private album files showing up in random private album files showing up in random
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

private album files showing up in random

Started by noworyz, August 31, 2005, 11:49:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

noworyz

I have a problem where pictures in a private album are showing up in the random images area on the main page.  They didn't do this until the upgrade last week!

Any ideas what I need to change to make it so they don't show up?

Joachim Müller

post a deep link to a private file that is not  meant to show.

noworyz

i can do that but I have the folder they are in password protected so people can't just type the link in and see them.

I have the password listed in the private album details so members of the group that are allowed to see the album can get the password.

http://www.egriz.com/GrizPics2/albums/grizpics/2004/football/grizgirls/isu/10-9-04-028.jpg

Joachim Müller

link to the coppermine site that holds the file of course, not to the embedded file.

noworyz


Joachim Müller

OK, look: I wasn't asking for a link to the start page to your coppermine gallery, and I wasn't asking for a link to a file that exists embedded in coppermine. I was asking for a deep link to a coppermine page that holds a file that is suppossed to be private, but that shows up in the random bloack unexpectedly. An example for such a link on the coppermine demo would be http://coppermine-gallery.net/demo/cpg13x/displayimage.php?album=random&cat=0&pos=-18
Please don't make it so hard to support you.

noworyz

I am sorry that my knowledge of coppermine is not that of yours.  you said a deep link to teh file, My thought on deep links is to the exact location.

the link to the private album is http://www.egriz.com/GrizPics2/thumbnails.php?album=93
teh link to the category holding the prvate almub is http://www.egriz.com/GrizPics2/index.php?cat=23


Joachim Müller

not what I asked for. However, I can't replicate your issue - visiting the thumbnail page of the private album doesn't show any files in the random block as expected. Are you sure that you have actually been logged out when you saw a private pic appear on the random block?

noworyz

wow, I must be stupid.  Sorry I can't figure out what you want.


Ok, before I updated the software last week, the private album files never showed up in the random files on the main page of my gallery even when logged in.  Now they do!  is there a way to make it so they don't show up in the random files area?  Change a setting in the code somewhere?

Thanks

kegobeer

Your private images don't show up in the random block for anyone but you.  That's the point GauGau is trying to make.  If you are logged in, as the admin, you see everything.  Log out of your gallery and see if you see private images in the random block.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

noworyz

How about the people that are logged in that belong to the group that is able to see the files.

The reason I want this done is because the files that are private are in a folder that is password protected (so people can't directly view the file).  Thus everytime one of those files comes up in the random image area, a login screen pops up asking for the username and pass to view that file.  this gets really annoying.

kegobeer

Unfortunately, your htaccess file is the culprit, not Coppermine.  If a user has permission to view a private gallery, then that user also has permission to view thumbnails in the random and last updated blocks.  Because of this, a pop up happens when an image is pulled from their private gallery.

You can try this to prevent any random images from private albums:

Open functions.inc.php, find

$sql = "SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET ORDER BY RAND() LIMIT $limit2";

replace with

$sql = "SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' and visibility = 0 $ALBUM_SET ORDER BY RAND() LIMIT $limit2";

That should force the random block to only pull images from public albums, regardless of the ability to see a private album.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

noworyz

I tried that and it came up with a critical error!

"There was an error while processing a database query "

kegobeer

Enable debug mode and post the actual SQL error.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

#14
Sorry - there's a lot more to do for this to work.  Undo the change I recommended and do this:

In init.inc.php, find

if (!GALLERY_ADMIN_MODE && $CONFIG['allow_private_albums']) get_private_album_set();

after, add

random_set();

In functions.inc.php, go to function get_pic_data.  After the global statement, add

global $RANDOM_SET;

