SMF / CPG bridge - groups

[londonhogfan]

HI, just bridged coppermind gallery with SMF.  Seems to be working great.

I am just having a small problem.  does a user have to be an "admin" on the SMF server to have access to batch add files in CPG?

I have tried everything I can to allow this, but nothing is working...

The user in question has full access to the photo archive, but limited in the forum.  How can I make this work?

He is a global mod in SMF BTW...

[Joachim Müller]

does a user have to be an "admin" on the SMF server to have access to batch add files in CPG?

Yes, batch-add is an admin-only feature (bridged or non-bridged), as it requires FTP access anyway, which only an admin should have. Allowing a user who you don't trust fully to have FTP access is a stupid thing: having FTP access means that a user can take over your site and have full control over it. Please read the docs that come with coppermine.

[londonhogfan]

does a user have to be an "admin" on the SMF server to have access to batch add files in CPG?

Yes, batch-add is an admin-only feature (bridged or non-bridged), as it requires FTP access anyway, which only an admin should have. Allowing a user who you don't trust fully to have FTP access is a stupid thing: having FTP access means that a user can take over your site and have full control over it. Please read the docs that come with coppermine.

it was working before I made the switch.... He was an admin on CPG but now because he is a mod in the forum he cant do it.  He only has access to the cpg_album folder through ftp so its not like he has had complete control through ftp.  He does mostly the photos and I like to have complete control over the forum is why he is not "admin" in SMF.. he is just a mod with extra permissions - Everything except deleting posts.  Thought someone might know an easy way around it.  Thanks...

I love this tool.  Its a great feature with Coppermine.

[Nibbler]

If he has write access to any folder in FTP then he has complete control over your site. Only give such access to people you trust completely. You can find the permission checks in the batch add process and modify them to allow access from a certain group also. If you wish to go down this road I will move this thread to a more appropriate place. Otherwise you can give him full coppermine access by modifying the bridge file, search the board for details.

[Tranz]

Nibbler, you know how our webhost allows people to create separate ftp accounts with access to specific folders... are you saying that it's possible for people to access all folders? If that's the case, isn't that a huge security flaw, or at least something that requires a warning?

[londonhogfan]

Nibbler, you know how our webhost allows people to create separate ftp accounts with access to specific folders... are you saying that it's possible for people to access all folders? If that's the case, isn't that a huge security flaw, or at least something that requires a warning?

this is the same thing I am using on my host.

[londonhogfan]

Otherwise you can give him full coppermine access by modifying the bridge file, search the board for details.

I have searched for this, but havn't found what Im looking for.  I just need to add complete access to global moderators as well as admins.

[Nibbler]

Try changing this line in the bridge file from

Code Select Expand

$USER_DATA['has_admin_access'] = $user_info['is_admin'];

to

Code Select Expand

$USER_DATA['has_admin_access'] = $user_info['is_admin'] || in_array(SMF_GMOD_GROUP,$user_info['groups']);

[londonhogfan]

Try changing this line in the bridge file from

Code Select Expand

$USER_DATA['has_admin_access'] = $user_info['is_admin'];

to

Code Select Expand

$USER_DATA['has_admin_access'] = $user_info['is_admin'] || in_array(SMF_GMOD_GROUP,$user_info['groups']);

didn't seem to work... here is what I have now.

Code Select Expand


        // Retrieve group information
                $USER_DATA = cpgGetUserData($cm_group_id, $user_info['groups'], SMF_GUEST_GROUP);
                $USER_DATA['has_admin_access'] = $user_info['is_admin'] || in_array(SMF_GMOD_GROUP,$user_info['groups']);
        $USER_DATA['can_see_all_albums']=$USER_DATA['has_admin_access'] | in_array(SMF_GMOD_GROUP,$user_info['groups']);


this is how my groups are setup in SMF

Regular groups
Name ------------------ Stars -- Members -- Modify
ADMINISTRATOR  ------------ 1 ------------ Modify
History Admin  ----------------- 2 ------------ Modify

everything else is a post count based group.  Im wanting to give the History Admin admin access on CPG.

