e107 1.0.2 bridge issue with multiple upload e107 1.0.2 bridge issue with multiple upload
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

e107 1.0.2 bridge issue with multiple upload

Started by CJay9209, January 10, 2013, 07:06:36 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

CJay9209

Hi Guys - website where the issue is at is listed below with a test user and pasword.

EDIT: I've included the e107 plugin which auto installs the bridge files - the e107 bridge file is in the archive under files/

website: [removed]
test user: test
password: tester1

basically I'm having a bit of an issue with multiple file uploads. Everything else seems to work fine including standard single upload. error message i get on uploading multiple files is as follows:


                        Error
                        You don't have permission to perform this operation.

                       
                       
                        File: /home/www/[removed]/e107_coppermine/upload.php - Line: 30


                       
                   
   



       

   





       

               

                   

                       

                            Debug Info 

                       

                   

               

       

   

       

           

       

   

   

       

            Debug Output: show / hide

           

                Select All

                USER: 
------------------
Array
(
    [ID] => 2f17ae720ad48a2ba642c330c2af0503
    [am] => 1
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 0
    [user_name] => Guest
    [groups] => Array
        (
            [0] => 352
        )

    [group_quota] => 0
    [can_rate_pictures] =>
    [can_send_ecards] =>
    [can_post_comments] =>
    [can_upload_pictures] =>
    [can_create_albums] => 0
    [pub_upl_need_approval] =>
    [priv_upl_need_approval] =>
    [access_level] =>
    [disk_max] =>
    [disk_min] =>
    [has_admin_access] => 0
    [group_name] =>
    [can_create_public_albums] => 0
    [can_see_all_albums] => 0
    [group_id] => 352
    [allowed_albums] => Array
        (
        )

)

==========================
Queries:
------------------
Array
(
    [0] => SELECT name, value FROM cpg15x_config [include/init.inc.php:179] (0 ms)
    [1] => SELECT * FROM cpg15x_plugins ORDER BY priority [include/plugin_api.inc.php:52] (6 ms)
    [2] => SELECT name, value FROM cpg15x_bridge [include/functions.inc.php:4442] (6 ms)
    [3] => SELECT * FROM `chrjoh56_jps`.jps_purple_cpg_bridge [bridge/e107.inc.php:203] (0 ms)
    [4] => SELECT * FROM `chrjoh56_jps`.jps_userclass_classes WHERE `userclass_name` = 'coppermine_admins' [bridge/e107.inc.php:240] (0 ms)
    [5] => SELECT `e107_value` FROM `chrjoh56_jps`.jps_core WHERE `e107_name` = 'SitePrefs' [bridge/e107.inc.php:515] (0 ms)
    [6] => SELECT u.user_id AS id, u.user_name AS username, user_password AS password, u.user_class AS group_id FROM `chrjoh56_jps`.jps_user AS u LEFT JOIN `chrjoh56_jps`.jps_userclass_classes AS g ON u.user_class=g.userclass_id WHERE u.user_id='1' [bridge/e107.inc.php:387] (0 ms)
    [7] => SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, MAX(can_create_albums) AS can_create_albums, MAX(has_admin_access) AS has_admin_access, MAX(access_level) AS access_level, MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS  priv_upl_need_approval FROM cpg15x_usergroups WHERE group_id in (352) [bridge/udb_base.inc.php:323] (0 ms)
    [8] => SELECT group_name FROM cpg15x_usergroups WHERE group_id= 352 [bridge/udb_base.inc.php:327] (0 ms)
    [9] => SELECT COUNT(*) FROM cpg15x_categorymap WHERE group_id in (352) [bridge/udb_base.inc.php:340] (0 ms)
    [10] => SELECT aid FROM cpg15x_albums WHERE moderator_group IN (352) [include/init.inc.php:269] (0 ms)
    [11] => SELECT lang_id FROM cpg15x_languages WHERE enabled='YES' [include/init.inc.php:327] (0 ms)
    [12] => DELETE FROM cpg15x_banned WHERE expiry < '2013-01-10 17:31:33' [include/init.inc.php:441] (0 ms)
    [13] => SELECT null FROM cpg15x_banned WHERE ('142.59.135.86' LIKE ip_addr ) AND brute_force=0 LIMIT 1 [include/init.inc.php:457] (0 ms)
    [14] => SELECT aid FROM cpg15x_albums WHERE (1  AND visibility != 0 AND visibility != 10000 AND visibility NOT IN (352)) [include/functions.inc.php:976] (0 ms)
)
&#0010;==========================&#0010;GET :&#0010;------------------&#0010;Array
(
)
&#0010;==========================&#0010;POST :&#0010;------------------&#0010;Array
(
    [Filename] => DSC04993.JPG
    [user] => YToyOntzOjc6InVzZXJfaWQiO3M6MToiMSI7czo5OiJwYXNzX2hhc2giO3M6MzI6IjI4Zjk0ZDNiZGE5YjhkZjllZDA2OTE4MDgxM2MxYjdmIjt9
    [process] => 1
    [album] => 1
    [Upload] => Submit Query
)
&#0010;==========================&#0010;COOKIE :&#0010;------------------&#0010;Array
(
    [cpg15x_data] => YToyOntzOjI6IklEIjtzOjMyOiIyZjE3YWU3MjBhZDQ4YTJiYTY0MmMzMzBjMmFmMDUwMyI7czoyOiJhbSI7aToxO30=
    [f679477ec8bc378433627a94b63b2e6b] => 67ebdcfcb40018039a319c00f200e3bc
)
&#0010;==========================&#0010;               

