[IPB] Lost Admin Access When Using Custom Groups [IPB] Lost Admin Access When Using Custom Groups
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[IPB] Lost Admin Access When Using Custom Groups

Started by Elemental Crisis, June 11, 2012, 05:20:34 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Elemental Crisis

Hello,

I have the following issue when trying to bridge coppermine and Invison Power Board:

When selecting 1 for "Use bridge app custom groups?" I lose access to admin functions. I'm still able to log in and it shows that I'm logged in via my forum account. When I set "Use bridge app custom groups?" to 0 I'm able to use my admin functions.

The bridge file is located here.
http://forum.coppermine-gallery.net/index.php/topic,66144.0.html

Coppermine install: http://rpgcrisis.net/resources
Bridging app install: http://rpgcrisis.net/forums
Coppermine version: cpg1.5.20
Bridging app version: 3.3.2
Test user account: DarkGeo / dude123

BridgeManager settings:
Bridge app URL:  http://rpgcrisis.net/forums
Relative path to your bridge app's config file:  ../forums/
Cookie name or prefix:  N/A
Use bridge app custom groups?:  1 

Elemental Crisis

Also, if needed I can provide a copy of the latest version of IPB if it helps get this bridge properly working.

Elemental Crisis

It seems if I manually change the group_id for my admin group in cpg_usergroups from 104 to just 4, every setting except has_admin_access is used. Even though has_admin_access is set to 1, it still does not give me admin access and debug shows it set to 0.

With Debug on, this is what it tells me for my group.

Array
(
    [user_id] => 1
    [user_name] => Elemental Crisis
    [groups] => Array
        (
           
  • => 4
            )

        [disk_max] => 0
        [disk_min] => 0
        [can_rate_pictures] => 1
        [can_send_ecards] => 1
        [can_post_comments] => 1
        [can_upload_pictures] => 1
        [can_create_albums] => 1
        [has_admin_access] => 0
        [access_level] => 3
        [pub_upl_need_approval] => 0
        [priv_upl_need_approval] => 0
        [group_name] => Administrators
        [can_create_public_albums] => 0
        [group_quota] => 0
        [can_see_all_albums] => 0
        [group_id] => 4
        [allowed_albums] => Array
            (
            )

    )

    It seems the 100 for the admin group isn't being added.

    Here's what it says for the guest group.

    Array
    (
        [user_id] => 0
        [user_name] => Guest
        [groups] => Array
            (
               
  • => 202
            )

        [group_quota] => 0
        [can_rate_pictures] =>
        [can_send_ecards] =>
        [can_post_comments] =>
        [can_upload_pictures] =>
        [can_create_albums] => 0
        [pub_upl_need_approval] =>
        [priv_upl_need_approval] =>
        [access_level] =>
        [disk_max] =>
        [disk_min] =>
        [has_admin_access] => 0
        [group_name] =>
        [can_create_public_albums] => 0
        [can_see_all_albums] => 0
        [group_id] => 202
        [allowed_albums] => Array
            (
            )

    )

    Seems an extra 100 is being added for the guest group.

    I also get the following error message.

    /bridge/udb_base.inc.php

        Notice line 153: Undefined property: cpg_udb::$multigroups

Elemental Crisis

With the help of a friend we ended up fixing it.

Here are the edits. I've also attached the modified files if that's easier for you.

In invisionboard3x.inc.php

Change
$this->guestgroup = $this->use_post_based_groups ? $INFO['guest_group']+100 : 3;

To
$this->guestgroup = $this->use_post_based_groups ? $INFO['guest_group']: 3;

In udb_base.inc.php

Change
        if  ($this->multigroups){
           $USER_DATA['groups'] = $this->get_groups($row);
        } else {
            if ($this->use_post_based_groups){
      $USER_DATA['groups'] = array(0 => $row['group_id']);
            } else {
                $USER_DATA['groups'] = array(0 => (in_array($row['group_id'], $this->admingroups)) ? 1 : 2);
            }
        }
    }

To
        //if  ($this->multigroups){
        //    $USER_DATA['groups'] = $this->get_groups($row);
        //} else {
            if ($this->use_post_based_groups){
                $USER_DATA['groups'] = array(0 => $row['group_id']+100);
            
            //$USER_DATA['groups'] = array(0 => $row['group_id']);
            } else {
                $USER_DATA['groups'] = array(0 => (in_array($row['group_id'], $this->admingroups)) ? 1 : 2);
            }
        }
    //}

Change
if ($this->use_post_based_groups){         
       $USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0] - 100,$this->admingroups)) ? 1 : 0;

To
if ($this->use_post_based_groups){
            $USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0],$this->admingroups)) ? 1 : 0;
         
       //$USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0] - 100,$this->admingroups)) ? 1 : 0;

Elemental Crisis

I made a slight mistake. I've attached updated files.

In /bridge/udb_base.inc.php

Change Back
if ($this->use_post_based_groups){
            $USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0],$this->admingroups)) ? 1 : 0;
         
       //$USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0] - 100,$this->admingroups)) ? 1 : 0;

To
if ($this->use_post_based_groups){         
       $USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0] - 100,$this->admingroups)) ? 1 : 0;

Elemental Crisis

I wish there was an edit button. :)

If you want to allow multiple groups to have admin access.

In invisionboard3x.inc.php

Change
$this->admingroups = array($INFO['admin_group']);

To
$this->admingroups = array();

Put whatever group ID's (Taken from IPB, not Coppermine) you want inside the parentheses separated by a comma. When doing it this way you have to put your admin group ID in otherwise you won't get admin access.

So if in IPB my staff's group ID was 6, I would put 4,6 in the parentheses.
$this->admingroups = array(4,6);

I'm sure there's a much cleaner way to do this so feel free to improve on what I've posted in this thread, just make sure to share!

phill104

Thanks for your contribution. There are many IPB users out there so am sure they will appreciate this.

We only allow certain usergroups to edit their posts due to a lot of abuse in the past. As you are now a member of the contributor group you have that ability. Please only use it to edit your contributions. We hope to see more of your work in the future. Many thanks.
It is a mistake to think you can solve any major problems just with potatoes.

Elemental Crisis

Oh wow, thank you. I'll continue trying to improve my fixes.

In the meantime I was going to remove the un-needed edits and my original attachment but I seem to be unable to edit my posts.

Elemental Crisis

I was unable to make it so file edit's weren't needed so I updated the header with instructions on what needs to be edited for this to work properly. Hopefully someone with more skill then I can do what I couldn't. :)

phill104

I didn't realise that contributors were not allowed to edit either. If you stick around long enough we will consider adding you as a supporter as many of our contributors have become over the years. It is great to see people taking the time to add to the project so keep up the good work.
It is a mistake to think you can solve any major problems just with potatoes.

ΑndrĂ©

Quote from: Phill Luckhurst on June 15, 2012, 11:38:47 AM
I didn't realise that contributors were not allowed to edit either.
I'm not absolutely sure, but I guess they can just edit their posts in the contribution boards?

phill104

I think it is something we should look into as the current settings seem to not allow that. I will try and investigate over the weekend.
It is a mistake to think you can solve any major problems just with potatoes.