Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: age lock - modification  (Read 12613 times)

0 Members and 1 Guest are viewing this topic.

louis_chypher

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 9
age lock - modification
« on: March 22, 2007, 05:06:05 pm »

Age lock categories.

This modification allows categories to be aged locked (over and under).

There is an addition to the general settings to enable, disable age locking.

In category manager when editing /creating a new category there is an addition of two new input boxes. If you have this option disabled then no need to populate the boxes.

There is an input box that takes the age lock method (n, o, u). n=no age locking, o= over age, u = under age

Another input box accepts the age to be locked.

Over age locking allows access when the individual is over the selected age.
Under age locking is allows access when the individual is under the selected age.


This modification when age locking is enabled requires that the user input a properly formatted birthday. This birthday is stored as user information. The birthday is not editable (if the user gets it wrong the first time S.O.L), the birthday is not displayed. Of course if you have SQL skills you can directly edit the dB.

This is my first pass at age locking. I hope to make some improvements as time goes on. Right now age lock setting for child categories is defaulted to the parent category. For my requirements this is acceptable behavior.


This modification is for experienced individuals. I'm sure the experienced individuals who decide to follow these poorly written instructions would have taken proper precautions to insure your sites integrity.

The line numbers reflect the line numbers of a fresh install that does not have any other modifications so the line numbers should be pretty close.

Files to be modified:

register.php, english.php, catmgr.php, udb_base.inc.php, index.php

get files from your site, make copies. Do not edit the originals.


add field to user table, run the following MySQL command.

Code: [Select]

ALTER TABLE `cpg1410_users` ADD `user_bday` VARCHAR( 10 ) NULL ;

Add three fields to the categories table

ALTER TABLE `cpg1410_categories` ADD `agelock` BOOL NOT NULL DEFAULT '0';

ALTER TABLE `cpg1410_categories` ADD `agelock_method` VARCHAR( 10 ) NOT NULL DEFAULT 'n';

ALTER TABLE `cpg1410_categories` ADD `agelock_age` VARCHAR( 10 ) NOT NULL DEFAULT '18';

INSERT INTO `cpg1410_config` ( `name` , `value` )
VALUES ('bday_required', '1');


*************** REGISTER.PHP EDITS – BEGIN *****************
edit register.php:

Find (~ line number 74):
Code: [Select]
array('input', 'email', $lang_register_php['email'], 255),
Add below:
Code: [Select]
//age lock mod --Louis_Chypher@gmail.com *BEGIN
array('input', 'b_day', $lang_register_php['b_day'], 255),
//age lock mod --Louis_Chypher@gmail.com-- *END
save

find - around line 217

global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login;


replace with:

//agelock mod - begin
//global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login;
    global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login, $b_day;
//agelock end


find (~ line 250):

Code: [Select]
if ($password != $password_again) $error .= '<li>' . $lang_register_php['err_password_mismatch'];
add below:

Code: [Select]
//agelock - begin
if ($CONFIG['bday_required'])
{
list($month, $day, $year) = split('[/]', $b_day);
if (!(checkdate($month,$day,$year)))
{
$error .= '<li>' . $lang_register_php['err_b_day_incorrect_format'];
}
}
//agelock - end

save

find (~ line 293):

Code: [Select]
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} ".
           "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) ".
           "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '$profile1', '$profile2', '$profile3', '$profile4', '$profile5', '$profile6')";

replace with:

Code: [Select]
/*
agelock - begin
    $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} ".
           "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) ".
           "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '$profile1', '$profile2', '$profile3', '$profile4', '$profile5', '$profile6')";
*/
    $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} ".
           "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6,user_bday) ".
           "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '$profile1', '$profile2', '$profile3', '$profile4', '$profile5', '$profile6','$b_day')";
//agelock - end


save


*************** REGISTER.PHP EDITS – END *****************
*
*************** ENGLISH.PHP EDITS – BEGIN *****************

in english.php

find
Code: [Select]
$lang_register_phpthen find
Code: [Select]
'email' => 'Email', (around line1509)
insert below
Code: [Select]
'email' => 'Email',
Code: [Select]
'b_day' => 'Birth date mm/dd/yyyy',
'err_b_day_incorrect_format' => 'You must enter a correctly formatted birth date date for access to this site.',

Save

Find (~ line 646):

Code: [Select]
array('Browsable batch-add interface', 'browse_batch_add', 1, 'f=index.htm&amp;as=admin_general_browsable_batch_add&amp;ae=admin_general_browsable_batch_add_end'),
//cpg1.4

add below:

