Batch upload - dont permision to acess page Batch upload - dont permision to acess page
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Batch upload - dont permision to acess page

Started by darktemplar, August 31, 2006, 09:18:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

darktemplar

Hi,
my friend have problem with batch uploading in Coppermine gallery version 1.4.9...
He`s logged as admin, and he cannot upload more pictures together. He has got all permisions 777 to all files.
Uploading via FTP, and when he wants to give to photos to the album via HTTP, suddenly his is logged out and there is this message:

You don't have permission to access this page.
He told me, that this message is from debug:
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
Also he use Czech language, included in installation..
He doesn`t know english very well... and I know a very few about Copermine gallery, and also my english isn`t very good.
I apologize about us, i take a look in a forum and search but I didn`t obtain relevant info :(
So any ideas how to solve? i hope that you will understand. Many thanx for any kind of answer.
There is a debug:
USER:
------------------
Array
(
    [ID] => feb0b75a73049ae50c369b3af7f104d3
    [am] => 1
    [lang] => czech
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 0
    [user_name] => Guest
    [groups] => Array
        (
            [0] => 3
        )

    [group_quota] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [can_post_comments] => 0
    [can_upload_pictures] => 0
    [can_create_albums] => 0
    [pub_upl_need_approval] => 1
    [priv_upl_need_approval] => 1
    [upload_form_config] => 3
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [custom_user_upload] => 0
    [disk_max] => 0
    [disk_min] => 0
    [ufc_max] => 3
    [ufc_min] => 3
    [has_admin_access] => 0
    [group_name] => Guests
    [can_see_all_albums] => 0
    [group_id] => 3
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content, player FROM cpg149_filetypes; (0.01s)
    [1] => select * from cpg149_plugins order by priority asc; (0s)
    [2] => delete from `pbgalerie`.cpg149_sessions where time<1157044613 and remember=0; (0.001s)
    [3] => delete from `pbgalerie`.cpg149_sessions where time<1155838613; (0.006s)
    [4] => SELECT session_id FROM `pbgalerie`.cpg149_sessions WHERE session_id=MD5('***') (0.003s)
    [5] => insert into `pbgalerie`.cpg149_sessions (session_id, user_id, time, remember) values ("461bcb251fb33468dcae17cb2c841410", 0, "1157048213", 0); (0.001s)
    [6] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg149_usergroups WHERE group_id in (3) (0.001s)
    [7] => SELECT group_name FROM  cpg149_usergroups WHERE group_id= 3 (0.016s)
    [8] => update `pbgalerie`.cpg149_sessions set time='1157048213' where session_id=md5('***'); (0.009s)
    [9] => DELETE FROM cpg149_banned WHERE expiry < '2006-08-31 18:16:53' (0s)
    [10] => SELECT * FROM cpg149_banned WHERE (ip_addr='194.149.xxx.xxx' OR ip_addr='194.149.xxx.xxx' OR user_id=0) AND brute_force=0 (0.001s)
    [11] => SELECT aid FROM cpg149_albums WHERE visibility != '0' AND visibility !='10000' AND visibility NOT IN (3) (0s)
)

==========================
GET :
------------------
Array
(
    [insert] => 1
)

==========================
POST :
------------------
Array
(
    [d0000] => 1
    [pics] => Array
        (
            [0] => i0000
            [1] => i0001
            [2] => i0002
            [3] => i0003
            [4] => i0004
            [5] => i0005
            [6] => i0006
            [7] => i0007
            [8] => i0008
            [9] => i0009
            [10] => i0010
            [11] => i0011
            [12] => i0012
            [13] => i0013
            [14] => i0014
            [15] => i0015
            [16] => i0016
            [17] => i0017
            [18] => i0018
            [19] => i0019
            [20] => i0020
            [21] => i0021
            [22] => i0022
            [23] => i0023
            [24] => i0024
            [25] => i0025
            [26] => i0026
            [27] => i0027
            [28] => i0028
            [29] => i0029
            [30] => i0030
            [31] => i0031
            [32] => i0032
            [33] => i0033
            [34] => i0034
            [35] => i0035
            [36] => i0036
            [37] => i0037
            [38] => i0038
            [39] => i0039
            [40] => i0040
            [41] => i0041
            [42] => i0042
            [43] => i0043
            [44] => i0044
            [45] => i0045
            [46] => i0046
            [47] => i0047
            [48] => i0048
            [49] => i0049
            [50] => i0050
            [51] => i0051
            [52] => i0052
            [53] => i0053
            [54] => i0054
            [55] => i0055
            [56] => i0056
            [57] => i0057
            [58] => i0058
            [59] => i0059
            [60] => i0060
            [61] => i0061
            [62] => i0062
            [63] => i0063
            [64] => i0064
            [65] => i0065
        )

