[Solved]: Other members photos appearing in personal album [Solved]: Other members photos appearing in personal album
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: Other members photos appearing in personal album

Started by khoking, February 25, 2008, 12:57:26 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

khoking

February 25, 2008, 12:57:26 AM Last Edit: February 25, 2008, 08:32:12 AM by Joachim Müller
I have members complaining that photos that don't belong to them are showing up in their members gallery.

You can see the example here:

http://pentaxworld.com/gallery/thumbnails.php?album=272

The above album is belonging to a member called smc

You can see three colour photos there, which belongs to a member called calsan. If you clicked on the colour photo, it will go to calson's album.

Why do calson's photos appearing in smc album? This is supposed to be a personal member album, other members' photos shouldn't appear there.

How to correct this?

Thanks.

Nibbler

#1
February 25, 2008, 01:08:57 AM
Apparently the album 'People in Rome' has an album keyword of 'Street' set. Any pictures with the keyword 'Street' will be displayed in the album. If you don't want this then don't set album keywords.

Update your gallery.

khoking

#2
February 25, 2008, 01:18:19 AM
Hi Nibbler,

Thank you very much for the fast reply and solution!

Is it possible for me to disable album keyword in the gallery? Most members will not know that the keyword is the problem that caused the mixed photos, so I might as well just disable that feature so that no members can key in any keyword in their albums.

Joachim Müller

#3
February 25, 2008, 07:57:22 AM
Edit modifyalb, find
Code Select
function form_input($text, $name)
{
    global $ALBUM_DATA;

    $value = $ALBUM_DATA[$name];

    echo <<<EOT
        <tr>
            <td width="40%" class="tableb">
                        $text
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="$name" value="$value" class="textinput" />
                </td>
        </tr>

EOT;
}and replaced with
Code Select
function form_input($text, $name)
{
    global $ALBUM_DATA;

    $value = $ALBUM_DATA[$name];
   
    if ($name=='alb_password' && !GALLERY_ADMIN_MODE) {

    echo <<<EOT
        <tr>
            <td width="40%" class="tableb">
                        $text
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="hidden" style="width: 100%" name="$name" value="$value" class="textinput" />
                </td>
        </tr>

EOT;
} else {
    echo <<<EOT
        <tr>
            <td width="40%" class="tableb">
                        $text
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="$name" value="$value" class="textinput" />
                </td>
        </tr>

EOT;
}
}(coded without testing out of the back of my head, please post if this worked for you). It should hide the album keyword field for non-admins.

khoking

#4
February 25, 2008, 08:08:51 AM
Got an error:

Parse error: syntax error, unexpected $end in /home/pentaxkk/public_html/gallery/modifyalb.php on line 623

Joachim Müller

#5
February 25, 2008, 08:22:20 AM
Sorry, the stuff I posted above contained a flaw. Replace with
Code Select
function form_input($text, $name)
{
    global $ALBUM_DATA;

    $value = $ALBUM_DATA[$name];
   
    if ($name=='alb_password' && !GALLERY_ADMIN_MODE) {

    echo <<< EOT
        <tr>
            <td width="40%" class="tableb">
                        $text
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="hidden" style="width: 100%" name="$name" value="$value" class="textinput" />
                </td>
        </tr>

EOT;
} else {
echo <<< EOT

        <tr>
            <td width="40%" class="tableb">
                        $text
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="hidden" style="width: 100%" name="$name" value="$value" class="textinput" />
                </td>
        </tr>

EOT;

}
}
instead of the stuff I posted originally.

khoking

#6
February 25, 2008, 08:28:58 AM
Hi Joachim Müller,

Working fine now.

Thanks! I love Coppermine!  :D

Joachim Müller

#7
February 28, 2008, 09:55:34 AM
I have added this as admin-settable option to cpg1.5.x  ;)

daverj

#8
March 04, 2008, 11:03:15 PM
OK, I'm confused.

I read through the code you posted in the second version (reply #5) and it looks to me like the HTML being generated when the "IF" statement is true is exactly the same HTML being generated when it is false. Both versions are creating a hidden form field.

If this is true, why have the IF statement at all?

Joachim Müller

#9
March 05, 2008, 08:22:45 AM
You're right, the second form field should not be hidden, but a plain text field.
Print
Go Up Pages1
User actions