1.4.1 bug report: editpics return "you don't have permission...

[itang]

I install the newly check out version of 141 today and found this problem. I don't know if it is a bug or my setting problem.

When one hit the "edit files" button and enter editpics.php and then hit "apply modification", an error comes out.

Thanks for your attention.

[Joachim Müller]

we will not register, please post a non-admin test user account. I'm not able to replicate though, please post additional information (e.g. what group the user you tried this with belongs to etc.)

[itang]

OK, here is the test account:

user: test
pass: test

It is a normal regstered account with no modification.

[kiig]

I've just been on as 'test', - created a new album, - uploaded one file, - and everything but the problem above seems to work. I really don't know how it's supposed to work, - as I've not played around with user albums.

If I go to : Home > User galleries > test and press EDIT FILES, -and change something and try the Apply modifications, - I do get the error you mention.

Someone else will probably go on from here, - I just wanted to say what I've done, -in case somebody wondered -)

Could it be missing group permissions ?

[itang]

Exactly, i don't know how this happened.

Code Select Expand

If I go to : Home > User galleries > test
and press EDIT FILES,
and change something
and try the Apply modifications,
I do get the error you mention.


The group permission of registered user is default, no change at all.

Thanks for your attentiion.

[itang]

I have tried install the 1.4.1 in other server and have the same result.

here is the debug info:

Code Select Expand

USER:
------------------
Array
(
    [ID] => 93aff81243a873f17b596eb7dd19470b
    [am] => 1
    [liv] => Array
        (
            [0] => 1
        )

)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 2
    [user_name] => tang
    [groups] => Array
        (
            [0] => 2
        )

    [disk_max] => 11024
    [disk_min] => 11024
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 0
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 0
    [pub_upl_need_approval] => 1
    [priv_upl_need_approval] => 0
    [group_name] => Registered
    [upload_form_config] => 3
    [group_quota] => 11024
    [can_see_all_albums] => 0
    [group_id] => 2
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content, player FROM cpg140_filetypes; (0.001s)
    [1] => select * from cpg140_plugins order by priority asc; (0s)
    [2] => delete from `tang_cpg141`.cpg140_sessions where time<1116057893 and remember=0; (0s)
    [3] => delete from `tang_cpg141`.cpg140_sessions where time<1114851893; (0s)
    [4] => select user_id from `tang_cpg141`.cpg140_sessions where session_id=md5("b959379abe8d1b3155355c5f9c308213599191aba5c41edbb3055218668c69f2"); (0s)
    [5] => select user_id as id, user_password as password from `tang_cpg141`.cpg140_users where user_id=2 (0s)
    [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `tang_cpg141`.cpg140_users AS u INNER JOIN `tang_cpg141`.cpg140_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' (0s)
    [7] => SELECT user_group_list FROM `tang_cpg141`.cpg140_users AS u WHERE user_id='2' and user_group_list <> ''; (0s)
    [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg140_usergroups WHERE group_id in (2) (0s)
    [9] => SELECT group_name FROM  cpg140_usergroups WHERE group_id= 2 (0s)
    [10] => update `tang_cpg141`.cpg140_sessions set time='1116061493' where session_id=md5('b959379abe8d1b3155355c5f9c308213599191aba5c41edbb3055218668c69f2'); (0s)
    [11] => SELECT user_favpics FROM cpg140_favpics WHERE user_id = 2 (0s)
    [12] => DELETE FROM cpg140_banned WHERE expiry < '2005-05-14 09:04:53' (0s)
    [13] => SELECT * FROM cpg140_banned WHERE (ip_addr='221.124.197.116' OR ip_addr='221.124.197.116' OR user_id=2) AND brute_force=0 (0s)
    [14] => SELECT aid FROM cpg140_albums WHERE visibility != '0' AND visibility !='10002' AND visibility NOT IN (2) (0s)
    [15] => SELECT title, category FROM cpg140_albums WHERE aid = '1' (0s)
    [16] => SELECT category, filepath, filename, owner_id FROM cpg140_pictures, cpg140_albums WHERE cpg140_pictures.aid = cpg140_albums.aid AND pid='1' (0s)
    [17] => SELECT COUNT(*) FROM cpg140_pictures WHERE approved = 'NO' (0s)
)