           

       

   

   



             

       

   

   

       

           

           
Powered by Coppermine Photo Gallery

       

   





Thats what the debug is spitting out right after the file finishes downloading. it does this between file uploads so it gets to 100% uploaded and then, wham, the error. I have set permissions correctly in the usergroups and it happens with admin and user groups. I have had a quick look at the upload.php (my knowledge of php is sketchy at best so please dont expect too much) and the error seems to be being produced by the user not having the correct permissions according to the permissions check process. although this is not an issue in single file uploads. perhapse there is a way to simply bypass this check or rewrite it to hardcode in the usergroups i'm using?

Any help would be greatly appreciated an I'll happily upload the bridge files for inspection etc etc.

i have tested the following configs as well:

e107 0.2.4/0.2.6/0.2.6/1.0.1/1.0.2 and coppermine 1.5.12+ (all combinations of it - I've been at this for days!)

currently running e107 v1.0.2 (latest) with coppermine 1.5.20 (latest)

as i said the only thing not workin is the multiple uploads.

The database housing info for both systems is the same database. I have chmodded all appropriate directories etc and everything checked out. I have also checked out the upload troubleshooting but i beleive this to be purely a bridging issues as when i unbridge the system the multiple upload system works perfectly.

basically...HELP!!! lol if I've missed any relevant info please just ask and i will provide.

Thanks

Chris

Αndré

Quote from: CJay9209 on January 10, 2013, 07:06:36 PM
I'll happily upload the bridge files for inspection
Please attach it to your next reply. The constants USER_CAN_UPLOAD_PICTURES and/or USER_CAN_CREATE_ALBUMS are probably defined incorrectly (if at all) in your bridge file.

CJay9209

Hi Andre, thanks for the speedy reply. I actually uploaded the zip archive containing the bridge file on the initial post. It's in the 'files' folder called e107.inc.php

Sorry for the confusion

Αndré

Quote from: Αndré on January 11, 2013, 09:29:34 AM
The constants USER_CAN_UPLOAD_PICTURES and/or USER_CAN_CREATE_ALBUMS are probably defined incorrectly

That assumption is was wrong, as we are able to visit upload.php without problems. I just made another test with the IE and it worked as expected. This issue is similar to the known issue
QuoteIf you allow guests to upload files to your gallery, they won't be able to add file details [..] as it's not possible to identify the user without fail

If I remember correctly there is an issue with the Flash plugin. When you login to Coppermine, a cookie with the client ID will be created. For some reason, the Flash player doesn't use that cookie but use (or create) another one from the IE (thus having a different client ID). In your case, the Flash player isn't logged in to Coppermine, resulting in that error message.

After I logged in with the IE I was also able to upload files with Firefox. I haven't checked what happens on Linux systems.

CJay9209

Ok I see what you are saying and think I understand. So my next question is I guess, can I simply modify my upload.php to return the value desired regardless?

The only reason I ask is I'm running a custom version of windows and do not have ie at all on any of my machines to work around in the way you managed

I'm also aware that that could potentially open a security hole but I'm locking the gallery up anyway and will most likely simply be password protecting the sub domain of the entire website

Αndré

Quote from: CJay9209 on January 11, 2013, 09:55:37 AM
I'm locking the gallery up anyway and will most likely simply be password protecting the sub domain of the entire website

In this case the flash uploader also won't work:
QuoteFlash uploader (swfupload) won't work if the gallery is located in a password protected directory


However, if you want to bypass the check you have to comment out
if (!USER_CAN_UPLOAD_PICTURES && !USER_CAN_CREATE_ALBUMS) {
    cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}

in upload.php. This is absolutely not recommended, so you do this at your own risk. I don't know if the upload will work with just that code change.

Instead of modifying core code I suggest to use the FTP/Batch-Add feature or have a look at the JUpload plugin, which also provides a multiple file upload feature for users.

CJay9209

Thanks for the advice. I'll look into the batch add FTP option but I think mi disregarded it as its not open to users without FTP access to the server.

I have looked into the jupload applet as well and unfortunately it makes my browser hang up on loading and keeps giving me error messages randomly about not selecting an album yet even though I have... Works great when it does, but doesn't work more than 25% of the time. I think I'll head over to the thread for that and see if I can troubleshoot it.

Thanks for the help!!!

CJay9209

sorry Andre i just had one last question. Why does the cookie issue surface when the gallery is bridged and not when its unbridged? since the bridge forces the gallery to use the e107 cookie would it be safe to assume that the e107 system is maybe to blame rather than the coppermine one and as such there may be a way to recode the php script to look specifically for the correct cookie?

Αndré

Honestly, I don't know. But if I remember correctly this is the first time this issue is reported in our support board. So it's maybe an issue with the bridge.

CJay9209

i think you must be right about that... well thanks for all the help - much appreciated! also could you delete the link in my first post. think a few spambots might be grabbing it lol

thanks again!

Αndré