Print

[pvsujith]

Hi,
Is there a way to allow registered users to create albums in any of the available categories? By default, albums created by registered users are under User galleries.

I use:
CPG 1.4.2 stand alone installation
OS - RHL 9
Apache 2.0.40
PHP 4.2.2
MySQL 3.23.54

Regards

[Joachim Müller]

no, regular users can't create albums inside public categories - no hack available.

[janus]

Hm...
Yesterday I've spend about two hours to investigate this issue and have made the following fix.
Please have a look into attached files.

Unfortunatelly I have not commented the changes, so you should call the diff command.

It seems to run on my server.

[janus]

any feedback?

°-)

[Joachim Müller]

yes: I looked into your submission - it just disables all security on gallery core files, making every user an admin who can then edit the whole gallery at will, leaving the gallery just as vulnerable as if you published your admin account on your own home page. Using your hack is not recommended at all, I strongly suggest you remove it from your site asap. Bypassing security by adding user_admin to the check is not all it takes to securely allow users to create public albums. If things were that easy, we would have added it to coppermine's core long ago

[janus]

yes: I looked into your submission - it just disables all security on gallery core files, making every user an admin who can then edit the whole gallery at will, leaving the gallery just as vulnerable as if you published your admin account on your own home page. Using your hack is not recommended at all, I strongly suggest you remove it from your site asap. Bypassing security by adding user_admin to the check is not all it takes to securely allow users to create public albums. If things were that easy, we would have added it to coppermine's core long ago

Yes, that's correct. But I thought, I've changed only the ifs/elses, where it deals with album creation only. And exactly in this issue I'd like to give my users admin rights.