Issue with retaining admin rights for gallery from phpbb3 Issue with retaining admin rights for gallery from phpbb3
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Issue with retaining admin rights for gallery from phpbb3

Started by anne2489, November 11, 2012, 10:52:08 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

anne2489

I have the following issue when trying to bridge coppermine and phpbb 3.0.11:
I lose admin rights when I enable  bridging.

Happy to post information if someone is willing to help but I think it's more a question of install sequence.

At what point do you synchronize groups, because if I do it strictly according to the install documentation, I receive an error that I do not have admin rights - this is immediately AFTER enabling bridging.   I have also tried to synch groups before enabling bridging, but I still lose admin rights. The instruction say the synch page is messy but what I see is a fairly ordered table.  I checked the box at the upper left and applied. I have followed the instructions precisely (or at least I think I have). Also, a question, do I want to use bridge app custom groups.  I have selected Yes. 


thanks in advance for  any assistance
:)

Jeff Bailey

Have you done this?:
Quote from: http://documentation.coppermine-gallery.net/en/bridging.htm#integrating_individual_bridge_issues_phpbb3
Admin recognition for upgraded forums: if your forum has been upgraded from phpBB2 to phpBB3 you need to perform an additional step.
Edit phpbb3.inc.php, find
$this->admingroups = array(5);

Change the 5 to the admin group in phpbb3. You can find this out by doing the following

Go to your forum, log into AdminCP; click on the tab "Users and Groups" and go to "Manage groups". you'll see all your forum groups now and next to them 3 links (Settings/Members/Delete); click on "Settings" next to the group you want to give portal admin permissions. now take a look at the address line, which should similarly to this: http://yourdomain.com/phpbb3/adm/index.php?i=groups&sid=[randomnumbersandletters]&icat=12&mode=manage&action=edit&g=64 In our example above, the group's ID is 64;
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

anne2489

Thanks Jeff!  Appreciate the reply!  I did do those steps but i think my problems is related to the fact that perhaps didn't set permissions correctly on original install.  Will doublecheck everything and see if this along with that resolves issue.  Also had a question about syncing groups which I asked on another thread.  documentation isn't clear(to me) as to where in the process (sequence of steps) to do this. Any help on that is also very much appreciated.

Jeff Bailey

http://documentation.coppermine-gallery.net/en/bridging.htm#integrating_steps_sync_start

Basically, After you have bridged your gallery you have to visit your gallerys group management page groupmgr.php.
When you visit the page your groups will be synced.

Once they are synced you have to set the permissions just like if your gallery was unbridged.

If you create a new group in your bridged app you must visit the gallerys group manager again to resync.
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

envisioneer

I had exactly this same issue > enable bridging > admin rights denied > back button > disable bridging > admin rights re-instated. Using PHPBB groups: Group management > Access denied etc.

Two quick and dirty fixes - first prob impacts security - don't know enough so advise against if they do.

To test:

Edit CPG_Root/groupmgr.php

comment out:
/* if (!GALLERY_ADMIN_MODE) {
    cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
} */

For quick changes you could comment out, access Groups and setup then revert immediately.

OR

slightly more refined - edit CPG_Root//bridge/phpbb3.inc.php:

around line 170 find (in get_groups function):

          $sql = "SELECT group_id FROM {$this->usergroupstable} WHERE user_id = {$row['id']}";
              $result = cpg_db_query($sql, $this->link_id);
          
              while ($group = mysql_fetch_assoc($result)) {
                  $data[] = $group['group_id'] + 100;
              }

                $data = array_unique($data);

add immediately after:

if (in_array(105,$data)){define('GALLERY_ADMIN_MODE', 1);}

if and only if the user is as Admin in PHPBB3, then this forces default phpbb group 5 (Admins - now 105 cos of the +100 in lines above) to have admin rights in the Coppermine pages.

No idea why this doesn't occur already - but just thought this might help someone get on with life ::)





envisioneer

Just to add to above after using for a while:

first option above is a huge security hole - best not used.

second option works flawlessly apart from when trying to access bridge manager - goes straight to recovery mode window.
Usually you don't need to change settings here once setup, but reverting above edit in phpbb3.inc will let you back in to Bridge Manager, but of course kill all your Admin access to Coppermine again.  :(

Perhaps best from my point of view is to be able to set up a special group for Gallery Admins only (in PHPBB itself) and substitute its group id (+100) to allow a defined group of users control over the gallery section - but not necessarily have them as Full Admins on the forum as well.