Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: silly question  (Read 4422 times)

0 Members and 1 Guest are viewing this topic.

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
silly question
« on: June 10, 2004, 05:46:07 pm »

hi there.
i want to ask why if i "batch upload" pictures to an album, they stay and are linked from albums/albumname directory, but if lately i add a picture to the same album, using "normal" upload, the picture goes to my user folder? it is quite strange to me, 'cause the pictures from the same album can be scattered accros serveral directories. is it the way it intended to be?

to me, it will be better if you can create simple "batch_upload" directory, and during the batch add you move the pictures where they must be.

the album is not in any user's gallery.

wwell edi
Logged

jack

  • VIP
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Posts: 279
Re: silly question
« Reply #1 on: June 10, 2004, 07:18:47 pm »

That is the way it is intended to be - that way any user's uploads can be easily identified on disk, and it makes a lot more sense than moving the file every time it moves between albums ;)
Logged
Please do not contact me for support directly - instead: post on this board!

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: silly question
« Reply #2 on: June 11, 2004, 12:09:27 am »

okay, that's good it really will be faster at least with not too much images per user - to keep all the photos in the users dir - okay.

but maybe cp should put batch uploads in the users directory also, i.e. user USER1 (or ADMIN1) uploads a batch from ./albums/mybatch1 - and it will be fine if the files get moved to the place they will be if uploaded via http, one by one...
else, i got files uploaded by me in two places - one are the directories with the batches (i intend to have more than one for a particular album) and others are in my user's directory, some sporadic uploads. that is what bothers me, in fact. maybe, it really should copy or move the images in the user's directory, so there will not be a difference if you uploaded it with a batch or a series of http uploads.

so, just an silly example. ADMIN2, by accident, overwrites some ADMIN1's files or a whole directory in /albums - say, it puts the files in ./album/mybatch1. or even ADMIN1 can easily do such a thing. that's not good. futuremore, what hapens with an directory, say ./albums/somebatch,  if all the images from that directory get deleted (via the web interface, not command line or something). you get some empty directories?

wwell edi
« Last Edit: June 11, 2004, 12:16:36 am by edi »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: silly question
« Reply #3 on: June 11, 2004, 01:19:58 am »

as Jack said: your idea is not so good (in terms of stability and performance). Anyway, the reason for having an application that manages the pic location in a database is the human doesn't have to know the location - the database "knows" instead. You (as admin) are encouraged to use ftp-upload whenever possible - this should reduce the number of pics uploaded by the admin that end up in the userpics folder to a minimum.

GauGau
Logged

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: silly question
« Reply #4 on: June 26, 2004, 06:06:48 am »

???
gaugau,
there is SOME misunderstanding here.

let me explain what i "have in my dreams":
1st a user uploads some pics in some "import" subdirectory (the cpg does not care aobut this)
2nd the user (if allowed) starts an import. the pictures are prepared for import (the long procedure with the heavy load avg;), and after a prompt the (last part of the) import starts
3th during the import they are placed physically and as database entries the same way as if they are uploaded one-by-one from the http interface.
4th after the import they are treated as the rest of the images, and the way they are uploaded does not matter. the user can move them the same way they move between the albums - w/o physically moving images or whatever. as a side effect this may even make the internal management even more plain, but this does not bother me in this case.

again: i don't want to move them physically when i move them between the albums! i just want to have the imported pictures physically moved ONCE, in the folder of the user which is performing the import, ONLY during the import process. from this point, you should not mention nor 'moving the images when you move between albums' nor 'performance and stability' (the import procedure is heavy enough, so one plain copy will not be much overhead, as percentage). yes, it is stupid to have them moved every time you change album etc, but hey, this is NOT i'm talking about....

the good thing in this dream is that the user can delete the uploaded files afterwards. and the administrator can quite more easily setup the directory permissions/etc to let average users do such imports, w/o having the possibility for the users to mess up with someone other's files or generate missing pictures (they will have access to import dir only, not to the directories where cpg keeps already imported/uploaded pictures).
« Last Edit: June 26, 2004, 06:27:37 am by edi »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: silly question
« Reply #5 on: June 26, 2004, 09:12:52 am »

I don't get the point: a user should never have ftp-access to your site. If he doesn't have ftp-access, he'll have to use some sort of upload script you provide, and you're back to where you were with coppermine's upload machanism. What's the point of this infamous upload directory you're talking about? The user must not, under no circumstances, have direct access to files and folders, be they inside coppermine's albums dir or anywhere else.

GauGau
Logged

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: silly question
« Reply #6 on: July 16, 2004, 10:09:21 am »

gaugau,
whith all my respect, you're talking ... errr.. you are quite wrong, in both ways.

