Registered users to create albums in categories other than User galleries Registered users to create albums in categories other than User galleries
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Registered users to create albums in categories other than User galleries

Started by pvsujith, December 09, 2005, 07:54:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

pvsujith

Hi,
Is there a way to allow registered users to create albums in any of the available categories? By default, albums created by registered users are under User galleries.

I use:
CPG 1.4.2 stand alone installation
OS - RHL 9
Apache 2.0.40
PHP 4.2.2
MySQL 3.23.54

Regards

Joachim Müller

no, regular users can't create albums inside public categories - no hack available.

janus

Hm...
Yesterday I've spend about two hours to investigate this issue and have made the following fix.
Please have a look into attached files.

Unfortunatelly I have not commented the changes, so you should call the diff command.

It seems to run on my server.


Joachim Müller

yes: I looked into your submission - it just disables all security on gallery core files, making every user an admin who can then edit the whole gallery at will, leaving the gallery just as vulnerable as if you published your admin account on your own home page. Using your hack is not recommended at all, I strongly suggest you remove it from your site asap. Bypassing security by adding user_admin to the check is not all it takes to securely allow users to create public albums. If things were that easy, we would have added it to coppermine's core long ago ;)

janus

Quote from: GauGau on December 26, 2005, 11:55:01 PM
yes: I looked into your submission - it just disables all security on gallery core files, making every user an admin who can then edit the whole gallery at will, leaving the gallery just as vulnerable as if you published your admin account on your own home page. Using your hack is not recommended at all, I strongly suggest you remove it from your site asap. Bypassing security by adding user_admin to the check is not all it takes to securely allow users to create public albums. If things were that easy, we would have added it to coppermine's core long ago ;)
Yes, that's correct. But I thought, I've changed only the ifs/elses, where it deals with album creation only. And exactly in this issue I'd like to give my users admin rights.