Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Group permissions don't work  (Read 9411 times)

0 Members and 1 Guest are viewing this topic.

LilAngel

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 39
Group permissions don't work
« on: December 10, 2005, 03:58:23 pm »

It seems like the group settings aren't working on my gallery after the upgrade.
I used to have a group "BannedUploading" for users which didn't have upload permission. I noticed members of that group started to upload crap, so I reviewed my settings; everything was ok. I created a test user and assigned it to that group and guess what: I can still upload with that account. It terribly bugs me, cause I'm really annoyed by the files these people upload, I keep having to disapprove them.
I created the BannedUploading group again, but it still doesnt work.

I honestly don't know what's wrong with the settings; is this a common bug?

(http://tinypic.com/ief789.jpg)
(http://tinypic.com/ief7ev.jpg)

Sorry for the low quality screencaps.
« Last Edit: December 11, 2005, 08:09:58 pm by GauGau »
Logged

Nibbler

  • Guest
Re: Group permissions don't work
« Reply #1 on: December 10, 2005, 05:01:25 pm »

Looks like a new bug. You need to edit bridge/coppermine.inc.php, find this function

Code: [Select]
        // Get groups of which user is member
        function get_groups( &$user )
        {

                $group_list = in_array($user['group_id'] - 100, $this->admingroups) ? 1 : 2;

                $sql = "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' and user_group_list <> '';";

                $result = cpg_db_query($sql, $this->link_id);

                if ( $row = mysql_fetch_array($result) ) {

                        if ($row['user_group_list']) {
                                $group_list .= ','.$row['user_group_list'];
                        }

                        mysql_free_result($result);
                }

                $all_groups = explode(',',$group_list);

                if ( $admin_groups = array_intersect($this->admingroups, $all_groups) ) {
                        $all_groups[0] = 1;
                }

                if ( !in_array($user['group_id'] - 100, $all_groups) ) {
                        $all_groups[] = intval($user['group_id'] - 100);
                }

                return $all_groups;
        }

And replace it with this new version

Code: [Select]
        // Get groups of which user is member
        function get_groups( &$user )
        {
$groups = array($user['group_id'] - 100);

$sql = "SELECT user_group_list FROM {$this->usertable} AS u WHERE {$this->field['user_id']}='{$user['id']}' and user_group_list <> '';";

$result = cpg_db_query($sql, $this->link_id);

if ($row = mysql_fetch_array($result)){
$groups = array_merge($groups, explode(',', $row['user_group_list']));
}

mysql_free_result($result);

return $groups;
        }

Please report back if this solves the issue for you.

Also report back if it doesn't :)
Logged

LilAngel

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 39
Re: Group permissions don't work
« Reply #2 on: December 10, 2005, 09:26:32 pm »

Yep, that worked!

Issue is solved!  ;D
Logged

Nibbler

  • Guest
Re: Group permissions don't work
« Reply #3 on: December 10, 2005, 10:11:37 pm »

Fix committed to CVS.
Logged

LilAngel

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 39
Re: Group permissions don't work
« Reply #4 on: December 15, 2005, 12:16:59 am »

I noticed something.

About 2 days ago, someone complained about not being able to log in. Then today there was someone else complaining, and I also noticed people could upload without upload upproval. I checked the group settings, and ALL of the custom groups were gone. Thankfully, we did have a backup. I'm not sure if this is related to this bug and the editing, but it's very odd. Maybe something you need to double check?
Just saying to warn you. :)
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 18 queries.