Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: User Permissions  (Read 4265 times)

0 Members and 1 Guest are viewing this topic.

bigcougar

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
User Permissions
« on: August 05, 2010, 10:04:36 pm »

I could not post in my former topic so I had to create a new one , sorry.

I upgraded the gallery as suggested.

http://troutsalmonchar.com/Gallery/

When I ran the update.php, I was asked for my user name and password, and those were not accepted.
I have no idea how to run the update file from the server.
Logged

Jeff Bailey

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1323
  • Fishing relaxes me.
    • Bailey Family Co.
Re: User Permissions
« Reply #1 on: August 05, 2010, 10:26:32 pm »

looks like you upgraded to 1.5.6?

did you follow these instructions? => http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any

take a look at this => http://documentation.coppermine-gallery.net/en/upgrading.htm#updater_authorization
for your trouble with update.php
Logged
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

bigcougar

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: User Permissions
« Reply #2 on: August 05, 2010, 10:50:59 pm »

looks like you upgraded to 1.5.6?

did you follow these instructions? => http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any

take a look at this => http://documentation.coppermine-gallery.net/en/upgrading.htm#updater_authorization
for your trouble with update.php

Jeff, Thanks for your reply.

That is a lot of stuff to read.  If there is a simple fix, like downloading a particular version and keeping a few files intact, please let me know. Otherwise I will have to see what other galleries are offered by Ipage.com - my website host that still offers the outdated Coppermine gallery.

It is funny how you can start with one problem and end up with 3 more... ;D

Jules
Logged

Jeff Bailey

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1323
  • Fishing relaxes me.
    • Bailey Family Co.
Re: User Permissions
« Reply #3 on: August 05, 2010, 11:12:37 pm »

Whats a lot to read?
Board rules / Forum policies: Read the Documentation

http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any
Quote
The instructions here apply for all Coppermine udpates/upgrades, so please read them carefully.

  • Make a backup (dump) of your database

    Recommended tools for creating a database dump are mySqlDumper or phpMyAdmin - refer to the section Tools recommended by the devs: Database manipulation for details.
    Creating a backup is not mandatory in terms of functionality, but just a precaution in case anything should go wrong. It's advisable to make frequent backups anyway.

  • Backup your include/config.inc.php file, your anycontent.php file and your "albums" directoy as a safety precaution if anything should go wrong.

    Usually, you just download your entire coppermine folder to your local hard drive or any other safe backup location using your FTP app. A fresh Coppermine package doesn't contain a config file anyway (that file has being created during install on your server), so you can't actually replace an existing config file with an empty one from the package; again, the backup is only a safety precaution.

  • Download the most recent stable version existing in the download section of the official Coppermine homepage

    Don't assume that you have the most recent version, especially if you have installed Coppermine using a control panel app provided by your webhost. The coppermine dev team doesn't recommend using such auto-installers - please download the original from the official Coppermine homepage.
    If you're not sure what package to use (i.e. if there are several archive types), choose the zip archive, as Windows XP and better out of the box come with support for zip archives.

  • Unpack the coppermine package you downloaded

    Similar to fresh installs, you need to extract the packed archive into a temporary folder on your local hard drive (preserving the folder structure within the package). Most modern operating systems come with an unarchiver that is capable to extract zip archives.

  • Except for the "albums" directory, upload all of the new files and directories, making sure not to overwrite your anycontent.php file or the albums directory.

    In fact, you could upload the albums folder as well - the one that is contained in the package is empty anyway. The recommendation not to upload this folder is only meant as a pre-caution for some users who have "funny" settings for their FTP apps: some exotic FTP applications delete folders existing on the server and then re-create an empty folder on the server-side. This would of course be a disaster for all existing galleries during the upgrade process, as you would lose all your uploaded files in your gallery. However, the number of FTP apps that is set up in that strange way is small and therefore, it won't hurt for most to upload the albums folder as well. If you're not sure, use one of the FTP clients recommended by the devs.

  • Run the update script

    To run the PHP-file "update.php" (i.e. the update script), just enter the URL into the address bar of your browser. The file "update.php" resides in the coppermine directory, so to run it you will need to point your browser to http://yourdomain.tld/your_coppermine_folder/update.php (if you have installed Coppermine into the root of your web site, you will have to run http://yourdomain.tld/update.php accordingly). This will update your coppermine install by making all necessary changes in the database.

To make this absolutely clear:

there is no such thing as a separate upgrade package - coppermine always comes as a complete package that can be used both for a fresh install as well as an upgrade.


http://documentation.coppermine-gallery.net/en/upgrading.htm#updater_authorization
Quote
Authorization check

In Coppermine versions before cpg1.5.x, the update script used to be publicly accessible, e.g. everybody was able to run it. While this was good for support purposes (supporters were able to run the updater for users looking for help if it was obvious that they had not done so), there was a slight chance that this accessibility for everyone could at some stage be a security risk. That's why the dev team members decided to protect the updater from being run by any visitor who accesses it - starting with cpg1.5x you need to supply admin credentials. This can happen in four different ways:

  • If you're already logged in as admin and run the updater from the link in coppermine's admin menu, the updater should run without further prompts for authentification - it uses the "regular" cookie-driven authentification that the entire coppermine script is using

  • If you're not logged in as admin or if the coppermine core components no longer work without running the updater first (usually happens when upgrading major coppermine versions), you are prompted for credentials - enter the coppermine admin account details that you set up when installing coppermine in the first place

  • If you can not remember your standalone coppermine admin credentials, you can supply your mysql credentials - you needed them when you installed coppermine in the first place. If you have forgotten them, read them up in the file that is used to store the mysql database connection details: download include/config.inc.php from your webserver to your client and then edit it with a plain text editor - you should see the mysql credentials in that file. If they have changed, your webhost should be able to help you retrieving them.

  • If everything else fails, there is a toggle inside the code of the update script that you can use to skip authentification - to switch that toggle, download the update script (update.php) from your webserver to your client, find // define('SKIP_AUTHENTICATION', true); and replace with define('SKIP_AUTHENTICATION', true);. Safe your changes and upload the edited file to your webserver, overwriting the version that already resides on your server. Remember to restore the file as it was after having successfully performed the update.

Logged
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford
Pages: [1]   Go Up
 

Page created in 0.036 seconds with 20 queries.