Hello All,
I'm trying to make a file to use Coppermine info outside Coppermine and have run into a small point of confusion. I am trying to figure out how to get the sessionid but don't quite understand how it's defined in the /bridge/coppermine.inc.php (I guess that my object orientated programming skills aren't up to snuff...) Here's how I understand it in the bridge (adapting to work outside Coppermine):
$client_id = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url'])
$sessioncookie = $_COOKIE[$client_id];
$session_id = $sessioncookie.$client_id;
$session_id = md5($session_id);
$sql = "SELECT user_id from cpg_sessions WHERE session_id = $session_id";
Any insight and/or advice on this matter would be greatly appreciated!
~Jordan
Ok, so this post http://forum.coppermine-gallery.net/index.php,45376.0.html (http://forum.coppermine-gallery.net/index.php,45376.0.html) helped me out a bunch but I'm still struggling to understand where $CONFIG['site_url'] is defined. I understand that it is somewhere within Coppermine's scripting, but because I'm writing this function to be define outside of Coppermine, I need to know how this was defined so that I can define it in a similar manner. Any and all insight is greatly appreciated.
~Jordan
Sorry, I messed up typing the URL, it should be: http://forum.coppermine-gallery.net/index.php/topic,45376.0.html
It's simply the URL to the gallery that you set in config.
Hey Nibbler, thanks for the reply. I set the site_url in config.inc and have verified (by echoing within my script) that I can now retrieve the $sessioncookie from the cookie. However, this still fails to return the correct $session_id (the database query returns no results and when I echo md5('$session_id') the value doesn't match what is in the datbase). The part of my code that returns the session user_id is excerpted below with the complete authorization code following:
<?php
function extractSessionInfo()
{
global $CONFIG, $session_uid;
//Generate the client_id
$client_id = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url']);
// Get the session cookie value
$sessioncookie = $_COOKIE[$client_id];
// Create the session id by concat(session_cookie_value, client_id)
$session_id = $sessioncookie.$client_id;
// Check for valid session
$sql = "SELECT user_id FROM {$CONFIG['TABLE_SESSIONS']} WHERE session_id=md5('$session_id');";
$result = run_query($sql);
$row = mysql_fetch_array($result);
$session_uid = $row['id'];
}
?>
<?php
require_once ($_SERVER['DOCUMENT_ROOT']."/photo/include/config.inc.php");
function auth_me()
{
global $CONFIG, $USER_DATA, $pass, $id, $session_uid;
$CONFIG['TABLE_USERGROUPS'] = $CONFIG['TABLE_PREFIX']."usergroups";
$CONFIG['TABLE_USERS'] = $CONFIG['TABLE_PREFIX']."users";
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX']."config";
$CONFIG['TABLE_SESSIONS'] = $CONFIG['TABLE_PREFIX']."sessions";
function run_query($query)
{
global $CONFIG;
static $auth_link;
// If there is no database connection, connect
if (!$auth_link){
$auth_link = mysql_connect($CONFIG['dbserver'], $CONFIG['dbuser'], $CONFIG['dbpass']);
mysql_select_db($CONFIG['dbname'], $auth_link);
}
// Close the database connection when the 'close' string is passed into the function, otherwise query the database
if ($query == 'close'){
mysql_close($auth_link);
} else return mysql_query($query, $auth_link);
}
// $pri_groups is the primary group the user is a member of, $groups is the other groups the user is a member of, $default_group_id is used when no primary group is found (user is a guest)
function cpgGetUserData($pri_group, $groups, $default_group_id = 3)
{
global $CONFIG;
// If the user group that is passed is not an integer, unset that user group
foreach ($groups as $key => $val)
if (!is_numeric($val)) unset ($groups[$key]);
// If the primary user group that the user is a member of is not in the list of other groups they are a member of, append the primary group to the list
if (!in_array($pri_group, $groups)) array_push($groups, $pri_group);
// Set the limitations based on their group membership
$result = run_query("SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, " .
"MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, " .
"MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, " .
"MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, " .
"MAX(num_URI_upload) as num_URI_upload, " .
"MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, " .
"MAX(can_create_albums) as can_create_albums, " .
"MAX(has_admin_access) as has_admin_access, " .
"MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as priv_upl_need_approval ".
"FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" . implode(",", $groups). ")");
// Check to see if any records were returned, if so define an array in USER_DATA
if (mysql_num_rows($result)) {
// Load the limitations into USER_DATA as an array
$USER_DATA = mysql_fetch_assoc($result);
// Request the group name of the primary group
$result = run_query("SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group);
$temp_arr = mysql_fetch_assoc($result);
// Add the group name to the USER_DATA array
$USER_DATA["group_name"] = $temp_arr["group_name"];
// If no results, load the default id (3 for guests)
} else {
// Request all the settings for a default (guest) user
$result = run_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = $default_group_id");
if (!mysql_num_rows($result)) die('<b>Coppermine critical error</b>:<br />The group table does not contain the Anonymous group !');
// Load the default user settings into the USER_DATA array
$USER_DATA = mysql_fetch_assoc($result);
}
// Free up system resources that were used by the query
mysql_free_result($result);
// Add the group_id as the primary group into the USER_DATA array
$USER_DATA["group_id"] = $pri_group;
// Add the additional groups into the USER_DATA array
$USER_DATA['groups'] = $groups;
// If magic quotes are turned off, then escape the string to ensure no problems
if (get_magic_quotes_gpc() == 0)
$USER_DATA['group_name'] = mysql_escape_string($USER_DATA['group_name']);
return($USER_DATA);
}
function extractSessionInfo()
{
global $CONFIG, $session_uid;
//Generate the client_id
$client_id = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url']);
// Get the session cookie value
$sessioncookie = $_COOKIE[$client_id];
// Create the session id by concat(session_cookie_value, client_id)
$session_id = $sessioncookie.$client_id;
// Check for valid session
$sql = "SELECT user_id FROM {$CONFIG['TABLE_SESSIONS']} WHERE session_id=md5('$session_id');";
$result = run_query($sql);
$row = mysql_fetch_array($result);
$session_uid = $row['id'];
}
extractSessionInfo();
// If a username and password can be retrieved from the cookie, continue otherwise load basic data
if (!empty($session_uid)) {
// Get all the user information from the database where the user_id matches that from the cookie, the user is active, the password is not empty, and the password matches that in the cookie
$results = run_query("SELECT * FROM {$CONFIG['TABLE_USERS']} WHERE user_id='$session_uid' AND user_active = 'YES'");
$USER_DATA = mysql_fetch_assoc($results);
// For security measures, replace the user's password with a null string
$USER_DATA['user_password'] = '********';
// Free up the system resources used by the query
mysql_free_result($results);
// Append the user data from the user database with that gleaned from the usergroups database where the groups matched
$USER_DATA = $USER_DATA + cpgGetUserData($USER_DATA['user_group'], explode(',', $USER_DATA['user_group_list']));
// Define global values to be used anywhere on the site
define('USER_ID', (int)$USER_DATA['user_id']);
define('USER_NAME', $USER_DATA['user_name']);
define('USER_GROUP', $USER_DATA['group_name']);
define('USER_GROUP_SET', '(' . implode(',', $USER_DATA['groups']) . ')');
define('USER_IS_ADMIN', (int)$USER_DATA['has_admin_access']);
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
define('USER_CAN_CREATE_ALBUMS', (int)$USER_DATA['can_create_albums']);
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
} else {
$USER_DATA = cpgGetUserData(3, array(3));
define('USER_ID', 0);
define('USER_NAME', 'Anonymous');
define('USER_GROUP', $USER_DATA['group_name']);
define('USER_GROUP_SET', '(' . $USER_DATA['group_id'] . ')');
define('USER_IS_ADMIN', 0);
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
define('USER_CAN_CREATE_ALBUMS', 0);
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
}
run_query('close');
}
auth_me();
?>
I can't see an error in the code, but sometimes it's far too easy for me to miss. Thanks for all the help!
~Jordan
If figured it out, the problem was with this line:
$session_uid = $row['id'];
if should have read:
$session_uid = $row['user_id'];
If this file would be a help to other CPG users, I will be more than happy to offer it as a download.
~Jordan
You're welcome to zip the file and attach it to your posting (using "additional options" when composing your message). Alternatively, rename it from myfile.php to myfile.php.txt and then attach the plain text file.
After some work, I have adapted auth.inc.php that was originally developed by Nibbler for CPG 1.3.x (http://forum.coppermine-gallery.net/index.php/topic,11013.0.html (http://forum.coppermine-gallery.net/index.php/topic,11013.0.html)) to work in CPG 1.4.x.
To quote Nibbler's original post on the working of auth.inc.php: "It gives you everything coppermine knows about the user..." This includes, but is not limited to:
USER_ID
USER_NAME
USER_GROUP
USER_GROUP_SET
USER_IS_ADMIN
USER_CAN_SEND_ECARDS
USER_CAN_RATE_PICTURES
USER_CAN_POST_COMMENTS
USER_CAN_UPLOAD_PICTURES
USER_CAN_CREATE_ALBUMS
This is implemented by first defining $CONFIG['site_url'] as the url to your photo gallery (see the value set in $CONFIG['TABLE_PREFIX'].config.ecards_more_pic_target ) in "/include/config.inc".
Example config.inc:
<?php
// Coppermine configuration file
// MySQL configuration
$CONFIG['dbserver'] = 'localhost'; // Your databaseserver
$CONFIG['dbuser'] = 'root'; // Your mysql username
$CONFIG['dbpass'] = ''; // Your mysql password
$CONFIG['dbname'] = 'coppermine'; // Your mysql database name
$CONFIG['site_url'] = 'http://yoursite.com/photo/';
// MySQL TABLE NAMES PREFIX
$CONFIG['TABLE_PREFIX'] = 'cpg1410_';
?>
The file (auth.inc.php) must then be included in each page where CPG user information is desired. User information can be accessed like the example:
Example PHP file:
<?php include 'auth.inc.php'; ?>
<?php
echo '<br />User id is: '. USER_ID;
echo '<br />Username is: '. USER_NAME;
echo '<br />Group: '. USER_GROUP;
?>
<br />
<br />
Full user data:
<?
print_r($USER_DATA);
?>
Sample Output:
User id is: 1
Username is: Admin
Group: Administrators
Many thanks to Nibbler for creating the original auth.inc.php!!
Great. 1 point though:
$sql = "SELECT user_id FROM {$CONFIG['TABLE_SESSIONS']} WHERE session_id=md5('$session_id');";
That should read
$sql = "SELECT user_id FROM {$CONFIG['TABLE_SESSIONS']} WHERE session_id = '" . md5($session_id) . "'";
for security.
i have coppermine gallery installed and i have also my website admin panel which is separate but i need to know tht wht should i do tht if web admin logins and he wish to edit albums, pics e.t.c thn he automatically logged in coppermine admin gallery at the time when he successfully logged in web admin panel so that he should not entered username pass separately for coppermine gallery. wht i mean to say is single login for admin for both coppermine gallery admin mode and web admin panel.
any suggestions/solutions plz?
thnks in advance