Support > cpg1.5 upload
Multiple file upload method gives "Security Error"
sangyo:
I'm having issues when uploading on my Coppermine driven gallery http://www.iamthesalamander.com/photos/
When using the advanced upload form (i.e., "Multiple files - Flash-driven (recommended)") and the suggested settings for upload troubleshooting, I get the following error message in the "Upload Queue" box (please see the attached snippet, also):
"Security Error"
Other info:
-"Debug Output" does not appear to give any error message.
-Uploading with the simple upload form (i.e., "simple - one file at a time") works just fine.
Here's the test user account data:
Username: tester
Password: tester
I have been using the image taken from http://coppermine-gallery.net/demo/cpg14x/albums/competition/ecto/normal_fire_on_the_beach.jpg as an example to test with.
Having done as suggested in the "Upload troubleshooting" section of the v1.5.3 documentation, and not finding any solutions by searching the board, I have no idea what else to do.
Joachim Müller:
Good job on providing all needed details. Confirming your observation - simple file upload (HTML-driven form) works as expected (see http://iamthesalamander.com/photos/displayimage.php?pid=4532), Flash-driven interface returns the error message (see attached screenshot) after having selected a file for upload. Debug output is
--- Code: ---USER:
------------------
Array
(
[ID] => 20ef62239f0a4f64793e4c75f0e197ef
[lang] => english
[am] => 1
[liv] => Array
(
[0] => 3671
[1] => 3672
[2] => 3673
[3] => 3674
[4] => 4532
)
[liv_a] => Array
(
[0] => 43
)
[upload_method] => swfupload
)
==========================
USER DATA:
------------------
Array
(
[user_id] => 4
[user_name] => tester
[groups] => Array
(
[0] => 5
)
[disk_max] => 0
[disk_min] => 0
[can_rate_pictures] => 0
[can_send_ecards] => 0
[can_post_comments] => 0
[can_upload_pictures] => 1
[can_create_albums] => 0
[has_admin_access] => 0
[access_level] => 3
[pub_upl_need_approval] => 0
[priv_upl_need_approval] => 1
[group_name] => uploaders
[group_quota] => 0
[can_see_all_albums] => 0
[group_id] => 5
[allowed_albums] => Array
(
)
)
==========================
Queries:
------------------
Array
(
[0] => SELECT name, value FROM cpg_config [include/init.inc.php:177] (0 ms)
[1] => SELECT user_id, time FROM `iamthesa_copp1`.cpg_sessions WHERE session_id = 'bb7b8ebf01ff50bc1e02693ba64c3ae2' [bridge/coppermine.inc.php:258] (0 ms)
[2] => SELECT user_id, user_password FROM `iamthesa_copp1`.cpg_users WHERE user_id = 4 [bridge/coppermine.inc.php:270] (0 ms)
[3] => SELECT u.user_id AS id, u.user_name AS username, user_password AS password, u.user_group AS group_id FROM `iamthesa_copp1`.cpg_users AS u LEFT JOIN `iamthesa_copp1`.cpg_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='4' [bridge/udb_base.inc.php:72] (0 ms)
[4] => SELECT user_group_list FROM `iamthesa_copp1`.cpg_users AS u WHERE user_id='4' AND user_group_list <> '' [bridge/coppermine.inc.php:200] (0 ms)
[5] => SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, MAX(can_create_albums) AS can_create_albums, MAX(has_admin_access) AS has_admin_access, MAX(access_level) AS access_level, MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS priv_upl_need_approval FROM cpg_usergroups WHERE group_id in (5) [bridge/udb_base.inc.php:323] (0 ms)
[6] => SELECT group_name FROM cpg_usergroups WHERE group_id= 5 [bridge/udb_base.inc.php:327] (0 ms)
[7] => SELECT aid FROM cpg_albums WHERE moderator_group IN (5) [include/init.inc.php:267] (0 ms)
[8] => SELECT lang_id FROM cpg_languages WHERE enabled='YES' [include/init.inc.php:318] (0 ms)
[9] => SELECT user_favpics FROM cpg_favpics WHERE user_id = 4 [include/init.inc.php:376] (0 ms)
[10] => DELETE FROM cpg_banned WHERE expiry < '2010-03-25 01:01:06' [include/init.inc.php:432] (0 ms)
[11] => SELECT null FROM cpg_banned WHERE (user_id=4 OR '217.255.69.10' LIKE ip_addr ) AND brute_force=0 LIMIT 1 [include/init.inc.php:448] (0 ms)
