Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Closed]: What's mean that  (Read 5259 times)

0 Members and 1 Guest are viewing this topic.

MisteryBrother

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
[Closed]: What's mean that
« on: April 12, 2010, 01:36:28 am »

In the logfiles I find these error code:
Bud i don't understand what's mean that

Code: [Select]
Apr 12, 2010 at 12:46 AM - While executing query 'SELECT r.pid, r.aid, filepath, filename, url_prefix, pwidth, pheight, filesize, ctime, r.title, r.keywords, r.votes, pic_rating, hits, caption, r.owner_id
FROM gallerypictures AS r
INNER JOIN galleryalbums AS a ON a.aid = r.aid
WHERE (category = 10062) AND r.aid NOT IN (15, 14, 20, 315, 81, 82, 192, 408, 528, 585, 610, 769, 821, 1159, 1414, 100, 1861, 1900, 150, 173, 304, 381, 469, 540, 627, 726, 850, 497, 520, 588, 618, 633, 680, 704, 705, 714, 754, 791, 830, 852, 1112, 1539, 1574, 1703, 1739, 1840, 2047)
AND approved = 'YES'
AND hits > 0
ORDER BY hits ASC, pid DESC
LIMIT 0 ,-41' in include/functions.inc.php on line 1583 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-41' at line 8

There stay also:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-41' at line 8
« Last Edit: April 12, 2010, 06:56:34 pm by Phill Luckhurst »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: What's mean that
« Reply #1 on: April 12, 2010, 07:30:02 am »

The testing/bugs board is not meant for support. Your posting doesn't qualify as valid test report, so I'm moving it accordingly.
In fact your posting doesn't even qualify as valid support request, as you failed to respect borad rules:
Logged

MisteryBrother

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: What's mean that
« Reply #2 on: April 12, 2010, 03:42:52 pm »

Coppermine version: cpg1.5.3 (RC)
Server: Linux srv77 2.6.26-2-vserver-amd64 #1 SMP Thu Nov 5 03:47:07 UTC 2009 x86_64
(Virtual hosting server by One.com)
PHP Version: 5.3.2
Image library used: GD Version 2.x
Bridging: none
Themes tested: Rainy day (before in another theme I get the same error)
Client OS: NVT
Client Browser: NVT
Install type: 1 month with the new time
Source: functions.inc.php -- Coppermine version: 1.5.4
Browser language: I use Dutch
Coppermine language: There are a few langue in
What happened (potential bug): I get the error message in the log files,  but we don’t see any error on board 
Code: [Select]
Apr 08, 2010 at 04:00 AM - While executing query 'SELECT r.pid, r.aid, filepath, filename, url_prefix, pwidth, pheight, filesize, ctime, r.title, r.keywords, r.votes, pic_rating, hits, caption, r.owner_id
FROM gallerypictures AS r
INNER JOIN galleryalbums AS a ON a.aid = r.aid
WHERE (r.aid = 2074) AND r.aid NOT IN (15, 14, 20, 315, 81, 82, 192, 408, 528, 585, 610, 769, 821, 1159, 1414, 100, 1861, 1900, 150, 173, 304, 381, 469, 540, 627, 726, 850, 497, 520, 588, 618, 633, 680, 704, 705, 714, 754, 791, 830, 852, 1112, 1539, 1574, 1703, 1739, 1840, 2047)
AND approved = 'YES'
AND hits > 0
ORDER BY hits ASC, pid DESC
LIMIT 0 ,-225' in include/functions.inc.php on line 1583 the following error was encountered:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-225' at line 8

How to replicate (what I did when the problem showed up): I'm logged in as admin and click on the read the log files under “database”

Attention:
I have edit the functions.inc.php
Why? Well now I have creation a group “moderators” These group can see all the pictures include private albums.

Find these:
Code: [Select]
function get_private_album_set($aid_str="")
{
    if (GALLERY_ADMIN_MODE) {
        return;
    }

    global $CONFIG, $USER_DATA, $FORBIDDEN_SET, $FORBIDDEN_SET_DATA;

    $superCage = Inspekt::makeSuperCage();

    $FORBIDDEN_SET_DATA = array();

    if ($USER_DATA['can_see_all_albums']) {
        return;
    }

And I have edit it with these one:
Code: [Select]
function get_private_album_set($aid_str="")
{
global $USER, $CONFIG, $CURRENT_CAT_NAME, $CURRENT_ALBUM_KEYWORD, $FAVPICS, $FORBIDDEN_SET_DATA, $FORBIDDEN_SET, $USER_DATA;
    if (GALLERY_ADMIN_MODE || ($USER_DATA['group_name']== 'Moderators')) {
        return;
    }

    global $CONFIG, $USER_DATA, $FORBIDDEN_SET, $FORBIDDEN_SET_DATA;

    $superCage = Inspekt::makeSuperCage();

    $FORBIDDEN_SET_DATA = array();

    if ($USER_DATA['can_see_all_albums']) {
        return;
    }

In the attachement the current functions.inc.php file
In the attachement a screenshot from the error code
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: What's mean that
« Reply #3 on: April 12, 2010, 05:09:50 pm »

Where's the link to your gallery?

