editpics.php: problem approving uploads editpics.php: problem approving uploads
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

editpics.php: problem approving uploads

Started by cdine, October 24, 2004, 09:43:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cdine

When attempting to approve uploaded images to the gallery, I get this error.
Any help would be greatly appreciated, thanks in advance!

I am running version 1.3.2

This is the URL being accessed:

http://neg9.org/gallery/editpics.php?mode=upload_approval&start=0&count=25&mode=upload_approval


And the error:

Script called without the required parameter(s). (aid242)

File: /usr/home/neg9/neg9www/gallery/editpics.php - Line: 84


Line 83-85 of editpics.php

     83         $var_name = $var.$pid;^M
     84         if(!isset($HTTP_POST_VARS[$var_name])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing']." ($var_name)", __FILE__, __LINE__);^M
     85         return $HTTP_POST_VARS[$var_name];^M


I am using the phpBB integration, which doesn't change the editpics.php file at all, the debug info shows the permissions to be correct, and I (as an admin) can upload pictures without a problem, but I can not approve other peoples submissions.


Here is my debug output:

USER:
------------------
Array
(
    [ID] => 46c2b5f5ed1e20ef20cabaed0f8a41eb
    [am] => 1
    [liv] => Array
        (
            [0] => 242
            [1] => 243
            [2] => 244
            [3] => 250
            [5] => 249
        )

    [search] => ###black
    [uid] => 32
)

==========================
USER DATA:
------------------
Array
(
    [0] => 2
    [user_id] => 2
    [1] => cdine
    [user_name] => cdine
    [2] => 1
    [user_level] => 1
    [groups] => Array
        (
            [0] => 1
            [1] => 2
            [2] => 14
        )

    [group_quota] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 0
    [upload_form_config] => 3
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [custom_user_upload] => 0
    [disk_max] => 20480
    [disk_min] => 0
    [ufc_max] => 3
    [ufc_min] => 3
    [has_admin_access] => 1
    [group_name] => Admin
    [can_see_all_albums] => 1
    [group_id] => 1
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content FROM cpg11d_filetypes;
    [1] => SELECT user_id, username as user_name, user_level FROM `neg9_phpbb`.phpbb_users WHERE user_id='2' AND user_password='***' AND user_active='1'
    [2] => SELECT (ug.group_id + 5) as group_id FROM `neg9_phpbb`.phpbb_user_group as ug LEFT JOIN `neg9_phpbb`.phpbb_groups as g ON ug.group_id = g.group_id WHERE user_id = 2 AND user_pending = 0 AND group_single_user = 0
    [3] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg11d_usergroups WHERE group_id in (1,2,14)
    [4] => SELECT group_name FROM  cpg11d_usergroups WHERE group_id= 1
    [5] => DELETE FROM cpg11d_banned WHERE expiry < 1098603426
    [6] => SELECT * FROM cpg11d_banned WHERE ip_addr='67.182.132.244' OR ip_addr='67.182.132.244' OR user_id=2
    [7] => SELECT DISTINCT aid, title, IF(category = 0, CONCAT('> ', title), CONCAT(name,' < ',title)) AS cat_title FROM cpg11d_albums, cpg11d_categories WHERE category < '10000' AND (category = 0 OR category = cid) ORDER BY cat_title
    [8] => SELECT aid, title FROM cpg11d_albums WHERE category='10002' ORDER BY title
)

==========================
GET :
------------------
Array
(
    [mode] => upload_approval
    [start] => 0
    [count] => 25
)

==========================
POST :
------------------
Array
(
    [count] => 25
    [pid] => Array
        (
            [0] => 242
            [1] => 243
            [2] => 244
            [3] => 246
            [4] => 247
            [5] => 248
            [6] => 249
            [7] => 250
            [8] => 251
            [9] => 252
            [10] => 253
            [11] => 254
            [12] => 255
            [13] => 256
            [14] => 257
            [15] => 258
            [16] => 259
            [17] => 260
            [18] => 261
            [19] => 262
            [20] => 263
            [21] => 264
            [22] => 265
            [23] => 266
            [24] => 267
        )


[lots of images in here, i'll just include the last for purposes of saving some screen space..]

