BUG?!? Profile visible without logon BUG?!? Profile visible without logon
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

BUG?!? Profile visible without logon

Started by cptechnik, August 16, 2007, 05:53:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

cptechnik

August 16, 2007, 05:53:48 AM Last Edit: August 20, 2007, 06:14:28 PM by Nibbler
my Profile ist cached by google!

Just test it on your gal:
http://[mydomain]/galerie/profile.php?uid=1

i tested it on demo from coppermine...
http://coppermine-gallery.net/demo/cpg14x/profile.php?uid=2

huh?!?

but i cant visit the userlist:
http://forum.coppermine-gallery.net/index.php?action=mlist



Hein Traag

#1
August 16, 2007, 07:32:17 AM
Not a bug but just the way it's built in. There are ways of hiding these from unregistered users eyes, search the board. I can see both member info and members list.

Joachim Müller

#2
August 16, 2007, 07:38:39 AM
There is no sensitive information available on the profile page (you can't see the email address there). It's actually a feature, not a bug. As Hein suggested: disabled to link to the profile if you don't want it to be available for guests.
Be carefull when shouting "bug": a bug is a feature that doesn't work as expected. Your report doesn't qualify as a valid bug report.

cptechnik

#3
August 16, 2007, 07:00:40 PM
Ok, ok, it is a FEATURE... not a bug...

"I can see both member info and members list." ...because you are logged on?

"search the board" - na, da tu ich mich sehr schwer...

"no sensitive information available on the profile page (you can't see the email address there)."
but i added 'additional information' on my gallery like website, messenger-uin...
guest can't see the memberlist, but if sombody know the direct link to the profile,
like "http://coppermine-gallery.net/demo/cpg14x/profile.php?uid=2", then the guest see all the information (except email).

the subdirectorys '/albums' are not call-able with .htaccess:
---
SetEnvIfNoCase Referer "^http://[mydomain]" local_ref=1
Order Allow,Deny
Allow from env=local_ref
---
but the profile.php is placed in the root-directory...

The tread shouldn't be a announcement, it should be a question...

i renamed the profile.php, and now searching for sollutions...

Nibbler

#4
August 16, 2007, 07:19:15 PM
Just add the normal code to restrict the page to logged in users only. Add

Code Select
if (!USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);

After

Code Select

require('include/init.inc.php');

Joachim Müller

#5
August 16, 2007, 07:47:01 PM
Nibbler's suggestion won't remove the links to the profile pages, it will just hide the profile information for guests.

If you have issues with the memberlist, post a link to your gallery for a start.

Don't post in German on the English support board.

Please respect the "one issue per thread" policy in the future. Your .htaccess issues definitely are not related.

cptechnik

#6
August 20, 2007, 05:49:20 PM
@nibbler
Many, many thanks!
I knew, it was something like "if (user exists){do...}" but i don't want to learn all variables and output-functions... in this case i am a user, not a programmer...

thank you, nibbler!
Print
Go Up Pages1
User actions