[12] => SELECT aid FROM cpg_albums WHERE (1 AND visibility != 0 AND visibility != 10004 AND visibility NOT IN (5)) [include/functions.inc.php:924] (0 ms)
[13] => SELECT aid, title, cid, name FROM cpg_albums INNER JOIN cpg_categories ON cid = category WHERE category < 10000 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (5))) OR (owner=4)) [upload.php:577] (1 ms)
[14] => SELECT aid, title FROM cpg_albums WHERE category = 0 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (5))) OR (owner=4)) [upload.php:579] (0 ms)
[15] => SELECT aid, title FROM cpg_albums WHERE category='10004' ORDER BY title [upload.php:601] (0 ms)
[16] => SELECT user_id AS user_id, user_password AS pass_hash FROM `iamthesa_copp1`.cpg_users WHERE user_id = '4' [bridge/udb_base.inc.php:732] (1 ms)
[17] => SELECT cid, parent, name FROM cpg_categories WHERE 1 [upload.php:249] (0 ms)
)
==========================
GET :
------------------
Array
(
[method] => swfupload
[album] => 20
)
==========================
POST :
------------------
Array
(
)
==========================
COOKIE :
------------------
Array
(
[cpg140_data] => YTo1OntzOjI6IklEIjtzOjMyOiIyMGVmNjIyMzlmMGE0ZjY0NzkzZTRjNzVmMGUxOTdlZiI7czo0OiJsYW5nIjtzOjc6ImVuZ2xpc2giO3M6MjoiYW0iO2k6MTtzOjM6ImxpdiI7YTo1OntpOjA7czo0OiIzNjcxIjtpOjE7czo0OiIzNjcyIjtpOjI7czo0OiIzNjczIjtpOjM7czo0OiIzNjc0IjtpOjQ7czo0OiI0NTMyIjt9czo1OiJsaXZfYSI7YToxOntpOjA7aTo0Mzt9fQ==
[7530acb24da35ab34cc4f21f7ec625c0] => bc300b9f5488c3ec78f445d6e28c1c9d
)
==========================
--- End code ---
You have specified in Coppermine's config that the URL of your gallery is http://iamthesalamander.com/photos/, but you have sent us to http://www.iamthesalamander.com/photos/ (notice the leading www subdomain). After having logged in (with the leading www subdomain) I manually removed the leading www from the URL and hit enter, and your gallery did not recognize me. Logging in once more and then trying the flash-driven upload I didn't get the error message during initial upload, but on the next screen after hitting continue (http://iamthesalamander.com/photos/editpics.php?album=20) I get
--- Quote ---Error
You don't have permission to access this page.
File: /home6/iamthesa/public_html/photos/editpics.php - Line: 79
--- End quote ---
, so there is something fishy with your cookies as far as I can see.
To cover the first problem I suggest to come up with a custom .htaccess file - put this into it:
--- Code: ---RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.iamthesalamander\.com$ [NC]
RewriteRule ^(.*) http://iamthesalamander.com/$1 [R,L]
--- End code ---
This will send all your visitors who use the leading www subdomain to your domain without the leading www. Your visitors probably won't notice a thing.
Not so sure about the second issue though...
Abbas Ali:
The "Secruity Error" is, I believe, due to the Flash Player's "same origin" policy. This means that Flash can only upload to the same server that served the swf file. Swfupload might be treating the domain names with and without www as two different domains.
Αndré:
--- Quote from: Abbas Ali on March 25, 2010, 10:11:18 am ---Swfupload might be treating the domain names with and without www as two different domains.
--- End quote ---
That's the correct behavior imo.
Joachim Müller:
I agree. That's why I recommended to steer clear of the leading www subdomain by adding the .htaccess policy. I'm not sure though about the second issue that comes up if you're actually accessing the site without the leading www subdomain - you can then upload a file, but once you click on "continue" on the upload screen (the link that sends you to the editpics screen) you get the error message I posted, which comes from Coppermine and not from the flash script. Imo there's something fishy with permissions there, but I can't actually spot the problem.
Navigation
[0] Message Index
[#] Next page
Go to full version