Some Users Can't Log In Some Users Can't Log In
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Some Users Can't Log In

Started by FirstDivision, June 05, 2007, 11:24:11 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

FirstDivision

June 05, 2007, 11:24:11 PM
I've already solved this problem, but when I was searching around for it I couldn't find anybody who had my specific error, so I'll post my resolution here.

Original Problem:
A user calls to say he can't log into the system.  I try it myself and find that it does log in...sort of.  The "Welcome [user]" success message would display, but then when the default page was displayed, none of the user options came up (create albums, etc).

I was confused.  I logged in to the admin panel and noticed that I couldn't even see the user in the list.  Wierd, the logon is processed so it must be "there" it's just not in this list.  I Googled around and didn't find anything for myself.

Wing and a Prayer
Hoping it was something that had been fixed in an upgrade, I upgraded my coppermine install to the most recent version (from 1.4.4 to 1.4.10).  No effect, the user still cannot log in.  Oh well, at least I'm up to date.

Discovery
I logged in to phpMyAdmin and looked at the cmine_users table.  There was the user.  Everything looked normal to me, but this doesn't mean much since I don't really know anything about the database.  I started to try other accounts through Coppermine's login page and found a couple more that didn't work, as well as most of the other ones which did.

The common thread between the accounts that didn't work was that they were all user_group 5.  A look into the usergroups table revealed that there is no usergroup 5...at least not anymore.  After an "update cmine_users set user_group=2 where user_group=5;" the account can log in now.

The Real Question
How did this happen?  Was there a bug in old code that allowed a group to be deleted but didn't reset user's groups?  Looking at the interface now I don't see an option to delete a group.  I'm not that familiar with it though, I haven't had to do anything with users (until now) in a long time, so maybe the delete group functionality is hidden somewhere else.  I dunno.

Why aren't releationships defined in the database to prevent this from ever happening?  Should there be and I'm missing mine?

Was there a security vulnerability (that allowed someone to delete a row from the usergroup table) that maybe I was exposed to by running 1.4.4, and that has now been fixed?

Anyway, I hope this helps someone if they have this same problem, I'm sure it must be something very unique to my install because it seems to be only me that's ever encountered it, lol.

-FD

urgentt

#1
September 17, 2007, 07:07:55 AM
I installed the new version and still got your problem  >:(

i agree that the problem lie in the "group" ... i created a new group and assigned some users to this new group. Then I went to do other administrations (in the admin panel only, i didn't edit the php files) ... the next day i login again, i found that the new "group" i created disappeared. I went to check the "users" and all users in this group disappeared too. Actually they didn't disappear cause when I register in some of their names, the system said "The username you have entered already exist, please choose a different one".
And they can login and receive a "welcome message" too (but cannot upload & manage their album, just as what was described in the above post).

Now I just want to "delete" these users and their posted photo, so that people can register in the same name ???? and of course I hope you can solve this bug problem.  ;D

urgentt

#2
September 18, 2007, 06:55:55 AM
ooh ... why nobody could answer me ....

now my program is full of those "hidden" users that could not be deleted. They can't login either. I think it's a bug of the program !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Joachim Müller

#3
September 18, 2007, 08:03:47 AM
Quote from: urgentt on September 18, 2007, 06:55:55 AM
ooh ... why nobody could answer me ....
Supporters are reluctant to look into issues brought up by hijacking someone else's thread. That's why you didn't get an answer. Additionally, you failed to post a link to your gallery, so what do you expect? Do you think we're mind readers?

sdcp

#4
October 23, 2007, 05:26:22 AM
How did you correct the problem?  I cannot login.  It does exactly what you described.  I don't know how to login to phpmyadmin.  Even if I did, I know how to make the correction. 

Sami

#5
October 23, 2007, 09:05:58 AM
Create your own thread and describe your issue there

locking this one ...
‍I don't answer to PM with support question
Please post your issue to related board

Joachim Müller

#6
October 23, 2007, 10:49:07 AM
sdcp by PM:
Quote from: sdcp on October 23, 2007, 05:32:19 AM
I read your comments regarding people not being able to login.  A few weeks ago, everything was fine.  Now I cannot log into to my gallery.  Below is a link to my gallery.  How should I solve this problem. 


http://www.shatteringdarkness.org/gallery/index.php


I found this in the markup validation.  I have no idea what it means or how to solve it. 

Validation Output: 1 Error
Line 2, Column 1: Missing xmlns attribute for element html. The value should be: http://www.w3.org/1999/xhtml.
<html dir="ltr">✉

Don't PM supporters! Post publicly instead. There's no reason for your PM!
Print
Go Up Pages1
User actions