[Closed]: newbie help please [Closed]: newbie help please
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Closed]: newbie help please

Started by mick2, March 28, 2009, 08:30:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mick2

hi folks, hopefully i can be helped out here.
the forum i am an admin on has had a copermine gallery for a number of years now. the original creator is long gone but we are still using it.
i have been given a username and pass and this worked fine logging me in as admin.
i noticed we had a lot of folders with rar files in them and read in here to update. i updated to latest coppermine this morning and all went well except i no longer have the admin tools? when i logged in for first time after updating it said it was logging me in as admin but i see no admin controls? i searched the forum and downloaded and ran the adminpass.php file but that wont work? it banned me after trying a few times so i had to empty the ban folder in phpmyadmin.
when i go to the "my profile" it says i am in a registered group (admin), it also offers me no way to change the email address.
i am wanting to bridge the gallery into the forum but need to be able to log in as admin first.
what do you guys suggest i do, i dont want to lose all the members pics that are in the gallery (i have them backed up so thats not really a problem)
look forward to some advice, all help appreciated.

cheers mick

mick2

sorry folks got it sussed, changed the user group from 2 to 1 for username in phpmyadmin.
all working again, phew.
now to try and bridge to forum, fingers crossed lol.

Joachim Müller

Make sure that you're running the most recent stable release cpg1.4.21 - all previous versions contain serious security vulnerabilities that get actively exploited. If you are running an older version, it's quite likely that you got hacked. If you're not sure, post a link to your gallery for a start (you should have done so in the first place as per board rules). In the future, please use a better subject next time you start a thread (again: board rules!). There's a reason why we have those board rules: your posting needs to be posted in a particular way to help you effectively, without having to ask the same questions over and over again.

mick2

oops sorry, was in a bit of a panic :-[
i updated to latest stable version on site(1.4.21, we had been hacked, i found rar files and thats what got me searching in here.
i got it bridged ok but all members albums are screwed up with the wrong names and pics in wrong albums :o
also we can log into forum as normal then visit the gallery and we are automatically logged in but as soon as we go back to the forum we are logged out and have to login again? must be a cookie thing?
i will get there eventually, first time i have worked on a web site in any shape or form (i drew the short straw, lol)

Joachim Müller

Quote from: mick2 on March 28, 2009, 09:44:17 PM
i updated to latest stable version on site(1.4.21, we had been hacked, i found rar files and thats what got me searching in here.
Just updating once you already have been hacked is not enough - you need to properly sanitize your site. Refer to the thread "Yikes, I've been hacked! Now what?".

Quote from: mick2 on March 28, 2009, 09:44:17 PM
i got it bridged ok but all members albums are screwed up with the wrong names and pics in wrong albums :o
That's expected behaviour. From the docs:
QuoteCoppermine users, groups and pics uploaded by users are lost when integrating
Warning: If you already have users and custom groups in your coppermine database when you enable bbs integration, be aware that they will be lost. If your coppermine users have already created private albums and uploaded pics to them, they will be lost as well!
In fact, they are not lost entirely, but correlation is lost, that's why the more advanced docs for cpg1.5.x contain a slightly better explanation:
QuoteCoppermine users, groups and pics uploaded by users are lost when integrating

Warning: If you already have users and custom groups in your coppermine database when you enable bridging, be aware that they will be lost. If your coppermine users have already created private albums and uploaded pics to them, they will be lost as well!

Detailed explanation:
As most community applications, coppermine stores everything that users (including the admin) do (like uploading pics, posting comments, rating files) inside the database. The reference to each user action is being kept using a unique user ID. The correlation between the user actions and the corresponding user profile is being kept by storing the user ID within each record in the database that determines the user action.
When bridging is enabled, coppermine's user management is being dropped in favor of the user management that comes with the application you bridge with. Subsequently, the user IDs from your bridging app (that differ from Coppermine's user IDs) are being taken into account.
Coppermine-user "Bill" has got the coppermine user ID "3". He used to upload several pics that went into the folder /albums/userpics/10003/. The URL of his personal gallery used to be http://yoursite.tld/your_coppermine_folder/index.php?cat=10003.
In the BBS application, the user "Linus" has got the user ID "3".
After enabling bridging, the URL http://yoursite.tld/your_coppermine_folder/index.php?cat=10003 points to the personal gallery of the user "Linus". All pics that Bill used to upload appear to be owned by Linus.

Summary:
Correlation between the actions that the unbridged coppermine users have performed and the "new" accounts from the app you bridged with is lost. Subsequently, you don't actually loose files that have been uploaded previously, but they appear to have been uploaded by a different user.


Quote from: mick2 on March 28, 2009, 09:44:17 PM
also we can log into forum as normal then visit the gallery and we are automatically logged in but as soon as we go back to the forum we are logged out and have to login again? must be a cookie thing?
Well, you have failed to do as suggested if you want bridging help. There's a sticky thread on the bridging support board named "When requesting bridge support - mandatory!". There's a section in the docs that is named "Bridging support". There's a reason why we have named them that way. Think about it, try to figure out why we named those section that way and if you should come to a conclusion, you might want to do as suggested there, based on the insight you got. And yes, you should do as suggested in the section "Board rules / Forum policies: One Question per Thread" and start a new thread for your bridging question.

mick2

again i am sorry, i am not an expert in these things and am unsure what kind of problem i have? is it a bridging issue i have?
i have never done any work on a website before and am just trying to help the guys out. the guy who used to maintain the forum has disappeared, not that he maintained much to be honest.
i have never created a user account for the forum before so unsure how to do that yet and as the forum is private didnt want to post details in a public forum, i can pm you any info you would require?
what section should i ask how to manually add the users into the database to solve the correlation issues?

thanks

Joachim Müller

Quote from: mick2 on March 29, 2009, 02:57:25 PM
can pm you any info you would require?
No, post the non-admin test user account publicly. I don't do individual, non-public support.

Quote from: mick2 on March 29, 2009, 02:57:25 PM
what section should i ask how to manually add the users into the database to solve the correlation issues?
None: you're on your own with this: "manually adding users" means exactly that: you have to do that using a third party tool like phpMyAdmin and insert the data into a third-party-app's database (the one of your forum) that goes unsupported. In other words: probably beyond your skills and beyond free support, sorry.

mick2

well thanks. perhaps if someone gave me clue as to what i should be looking to do in phpmyadmin then i may find my skills are ok, ive already tried reassigning the user id's but no joy.
think we will just forget about coppermine and look for something else.

Joachim Müller

Quote from: mick2 on March 29, 2009, 04:43:48 PM
think we will just forget about coppermine and look for something else.
OK, marking thread as "closed" then.