Code: [Select]
//agelock - begin
array('Enable category age locking', 'bday_required', 1, 'f=index.htm&amp;as=admin_general_agelock_add&amp;ae=admin_general_agelock_add_end'),
//agelock - end

save

find (~ line 566): 
Code: [Select]
$lang_catmgr_php
then find (~ line 579)

Code: [Select]
'cat_desc' => 'Category description',
add below:

Code: [Select]
'agelock_method' => 'Age lock method o=over age, u=under age',
  'agelock_age' => 'Age to be locked',

save


*************** ENGLISH.PHP EDITS – END *****************
*
*************** CATMGR.PHP EDITS – BEGIN *****************

in catmgr.php

find (~ line 296):

Code: [Select]
$result = cpg_db_query("SELECT cid, name, parent, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");
replace with

$result = cpg_db_query("SELECT cid, name, parent, description, thumb, agelock_method, agelock_age FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");

save

(~ line 458) find:

Code: [Select]
<textarea name="description" rows="5" cols="40" style="width: 100%;" class="textinput">{$current_category['description']}</textarea>
                </td>
        </tr>

(be very certain you place this in the proper location!) add below:

Code: [Select]
<tr>
            <td width="40%" class="tableb">
                        {$lang_catmgr_php['agelock_method']}
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="agelock_method" value="{$current_category['agelock_method']}" class="textinput" />
                </td>
</tr>
<tr>
            <td width="40%" class="tableb">
                        {$lang_catmgr_php['agelock_age']}
        </td>
        <td width="60%" class="tableb" valign="top">
                <input type="text" style="width: 100%" name="agelock_age" value="{$current_category['agelock_age']}" class="textinput" />
                </td>
</tr>

save

find (~ line 315):

Code: [Select]
$description = addslashes($_POST['description']);
add below:

Code: [Select]
$agelock_method = trim($_POST['agelock_method']);
$agelock_age = (int)$_POST['agelock_age'];

save

find (~ line 321)

cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', name='$name', description='$description', thumb='$thumb'  WHERE cid = '$cid' LIMIT 1");

replace with:

cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', name='$name', description='$description', thumb='$thumb', agelock_method='$agelock_method', agelock_age='$agelock_age' WHERE cid = '$cid' LIMIT 1");

save

find (~ line 323)

cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET name='$name', description='$description', thumb='$thumb' WHERE cid = '$cid' LIMIT 1");

replace with:

cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET name='$name', description='$description', thumb='$thumb', agelock_method='$agelock_method', agelock_age='$agelock_age' WHERE cid = '$cid' LIMIT 1");

save

*************** CATMGR.PHP EDITS – BEGIN *****************
*
*************** UDB_BASE.INC.PHP EDITS – BEGIN *****************

bridge\udb_base.inc.php

find (~ line 56):$sql = "SELECT u.{$f['user_id']} AS id, u.{$f['username']} AS username, u.{$f['password']} AS password,  ug.{$f['usertbl_group_id']} AS group_id ".

replace with:$sql = "SELECT u.{$f['user_id']} AS id, u.{$f['username']} AS username, u.{$f['password']} AS password, u.user_bday AS bday, ug.{$f['usertbl_group_id']} AS group_id ".

save

find (~ line 60): $sql = "SELECT u.{$f['user_id']} AS id, u.{$f['username']} AS username, u.{$f['password']} AS password,  u.{$f['usertbl_group_id']}+100 AS group_id ".

replace with: $sql = "SELECT u.{$f['user_id']} AS id, u.{$f['username']} AS username, u.{$f['password']} AS password, u.user_bday AS bday, u.{$f['usertbl_group_id']}+100 AS group_id ".

save

find (~ line 113):
Code: [Select]
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
add below:
Code: [Select]
define('USER_BDAY', ($USER_DATA['user_bday']));
save

find (~ line 146):
Code: [Select]
$USER_DATA['user_name'] = $row['username'];
add below:
Code: [Select]
if ($row['user_bday']=='')
{
$USER_DATA['user_bday']= date();
}
else
{
$USER_DATA['user_bday']= $row['user_bday'];
}

save

*************** UDB_BASE.INC.PHP EDITS – END *****************
*
*************** INDEX.PHP EDITS – BEGIN *****************

Edit index.php

The line numbers are very approximate as I did some code rearrangement to facilitate readability.

