Cookies will not hold admin rights to make any changes Cookies will not hold admin rights to make any changes
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Cookies will not hold admin rights to make any changes

Started by Shane, March 21, 2007, 03:15:29 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Shane

March 21, 2007, 03:15:29 AM
Hello.  Another new user here.  I have just installed Coppermine ver 1.4.10 (stable) sharing a MySQL database with my phpBB forum database.  Forum is a phpBB forum version 2.0.22 and is currently stable.  I plan to bridge the coppermine gallery to the forum once the gallery is functional and working properly.

Gallery url:  http://troop445.org/members/gallery
Forum url:  http://troop445.org/members/forum

Cookies for the forum work normally.
Forum cookie domain:  .troop445.org
Forum cookie name:  troop445_forum
Forum cookie path:  /members/

The /members/ directory allows us to password protect information for Troop members only.  I have set up a temporary user/password to allow access to the /members directory so I can get some help with this issue.  User: coppermine  Password:  test

When I navigate to the gallery (http://troop445.org/members/gallery)  I am shown the home page.  When I log in, I am presented with both the user and admin tool bars. If I try to access any of the tool bars, I am given a new screen stating "Error:  You don't have permission to access this page."  If I log in again, the program takes me to the page I was trying to access.  When I try to submit any changes, I get the same "Error: You don't have permission to access this page" message.  Therefore, I cannot set up a test account on the coppermine gallery to allow anyone to test my settings.

I have access to myPHPadmin to make any changes needed in the database.  I have changed the gallery cookie name to "gallery."  The current gallery cookie path is "/" as instructed everywhere.  I thought to change the cookie path to "/members/" to mirror the path for the forum, but have not done so.

Any help would be greatly appreciated.  I feel that coppermine offers our users a better gallery than the other phpbb add-ons.

Thanks!

Shane

#1
March 21, 2007, 03:31:56 AM
Sorry,  forgot to include that I huse IE6 and Zone Alarm Security Suite, both with all cookies allowed for troop445.org and have no problems with holding the cookies for the forum.

Thanks.

Joachim Müller

#2
March 21, 2007, 08:17:19 AM
The .htaccess auth is a double layer of security that you don't need imo. Just disable registration for new members and set both your forum and your gallery to be members-only. This should be all it takes. Not sure what your actual question is though - does your admin login not stick?

Shane

#3
March 21, 2007, 11:32:31 AM
GauGua,

The .htaccess is required by the Scout regulations - just another very small hurdle hackers must get through.

My main problem is that my admin login will not stick.  I must re-login over and over to access any page, and any changes I make are not held because the login did not stick.

Thanks.

Shane

#4
March 21, 2007, 12:19:09 PM
GauGau,

I have just signed on to the gallery from my computer at work.  I did not receive the red "Warning: Your browser does not accept script's cookies" message when logging on, and the admin user/password held.

I assume then that this is an issue with my home computer, but I as stated earlier, I have set both IE6 and my Zone Alarm to accept all cookies from the troop445.org domain.

Can you shed any light on this now?

Thanks!

Shane

#5
March 21, 2007, 01:00:59 PM
Test account on gallery is now active:
User:  coppermine
Password:  test
Print
Go Up Pages1
User actions