Source: functions.inc.php -- Coppermine version: 1.5.4
Such a version doesn't exist yet. You're ahead of your time ;).

I have edit the functions.inc.php
Why? Well now I have creation a group “moderators” These group can see all the pictures include private albums.
Deliberately disabling the security mechanisms is one of the privileges you have when using an open source app. But please don't blame coppermine if this is used against you. At everyone else reading this thread: don't! That modifications doesn't give you an actual moderator group that has moderation privileges.
Logged

MisteryBrother

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: What's mean that
« Reply #4 on: April 12, 2010, 06:19:25 pm »

Yes I’m agree it is not save from me for changes anything in these code.
But these was the only option for make a group that have full access (not the admin access) and can see private albums (creation by new users)

Yes I have edit edit: edit_one_pic.php also, that’s mean the moderator group see below the picture: Edit these file
I know there is a option called: “Album can be moderated by”
But these is not working for members albums.

Anyway these I a open source software but so far I can read here, Coppermine don’t like it if you edit a few stuff.
I just asking what is the error code that stay in the log file? Never mind thanks for the support
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: What's mean that
« Reply #5 on: April 12, 2010, 06:35:21 pm »

Coppermine is indeed open source, so you're welcome to modify it in that manner. That's what I said before, so why do you doubt that and put things the other way round. Anyway, it's our decision who we support and what we ask from users. I have told you twice about the need to post a link, which you constantly ignore. Subsequently, you will be ignored from supporters.
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4730
    • Windsurf.me
[Closed]: Re: What's mean that
« Reply #6 on: April 12, 2010, 06:56:22 pm »

I am certain you would have got a better response had you posted a link to your site.

For other users - While we dislike the modifying of files we do understand that for a few specific used this may be the only way. Modifying core files can go to cause all sorts of problems down the line including but not limited to;- potential security risks, making it hard to upgrade, incompatability with plgins and many more. There is now an excellent plugin engine built into coppermine which should be used wherever possible. If you require a new hookpoint that could be useful to others then please ask, we are always open to suggestions.

As this thread is going nowhere I will close it but should the OP wish to post a link then I will change that status.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

MisteryBrother

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: [Closed]: What's mean that
« Reply #7 on: April 13, 2010, 12:11:38 am »

I have fix it
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4730
    • Windsurf.me
Re: [Closed]: What's mean that
« Reply #8 on: April 13, 2010, 12:47:13 am »

WHat a helpful chap you are ::). All you had to do was to post a link to your gallery which I presume is http://bl.bler.be/ , a very odd site
Quote
If you go login, you will see pictures from boys (AGE: 0 < - > 18 )
We are a PRIVATE Boylover picture host, this mean we only accept trusted members. BLER.BE is a private picture host, thats mean BLER.BE is a privilege not a right.

We try to be the most BoyLove Friendly Picture Host as possible.


You are using cpg 1.5.3[RC] but have chosen to remove the copyright footer. As such I chose to no longer provide any support to you and due to your attitude also ban you. Good bye.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: [Closed]: What's mean that
« Reply #9 on: April 14, 2010, 09:58:54 am »

Hm, then our friend "MysteryBrother" is identical to the already banned "tjiepie", which means a lot, as that bloke is really a big jerk. I have merged the ban records for the two accounts.
The description sounds like that site is dealing with child porn or at least child abuse. I wonder wether someone who is familiar with the legal system of Belgium and (most importantly) speaks one of the languages spoken in Belgium could contact the authorities there to check that site. Please volunteer. Sander, could you do that please?
The DNS lookup doesn't give you much details - seems like the domain registrar for the .be TLD doesn't publish the owner details publicly, so only the legal authorities will have access to that information.
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4730
    • Windsurf.me
Re: [Closed]: What's mean that
« Reply #10 on: April 14, 2010, 10:05:28 am »

As part of my job I visit the Ceop team in the UK, I have alread pointed them in the direction of this site as they work with many angecies around the world.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: [Closed]: What's mean that
« Reply #11 on: April 14, 2010, 10:10:56 am »

Great, thanks.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.