Find (~ line 904)

Code: [Select]
*/?>
Insert above the “?>” and below the */:
Code: [Select]
function age_lock($agelock_method, $agelock_age)
{
if (($agelock_method=='u') || ($agelock_method=='o'))
{
$_month=date("m");
$_year=date("Y");
$_day=date("d");
$bday = explode("/",$USER_DATA['user_bday']);
if($_month>$bday[0] || ($bday[0]==$_month && $_day>=$bday[1]) )
{
$i = $_year - $bday[2];
}
else
{
$i = $_year - $bday[2] - 1;
}
if ($agelock_method=='o')
{
if($i < $agelock_age)
{ //Check to see if too young
return true;
}
else
{
return false;
}
}
if ($agelock_method=='u')
{
if($i >= $agelock_age)
{ //check to see if there too old
return true;
}
else
{return false;}
}
}
else{return false;}
}//end age_lock

save

Find (~ line 145):

$result = cpg_db_query("SELECT cid, name, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent'  ORDER BY $cat_sort_order");

Replace with:

Code: [Select]
//agelock - begin
    //$result = cpg_db_query("SELECT cid, name, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent'  ORDER BY $cat_sort_order");
    $result = cpg_db_query("SELECT cid, name, description, thumb, agelock_method, agelock_age FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent'  ORDER BY $cat_sort_order");
//agelock – end

Find (~ line number 149):

Code: [Select]
if (mysql_num_rows($result) > 0)
{
        $rowset = cpg_db_fetch_rowset($result);
        foreach ($rowset as $subcat)

Add below:

Code: [Select]
//agelock - begin
$age_lock_not=false;
if ($CONFIG['bday_required'])
{
$age_lock_not=age_lock($subcat['agelock_method'], $subcat['agelock_age']);
}
if (!($age_lock_not))
{
//agelock end

Save

Find :

Code: [Select]
if ($level > 1)
{
            get_subcat_data($subcat['cid'], $cat_data, $album_set_array, $level -1, $ident . "</td><td><img src=\"images/spacer.gif\" width=\"20\" height=\"1\" border=\"0\" alt=\"\" /></td><td>");
           }
        }
    }
}

Replace with:

Code: [Select]
if ($level > 1)
{
            get_subcat_data($subcat['cid'], $cat_data, $album_set_array, $level -1, $ident . "</td><td><img src=\"images/spacer.gif\" width=\"20\" height=\"1\" border=\"0\" alt=\"\" /></td><td>");
            }
//agelock - begin
}
//agelock - end
        }//end for
    }
}//end method

Save

*************** INDEX.PHP EDITS – END *****************

« Last Edit: March 23, 2007, 03:02:29 pm by louis_chypher »
Logged

SoftDux

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 27
    • SoftDux - The Leaders in Software & Networking
Re: age lock - modification
« Reply #1 on: April 12, 2007, 02:47:06 am »

What could / would stop a user from choosing another DOB in order to fake his age, giving him access to restricted albums?
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: age lock - modification
« Reply #2 on: April 12, 2007, 10:22:22 am »

Nothing. But this is stil a usefull mod if you do have albums which are not suitable for a certain age and younger. Ofcourse they can circumvent this by logging in with their older brother account or make a new one and fake their DOB but using this mod does give a cpg owner to stop/warn at least a portion of its users that a certain folder is not yet ment for them to see.
Logged

SoftDux

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 27
    • SoftDux - The Leaders in Software & Networking
Re: age lock - modification
« Reply #3 on: April 12, 2007, 10:02:41 pm »

Well, this is the problem I'm sitting with, since the gallery that I need to setup will be a public / community gallery, allowing new photographers to introduce their work / portfolios to the public, and there have been quite a few requests, both from the photographers, and models about nude photos. This is not porn, but people like taking artistic nudes, and I most certainly wouldn't want my children to view such photos.

So, I've been thinking out maybe requesting someone's ID number, which is in the format of 790215xxxxxxxxxx - where the 79 is the year of birth, 02 the month, and 15 the day. Unfortunately I don't yet know how to compare the ID numbers to anything in order to see if the ID number is real or not, but hopefully this would discourage minors as well.
Logged

louis_chypher

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 9
Re: age lock - modification
« Reply #4 on: April 17, 2007, 11:11:25 pm »

What could / would stop a user from choosing another DOB in order to fake his age, giving him access to restricted albums?

Nothing to stop a user from giving a fake DOB. It does releave the site owner of some responsibility in regards to having images posted that are not "G" Rated.
Logged

skullz

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: age lock - modification
« Reply #5 on: August 16, 2007, 11:46:11 am »

ok im going to assume this topic and functions within still work since it isnt posted into the area of non-functioning....

here is where I'm at:

Find (~ line number 149):

Code:

if (mysql_num_rows($result) > 0)
   {
        $rowset = cpg_db_fetch_rowset($result);
        foreach ($rowset as $subcat)
      


Add below:

Code:

//agelock - begin
         $age_lock_not=false;
         if ($CONFIG['bday_required'])
         {   
            $age_lock_not=age_lock($subcat['agelock_method'], $subcat['agelock_age']);
         }
         if (!($age_lock_not))
         {
         //agelock end




here is the info I have right now;

