Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: 1.4.1 bug report: editpics return "you don't have permission...  (Read 12046 times)

0 Members and 1 Guest are viewing this topic.

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63

I install the newly check out version of 141 today and found this problem. I don't know if it is a bug or my setting problem.

When one hit the "edit files" button and enter editpics.php and then hit "apply modification", an error comes out.

Thanks for your attention.
« Last Edit: August 15, 2005, 07:25:37 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #1 on: May 11, 2005, 10:10:00 am »

we will not register, please post a non-admin test user account. I'm not able to replicate though, please post additional information (e.g. what group the user you tried this with belongs to etc.)
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #2 on: May 11, 2005, 05:32:52 pm »

OK, here is the test account:

user: test
pass: test

It is a normal regstered account with no modification.
Logged

kiig

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 141
    • Igel's Journaler
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #3 on: May 11, 2005, 07:22:51 pm »

I've just been on as 'test', - created a new album, - uploaded one file, - and everything but the problem above seems to work. I really don't know how it's supposed to work, - as I've not played around with user albums.

If I go to : Home > User galleries > test and press EDIT FILES, -and change something and try the Apply modifications, - I do get the error you mention.

Someone else will probably go on from here, - I just wanted to say what I've done, -in case somebody wondered -)

Could it be missing group permissions ?
Logged
Kim Igel
http://igel.it (Personal playground) or http://foto.igel.it (Paypal shop-site)

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #4 on: May 12, 2005, 12:18:01 am »

Exactly, i don't know how this happened.

Code: [Select]
If I go to : Home > User galleries > test
and press EDIT FILES,
and change something
and try the Apply modifications,
I do get the error you mention.

The group permission of registered user is default, no change at all.

Thanks for your attentiion.
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #5 on: May 14, 2005, 11:10:01 am »

I have tried install the 1.4.1 in other server and have the same result.

here is the debug info:

Code: [Select]
USER:
------------------
Array
(
    [ID] => 93aff81243a873f17b596eb7dd19470b
    [am] => 1
    [liv] => Array
        (
            [0] => 1
        )

)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 2
    [user_name] => tang
    [groups] => Array
        (
            [0] => 2
        )

    [disk_max] => 11024
    [disk_min] => 11024
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 0
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 0
    [pub_upl_need_approval] => 1
    [priv_upl_need_approval] => 0
    [group_name] => Registered
    [upload_form_config] => 3
    [group_quota] => 11024
    [can_see_all_albums] => 0
    [group_id] => 2
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content, player FROM cpg140_filetypes; (0.001s)
    [1] => select * from cpg140_plugins order by priority asc; (0s)
    [2] => delete from `tang_cpg141`.cpg140_sessions where time<1116057893 and remember=0; (0s)
    [3] => delete from `tang_cpg141`.cpg140_sessions where time<1114851893; (0s)
    [4] => select user_id from `tang_cpg141`.cpg140_sessions where session_id=md5("b959379abe8d1b3155355c5f9c308213599191aba5c41edbb3055218668c69f2"); (0s)
    [5] => select user_id as id, user_password as password from `tang_cpg141`.cpg140_users where user_id=2 (0s)
    [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `tang_cpg141`.cpg140_users AS u INNER JOIN `tang_cpg141`.cpg140_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' (0s)
    [7] => SELECT user_group_list FROM `tang_cpg141`.cpg140_users AS u WHERE user_id='2' and user_group_list <> ''; (0s)
    [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg140_usergroups WHERE group_id in (2) (0s)
    [9] => SELECT group_name FROM  cpg140_usergroups WHERE group_id= 2 (0s)
    [10] => update `tang_cpg141`.cpg140_sessions set time='1116061493' where session_id=md5('b959379abe8d1b3155355c5f9c308213599191aba5c41edbb3055218668c69f2'); (0s)
    [11] => SELECT user_favpics FROM cpg140_favpics WHERE user_id = 2 (0s)
    [12] => DELETE FROM cpg140_banned WHERE expiry < '2005-05-14 09:04:53' (0s)
    [13] => SELECT * FROM cpg140_banned WHERE (ip_addr='221.124.197.116' OR ip_addr='221.124.197.116' OR user_id=2) AND brute_force=0 (0s)
    [14] => SELECT aid FROM cpg140_albums WHERE visibility != '0' AND visibility !='10002' AND visibility NOT IN (2) (0s)
    [15] => SELECT title, category FROM cpg140_albums WHERE aid = '1' (0s)
    [16] => SELECT category, filepath, filename, owner_id FROM cpg140_pictures, cpg140_albums WHERE cpg140_pictures.aid = cpg140_albums.aid AND pid='1' (0s)
    [17] => SELECT COUNT(*) FROM cpg140_pictures WHERE approved = 'NO' (0s)
)

