non-admin user, not in admin mode without personal gallery - Page 2 non-admin user, not in admin mode without personal gallery - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

non-admin user, not in admin mode without personal gallery

Started by Tranz, March 27, 2005, 01:29:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Nibbler

OK, change the permission checks to
if (!(GALLERY_ADMIN_MODE || $CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC['owner_id'] == USER_ID)) || !USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);


and move the pageheader($title) call down to just before here:

$thumb_url = get_pic_url($CURRENT_PIC, 'thumb');

That should sort it.

Tranz

The problem with anonymous access has been resolved.

The non-admin user got this message after clicking the button to edit:
You don't have permission to access this page.

Nibbler


Tranz

Donnoman updated the cpg-contrib gallery with the file and it worked fine as far as editing. Thanks. :)

But I am denied access as the user when trying the buttons for crop/rotate and delete.


Tranz