Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: User passwords  (Read 3993 times)

0 Members and 1 Guest are viewing this topic.

augustin

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
User passwords
« on: January 14, 2004, 08:51:27 pm »

In the admin panel. I want to be able to see the user passwords in their profiles. How can this be done. I thought the passwords would show just like the other info
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
User passwords
« Reply #1 on: January 14, 2004, 10:45:10 pm »

they don't show, and we will not make a mod out of it, as this would be a serious security gap. Use a tool like phpMyAdmin to check the db table cpg11d_users - you can see the passwords in plaintext there.
What on earth do you need your users passwords for. It's definitely a "no-no" to peek into user's privacy this way, because most users will choose a password on your site they use on other occasions as well - looking into it is not ok!
Slightly off-topic: currently there's a work in progress to encrypt the passwords in the db as well - will probably go into the next release...

GauGau
Logged

augustin

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
Reason
« Reply #2 on: January 15, 2004, 01:59:03 am »

my concern is that should a suer create an a private album, I  as the site adminastrator should have full access to any album on my site, to ensure that content is not illegal ( I would only look if questions would be raised). My intent is not to invade but to monitot my site.
Logged

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
User passwords
« Reply #3 on: January 15, 2004, 10:30:05 am »

augustin, admin can look at and edit/delete every album on the site, even users private albums.
In config, make sure that 'show private icon to unlogged users' is set to YES.  Then admin will see the private icon on the main page, but can see the pics and do the admin stuff from the categry page as normal categories. (note, in the next version this should not be necessary)

This is much easier than logging in as the person.  Also, as admin, when you look at the pics, you will see the persons IP address, so can ban them by that.
Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here
Pages: [1]   Go Up
 

Page created in 0.029 seconds with 18 queries.