    [album_lb_id_i0000] => d0000
    [picfile_i0000] => cG9rdXMvYnNjYXAwMDExMngwMS5qcGc=
    [album_lb_id_i0001] => d0000
    [picfile_i0001] => cG9rdXMvYnNjYXAwMDEyMngwMS5qcGc=
    [album_lb_id_i0002] => d0000
    [picfile_i0002] => cG9rdXMvYnNjYXAwMDEzMngwMS5qcGc=
    [album_lb_id_i0003] => d0000
    [picfile_i0003] => cG9rdXMvYnNjYXAwMDE0MngwMS5qcGc=
    [album_lb_id_i0004] => d0000
    [picfile_i0004] => cG9rdXMvYnNjYXAwMDE1MngwMS5qcGc=
    [album_lb_id_i0005] => d0000
    [picfile_i0005] => cG9rdXMvYnNjYXAwMDE3MngwMS5qcGc=
    [album_lb_id_i0006] => d0000
    [picfile_i0006] => cG9rdXMvYnNjYXAwMDE4MngwMS5qcGc=
    [album_lb_id_i0007] => d0000
    [picfile_i0007] => cG9rdXMvYnNjYXAwMDIwMngwMS5qcGc=
    [album_lb_id_i0008] => d0000
    [picfile_i0008] => cG9rdXMvYnNjYXAwMDIxMngwMS5qcGc=
    [album_lb_id_i0009] => d0000
    [picfile_i0009] => cG9rdXMvYnNjYXAwMDIyMngwMS5qcGc=
    [album_lb_id_i0010] => d0000
    [picfile_i0010] => cG9rdXMvYnNjYXAwMDIzMngwMS5qcGc=
    [album_lb_id_i0011] => d0000
    [picfile_i0011] => cG9rdXMvYnNjYXAwMDI0MngwMS5qcGc=
    [album_lb_id_i0012] => d0000
    [picfile_i0012] => cG9rdXMvYnNjYXAwMDI1MngwMS5qcGc=
    [album_lb_id_i0013] => d0000
    [picfile_i0013] => cG9rdXMvYnNjYXAwMDI2MngwMS5qcGc=
    [album_lb_id_i0014] => d0000
    [picfile_i0014] => cG9rdXMvYnNjYXAwMDI3MngwMS5qcGc=
    [album_lb_id_i0015] => d0000
    [picfile_i0015] => cG9rdXMvYnNjYXAwMDI4MngwMS5qcGc=
    [album_lb_id_i0016] => d0000
    [picfile_i0016] => cG9rdXMvYnNjYXAwMDI5MngwMS5qcGc=
    [album_lb_id_i0017] => d0000
    [picfile_i0017] => cG9rdXMvYnNjYXAwMDMwMngwMS5qcGc=
    [album_lb_id_i0018] => d0000
    [picfile_i0018] => cG9rdXMvYnNjYXAwMDMxMngwMS5qcGc=
    [album_lb_id_i0019] => d0000
    [picfile_i0019] => cG9rdXMvYnNjYXAwMDMyMngwMS5qcGc=
    [album_lb_id_i0020] => d0000
    [picfile_i0020] => cG9rdXMvYnNjYXAwMDMzMngwMS5qcGc=
    [album_lb_id_i0021] => d0000
    [picfile_i0021] => cG9rdXMvYnNjYXAwMDM0MngwMS5qcGc=
    [album_lb_id_i0022] => d0000
    [picfile_i0022] => cG9rdXMvYnNjYXAwMDM1MngwMS5qcGc=
    [album_lb_id_i0023] => d0000
    [picfile_i0023] => cG9rdXMvYnNjYXAwMDM2MngwMS5qcGc=
    [album_lb_id_i0024] => d0000
    [picfile_i0024] => cG9rdXMvYnNjYXAwMDM3MngwMS5qcGc=
    [album_lb_id_i0025] => d0000
    [picfile_i0025] => cG9rdXMvYnNjYXAwMDM4MngwMS5qcGc=
    [album_lb_id_i0026] => d0000
    [picfile_i0026] => cG9rdXMvYnNjYXAwMDM5MngwMS5qcGc=
    [album_lb_id_i0027] => d0000
    [picfile_i0027] => cG9rdXMvYnNjYXAwMDQwMngwMS5qcGc=
    [album_lb_id_i0028] => d0000
    [picfile_i0028] => cG9rdXMvYnNjYXAwMDQxMngwMS5qcGc=
    [album_lb_id_i0029] => d0000
    [picfile_i0029] => cG9rdXMvYnNjYXAwMDQyMngwMS5qcGc=
    [album_lb_id_i0030] => d0000
    [picfile_i0030] => cG9rdXMvYnNjYXAwMDQzMngwMS5qcGc=
    [album_lb_id_i0031] => d0000
    [picfile_i0031] => cG9rdXMvYnNjYXAwMDQ0MngwMS5qcGc=
    [album_lb_id_i0032] => d0000
    [picfile_i0032] => cG9rdXMvYnNjYXAwMDQ1MngwMS5qcGc=
