forum.coppermine-gallery.net
No Support => Modifications/Add-Ons/Hacks => Mods: Permissions => Topic started by: AvrilBoi on June 20, 2006, 04:39:58 pm
-
EDIT
Don't care of my previous and next posts in the topic. I've changed my request, which is this:
Please just help me in changing this part of include/init.inc.php to something that doesn't check if you're admin but checks if you belong to a group, for me it is group 5 in the group_id in the table _usergroup of the databae... please please help me just with this!!
// Test if admin mode
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
I know that it would be the same thing to make the users who belong to that group admins, but after that modification I'll do something else which makes that modification different than making 'em admins.
Edit (by Paver): Changed subject from "!>Check if you belong to a group instead of checking if you are an admin<!" to "Give Admin-Access to Certain Scripts for a Specified Group". Also removed bold from some text.
Edit (by Paver): Please read the entire thread before implementing this mod. The mod and mod-guide start at this post (http://forum.coppermine-gallery.net/index.php?topic=32903.msg153525#msg153525).
OLD REQUEST, DON'T CARE ABOUT THIS:
Hi!
I know there is not a way to allow users to make albums in public categories and/or categories, so I'm asking if it is possible to leave just "Categories" and "Albums" in the admin menù. (i mean also that if the admin types for example picmgr.php, he can't run that option).
Thanks.
P.s. I've searched the forum and didn't find anything, if there is already a topic sorry for that.
-
i dont understand you, can u explain more clear if u dont mind :)
its not good to do that for admin accounts tho :-\
-
You can remove the buttons from your theme and change the GALLERY_ADMIN_MODE checks in each file to match on user id instead. Be aware that it is not a good idea to make users admins who you do not trust completely.
-
i dont understand you, can u explain more clear if u dont mind :)
its not good to do that for admin accounts tho :-\
I want to make admins able to see only the Albums and Categories links (catmgr.php & albmgr.php)
and change the GALLERY_ADMIN_MODE checks in each file to match on user id instead. Be aware that it is not a good idea to make users admins who you do not trust completely.
I don't understand what to do...
I was thinking...isn't it possibile to make an external script which allows members of a group to make albums and categories... just a script which sends queries for making albums to the database... an external page known only by the members I trust.
-
I want to make admins able to see only the Albums and Categories links (catmgr.php & albmgr.php)
As Nibbler said, you need to modify your admin toolbar, which is done through your theme. Read the sticky threads on the themes board. But you say "admins" - it is dangerous to have more than one admin. Usually, you are the only admin and then you give permissions to others to do things.
I was thinking...isn't it possibile to make an external script which allows members of a group to make albums and categories... just a script which sends queries for making albums to the database... an external page known only by the members I trust.
Of course you can do anything you want - an external script, a plugin, a hack like Nibbler mentioned. The script would be the least preferable unless you put in very careful security checks.
-
Usually, you are the only admin and then you give permissions to others to do things.
Yes, but it's impossibile to give permission to make albums... I can modificate the admin menu ok... but I'm thinking that I need also the other options... :-\
Of course you can do anything you want - an external script, a plugin, a hack like Nibbler mentioned. The script would be the least preferable unless you put in very careful security checks.
I'm not php expert, so I can't make it... if someone could make a SIMPLE script WITHOUT security checks (I'll give the link to the script to very trusted persons) which allows to make categories and albums I'll be very thankful...
-
What you're up to is security by obscurity: making everybody admin and just removing the links to the pages where they could ruin your site is not a bright idea, as a missing link won't keep users from entering the URL manually (or malevolent users doing worse stuff). Requesting a script without security checks is just the opposite of what Paver suggested.
