admin theme? admin theme?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

admin theme?

Started by ymca, June 16, 2006, 09:26:26 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

ymca

Hi,

Can the admin test templets without the user seeing the other templets that the admin is testing?

Sami

try index.php?theme=test
http://www.yourdomain.com/gallery/index.php?theme=your test theme
‍I don't answer to PM with support question
Please post your issue to related board

Joachim Müller

Check out the demo, using the "choose a theme" dropdown and observe how the url changes when you apply a new theme. This is basically all the theme selector does, so once you understood the concept, just remove the theme selector from your page (config option) and do as bmossavari suggested. To go back to the default theme, just enter a theme name that doesn't exist, e.g. http://www.yourdomain.com/gallery/index.php?theme=xxx

Small correction though for the posting of bmossavari: you can't have spaces in the url nor a theme name, use underscores instead: http://www.yourdomain.com/gallery/index.php?theme=your test themeshould actually be http://www.yourdomain.com/gallery/index.php?theme=your_test_theme

Sami

Quote from: GauGau on June 16, 2006, 10:28:33 AM
To go back to the default theme, just enter a theme name that doesn't exist
I don't mean that ;)
if you are trying to test a theme then you can simply put the name of that theme in front of "index.php?theme=" and check it, that's it, it will work just like the drop down menu work ;)
in this way you shouldn't change your default theme to that testing theme and your user don't see that too.
‍I don't answer to PM with support question
Please post your issue to related board

Joachim Müller

OK, I should have explained more detailed: by adding the theme=somethemename to the url, the admin (or anyone else who knows the names of the themes) can override the default theme that is stored using coppermine's config to temporarily use the theme specified in the url. If you (as admin) want to go back to the default theme view (i.e. you want to stop viewing your gallery using a theme that is differs from coppermine's default theme), then you can add a non-existant theme name to the url as I explained above. I just posted this because I anticipated the next question of ymca that possibly might have been "OK, I have tested the theme, I want to switch back to the default theme. How do I turn it off". This was sort of additional, un-asked information.

ymca

:D thnx gaugau & bmossavari.

i should have thought about that myself ;)

slausen

Quote from: GauGau on June 16, 2006, 11:00:35 AM
OK, I should have explained more detailed: by adding the theme=somethemename to the url, the admin (or anyone else who knows the names of the themes) can override the default theme that is stored using coppermine's config to temporarily use the theme specified in the url. If you (as admin) want to go back to the default theme view (i.e. you want to stop viewing your gallery using a theme that is differs from coppermine's default theme), then you can add a non-existant theme name to the url as I explained above. I just posted this because I anticipated the next question of ymca that possibly might have been "OK, I have tested the theme, I want to switch back to the default theme. How do I turn it off". This was sort of additional, un-asked information.

So even if I have disabled the users ability to change the theme in the Admin, it can be overriden? It seems like that could pose a security risk.

What would be the best way to disable this behavior?

Paver

One way to disable this behavior is to remove the themes you don't want from the themes folder.  I would guess someone has written a hack/mod for removing access.  Basically, you could add a if (GALLERY_ADMIN_MODE) to the the $_GET['theme'] processing.

Gizmo

I know this is marked solved but if I may add a couple of comments. Here is the documentation on dealing with themes in the browser address window, http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#creating. To address the problem with someone typing in the theme as per the above instructions, what I did for a friend was add a single character to the theme folders except for the main theme that was left as normal. Examples are:

classic
hardwired1
mac_ox_x1
reynolds1
etc...

The idea here is that by leaving the main theme untouched (in this case, classic), no one would know what the other names are. Adding the same character to all the themes makes it easier to rememeber. When someone tries to change the theme and it doesn't exists, CPG will cough up the admin selected theme. The reason for not just removing them was that he's working on developing themes and doesn't want to upload them all the time. This way only his selected visitors will know what they are (I'm one of theme!  ;D ).

While I do use the PayPal hack, I try to avoid hacks because you have to remember (and document) what you changed and when upgrade time comes, you may have a lot of work on your hands especially if you have a lot of themes to upgrade. Plugins are most cool because all you have to do is upgrade the plugin and all is well again and you can turn it off very easily if it fails or you need to for other reasons.

Just my thoughts on the subject.

Cheers,

Gizmo

PS. Hacks are a good thing but if you are a very dynamic person who likes to make a lot of changes to your site or themes, hacks can make more work for you and may even cause you to lose interest because of all the work involved.  ;)
Did you read the manual first???? Taking 2 minutes to backup your files can save you hours of wondering what you screwed up.
Billy Bullock - BullsEyePhotos Blog of Indecision