[Solved]: Can you define which albums use report_file.php ? [Solved]: Can you define which albums use report_file.php ?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: Can you define which albums use report_file.php ?

Started by tibbyhinze, September 22, 2009, 03:43:42 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

tibbyhinze

Hello - was wondering if there was any way of defining which albums can use the report file - I have changed the report file to enable people to make emailed bids on artworks - however, one album is for Professional work, and one album is for Student work, and we do not want to make the student work available for sale on the site. Unfortunately there only seems to be individual group permission check boxes for uploading /comments / ratings?

I'm using 1.4.13. Many thanks if anyone is able to help :)

Joachim Müller

Quote from: tibbyhinze on September 22, 2009, 03:43:42 AM
I'm using 1.4.13.
That's a very bad idea. Upgrade! Most recent version currently is cpg1.4.25, so you're running 12 versions behind. All versions before cpg1.4.24 contain seriously security flaws that are actively being exploited, so you're running a high risk to get hacked. That risk is increasing by every day that you fail to upgrade.

The report file feature was meant for something else, and there is no existing hack that gives the additional functionality to it that you need. You need to code this or hire a coder to code this for you. What needs to be done is adding something to the database scheme (a field in the album table that serves as a yes/no toggle) and the corresponding code inside the navigation menu (to show or hide the link in the menu depending on database record) and the same check in the actual report_file script. The needed changes are beyond what you can expect from regular (free) support, as there is a lot of coding involved (approx. two or three hours of coding and testing imo if performed by a skilled coder who knows his way around in coppermine extremely well; much longer if the coder needs to figure out first how coppermine works).

tibbyhinze

Many thanks Joachim - yes, such coding is probably beyond me at the moment, I just thought I'd check in case anyone has tried it before, or if it were indeed possible.

I definitely will be upgrading - our current version is constantly being spammed as soon as comments are allowed, of course - as a lay person who only really uses / updates the gallery for a non profit organisation once a year I admit falling behind (and it is a little confusing when most mentions refer to Coppermine 1.4.X - I just assumed I was ok, if a bit annoyed with all the spamming! :) )

Many thanks for your time.

Joachim Müller

Upgrading won't bring you any benefits as far as spamming is concerned, as upgrading from one minor version to the other will not add new features, but only fix flaws. As suggested, you're risking to get hacked if you don't upgrade, which has got a much more severe impact than the pure annoyance that spammers cause. You haven't upgraded for at least 2 years (because that's how old cpg1.4.13 is).
Your best defense against spammers is not allowing comments, or at least not allowing guest comments. If that's not an option, take a look at the existing mods and plugins that are designed to fight spam: captcha, re-captcha and akismet are the plugins/mods that the dev team recommends.