My site level security seemed okay, and only registered members can access pages based on settings made in the Navigation Menu Builder. Free mode is turned off.
I had "friendly URLs" turned on, and it seems that if someone finds the name of a photo gallery page, e.g., http://www.mysite.com/photo/all/10/1 , then they can get full access to the photos on the site. However, the URL http://www.mysite.com/photo/all does not give them access. I have now turned off friendly URLs for Gallery.
I tried password protecting the media directory, but that didn't work properly. I tried changing if ( !( $logged['member'] = member_auth( 0, false ) ) ) to if ( !( $logged['member'] = member_auth( 0, true) ) ) in photoGallery.php, but that did not work. I tried adding $logged['member'] = member_auth( 0 ); but that did not work.
Does anyone else have this problem? Any ideas on how to fix?