Quite frankly: don't try to create workarounds for a missing feature! Coppermine doesn't have the feature to allow regular users to create categories and albums within the public gallery. Trying to figure out workarounds is just nonsense! Don't try to be smarter than everybody else - if there was an easy solution for the missing feature, we would have posted it. Trust us, there is no easy solution. Malevolent users or hackers will be smarter than that, they will ruin your site or use your webspace for illegal activities - you won't even be aware of it. Bad guys usually don't just deface a site, they use it for immoral stuff using backdoors. Don't be one of the guys who is surprised when getting blamed for child porn distribution, hosting warez, denial of service attacks or spam sending. Don't!
-
Ok. Never mind...
(p.s.: I didn't wanna make everyone admin, just some users)
-
Maybe I've made it!!!
Please just help me in changing this part of include/init.inc.php to something that doesn't check if you're admin but checks if you belong to a group of persons allowed, for me it is group 5 in the group_id in the table _usergroup of the databae... please please help me just with this!!
// Test if admin mode
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
Edit: I know that it would be the same thing to make the users who belong to that group admins, but after that modification I'll do something else.
-
If you change this code, the users in group 5 will be able to do *anything* on your gallery - change the configuration settings, add & delete photos & albums & categories - everything.
What Nibbler suggested in the beginning above was to change *only* the GALLERY_ADMIN_MODE checks for the features you wanted - creating categories & albums. That way, you are not opening up your entire gallery.
Basically, if you want to change this code, it would be easier to not change the code and merely add the users to the administrators group - it would be identical.
-
I know that, infact i'm duplicating catmgr.php, albmgr.php, delete.php and init.inc.php... i'm not modificating the default files.
So, could you please help me changin that code? :)
-
No one? (https://forum.coppermine-gallery.net/proxy.php?request=http%3A%2F%2Fwww.my-smileys.de%2Fsmileys2%2Fangel_sadangel.gif&hash=2c1636651a9885d6c1632086329b49ee1e4752c4)
-
(1) This board is *not* a hotline - http://coppermine-gallery.net/demo/cpg14x/docs/faq.htm#lamesupport (http://coppermine-gallery.net/demo/cpg14x/docs/faq.htm#lamesupport)
(2) It is not at all clear what you now want help with. Are you still asking the same question in the first post? If so, you need to realize that the supporters have answered with as much as they can right now. If any supporter or anyone else decides to spend the time to code what you want, he/she will post here. But that takes patience and luck - not repeated bumps of this thread to ask "no one?" over & over again. If you have a specific question about a specific line of code in a specific script, go ahead and ask it.
If you want a code solution right now, you might consider the Freelancer board (http://forum.coppermine-gallery.net/index.php?board=30.0). Otherwise, you can either sit back & wait - realizing that there is no guarantee someone will post a solution, or learn the code yourself to write your own code.
One added note: more permission features are being considered for Coppermine 1.5.x. There is no guarantee that your request will make it. And there is no time set for a 1.5.x release.
-
I'm sorry Paver, I'll try to not make it happen anymore.
Anyway, I've made order in the topic, now my request is clear in bold in the first post of the topic, I've edited the posts and the topic title.
-
AvrilBoi: This thread is now a mess. I would strongly urge you to remove the bold text in the first post and change the title back. Right now, for someone new who wants to read this thread, they would immediately get very confused.
It is fine to post your new request as a reply at the end of the thread. People can then clearly see what the history of this discussion is. Right now, I recommend you move your request to the reply just before this one.
I still recommend adding in *only* the features you want to group 5, and not making them full admins, but here's the simple mod you want. In include/init.inc.php, add the lines bracketted by // MOD and // MOD - end into the lines you already specified, as shown:
// Test if admin mode
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
// MOD - add manual admin access
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
$mod_allowedgroups = array('5');
$mod_validuser = (array_intersect($mod_allowedgroups,$mod_usergroups) ? true : false);
define('USER_IS_ADMIN_MANUAL', $mod_validuser);
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
// MOD - end
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
Once again, you are playing with fire by giving GALLERY_ADMIN_MODE to other users. It wouldn't be too difficult to add only the permissions you want to the category manager and album manager. But it would take more time than this code took, so once again, there is no guarantee someone will do it for you.