    [title267] => duh..
    [caption267] =>
    [keywords267] =>
    [user1267] =>
    [user2267] =>
    [user3267] =>
    [user4267] =>
    [approved267] => YES
)

==========================
VERSION INFO :
------------------
PHP version: 4.3.0 - OK
------------------
mySQL version: 3.23.54
------------------
Coppermine version: 1.3.2
==========================
Module: gd
------------------
module doesn't exist
==========================
Module: mysql
------------------
Active Persistent Links 0
Active Links 1
Client API version 3.23.49
MYSQL_MODULE_TYPE builtin
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_INCLUDE no value
MYSQL_LIBS no value
==========================
Module: zlib
------------------
module doesn't exist
==========================
Server restrictions (safe mode)?
------------------
Directive | Local Value | Master Value
safe_mode | Off | Off
safe_mode_exec_dir | no value | no value
safe_mode_gid | Off | Off
safe_mode_include_dir | no value | no value
safe_mode_exec_dir | no value | no value
sql.safe_mode | Off | Off
disable_functions | no value | no value
file_uploads | On | On
include_path | .:/usr/local/lib/php | .:/usr/local/lib/php
open_basedir | no value | no value
==========================
email
------------------
Directive | Local Value | Master Value
sendmail_from | me@localhost.com | me@localhost.com
sendmail_path | /usr/sbin/sendmail -t -i  | /usr/sbin/sendmail -t -i
SMTP | localhost | localhost
smtp_port | 25 | 25
==========================
Size and Time
------------------
Directive | Local Value | Master Value
max_execution_time | 30 | 30
max_input_time | 60 | 60
upload_max_filesize | 2M | 2M
post_max_size | 8M | 8M
==========================
Page generated in 0.119 seconds - 9 queries in 0.007 seconds - Album set :

cdine


Joachim Müller

post a link to your site together with a test user account (non-admin) with upload privileges.

Joachim

cdine

https://neg9.org/gallery/ = 1.3 Gallery with PHPBB Integration
https://neg9.org/photohall/ = 1.3 Gallery no PHPBB integration, pure clean install with config file copied from previous
https://neg9.org/cm12/ = 1.2.1 Gallery clean install, config file copied from previous.

For the first gallery, you may use the user "gallery" with password "copper" (login @ https://neg9.org/forums/)
For the others, I don't know what to do, try uploading as anonymous.. I got this error when trying to change a user's password for use in this purpose (more reasoning that the database has problems)
While executing query "UPDATE cpg11d_users SET user_name   = 'gallery', user_email   = '', user_active    = 'YES', user_group   = '1', user_location  = '', user_interests = '', user_website   = '', user_occupation= '', user_lang      = '2', user_password = 'copper' WHERE user_id = '2'" on 0

mySQL error: Unknown column 'user_lang' in 'field list'


The albums/ directory is symlinked to the main (gallery/) install.  I have discovered that this is a problem with the pictures being assaigned an aid/album id at the upload time, or something similar - they all have the value of 0 after upload.  I really do not want to restart my gallery, so if there is something I can do to my database to mend this problem, that would be great.

Joachim Müller

coppermine can't be used (yet) with https afaik.
I was able to upload just fine - I got the message
QuoteThe previous file was placed successfully.

Your file was uploaded successfully.

It will be visible after admin approval.

Joachim

cdine

This problem occured before I implemented https, here is the same gallery on a non-ssl site:
http://westcoasthackers.org/gallery/

cdine

The album which your file went into, "Kick ass n stuff" is a non-existant album, it was an old test album, but as you can see it does not exist on the mail page. Could you try posting into Meetings, or misc, anything on the main page?

Do you have any idea why there would be no album ID's for several (~30) pictures which I have currently waiting approval?

cdine

Any procedures/reccomendations for rebuilding the database...?