[Nibbler]

In the code I posted replace SMF_GMOD_GROUP with the id number of the history admin group.

[londonhogfan]

In the code I posted replace SMF_GMOD_GROUP with the id number of the history admin group.

thank you for being so patient with me... help like this is what makes these types of utilities so great.

I replaced SMF_GMOD_GROUP with 2 (the id number of the history admin group)

but it still didn't do anything... here is the code im now using.

Code Select Expand


// Retrieve group information
                $USER_DATA = cpgGetUserData($cm_group_id, $user_info['groups'], SMF_GUEST_GROUP);
                $USER_DATA['has_admin_access'] = $user_info['is_admin'] || in_array(2,$user_info['groups']);
        $USER_DATA['can_see_all_albums']=$USER_DATA['has_admin_access'] | in_array(SMF_GMOD_GROUP,$user_info['groups']);


sorry for being soo much trouble. :-\\

[Nibbler]

Try changing

Code Select Expand

in_array(2,$user_info['groups']);

to

Code Select Expand

in_array(2,$USER_DATA['groups']);

[londonhogfan]

sorry, still getting "You don't have permission to access this page. " when I try to go to batch add files.

[Nibbler]

OK, just after that code, add

Code Select Expand

var_dump($USER_DATA['groups'])

and post what that says.

[londonhogfan]

OK, just after that code, add

Code Select Expand

var_dump($USER_DATA['groups'])

and post what that says.

array(2) {

• => string(1) "2" [1]=> string(1) "4" }
  
  just to make sure I did it right... the code is now:
  
  Code Select Expand
  
        // Retrieve group information
                $USER_DATA = cpgGetUserData($cm_group_id, $user_info['groups'], SMF_GUEST_GROUP);
                $USER_DATA['has_admin_access'] = $user_info['is_admin'] || in_array(2,$USER_DATA['groups']); var_dump($USER_DATA['groups']);
        $USER_DATA['can_see_all_albums']=$USER_DATA['has_admin_access'] | in_array(SMF_GMOD_GROUP,$user_info['groups']);


[Joachim Müller]

Nibbler, you know how our webhost allows people to create separate ftp accounts with access to specific folders... are you saying that it's possible for people to access all folders? If that's the case, isn't that a huge security flaw, or at least something that requires a warning?

It's possible on some webhosts to limit ftp access to certain folders, however that's only half of the road: you have to make sure that the user can not upload potentially harmfull files (like php files), and that he can not rename them. Although this is indeed possible, it's quite some configuration effort for the webhost - most webhosts won't do this for you.

@londonhogfan: I stronlgy recommend not do do what you're up to unless you really, really know your way around in server setup. If you don't trust a person to be an admin, don't trust him at all when it comes to server issues.

[Nibbler]

This should do it, look for:

Code Select Expand

        // Retrieve group information


and put on the line beneath

Code Select Expand

$user_info['is_admin'] = in_array(2,$user_info['groups']) ? 1 : $user_info['is_admin'];

Disregard the previous changes.

[londonhogfan]

Nibbler, you know how our webhost allows people to create separate ftp accounts with access to specific folders... are you saying that it's possible for people to access all folders? If that's the case, isn't that a huge security flaw, or at least something that requires a warning?

It's possible on some webhosts to limit ftp access to certain folders, however that's only half of the road: you have to make sure that the user can not upload potentially harmfull files (like php files), and that he can not rename them. Although this is indeed possible, it's quite some configuration effort for the webhost - most webhosts won't do this for you.

@londonhogfan: I stronlgy recommend not do do what you're up to unless you really, really know your way around in server setup. If you don't trust a person to be an admin, don't trust him at all when it comes to server issues.

Thanks for the advise.  I'm not worried about this guy.  Its not that I don't trust him to have complete access to the forum... I just like to do it all myself.

This should do it, look for:

Code Select Expand

// Retrieve group information


and put on the line beneath

Code Select Expand

$user_info['is_admin'] = in_array(2,$user_info['groups']) ? 1 : $user_info['is_admin'];

Disregard the previous changes.

Thanks, I will let you know how it works out.

[londonhogfan]

Thanks, It worked perfect.  You guys are they best.