-
I don't know how to thank you! Thanx 9999999999999
I don't think I'll have security problems... this is what I've done, with your help... I think it will be very useful for other persons, I know that many people want to allow other users to manage public albums!
So, this is what I've done (I've made it as a guide, if you wanna risk and wanna trust me :D):
1) make a group
2) put in the group the users you want to allow to manage albums
3) go in the database, than go in the table _usergroup, and than check in group_id the number referring to the new group you've made
4) make a copy of albmgr.php, delete.php and include/init.inc.php and coll'em for example albmgr_mod.php etc.
5) open albmgr_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
find
action="delete.php?what=albmgr"
replace with
action="delete_mod.php?what=albmgr"
6) open delete_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
7) open init_mod.inc.php
find
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
after, add
// MOD - add manual admin access
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
$mod_allowedgroups = array('NUMBER CHECKED BEFORE');
$mod_validuser = (array_intersect($mod_allowedgroups,$mod_usergroups) ? true : false);
define('USER_IS_ADMIN_MANUAL', $mod_validuser);
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
// MOD - end
8) upload all new files
9) give the users who belong to the group 5 the link to albmgr_mod.php
Paver, can you tell me if, at the end of this adventure ;D, I could have security problems?
-
Right now, any member of the group you set can completely control your Coppermine gallery.
Besides that - in my mind - very large risk, no other security risks caused by this mod.
I'm assuming you are running Coppermine 1.4.8. Earlier versions have security risks.
A much better way to add permissions is to remove this line from the mod:
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
Then change any GALLERY_ADMIN_MODE checks to add in USER_IS_ADMIN_MANUAL. For example, in catmgr.php, replace this line at the beginning:
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);with this line:
if (!GALLERY_ADMIN_MODE && !USER_IS_ADMIN_MANUAL) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
The other scripts are more complicated since they don't have just one check at the very beginning.
-
Thanks.
Yes, I'm running 1.4.8 version.
One question: users who belong to that group have full access to administration only if they know something about php or in any way? Because if I log in as a member of the group and go in albmgr_mod.php, I can do everything related to albmgr.php, and I get the administration menu, but if I click on any of the links in the administration menu, I get "You don't have permission.......".
-
That's a good point. Since you created an init_mod.inc.php, only the PHP scripts that use this mod script will be given admin access. All others that use init.inc.php won't.
-
I'm a little bit confused now... before you said "Right now, any member of the group you set can completely control your Coppermine gallery." and now you said that only the scripts which use init_mod.inc.php have admin rights, so do I have security problems right now or can I be sure that all the users who belong to that group can only administrate the albums (I've not used your better way to add permissions mentioned in your post)?
Maybe I'm too stupid to understand.... ???
-
You're right - I was wrong about that statement. I thought at first you were merely making a backup of the original scripts. Instead you modified only certain scripts to use the admin access.
My second statement is the correct one. All admin functions of those 3 scripts you modified (that access include/init_mod.inc.php) will be available to those in the group. All other scripts will only be available to true administrators.
-
Ok, fantastic!
Can I open a new thread here and wait it is moved to the Modifications board?
-
It's best to keep the entire discussion with a mod. That way, people will understand the motivation for the mod and how it was implemented.
Your mod-guide is useful and I put a link to it (well, the post above it) to the first post.
I modified the subject as well to make it clear on the board index what this mod does.
-
As suggested above: this thread is a mess, it shouldn't be in the sub-board "Modifications/Add-Ons/Hacks". Potential readers won't understand what happened, with all the editing this thread suffered from. I suggested starting a new thread, summarizing the actual mod and linking this thread. Then move this thread out of the mods board and the new thread into it.
-
@GauGau: Ok. Your suggestion makes sense. I'll keep this in mind for future mod threads.
-
Hi,
great mod, thank you.
I have a question: how to enable these rights in xp_publish.php as well?
replacing
require('include/init.inc.php');
with
require('include/init_mod.inc.php');
and every
USER_IS_ADMIN
with
(USER_IS_ADMIN||USER_IS_ADMIN_MANUAL)
has no visible effect.