    [album_lb_id_i0033] => d0000
    [picfile_i0033] => cG9rdXMvYnNjYXAwMDQ2MngwMS5qcGc=
    [album_lb_id_i0034] => d0000
    [picfile_i0034] => cG9rdXMvYnNjYXAwMDQ3MngwMS5qcGc=
    [album_lb_id_i0035] => d0000
    [picfile_i0035] => cG9rdXMvYnNjYXAwMDQ4MngwMS5qcGc=
    [album_lb_id_i0036] => d0000
    [picfile_i0036] => cG9rdXMvYnNjYXAwMDQ5MngwMS5qcGc=
    [album_lb_id_i0037] => d0000
    [picfile_i0037] => cG9rdXMvYnNjYXAwMDUwMngwMS5qcGc=
    [album_lb_id_i0038] => d0000
    [picfile_i0038] => cG9rdXMvYnNjYXAwMDUxMngwMS5qcGc=
    [album_lb_id_i0039] => d0000
    [picfile_i0039] => cG9rdXMvYnNjYXAwMDUyMngwMS5qcGc=
    [album_lb_id_i0040] => d0000
    [picfile_i0040] => cG9rdXMvYnNjYXAwMDU0MngwMS5qcGc=
    [album_lb_id_i0041] => d0000
    [picfile_i0041] => cG9rdXMvYnNjYXAwMDU1MngwMS5qcGc=
    [album_lb_id_i0042] => d0000
    [picfile_i0042] => cG9rdXMvYnNjYXAwMDU2MngwMS5qcGc=
    [album_lb_id_i0043] => d0000
    [picfile_i0043] => cG9rdXMvYnNjYXAwMDU3MngwMS5qcGc=
    [album_lb_id_i0044] => d0000
    [picfile_i0044] => cG9rdXMvYnNjYXAwMDU4MngwMS5qcGc=
    [album_lb_id_i0045] => d0000
    [picfile_i0045] => cG9rdXMvYnNjYXAwMDU5MngwMS5qcGc=
    [album_lb_id_i0046] => d0000
    [picfile_i0046] => cG9rdXMvYnNjYXAwMDYwMngwMS5qcGc=
    [album_lb_id_i0047] => d0000
    [picfile_i0047] => cG9rdXMvYnNjYXAwMDYxMngwMS5qcGc=
    [album_lb_id_i0048] => d0000
    [picfile_i0048] => cG9rdXMvYnNjYXAwMDYyMngwMS5qcGc=
    [album_lb_id_i0049] => d0000
    [picfile_i0049] => cG9rdXMvYnNjYXAwMDY0MngwMS5qcGc=
    [album_lb_id_i0050] => d0000
    [picfile_i0050] => cG9rdXMvYnNjYXAwMDY1MngwMS5qcGc=
    [album_lb_id_i0051] => d0000
    [picfile_i0051] => cG9rdXMvYnNjYXAwMDY2MngwMS5qcGc=
    [album_lb_id_i0052] => d0000
    [picfile_i0052] => cG9rdXMvYnNjYXAwMDY3MngwMS5qcGc=
    [album_lb_id_i0053] => d0000
    [picfile_i0053] => cG9rdXMvYnNjYXAwMDY4MngwMS5qcGc=
    [album_lb_id_i0054] => d0000
    [picfile_i0054] => cG9rdXMvYnNjYXAwMDY5MngwMS5qcGc=
    [album_lb_id_i0055] => d0000
    [picfile_i0055] => cG9rdXMvYnNjYXAwMDcwMngwMS5qcGc=
    [album_lb_id_i0056] => d0000
    [picfile_i0056] => cG9rdXMvYnNjYXAwMDcxMngwMS5qcGc=
    [album_lb_id_i0057] => d0000
    [picfile_i0057] => cG9rdXMvYnNjYXAwMDcyMngwMS5qcGc=
    [album_lb_id_i0058] => d0000
    [picfile_i0058] => cG9rdXMvYnNjYXAwMDczMngwMS5qcGc=
    [album_lb_id_i0059] => d0000
    [picfile_i0059] => cG9rdXMvYnNjYXAwMDc0MngwMS5qcGc=
    [album_lb_id_i0060] => d0000
    [picfile_i0060] => cG9rdXMvYnNjYXAwMDc1MngwMS5qcGc=
    [album_lb_id_i0061] => d0000
    [picfile_i0061] => cG9rdXMvYnNjYXAwMDc2MngwMS5qcGc=
    [album_lb_id_i0062] => d0000
    [picfile_i0062] => cG9rdXMvYnNjYXAwMDc4MngwMS5qcGc=
    [album_lb_id_i0063] => d0000
    [picfile_i0063] => cG9rdXMvYnNjYXAwMDc5MngwMS5qcGc=
    [album_lb_id_i0064] => d0000
    [picfile_i0064] => cG9rdXMvYnNjYXAwMDgwMngwMS5qcGc=
    [album_lb_id_i0065] => d0000
    [picfile_i0065] => cG9rdXMvYnNjYXAwMDgxMngwMS5qcGc=
)

