Unusual permissions problem - Delete Files (Registered users only). Unusual permissions problem - Delete Files (Registered users only).
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Unusual permissions problem - Delete Files (Registered users only).

Started by Digitalmafia, July 05, 2005, 10:44:13 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Digitalmafia

I have searched the forums and find many folks that have permissions problems with uploading, but none like mine.
Registered users can upload, but not delete their images.  As Admin I can, however, delete the images.  When a registered user
attempts to delete a file they get this response:
You don't have permission to perform this operation.
(target album = 5)
I have set the file permissions correctly (as per the instructions) and read all of the documentation so perhaps I missed something?
Everything else in the app works great.  It was quick and easy to set up - I customized a template (heavy customization) with ease-great application-love it..
Here is the output from the debug mode:
USER:
------------------
Array
(
    [ID] => ef783b18193d23a5500ae82716cb1d5a
    [am] => 1
    [lang] => english
    [liv] => Array
        (
           
  • => 1
                [1] => 3
                [2] => 4
                [3] => 5
                [4] => 9
            )

        [sort] => ta
    )

    ==========================
    USER DATA:
    ------------------
    Array
    (
        [user_id] => 2
        [user_name] => Blah
        [groups] => Array
            (
               
  • => 2
            )

        [disk_max] => 0
        [disk_min] => 0
        [can_rate_pictures] => 1
        [can_send_ecards] => 1
        [ufc_max] => 3
        [ufc_min] => 3
        [custom_user_upload] => 0
        [num_file_upload] => 5
        [num_URI_upload] => 3
        [can_post_comments] => 1
        [can_upload_pictures] => 1
        [can_create_albums] => 1
        [has_admin_access] => 0
        [pub_upl_need_approval] => 0
        [priv_upl_need_approval] => 0
        [group_name] => Registered
        [upload_form_config] => 3
        [group_quota] => 0
        [can_see_all_albums] => 0
        [group_id] => 2
    )

    ==========================
    Queries:
    ------------------
    Array
    (
       
  • => SELECT extension, mime, content, player FROM cm_filetypes; (0.001s)
        [1] => select * from cm_plugins order by priority asc; (0.001s)
        [2] => delete from `miniaz`.cm_sessions where time<1120532669 and remember=0; (0.001s)
        [3] => delete from `miniaz`.cm_sessions where time<1119326669; (0s)
        [4] => select user_id from `miniaz`.cm_sessions where session_id=md5("a9e474dbd8de1007c93d2ca7df7adf9dc837272e71fa927139434f058a2b8c40"); (0.001s)
        [5] => select user_id as id, user_password as password from `miniaz`.cm_users where user_id=2 (0.001s)
        [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `miniaz`.cm_users AS u INNER JOIN `miniaz`.cm_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' (0.001s)
        [7] => SELECT user_group_list FROM `miniaz`.cm_users AS u WHERE user_id='2' and user_group_list <> ''; (0.001s)
        [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cm_usergroups WHERE group_id in (2) (0.001s)
        [9] => SELECT group_name FROM  cm_usergroups WHERE group_id= 2 (0.001s)
        [10] => update `miniaz`.cm_sessions set time='1120536269' where session_id=md5('a9e474dbd8de1007c93d2ca7df7adf9dc837272e71fa927139434f058a2b8c40'); (0.001s)
        [11] => SELECT user_favpics FROM cm_favpics WHERE user_id = 2 (0.001s)
        [12] => DELETE FROM cm_banned WHERE expiry < '2005-07-05 04:04:29' (0.001s)
        [13] => SELECT * FROM cm_banned WHERE (ip_addr='68.230.6.35' OR ip_addr='68.230.6.35' OR user_id=2) AND brute_force=0 (0.001s)
        [14] => SELECT aid FROM cm_albums WHERE visibility != '0' AND visibility !='10002' AND visibility NOT IN (2) (0.001s)
        [15] => SELECT title, category FROM cm_albums WHERE aid = '5' (0.001s)
        [16] => SELECT category, filepath, filename, owner_id FROM cm_pictures, cm_albums WHERE cm_pictures.aid = cm_albums.aid AND pid='11' (0.001s)
        [17] => SELECT COUNT(*) FROM cm_pictures WHERE approved = 'NO' (0.001s)
    )

    ==========================
    GET :
    ------------------
    Array
    (
        [album] => 5
        [start] => 0
        [count] => 25
    )

    ==========================
    POST :
    ------------------
    Array
    (
        [count] => 25
        [pid] => Array
            (
               
  • => 11
            )

        [aid11] => 5
        [title11] =>
        [caption11] =>
        [keywords11] =>
        [user111] =>
        [user211] =>
        [user311] =>
        [user411] =>
        [delete11] => 1
    )

    ==========================
    Page generated in 0.178 seconds - 18 queries in 0.017 seconds - Album set : ; Meta set: ;

    Thanks!
    J.

Joachim Müller

post a link and non-admin test user account with debug mode turned on

Digitalmafia

Sorry about posting in the wrong section-thank you for moving it!

Here is the path to the site as well as the test account.

http://www.mini-az.com/cm/index.php

Username: test
password: test

Thank you!
J.

kegobeer

Tell you what - once you change the Coppermine tag line to a color other than white, we'll help you.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Digitalmafia

arrgh
-just checked it in IE (I use firefox)-its working in both browsers now.

Thanks!
J.

kegobeer

You are using 1.4.1, so I'll move this to the appropriate board.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

Hmm, I can create an album, but not delete a picture I upload.  I can delete the album, which deletes all files I uploaded.

Hmmmm.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Digitalmafia

'Hmm, I can create an album, but not delete a picture I upload.  I can delete the album, which deletes all files I uploaded.'

- I had not tried to delete the entire album-interesting that you can do that but the individual pics throw errors.
I did get a line error back:
/editpics.php - Line: 128
I will look into this file, any ideas?

Best regards,
Jason.

Tranz

Can they edit the files? In Config, did you set it so users retain control over their files?

Digitalmafia

'Can they edit the files? In Config, did you set it so users retain control over their files?'

As far as I can tell yes.  I have been through the config a dozen times and everything pertaining to allowing them to manage their files is on.
I did not, however, see a specific place for - deleteing files.  The can delete their albums without issue.  Almost all the User Settings are set to yes.
Anything specific I should look for? (I am sure I got the obvious).

Thanks.
J.

the_todd

I can confirm this problem also, it happens when I use modifyalb.php and try to delete an image I get the same message.


Digitalmafia

Based on the other thread I guess un-commenting the line will fix?
I will  try this tonight and post results.
Thanks.
J.

the_todd

I uncommented the line in my gallery in editpics.php and it worked fine. This fix should be committed.