use ?settings=1
    allow_default: true,    // allow editing 'default' config settings
    allow_users: true,      // allow managing users
    allow_new: true,        // allow adding new users
    allow_remove: true,     // allows removing users
    allow_rename: true,     // allows renaming existing users
    select_current_user_append: '&nbsp;←', // append to current user in selection dropdown to identify current user
    reload: true,           // true / 'close' / false // reload browser if default or current user changes
    reload_confirm: false,  // false / 'Refresh required. Reload page now?' / true
    // new user config template (include mostly useful options to override default config)
    template: `<?php

  // CONFIG / https://www.files.gallery/docs/config/
  return [
  //'root' => '',
  //'start_path' => '',
  'password' => '$PASSWORD',
  //'allow_all' => false,
  //'files_exclude' => '',
  //'dirs_exclude' => '',
  //'upload_allowed_file_types' => '',
  ];`,
  },
}

FAQ

Are passwords encrypted?

Yes, passwords are automatically encrypted on save when creating users directly from the interface. This is to secure passwords in case anyone else has access to the file system. If you are creating users manually, you can use this tool to encrypt your passwords.

Can I create duplicate usernames?

No. Usernames must be unique, because they are used to identify users and store settings.

Can I include user-specific CSS?

You can include user-specific CSS from file _files/users/{username}/css/custom.css or simply by adding styles in your custom CSS [data-username="userA"] .className {}

Can I assign user permissions per folder?

No. Files Gallery is not a CMS, and you can't assign per-user permissions on a per-folder basis. You can however use root, files_include, files_exclude, dirs_include and dirs_exclude config options to only display certains dirs and files for each user.

How are login sessions managed?

Files Gallery uses PHP sessions to manage logins, and login duration depends on several factors, including your server PHP session and cookie settings. See this post for more information.

Can I hide the login button if there is only one admin user?

Yes, you can hide the login button, see Javascript login options above. Instead, you can login by appending ?login=1 to the url. This is more secure, as it prevents exposing the login function.

If you have questions or feedback about user logins, please post in the support forums.