==========================
Page generated in 0.653 seconds - 12 queries in 0.048 seconds - Album set : ; Meta set: ;

/bridge/coppermine.inc.php

* Notice line 199: Undefined index: e7d3e3c795bb89820ab2584e2052f434

Nibbler

Probably same issue as http://forum.coppermine-gallery.net/index.php?topic=35516.msg166858#msg166858

Does the server have mod_security installed or the hardening patch applied?

darktemplar

#2
Ok, he will ask his webhosting admin about that... maybe this will solve. thanks til now :)

This settings: POST and/or REQUEST data  we find them in a gallery settings?
http://forum.coppermine-gallery.net/index.php?topic=35516.msg166865#msg166865

Joachim Müller

Quote from: darktemplar on August 31, 2006, 09:44:56 PM
This settings: POST and/or REQUEST data  we find them in a gallery settings?
http://forum.coppermine-gallery.net/index.php?topic=35516.msg166865#msg166865
No, they are part of your webserver setup, that's why you're suppossed to ask your webhost for support. If it was a Coppermine setting, we would have advised you what to do. Since we don't know your webserver settings nor have control over it, you have to do as suggested and ask your webhost.
Don't edit your postings except for fixing typos.

darktemplar

Oki, I`m sorry for editing... i wrote, that my english...  :(
So, we asked our webhosting admin, and he said that, the Hardenest patch is installed, and also his server is running on PHP5.
My friend can upload pictures, one by one, but cannot use a batch uploading :(
Don`t know exactly  about  POST and/or REQUEST data, yet. Can it be wrong with this setting?