==========================
GET :
------------------
Array
(
    [album] => 1
    [start] => 0
    [count] => 25
)

==========================
POST :
------------------
Array
(
    [count] => 25
    [pid] => Array
        (
            [0] => 1
            [1] => 2
        )

    [aid1] => 1
    [title1] =>
    [caption1] =>
    [keywords1] =>
    [user11] =>
    [user21] =>
    [user31] =>
    [user41] =>
    [aid2] => 1
    [title2] =>
    [caption2] =>
    [keywords2] =>
    [user12] =>
    [user22] =>
    [user32] =>
    [user42] =>
)

==========================
Page generated in 0.07 seconds - 18 queries in 0.001 seconds - Album set : ; Meta set: ;

Anyone can give me a hand?

I have also turnned on the debug mode for everybody. Please take a look at http://ppi.hopto.org

log in as test and pass:test.

Thanks for any help.

[itang]

More information:

The error is:

Code Select Expand

You don't have permission to perform this operation.
(target album = 5)

File: /home/tang/cpg141new/editpics.php - Line: 128

Then I checked out line 128 of editpics, it is:

Code Select Expand

             
if (!GALLERY_ADMIN_MODE)
{
if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied']."<br />
(picture category = {$pic['category']}/ $pid)", __FILE__, __LINE__);

if (!isset($user_album_set[$aid])) cpg_die(ERROR, $lang_errors['perm_denied']."<br />
(target album = $aid)", __FILE__, __LINE__);
}


Any hint?

[Nibbler]

Uncommenting this

Code Select Expand

//get_user_albums(USER_ID);

line 429 solves the problem, but I'm sure it must have been commented out for good reason.

[itang]

Am I the only one have this problem?

Is there anyone have the same problem?

Will uncommemt line 429 cause any problem?

Is this a particular problem for me only?

I am sorry to have so much problem, just want to find out the truth.

[Joachim Müller]

as Nibbler suggested: uncommenting this line will make the error go away, but we can't tell for sure yet why it is commented out in the first place. You're not the only one to experience this issue, we have been able to replicate. We need to further look into this issue. Please don't expect an answer soon: cpg1.4.x goes unsupported as you know and you're not meant to use it live on a production site, so I don't understand why you're in such a hurry...

[itang]

Thanks for your reply, just want to make sure it is not the server's problem.

Thanks again.

[Casper]

This still has not been sorted, so I checked back and found it was done by Abbas Ali, as a means of dealing with this bug, http://forum.coppermine-gallery.net/index.php?topic=14884.0

Removed the album box building bug by modifying get_user_albums function

However, this fix for that bug that was in editOnepics.php, was also applied to editpics.php, and caused this subsequent bug.

I can find no ill effects from un-commenting that line as suggested by Nibbler.

[Nibbler]

Committed the fix.

[phatbloke]

I'm not sure if anyone else is in the same boat but this fix did not solve the problem for me.

i actually get physically logged out when i try to edit details of a folder. Single files are fine just not editing an album

You don't have permission to access this page.

File: /www/jason.designbase.co.nz/photogallery/editpics.php - Line: 25

[the_todd]

This fis has successfully worked for me, have you tried redownloading the file from CVS?

[phatbloke]

Yeah i got the latest editpics.php from cvs and no luck. Hmm don't know why then.

[Dr_Michael]

Uncommenting this

Code Select Expand

//get_user_albums(USER_ID);

line 429 solves the problem, but I'm sure it must have been commented out for good reason.

Is that the solution? I tried it and ir works now but although it does the editing, it directs to the same page and not to a page with confirmation.

[Nibbler]

There is no confirmation, it just does it.