I even tried to just replace every USER_IS_ADMIN with 1. It was possible to upload pictures to any public album for a user, then. At least that was what the XP_Publishing wizard said, the images did not appear in the designated albums ???
-
As suggested above, this thread is already messed up. Don't ask for new features in it.
-
Just as a heads-up, if the usergroup you intend to give admin rights to is assigned a 2-digit number, you'll need to change the following:
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
to this:
$mod_usergroups = explode(',',substr(USER_GROUP_SET,2,-1));
-
1) make a group
2) put in the group the users you want to allow to manage albums
3) go in the database, than go in the table _usergroup, and than check in group_id the number referring to the new group you've made
4) make a copy of albmgr.php, delete.php and include/init.inc.php and coll'em for example albmgr_mod.php etc.
5) open albmgr_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
find
action="delete.php?what=albmgr"
replace with
action="delete_mod.php?what=albmgr"
6) open delete_mod.php
find
require('include/init.inc.php');
replace with
require('include/init_mod.inc.php');
7) open init_mod.inc.php
find
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
after, add
// MOD - add manual admin access
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
$mod_allowedgroups = array('NUMBER CHECKED BEFORE');
$mod_validuser = (array_intersect($mod_allowedgroups,$mod_usergroups) ? true : false);
define('USER_IS_ADMIN_MANUAL', $mod_validuser);
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
// MOD - end
upload all new files
9) give the users who belong to the group 5 the link to albmgr_mod.php
I'm having a little trouble getting the mod to work. I created a group called "junior admins" and assigned a test user to it. I then went to phpbb_usergroup in my database. However, for some reason the group id number is "1761" (which seems rather high as I haven't created that many groups). Anyway, after following each of these the steps in the instructions set out above and then logging in as that user in that group, I went to albmgr_mod.php. However, it does not seem to show me as being in admin mode there. I still seem to be an ordinary user and can still only modify my own albums but not the public galleries as a whole. I would like certain users to be able to create public albums or to modify the properties (eg on modifyalb.php) in order for them to set whether visitors are allowed to upload files etc.
How do I get this group to have admin rights to the gallery without making them full administrators of the entire site? Am I doing something wrong with the mod?
Just as a heads-up, if the usergroup you intend to give admin rights to is assigned a 2-digit number, you'll need to change the following:
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
to this:
$mod_usergroups = explode(',',substr(USER_GROUP_SET,2,-1));
The group id I checked was a 4 digit number (1761). Would that have to be a "4" in the code above where the 2 is?
Any help would be appreciated.
Thanks
-
Not sure if this "mod" has been designed with bridging in mind, so I doubt that you will be able to make it work on your setup.
The group id I checked was a 4 digit number (1761). Would that have to be a "4" in the code above where the 2 is?
I guess so.
-
Would this code work for vBulletin too?
I still recommend adding in *only* the features you want to group 5, and not making them full admins, but here's the simple mod you want. In include/init.inc.php, add the lines bracketted by // MOD and // MOD - end into the lines you already specified, as shown:
// Test if admin mode
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
// MOD - add manual admin access
$mod_usergroups = explode(',',substr(USER_GROUP_SET,1,-1));
$mod_allowedgroups = array('5');
$mod_validuser = (array_intersect($mod_allowedgroups,$mod_usergroups) ? true : false);
define('USER_IS_ADMIN_MANUAL', $mod_validuser);
define('GALLERY_ADMIN_MODE', (USER_IS_ADMIN || USER_IS_ADMIN_MANUAL) && $USER['am']);
// MOD - end
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
-
Would this code work for vBulletin too?
Did you bother to read the post just one above yours:Not sure if this "mod" has been designed with bridging in mind, so I doubt that you will be able to make it work on your setup.
From your other open thread on the same issue:We can't tell, since none of the devs is using vb.