Find

        case 'random': // Random pictures
                if ($ALBUM_SET && $CURRENT_CAT_NAME) {
                        $album_name = $lang_meta_album_names['random'].' - '. $CURRENT_CAT_NAME;
                } else {
                        $album_name = $lang_meta_album_names['random'];
                }
                $result = db_query("SELECT COUNT(*) from {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET");
                $nbEnr = mysql_fetch_array($result);
                $pic_count = $nbEnr[0];
                mysql_free_result($result);

                if($select_columns != '*') $select_columns .= ', aid';

                // if we have more than 1000 pictures, we limit the number of picture returned
                // by the SELECT statement as ORDER BY RAND() is time consuming
                                /* Commented out due to image not found bug
                if ($pic_count > 1000) {
                    $result = db_query("SELECT COUNT(*) from {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES'");
                        $nbEnr = mysql_fetch_array($result);
                        $total_count = $nbEnr[0];
                        mysql_free_result($result);

                        $granularity = floor($total_count / RANDPOS_MAX_PIC);
                        $cor_gran = ceil($total_count / $pic_count);
                        srand(time());
                        for ($i=1; $i<= $cor_gran; $i++) $random_num_set =rand(0, $granularity).', ';
                        $random_num_set = substr($random_num_set,0, -2);
                        $result = db_query("SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE  randpos IN ($random_num_set) AND approved = 'YES' $ALBUM_SET ORDER BY RAND() LIMIT $limit2");
                } else {
                                */
                $sql = "SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET ORDER BY RAND() LIMIT $limit2";
                $result = db_query($sql);

                $rowset = array();
                while($row = mysql_fetch_array($result)){
                        $row['caption_text'] = '';
                        $rowset[-$row['pid']] = $row;
                }
                mysql_free_result($result);

                return $rowset;
                break;


replace with

        case 'random': // Random pictures
                if ($ALBUM_SET && $CURRENT_CAT_NAME) {
                        $album_name = $lang_meta_album_names['random'].' - '. $CURRENT_CAT_NAME;
                } else {
                        $album_name = $lang_meta_album_names['random'];
                }

                $sql = "SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $RANDOM_SET ORDER BY RAND() LIMIT $limit2";
               
                $result = db_query($sql);

                $rowset = array();
                while($row = mysql_fetch_array($result)){
                        $row['caption_text'] = '';
                        $rowset[-$row['pid']] = $row;
                }
                mysql_free_result($result);

                return $rowset;
                break;


Add this new function:

function random_set()
{
global $CONFIG, $RANDOM_SET;
        if ($CONFIG['allow_private_albums']) {
        $query = 'SELECT aid
                      FROM ' . $CONFIG['TABLE_ALBUMS'] . '
                      WHERE visibility = 0';
        $result = db_query($query);
        if (mysql_num_rows($result))
        {
        $set = mysql_fetch_array($result);
        $RANDOM_SET = 'AND aid in (' . implode(",", $set) . ') ';
        } else {
        $RANDOM_SET = 'AND aid in (0) ';
        }
        mysql_free_result($result);
        } else {
        $RANDOM_SET = '';
        }
}


If you have similar issues with the last uploaded block, you can use the $RANDOM_SET to also exclude private images.  Just look for case 'lastup': // Last uploads, find

$result = db_query("SELECT $select_columns FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'YES' $ALBUM_SET ORDER BY pid DESC $limit");

and replace $ALBUM_SET with $RANDOM_SET.

See if that works for you.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

noworyz

It worked as far as not having the private album files in either random or last added but...

Now it only grabs random pictures and the last added pictures from one album in my entire gallery.  So no matter what album or category you are looking at, the random pictures and last added pictures are from album #4 in my gallery.

kegobeer

As an unlogged visitor, that doesn't happen.  I see a wide assortment of random and last uploaded thumbnails, not all from the same album.

Make a test user with permissions to view some of the private albums and post that username/password here.  Also post a few links to albums that the test user doesn't have access to.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

noworyz

I switched it back to the original files after I saw that it didn't work.  i will out the modified files back soon.  I'll let you know when I do this as I don't have time at the current moment!

Chris