==========================
GET :
------------------
Array
(
    [album] => 1
    [start] => 0
    [count] => 25
)

==========================
POST :
------------------
Array
(
    [count] => 25
    [pid] => Array
        (
            [0] => 1
            [1] => 2
        )

    [aid1] => 1
    [title1] =>
    [caption1] =>
    [keywords1] =>
    [user11] =>
    [user21] =>
    [user31] =>
    [user41] =>
    [aid2] => 1
    [title2] =>
    [caption2] =>
    [keywords2] =>
    [user12] =>
    [user22] =>
    [user32] =>
    [user42] =>
)

==========================
Page generated in 0.07 seconds - 18 queries in 0.001 seconds - Album set : ; Meta set: ;

Anyone can give me a hand?

I have also turnned on the debug mode for everybody. Please take a look at http://ppi.hopto.org

log in as test and pass:test.

Thanks for any help.
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #6 on: May 14, 2005, 11:26:30 am »

More information:

The error is:

Code: [Select]
You don't have permission to perform this operation.
(target album = 5)

File: /home/tang/cpg141new/editpics.php - Line: 128

Then I checked out line 128 of editpics, it is:

Code: [Select]
             
if (!GALLERY_ADMIN_MODE)
{
if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied']."<br />
(picture category = {$pic['category']}/ $pid)", __FILE__, __LINE__);

if (!isset($user_album_set[$aid])) cpg_die(ERROR, $lang_errors['perm_denied']."<br />
(target album = $aid)", __FILE__, __LINE__);
}

Any hint?
Logged

Nibbler

  • Guest
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #7 on: May 14, 2005, 06:25:11 pm »

Uncommenting this

Code: [Select]
//get_user_albums(USER_ID);
line 429 solves the problem, but I'm sure it must have been commented out for good reason.
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #8 on: May 14, 2005, 06:44:08 pm »

Am I the only one have this problem?

Is there anyone have the same problem?

Will uncommemt line 429 cause any problem?

Is this a particular problem for me only?

I am sorry to have so much problem, just want to find out the truth.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #9 on: May 15, 2005, 07:55:54 am »

as Nibbler suggested: uncommenting this line will make the error go away, but we can't tell for sure yet why it is commented out in the first place. You're not the only one to experience this issue, we have been able to replicate. We need to further look into this issue. Please don't expect an answer soon: cpg1.4.x goes unsupported as you know and you're not meant to use it live on a production site, so I don't understand why you're in such a hurry...
Logged

itang

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #10 on: May 15, 2005, 08:18:32 pm »

Thanks for your reply, just want to make sure it is not the server's problem.

Thanks again.

Logged

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #11 on: June 05, 2005, 02:11:32 pm »

This still has not been sorted, so I checked back and found it was done by Abbas Ali, as a means of dealing with this bug, http://forum.coppermine-gallery.net/index.php?topic=14884.0

Quote
Removed the album box building bug by modifying get_user_albums function

However, this fix for that bug that was in editOnepics.php, was also applied to editpics.php, and caused this subsequent bug.

I can find no ill effects from un-commenting that line as suggested by Nibbler.
Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Nibbler

  • Guest
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #12 on: July 09, 2005, 02:06:30 pm »

Committed the fix.
Logged

phatbloke

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 20
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #13 on: August 07, 2005, 05:04:44 am »

I'm not sure if anyone else is in the same boat but this fix did not solve the problem for me.

i actually get physically logged out when i try to edit details of a folder. Single files are fine just not editing an album

You don't have permission to access this page.

File: /www/jason.designbase.co.nz/photogallery/editpics.php - Line: 25
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #14 on: August 07, 2005, 06:45:31 am »

This fis has successfully worked for me, have you tried redownloading the file from CVS?
Logged

phatbloke

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 20
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #15 on: August 07, 2005, 12:23:58 pm »

Yeah i got the latest editpics.php from cvs and no luck. Hmm don't know why then.
Logged

Dr_Michael

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 56
    • LightHunt
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #16 on: August 25, 2005, 09:02:37 pm »

Uncommenting this

Code: [Select]
//get_user_albums(USER_ID);
line 429 solves the problem, but I'm sure it must have been commented out for good reason.

Is that the solution? I tried it and ir works now but although it does the editing, it directs to the same page and not to a page with confirmation.

Nibbler

  • Guest
Re: 1.4.1 bug report: editpics return "you don't have permission...
« Reply #17 on: August 25, 2005, 09:12:13 pm »

There is no confirmation, it just does it.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 18 queries.