Code: [Select]
if (mysql_num_rows($result) > 0) {

        $rowset = cpg_db_fetch_rowset($result);

        foreach ($rowset as $subcat) {

            if ($subcat['cid'] == USER_GAL_CAT) {

                $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} as a WHERE category>=" . FIRST_USER_CAT . $album_filter;

                $result = cpg_db_query($sql);

                $album_count = mysql_num_rows($result);

                while ($row = mysql_fetch_array($result)) {

                    $album_set_array[] = $row['aid'];

                } // while

                mysql_free_result($result);



                $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} as p, {$CONFIG['TABLE_ALBUMS']} as a WHERE p.aid = a.aid AND approved='YES' AND category >= " . FIRST_USER_CAT . $album_filter);

                $nbEnr = mysql_fetch_array($result);

                $pic_count = $nbEnr[0];



                $subcat['description'] = preg_replace("/<br.*?>[\r\n]*/i", '<br />' . $ident , bb_decode($subcat['description']));



                $link = $ident . "<a href=\"index.php?cat={$subcat['cid']}\">{$subcat['name']}</a>";

                if ($album_count) {

                    $cat_data[] = array($link, $ident . $subcat['description'], $album_count, $pic_count);

                    $HIDE_USER_CAT = 0;

                } else {

                    $HIDE_USER_CAT = 1;

                }

            } else {

                $unaliased_album_filter = str_replace('a.', '', $album_filter);

                $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = {$subcat['cid']}" . $unaliased_album_filter);

                $album_count = mysql_num_rows($result);

                while ($row = mysql_fetch_array($result)) {

                    $album_set_array[] = $row['aid'];

                } // while

                mysql_free_result($result);



                $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} as p, {$CONFIG['TABLE_ALBUMS']} as a WHERE p.aid = a.aid AND approved='YES' AND category = {$subcat['cid']}" . $album_filter);

                $nbEnr = mysql_fetch_array($result);

                mysql_free_result($result);

                $pic_count = $nbEnr[0];

                if ($subcat['thumb'] > 0) {

                    $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$subcat['thumb']}'" . $pic_filter;

                    $result = cpg_db_query($sql);

                    if (mysql_num_rows($result)) {

                        $picture = mysql_fetch_array($result);

                        mysql_free_result($result);

                        $pic_url = get_pic_url($picture, 'thumb');

                        if (!is_image($picture['filename'])) {

                            $image_info = getimagesize(urldecode($pic_url));

                            $picture['pwidth'] = $image_info[0];

                            $picture['pheight'] = $image_info[1];

                        }

                        $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']);

                        $user_thumb = "<img src=\"" . $pic_url . "\" class=\"image\" {$image_size['geom']} border=\"0\" alt=\"\" />";

                        $user_thumb = "<a href=\"index.php?cat={$subcat['cid']}\">" . $user_thumb . "</a>";

                    }

                } else {

                    $user_thumb = "";

                }

                $subcat['name'] = $subcat['name'];

                $subcat['description'] = preg_replace("/<br.*?>[\r\n]*/i", '<br />', bb_decode($subcat['description']));

                $link = "<a href=\"index.php?cat={$subcat['cid']}\">{$subcat['name']}</a>";

                $user_thumb = $ident . $user_thumb;

                if ($pic_count == 0 && $album_count == 0) {

                                        $user_thumb = $ident;

                    $cat_data[] = array($link, $subcat['description'], 'cat_thumb' => $user_thumb);

                } else {

                    // Check if you need to show subcat_level

                    if ($level == $CONFIG['subcat_level']) {

                        $cat_albums = list_cat_albums($subcat['cid']);

                    } else {

                        $cat_albums = '';

                    }

                    $cat_data[] = array($link, $subcat['description'], $album_count, $pic_count, 'cat_albums' => $cat_albums, 'cat_thumb' => $user_thumb);

                }

            }



if ($level > 1)
{
            get_subcat_data($subcat['cid'], $cat_data, $album_set_array, $level -1, $ident . "</td><td><img src=\"images/spacer.gif\" width=\"20\" height=\"1\" border=\"0\" alt=\"\" /></td><td>");
            }
//agelock - begin
}
//agelock - end
        }//end for
    }
}//end method


where do I add it as it has a bunch of other garbled stuff with it? ( i posted it that long incase its suppose to be added further down... )
kinda new to sql (but added everything else correctly ) and all this so please take it easy on me ;p


right now the way things are without adding 149 im getting:
Parse error: syntax error, unexpected '}' in /home/[username]/public_html/gallery/index.php on line 226
Logged
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 19 queries.