Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Upgrade Group Status  (Read 5923 times)

0 Members and 1 Guest are viewing this topic.

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Upgrade Group Status
« on: November 15, 2006, 01:05:00 pm »

I'm going to have basic "Registered" users and an additional permissions group called "Members" in which a subscription is required for access to more content. The subscription option won't be available unless they are logged in.

In short (going to use PayPal scripts for subscription method), when the user pays the subscription and is redirected back to the Gallery, how can I implement a script that updates their group status to "Members" automatically? 

Edit: Hein, why was this moved to Feature requests  ???
« Last Edit: November 20, 2006, 03:16:58 pm by Hein »
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Upgrade Group Status
« Reply #1 on: November 15, 2006, 01:52:00 pm »

Because this is feature request. Of which there are already a couple on the board. You might also try using the Freelancers thread to ask for someone to code this.

http://forum.coppermine-gallery.net/index.php?topic=23353.0
http://forum.coppermine-gallery.net/index.php?topic=29162.0
These two were made for the same questions and closed by GauGau.

In short, it did not belong in cpg1.4 permissions.

Cheers!
Hein
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Upgrade Group Status
« Reply #2 on: November 15, 2006, 02:15:09 pm »

It's called instant payment notification (ipn). Hasn't much to do with CPG

Nevertheless here's all you need to know http://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-manual-outside




(I don't consider that to be a feature request, rphMedia asks for support)

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Re: Upgrade Group Status
« Reply #3 on: November 15, 2006, 02:21:48 pm »

Thanks guys.

I included the PayPal info as background only.  I can do all the PayPal stuff :)



I have a group_id of 109 (Members).

When they return from the payment stuff, I want a script that will change the user_group_list from blank to "109" in the DB.  I'm getting close, I just want to cover all security scenarios. 

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Upgrade Group Status
« Reply #4 on: November 15, 2006, 02:33:14 pm »

here you can download/ test an php IPN handler... depending on the result you could change the users member group

http://www.eliteweaver.co.uk/testing/ipntest.php

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Upgrade Group Status
« Reply #5 on: November 15, 2006, 03:25:34 pm »

This is not a valid feature request, as rphMedia did not request a feature for future versions of coppermine, but is requesting immediate advice for a hack he's trying to accomplish. He's not asking for this hack to be added to Coppermine's core in the future. Stramm has moved this thread back to the support board.

@rphMedia: sorry for the confusion and meta discussion about the proper board this thread is meant to go into.

@Hein: sorry for undoing your moderation. Please accept my apologies - I'm not trying to be difficult here. Don't let this discourage you - your support for the community is very important. It doesn't hurt if such minor moderation misunderstanding happens.

Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Upgrade Group Status
« Reply #6 on: November 15, 2006, 04:09:30 pm »

Live and learn GauGau , no apologies needed :D

Sorry rphMedia. My bad.

Cheers!
Hein
Logged

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Re: Upgrade Group Status
« Reply #7 on: November 15, 2006, 05:12:29 pm »

Stop with all the apologies, NP - I can see how it could be misconstrued.

And thanks Stramm for the links.  Trying to piece it all together.

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Re: Upgrade Group Status
« Reply #8 on: November 16, 2006, 01:00:20 pm »

OK Stramm, again the links were extremely helpful, and although I could probably hack something together to make it work, I'm afraid that I would put a hole in the security.  I can see how the notify.php receives the bonofide secure info and everything, and I would need to compare at least one variable to verify legitimacy, but where I get lost is getting the actual username (already registered) then changing the group status based on all of that. 

Ah... I guess I need to go the Freelancers / Paid help route.  I need this to be kind of bullet-proof.  Should I repost in there or can you (or anyone else) help me out here (or PM?).  I will gladly repost there and request close on this thread.

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Upgrade Group Status
« Reply #9 on: November 16, 2006, 01:23:51 pm »

you pass along the uid to paypal, and there you include it to the talkback... I do not see huge a security hole here. With having the uid you know the username, group etc and can change whatever you need. You just must make sure you're talking to paypal :) that should be taken care of in the paypal manual

One always can attack such a system. You never will be 100% safe

If you need help from a freelancer... best would be to start a new thread there. And, if you want, I'll then close this thread.

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Re: Upgrade Group Status
« Reply #10 on: November 20, 2006, 03:16:08 pm »

Got it all sorted out.  Mark this as solved/closed, thanks again !




I would post all the code, but it's pretty involved (mostly with PayPal instruction).

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Upgrade Group Status
« Reply #11 on: November 20, 2006, 03:19:27 pm »

I'd be happy to see what you've coded (once you did some cleanup ;) )

rphMedia

  • Contributor
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 515
  • ***muvipix.com***
    • muvipix - Music | Video | Pictures
Re: Upgrade Group Status
« Reply #12 on: November 20, 2006, 03:23:58 pm »

I'll throw it together and send it to you. Give me a day or so.

Cleanup ?  Ahh, it works.  Maybe you can streamline it...

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Upgrade Group Status
« Reply #13 on: November 20, 2006, 03:28:54 pm »

thanks, with cleanup I didn't mean streamlining the code. Just removing sensitive data (if there) etc.

I was always looking for such a solution but never had the time to come up with my own code, hehehe
Pages: [1]   Go Up
 

Page created in 0.023 seconds with 19 queries.