I don't know how to thank you! Thanx 9999999999999
I don't think I'll have security problems... this is what I've done, with your help... I think it will be very useful for other persons, I know that many people want to allow other users to manage public albums!
So, this is what I've done (I've made it as a guide, if you wanna risk and wanna trust me
):
1) make a group
2) put in the group the users you want to allow to manage albums
3) go in the database, than go in the table _usergroup, and than check in group_id the number referring to the new group you've made
4) make a copy of albmgr.php, delete.php and include/init.inc.php and coll'em for example albmgr_mod.php etc.
5) open albmgr_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
find
action="delete.php?what=albmgr"
replace with
action="delete_mod.php?what=albmgr"
6) open delete_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
7) open init_mod.inc.php
find
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
after, add
// MOD - add manual admin access
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
$mod_allowedgroups = array('
NUMBER CHECKED BEFORE');
$mod_validuser = (array_intersect($mod_allowedgroups,$mod_usergroups) ? true : false);
define('USER_IS_ADMIN_MANUAL', $mod_validuser);
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
// MOD - end
upload all new files
9) give the users who belong to the group 5 the link to albmgr_mod.php
Paver, can you tell me if, at the end of this adventure
, I could have security problems?