Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Unusual permissions problem - Delete Files (Registered users only).  (Read 6979 times)

0 Members and 1 Guest are viewing this topic.

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6

I have searched the forums and find many folks that have permissions problems with uploading, but none like mine.
Registered users can upload, but not delete their images.  As Admin I can, however, delete the images.  When a registered user
attempts to delete a file they get this response:
You don't have permission to perform this operation.
(target album = 5)
I have set the file permissions correctly (as per the instructions) and read all of the documentation so perhaps I missed something?
Everything else in the app works great.  It was quick and easy to set up - I customized a template (heavy customization) with ease-great application-love it..
Here is the output from the debug mode:
USER:
------------------
Array
(
    [ID] => ef783b18193d23a5500ae82716cb1d5a
    [am] => 1
    [lang] => english
    [liv] => Array
        (
           
  • => 1
  • [1] => 3
                [2] => 4
                [3] => 5
                [4] => 9
            )

       
[sort] => ta
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 2
    [user_name] => Blah
    [groups] => Array
        (
           
  • => 2

        )

    [disk_max] => 0
    [disk_min] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 0
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 0
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 0
    [group_name] => Registered
    [upload_form_config] => 3
    [group_quota] => 0
    [can_see_all_albums] => 0
    [group_id] => 2
)

==========================
Queries:
------------------
Array
(
   
  • => SELECT extension, mime, content, player FROM cm_filetypes; (0.001s)
  • [1] => select * from cm_plugins order by priority asc; (0.001s)
        [2] => delete from `miniaz`.cm_sessions where time<1120532669 and remember=0; (0.001s)
        [3] => delete from `miniaz`.cm_sessions where time<1119326669; (0s)
        [4] => select user_id from `miniaz`.cm_sessions where session_id=md5("a9e474dbd8de1007c93d2ca7df7adf9dc837272e71fa927139434f058a2b8c40"); (0.001s)
        [5] => select user_id as id, user_password as password from `miniaz`.cm_users where user_id=2 (0.001s)
        [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `miniaz`.cm_users AS u INNER JOIN `miniaz`.cm_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' (0.001s)
        [7] => SELECT user_group_list FROM `miniaz`.cm_users AS u WHERE user_id='2' and user_group_list <> ''; (0.001s)
        [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cm_usergroups WHERE group_id in (2) (0.001s)
        [9] => SELECT group_name FROM  cm_usergroups WHERE group_id= 2 (0.001s)
        [10] => update `miniaz`.cm_sessions set time='1120536269' where session_id=md5('a9e474dbd8de1007c93d2ca7df7adf9dc837272e71fa927139434f058a2b8c40'); (0.001s)
        [11] => SELECT user_favpics FROM cm_favpics WHERE user_id = 2 (0.001s)
        [12] => DELETE FROM cm_banned WHERE expiry < '2005-07-05 04:04:29' (0.001s)
        [13] => SELECT * FROM cm_banned WHERE (ip_addr='68.230.6.35' OR ip_addr='68.230.6.35' OR user_id=2) AND brute_force=0 (0.001s)
        [14] => SELECT aid FROM cm_albums WHERE visibility != '0' AND visibility !='10002' AND visibility NOT IN (2) (0.001s)
        [15] => SELECT title, category FROM cm_albums WHERE aid = '5' (0.001s)
        [16] => SELECT category, filepath, filename, owner_id FROM cm_pictures, cm_albums WHERE cm_pictures.aid = cm_albums.aid AND pid='11' (0.001s)
        [17] => SELECT COUNT(*) FROM cm_pictures WHERE approved = 'NO' (0.001s)
    )

    ==========================
    GET :
    ------------------
    Array
    (
       
[album] => 5
    [start] => 0
    [count] => 25
)

==========================
POST :
------------------
Array
(
    [count] => 25
    [pid] => Array
        (
           
  • => 11

        )

    [aid11] => 5
    [title11] =>
    [caption11] =>
    [keywords11] =>
    [user111] =>
    [user211] =>
    [user311] =>
    [user411] =>
    [delete11] => 1
)

==========================
Page generated in 0.178 seconds - 18 queries in 0.017 seconds - Album set : ; Meta set: ;

Thanks!
J.
« Last Edit: July 09, 2005, 05:26:39 pm by TranzNDance »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #1 on: July 06, 2005, 07:16:05 am »

post a link and non-admin test user account with debug mode turned on
Logged

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #2 on: July 06, 2005, 11:26:14 pm »

Sorry about posting in the wrong section-thank you for moving it!

Here is the path to the site as well as the test account.

http://www.mini-az.com/cm/index.php

Username: test
password: test

Thank you!
J.
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #3 on: July 06, 2005, 11:45:30 pm »

Tell you what - once you change the Coppermine tag line to a color other than white, we'll help you.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #4 on: July 07, 2005, 02:09:22 am »

arrgh
-just checked it in IE (I use firefox)-its working in both browsers now.

Thanks!
J.
« Last Edit: July 07, 2005, 02:18:37 am by Digitalmafia »
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #5 on: July 07, 2005, 02:48:20 am »

You are using 1.4.1, so I'll move this to the appropriate board.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #6 on: July 07, 2005, 02:56:01 am »

Hmm, I can create an album, but not delete a picture I upload.  I can delete the album, which deletes all files I uploaded.

Hmmmm.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #7 on: July 07, 2005, 05:50:35 am »

'Hmm, I can create an album, but not delete a picture I upload.  I can delete the album, which deletes all files I uploaded.'

- I had not tried to delete the entire album-interesting that you can do that but the individual pics throw errors.
I did get a line error back:
/editpics.php - Line: 128
I will look into this file, any ideas?

Best regards,
Jason.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #8 on: July 07, 2005, 06:13:44 am »

Can they edit the files? In Config, did you set it so users retain control over their files?
Logged

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #9 on: July 07, 2005, 07:06:28 am »

'Can they edit the files? In Config, did you set it so users retain control over their files?'

As far as I can tell yes.  I have been through the config a dozen times and everything pertaining to allowing them to manage their files is on.
I did not, however, see a specific place for - deleteing files.  The can delete their albums without issue.  Almost all the User Settings are set to yes.
Anything specific I should look for? (I am sure I got the obvious).

Thanks.
J.
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #10 on: July 07, 2005, 10:15:38 am »

I can confirm this problem also, it happens when I use modifyalb.php and try to delete an image I get the same message.
Logged

Nibbler

  • Guest
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #11 on: July 07, 2005, 08:22:46 pm »

Looks the same as http://forum.coppermine-gallery.net/index.php?topic=17802.0

Fix was never committed.
Logged

Digitalmafia

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #12 on: July 07, 2005, 10:14:17 pm »

Based on the other thread I guess un-commenting the line will fix?
I will  try this tonight and post results.
Thanks.
J.
Logged

the_todd

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Posts: 42
    • JoomBla!
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #13 on: July 08, 2005, 03:23:10 am »

I uncommented the line in my gallery in editpics.php and it worked fine. This fix should be committed.
Logged

Nibbler

  • Guest
Re: Unusual permissions problem - Delete Files (Registered users only).
« Reply #14 on: July 09, 2005, 02:05:06 pm »

Committed the stated fix.
Logged
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 21 queries.