Lose Admin Access when bridge enabled - vBulletin 4.2.x Lose Admin Access when bridge enabled - vBulletin 4.2.x
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Lose Admin Access when bridge enabled - vBulletin 4.2.x

Started by PaulProe, August 31, 2017, 02:00:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

PaulProe

I am trying to use Coppermine 1.5.46 with vBulletin 4.2.3. I installed the bridge and it does connect and appears to carry the user names/access as it should, except for Admin rights.

I installed using the same SuperAdmin user name and password for Coppermine. I enabled the bridge w/ the vBulletin Groups and it connects however I am unable to access the groups to sync them - I get an error message says I am not authorized.

If I change it to use the std. Coppermine groups, I can logon and access admin rights accordingly - but the groups don't match what we use on the vB forum.  If I enable the bridge, when I get to the end and go to "Groups" to sync, it tells me I don't have rights.

I've tried the same setup with a different username for the admin and it still acts the same way.

Any ideas on what I've done wrong - why it won't recognize me as the admin

Thanks

Paul

PaulProe

Sorry, board won't let me edit the original message. Info per the sticky

Website: http://www.gatewaycobraclub.com
Gallery: http://www.gatewaycobraclub.com/gallery/
Username: Tester

The bridge is currently enabled and the custom groups set to yes but I haven't sync'd due to the issue reported.

Paul

PaulProe

Didn't include password for username Tester

Pass: cghmNvB5

phill104

I cannot logon right now as my corporate firewall seems to be blocking you. Usually this problem is to do with group permissions. Check that whatever group vB is using has admin rights in coppermine.
It is a mistake to think you can solve any major problems just with potatoes.

PaulProe

Quote from: Phill Luckhurst on August 31, 2017, 09:34:16 PM
I cannot logon right now as my corporate firewall seems to be blocking you. Usually this problem is to do with group permissions. Check that whatever group vB is using has admin rights in coppermine.

Sorry, not familiar with Coppermine settings - Don't understand "group vB is using has admin rights in coppermine"

If I disable bridge and go into admin, I only see Admin, Registered and Guests. If I enable bridge, then I cannot access admin config at all

Paul

PaulProe

Phil or anyone
Still having the same issue. If I enable bridge, I cannot access admin. I have both admin and super admin but unable to sync to vBulletin

Ideas?

Paul

phill104

Unfortunately I do not have a copy of vB to do any testing. Maybe someone else in the team is more familiar with it. I am sure it is a simple groups problem.
It is a mistake to think you can solve any major problems just with potatoes.

PaulProe

Phil
I do not have any "groups" in vB. I do have User Groups. Maybe if I outline how I set it up, you might see the error I made:

1) In vB, one user, GCC is Super Administrator, one user, PaulP is Administrator. Both can logon and off and access admin duties without issue.

2) installed Coppermine in separate folder, Custom Groups to "yes", used GCC and same password as in vB for the admin setting. When completed. GCC can access admin pages.

3) Enabled bridge. As soon as bridge is connected, it does show GCC logged in. but when I go to Users/Groups to do sync as instructions call for, I get an error message says "You don't have permission to access this page. "

4) If I log out as GCC and re-logon as PaulP, the bridge does work and shows me logged in and able to navigate folders, just can't get to admin pages. Again, if I log out as PaulP and back in as GCC, it shows pages but won't allow me to get to admin pages (not showing in menu items)

5) If I use the backdoor (bridgemgr.php) and go in and turn off the bridge, then I can access the admin settings but bridge is disabled.

6) when enabled, the bridge appears to be working as designed, allowing members to access coppermine pages with vB logon credentials. It is just that we can't access the admin section.

7) Tried adding a group to Coppermine called "Super Administrator" so the names matched exactly but that didn't seem to have any affect.

8) Tried changing "Custom Groups" to no. Still acts the same way, bridge gets enabled but no one gets admin rights, only user rights.

Any ideas? I am not opposed to experimenting but don't know what else to try

Thanks for your help

Paul

ron4mac

The current state of the vBulletin bridge for CPG 1.5.46 is that it was written to work with vB 3.x. There were likely changes between 3.x and 4.x that are keeping the bridge from working as you would like. It looks like it is hard-coded in bridge/vbulletin30.inc.php that the admin group id in vB is 6. That may have changed with vB 4.x. Perhaps if you could share some of the database information (dump or at least schema), we may be able to find a workaround.

PaulProe

There was a name change on a variable which has been incorporated into the bridge app. The bridge does work except for the admin thing.  I reviewed the databases and see that Coppermine uses GroupID1 for Admin and vB uses "6". Tried adding "1" to the allowed groups for the admin but that didn't seem to work.

I'd be happy to attach a dump or download but the files are quite large and not sure what would be helpful. There are 7 full pages of tables to the vBulletin install. Coppermine has about 22 tables to it, considerably smaller.

Not sure what to share

Paul

ron4mac


PaulProe

Attached is a zip file with these:

Coppermine user & usergroups both with and without bridge enabled

vB user and usergroups.

While I was in there, I pulled a clip of the data and saved in jpg format incase you just want a quick glance.

I also tried editing the Coppermine Admin and SuperAdmin fields to allow access ("1") but that didn't have any affect. Kind of tells me it is a coding issue and not a data issue

thanks for any help

Paul

ron4mac

Thanks. I can see where the issue is. I have no info on the layout of the vB3 database, but the vB4 one must have been changed. As it is now, the way the bridge is written, only the vB user admin would be able to have administrator rights at CPG when bridged (you can try that to verify).

I'm traveling tomorrow and for the next week, but I'll try to come up with a fix for users such as GCC and PaulP as soon as I can (maybe I'll have a chunk of down time where I'm looking for something to do ;D ).

ron4mac

It may be simpler than I thought. Try the following:

In bridge/vbulletin30.inc.php, on line 162, replace
                $sql = "SELECT g.{ .....
with
                $sql = "SELECT membergroupids, g.{ .....

Let me know whether that makes a difference.

PaulProe


ron4mac

Do you get administrative rights when you login as the user admin?

PaulProe

Quote from: ron4mac on September 09, 2017, 01:03:25 PM
Do you get administrative rights when you login as the user admin?

No, the display opens under the admin account but no connections/menu items for the admin

PaulProe

More Information - we are making progress. Please disregard the note above about no connections/menu items for admin

I went back this AM to retry thinking it may have been a cache issue. I also re-read your earlier post about "only the vB user admin would be able to have administrator rights at CPG when bridged" I overlooked the fact the term 'admin' was a literal one. I added the code change "membergroupsid, " and then tried to logon using the account "admin" and it worked as it should.

I can now get in as an admin but it won't accept me changing admin access rights to other users who should also be an admin (the guy who originally set up the forum has the username 'admin'. I now run and manage the thing with a super admin account named "GCC" and I also have admin rights under my account "PaulProe" both of these show in the unbridged instance but none of them are granted admin rights.  Apparently it's hardcoded into the bridge the rights are only to "admin"(literal)

I also noticed as I made these changes/alterations, my code viewer was showing a "red X" on line 144 as if there is a code error on that line. Do you see this also? Not being a PHP coder, I don't know exactly what to look for but I tried checking quotes, brackets and comma's and nothing stood out.

Is there a way to change the code to use the membergroupids to grant admin access rather than the one account?

Thanks for your help

Paul Proefrock