Nibbler

Yes. It limits the amount of information that the server will accept. If you try to send inforamtion about more pics than the limit allows then you will get this problem.

darktemplar

We will tell this to admin, and we will see, also I`m going to write the result here...
May we make a test account and post it here?
Anyway thanks for your helpfulness.

Nibbler

Don't PM me. I have already told you all that can be said about your problem. The solution lies with your server admin.

darktemplar

Nibbler: Excuse me, I`ll not disturbing you with PM no more.

Ok, my friend made a test account, and I try to upload pictures normally one by one with UPLOAD FILE Button.This works perfectly !
But I also tried to use BATCH ADD FILES. Select the path, it pick out pictures automatically, and made a thumbnails... First, I take out all of pictures select album and it didn`t working. After that, I take out only one picture same way = thumbnails are ready and when I click to INSERT SELECTED FILES , it is log me out and display the page ERROR - You don't have permission to access this page.
So I think that BATCH ADD FILES doesn`t works in one way or another...
We find out that we have the installed PHP Version 5.1.6-pl2-gentoo with Hardening-Patch 0.4.14, also have PHPINFO and this infos are from there:

varfilter
Hardening-Patch's variable filter support enabled :
hphp.post.max_value_length 65000 65000
hphp.post.max_vars 200 200
hphp.request.disallow_nul 1 1
hphp.request.max_array_depth 100 100

Those info are about POST /Request data?
Our admin has a little vacation, so we must contact the technical support and maybe later some technician will tell us about POST/REQUEST data.
We can offer the test account and complete phpinfo, if it will be necessary.

Joachim Müller

As suggested various times already: WE CAN NOT FIX THIS FOR YOU! Therefor, posting an account here doesn't make sense. Ask your webhost / server admin / whoever is in charge of operating your server. In other words: ask the person who has the power to change it. Requesting help here just is a waste of time (ours and yours).

darktemplar

Finally, we contact the right person and he gave advice to us, that we should try to run this gallery with PHP4.xx installed. Now there is a PHP 4.4.2, and gallery works fine! So, the older version of PHP gave us fully working gallery.
Maybe that have something to do with this, but it is only our idea:
[9] => DELETE FROM cpg149_banned WHERE expiry < '2006-08-31 18:16:53' (0s)
[10] => SELECT * FROM cpg149_banned WHERE (ip_addr='194.149.xxx.xxx' OR ip_addr='194.149.xxx.xxx' OR user_id=0) AND brute_force=0 (0.001s)
because gallery was logging out us even when we wants to add only one picture through BATCH ADD FILES...
Ok, now I apologize for everything what I`m doing wrong on this forum, I was only confused and didn`t know, what to do... so, please excuse me.
I have the last question : There`s SAFE MODE... it is necessary to use it? many thanx for help to you, I hope everything will be allright.

Joachim Müller

No. If everything is working as expected, then don't enable safe mode. In fact, safe mode is a restriction some webhosts impose on their customers for security reasons. Coppermine will work fine with safe mode. Some webhosts configure safe mode improperly. That's where coppermine's silly_safe_mode comes into play: for those who have an improperly configured safe mode running, the silly_safe_mode will configure coppermine to cope with those improper settings.
Bottom line: if everything works as expected, don't change anything.

For others who come across this thread looking for answers on similar issues: we're glad that downgrading PHP worked for darktemplar. However: coppermine will work fine with PHP5.x as well (in fact, it's even recommended to use PHP5). The issues darktemplar had were not related to PHP5 itself, but to the webserver (and subsequently PHP5) not being set up properly. Although downgrading PHP from 5 to 4 worked for darktemplar, it's not the recommended method. We recommend talking to your webhost instead and making them configure your webserver properly in the first place.