Changing name of user upload Changing name of user upload
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Changing name of user upload

Started by gaz-uk, January 14, 2009, 12:59:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

gaz-uk

Hi

I've done a search but couldn't see any specific answer to my query, what it is I use CPG as a gallery for photo competitions and members can upload their entries, however for users who have difficulty uploading, photos are emailed to me and I put them up. If I put them up, my member name is assigned to the photo upload, is there any way that I can change the members name to who sent me the photo by email.

Thanks
Gaz

gaz-uk

Is this not possible, if not could it be a suggestion for the next release.

Thanks

phill104

It is not a standard feature. It is possible to manually edit the database using phpmyadmin but it is not going to be easy with a big gallery. I am not aware of any mods to do this though it wouldn't be too difficult to code if you wish to have a go.
It is a mistake to think you can solve any major problems just with potatoes.

gaz-uk

Thanks for your reply.

I will look at going through phpmyadmin as it is only a small gallery. I do not have the expertise to go this myself, I'm not a programmer, maybe this could be added to the next version if any of the developers see this thread.

redwoodhead

If you use phpMyAdmin to browse the "cpg_users" table for your gallery you will find it has a "user_password" field.  Your user will have an entry here which is an encoded version of their password.  You can copy and paste this value somewhere safe (like NotePad) to save it for later.  Then you can (temporarily) change their password, log in as them, upload there photos and log out.  Then you can use phpMyAdmin to restore the original value that was in the "user_password" field.  Their original password will then be the working password.

A bit ugly, but it works.  (And doesn't require any code!)

Maybe warn them that if their password doesn't work for a little while you are the culprit?

Fabricio Ferrero

Instead of the suggestion of redwoodhead I would choose Phill's one. Just run a query changing the username from your database and done.

Sidenote: A 'how to' guide would be the best option IMO  ;)
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

Joachim Müller

You can not do as redwoodhead suggested, since that field doesn't store the actual password, but the password hash. Nice try, but no cigar.

Instead, do as Phill suggested and use phpMyAdmin to change the owner of particular files.

The feature you suggested will not go into the next version cpg1.5.x, because we are already in the feature freeze stage for the upcoming cpg1.5.x.
If you want to request this feature for the version after that release and make sure that your request doesn't get forgotten, start a corresponding thread on the feature requests board.

redwoodhead

Umm, yes it actually DOES work.

The "suggestion" is to save the HASHED value that is in the database and then restore it when you're done.  The admin probably doesn't know the actual password and doesn't need to.  If the database is in exactly the same state when you are done as it was when you started it will behave the same way.

To make doubly sure I wasn't missing something I went through the process on one of my own Coppermine installations with a test account.  It works fine.

But I am NOT trying to sell this as a wonderful procedure.  I agree with you and Phill that running a query to change the ownership is cleaner.  (And doesn't leave the user locked out of their own account while the admin is messing with it.)  But I imagine there are some admins who won't want to run a query on the database but WOULD feel comfortable using phpMyAdmin to temporarily save and then restore a single value.  And it's about as safe to do this as any database fiddling can be.  The worst I can imagine happening is losing the saved value before you get around to restoring it.  And all that would require to fix is resetting the password and letting the user know that happened.

phill104

If they can use phpmyadmin then they can run a query. Or they could just edit the owner_id and owner_name in the cpg1.xxx_pictures table . I don't see how your method is easier.
It is a mistake to think you can solve any major problems just with potatoes.

redwoodhead

I guess I just don't agree with "If they can use phpmyadmin then they can run a query."  I think there are plenty of people who will use a gui interface but don't know and really don't want to learn the command line syntax necessary to accomplish what they want to get done.

I also think it's interesting that we are now eight replies into this thread and no one has ventured the SQL.  So, here is what I came up with.

UPDATE cpg_pictures SET owner_id = 6, owner_name = 'test', aid = 28 WHERE aid = 29

It seems like the album id ("aid") also needs to be changed to move the image.  I didn't find the user's albums to be accessible to the admin during upload or during a reassignment of the album to which an image belongs.

And, of course, substitute your own appropriate values for the field entries!

I don't know and use SQL but it seemed to work ok.  (Comments welcome!)

In doing this I realized another issue with just changing the owner_id and owner_name.  That is that the uploaded files aren't moved.  They will NOT be in the user's "userpics" folder when you are done.  (Keeping them together seems like a good idea.)  The files could be moved manually and the SQL could be expanded to reflect this.  But now it seems things are getting a bit more complicated.  I am starting to like my original suggestion of just BEING the user for a little while!

In fact really all this "suggestion" was about was a way to BE a user for a little while in a pretty benign manner that the user probably will never be aware of.  Use it, don' use it, whatever.  ;)

Joachim Müller

The "WHERE" section is the tricky one as it entirely depends on the needs of the thread starter what to use as WHERE-argument.