coppermine-gallery.com/forum

Hi,
I am allowing users to upload their pictures and password protect their albums. I am having an issue where unlogged users can browse to Home > User galleries and see the thumbnail of the password protected album. This thumbnail is the last picture uploaded by the user in that album. If you click on the users gallery, you then see the lock symbol as you would expect. What setting am I missing?
Thanks

When you password protect it, it shouldn't show at all AFAIK. Please post a link.
http://forum.coppermine-gallery.net/index.php/topic,55415.msg270616.html#msg270616

http://bowlerranch.com/family/index.php?cat=1
The john folder. The blurred thumbnail pic is in the pass protected album

I'm receiving a 500 error when trying to access your page.

time to call godaddy again. they have been having issues.....

Ok, it looks like godaddy fixed their stuff and the site is back up and running.

Ok I see what you mean now. AFAIK there is no setting to change which thumb is used for the user catagory. I'm currently not aware of how that is set, I'll have to look though the code.

Thank you for taking the time to look at my issue

ok I did a little digging and since individual pictures don't have permissions a fix will be a little difficult.

The code for selecting a thumb for the individual user category. We can probably just modify it to also select the aid and then check who is allowed to see it. Or we could add a setting to select the thumb like other categories.
Line 654 in Rev 8514

        if ($user_pic_count) {
            $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='$user_thumb_pid' AND approved='YES'";
            $result = cpg_db_query($sql);
            if (mysql_num_rows($result)) {
                $picture = mysql_fetch_assoc($result);
                mysql_free_result($result);
                $pic_url = get_pic_url($picture, 'thumb');
                if (!is_image($picture['filename'])) {
                    $image_info = cpg_getimagesize(urldecode($pic_url));
                    $picture['pwidth']  = $image_info[0];
                    $picture['pheight'] = $image_info[1];
                }
                //thumb cropping
                //$image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']);
                if (array_key_exists('system_icon', $picture) && ($picture['system_icon'] == true)) {
                    $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size'], true, 'cat_thumb');
                } else {
                    $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size'], false, 'cat_thumb');
                }

                $user_thumb = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"\" />";
            }
        }


@Αndré
Should we move this to the bugs board? (for the private photos being displayed)

Found the sql for that thumb. max pid or max galleryicon in the pictures table.

If you navigate to an image and then edit the file information you can check "make this my icon" and that will change the image displayed for the user gallery.

That worked!. Thank you very much! and great software BTW.

If I understood the issue correctly a picture from a password protected album has been used as user gallery icon?

Quote from: Jeff Bailey on December 19, 2012, 05:17:37 AM
Found the sql for that thumb. max pid or max galleryicon in the pictures table.

I assume you mean the 2 queries in bridge/udb_base.inc.php, right? I think we have check the content of $forbidden_with_icon, as it seems to be responsible to hide exclude pictures in password protected albums. Will perform some checks.

As far as I can tell the following check is nonsense:
        if (!$cpg_show_private_album && $FORBIDDEN_SET != "") {
            // $forbidden_with_icon = "$FORBIDDEN_SET or p.galleryicon=p.pid";
            $forbidden_with_icon = "$FORBIDDEN_SET";
            $forbidden = "$FORBIDDEN_SET";
        } else {
            $forbidden_with_icon = '';
            $forbidden = '';
        }
as we always need to hide pictures in password protected albums, regardless of the setting if a user can have a personal gallery at all or if the album will be hidden or displayed with the padlock icon.

If I replace all occurrences of $forbidden and $forbidden_with_icon with $FORBIDDEN_SET in list_users_query it seems to work as expected. Can anyone please confirm that there's no error in reasoning (and probably also test it), so I can commit that change? Thank you.

Quote from: Αndré on December 19, 2012, 11:09:01 AM
Can anyone please confirm that there's no error in reasoning (and probably also test it), so I can commit that change?

Jeff? Anyone?

Quote from: Αndré on December 19, 2012, 11:09:01 AM
If I replace all occurrences of $forbidden and $forbidden_with_icon with $FORBIDDEN_SET in list_users_query it seems to work as expected. Can anyone please confirm that there's no error in reasoning (and probably also test it), so I can commit that change? Thank you.

Seems to work as expected for me.