[Closed]: Required Code for Registration [Closed]: Required Code for Registration
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Closed]: Required Code for Registration

Started by xFyrios, January 13, 2010, 07:47:19 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

xFyrios

Hi,
What I would like to accomplish is the ability to add a required field to the registration page that forces users to provide a certain code to be able to login. I am not talking about something similar to the Captcha script, it would be a code that would be provided by me. Ideally, it would work best if each user got a different code and when they signed up it emailed me the code and the username they signed up with or something similar, but at the bare minimum just one code provided to everyone signing up would work too. The idea behind this is that I want it attached to a site but I want it only for the users of that site and I would like to try and keep it orderly by making sure users use the same username as they do on the same site as well if possible. I know this can be accomplished as well through bridging but I do not have the knowledge or money to have this done. Also, it is as a tribute to a site and therefore I would need to ask my superiors there for the source code and I'd rather not have to do that. If this should be in a different section or a mod feels that it would go better in a different section then please do move it. :)
Any help would be greatly appreciated!

Thanks,
Chris

Joachim Müller

Why don't you try bridging instead of forcing your users to register and log in twice? What bridging does is using the user management and authentification of other apps and make coppermine use that authentification instead of the one built into it.
It might help if you did as suggested per board rules: post a link to your gallery for a start, and (in your case) a link to your site's overall login page. Posting a non-admin test user account might help as well.
Please read up what bridging is in the docs that come with coppermine: http://coppermine-gallery.net/demo/cpg14x/docs/index.htm#getting_consider_bridging

Anyway, if you decide that bridging is not right for you and that you want to follow your initial idea, you're up for some coding: what you request requires in-deep code changes that go beyond what you can expect from free support, so you better hire someone to accomplish that for you.

Not related to permissions, moving accordingly.

xFyrios

Actually, I think you mis-understood slightly. All I wanted was for it to be on the registration page, not the login page. Its a one time thing. As for links, well it's a private site so its not my place to decide to put a link to it. As for the Coppermine site, it is a brand new installation so I can't see it doing much good.
Although if you say it will take some deep coding then I'll take your word for it and look into bridging it. It's not ideal but if that's the best way then I guess I have to look into it more.
Thanks for your help,
Chris

Joachim Müller

Quote from: xFyrios on January 13, 2010, 03:39:56 PMActually, I think you mis-understood slightly.
I don't think so - I think I understood you perfectly well.

Quote from: xFyrios on January 13, 2010, 03:39:56 PMAll I wanted was for it to be on the registration page
Sure, the input field only needs to be on the registration page. But the salt (the secret, one-time, per user registration password) needs to be stored somewhere - the database. You need code to check the user input against that database field. And you need a page to enter the salt into the database, which probably would have to be an admin page. A lot of coding effort if you ask me, and all of that just for the purpose to get a correlation between your other app's user base and the one from coppermine - that's overkill.
Why don't you do as suggested and consider bridging? It would be exactly the solution you need. Alternatively, you'd need a routine that looped through your other app and created all accounts that exist in that app in coppermine as well; that would be the second best option.

Quote from: xFyrios on January 13, 2010, 03:39:56 PMAs for links, well it's a private site so its not my place to decide to put a link to it.
Well, another "private" site on the internet? Yet another "security by obscurity" candidate? Anything site on the www is public. Privacy is achieved by authentification on the site and not by keeping the URL a secret.
Anyway, if you can't post it, that's a pity - you can't get support in that case.

Quote from: xFyrios on January 13, 2010, 03:39:56 PMAs for the Coppermine site, it is a brand new installation so I can't see it doing much good.
You don't need to see that. It's us who need to see something. It's our decision who we grant support and what we require as a prerequisite. You'd be suprised what we can find when looking at a fresh install. I'm not ready to explain to you why we need the link to your gallery.

xFyrios

Well I'm sorry if I offended you, that was never my intention. It just sounded like you thought I meant something else.
As for bridging, if I did that wouldn't I need access to the user database? That I don't have and although I could ask for it, it doesn't seem like an ideal solution.
And the privacy for the site thing, well I guess its somewhat security by obscurity but its more like you need an account to access anything on the site other than the login page and therefore it is pretty much useless to anyone looking at it without an account which is something I can't just give out. I'm afraid I didn't realize that a new installation would help you though i guess I can see how that makes sense since the version number and many other things could differ from installation to installation. Never did think of that earlier... But if without a link to the site no one can help me then I guess I'll just give up on the idea. I just thought there might be a simple way of accomplishing it.

phill104

Even with just a link there are a number of things we can determine, even if the site requires a logon.

Closing as you requested.
It is a mistake to think you can solve any major problems just with potatoes.