1st, about the ftp. i ... errr... say simply not agree with you 'bout ftp access. there are _users_ and anonymous users. got the difference? and, oh, gaugau, that is avoiding. not an answer.
2nd the REAL FCSKING SITUATION: i want to run a board where users can upload many images at once - it is not up to cpg business how, it may be scp or whatever, there are ways to do it even for anonymous with not servere risk (a couple of tricks and it is more secure than running php4). but hell, there is a problem, and it is cpg related problem. if the user, good, authorised one, upload a picture and then REMOVES it as a file from the system the coppermine has no idea that the file is removed. if you manage the "upload" directory only as a place used ONLY during uploads, this can not happen.

BECAUSE I CAN PROTECT THE CPG'S FILES, AND ALLOW THE CPG AND THE USER TO SEE THE UPLOAD DIRECTORY, BUT ONLY CPG TO SEE THE COMMON DIRECTORIES WHERE THE PICTURES ARE PLACED.

thus, i can allow SEVERAL users to upload, and there will be slight risk of overlapping the files only during the upload process, not afterwards, by accident or whatever.

wwell edi
PS if you are not gonna answer or you've pissed off, tell me. but, pretty please, don't try to incriminate me wanting big structural changes, or try to tell me ...errr.. yes. bullshits such as "a user should never have ftp-access to your site". just tell me that you don't give a shit about my questions. don't try to make me look like a fool. _please_ .
« Last Edit: July 16, 2004, 10:18:17 am by edi »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: silly question
« Reply #7 on: July 16, 2004, 10:36:54 am »

it's not my intention to make you look like a fool, I just want to avoid that other newbie users who casually browse this thread see a copy'n paste solution for every user being capable to batch-add, and without looking into details just grabbing the code and implement it. I wasn't refering to you, I'm sure you know what you're doing, judging from the fact that you already made up your mind on this issue.
Giving non-admin users access to batch-add (which is done using the searchnew.php file) is dead easy: edit searchnew.php, find
Code: [Select]
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);and replace it with a mechanism of your choice that will authenticate the user who is meant to use the tool (or remove the line entirely if you want to). Then just add the batch-add item to the user's menu by editing themes/yourtheme/theme.php. Find
Code: [Select]
// HTML template for user admin menuand add a line that contains reference to searchnew.php, similarly to the gallery admin menu (e.g. add
Code: [Select]
<td class="admin_menu"><a href="searchnew.php" title="">{SEARCHNEW_LNK}</a></td>after
Code: [Select]
<td class="admin_menu"><a href="modifyalb.php" title="">{MODIFYALB_LNK}</a></td>).

Hope you're happy with this...

To all others who are reading this posting: you are not meant to modify your coppermine install with the code mentioned in this thread unless you really, really know what you're doing. Don't complain if your coppermine page gets f*** up when using this hack, you have been warned!

GauGau
Logged

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: silly question
« Reply #8 on: July 20, 2004, 09:29:48 am »

hi again;/

sorry, but that was not my point. as far as i can see you are bypassing the security limitation for the ordinary users to batch add images. if i missed something, and it is not just bypass, please excuse me and do not read below.

i can see a point for the newbies, but all i was complaining about is for some more general change - only in the import part.

the real simpe case wich frustrated me was the following: i've uploaded manually a bunch of images i've wanted to add to my child album.

just to be sure (i've used simply ftp) i've created a user to upload, and pointed his homedir (chrooted by the proftpd) to the directory FROM where cpg was supposed to TAKE images. that was my (and i think it was/is logical) guess - the cpg will make some mumbo-jumbo for this images and afterwards i'll delete them. which i've done. (i will call "import directory" the dir where cpg expects and is pointed to take images FROM)

but, for my suprise, cpg only created some tumbnails/midsize images, using this directory. and, after removal... you can guess what happened. you can guess what will happen if i create again a directory and files with same names.

again, i don't want to mess anything with the move-between-the-albums mechanisms AFTER the batch import.
but, if you get my point, it is really really bad to use the import directory for storing images, i think you can guess 2-3 scenarios, - missing images, replaced ones with others witjout knowledge of doing so, or even changing the picture file with something other, with not picture format and same filename.

and, to the conclusion: all i will be glad to see in cpg batch import is separate directory for the import, used ONLY during the import process.

you can do it one way or another, but it is clear, for me, that any removal or overwrite of the import directory after finishing the import does NOT affect nor the cpg nor the already imported images. i can suggest, of you want, more wishes about this.

i can ask for more, but it is the most important part, for me.

wwell edi
PS and something about if this will be useful: if i want a non-specialist users to upload images - migrating from other gallery or simply dumping 100+ images from their camera, it is nessesary to have this current behaviour changed.
PS/2 sorry for my bad english, and, anyway, thank you for the attention.
« Last Edit: July 20, 2004, 09:40:15 am by edi »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: silly question
« Reply #9 on: July 20, 2004, 09:51:08 am »

OK, I understand what you mean. The ftp-upload simply wasn't meant as an import folder, but a folder where the pics would stay permanently. Although I can see it might be usefull for some users to have this sort of "import" function I doubt the majority of coppermine users would like to have the batch-add changed completely to work like this (might be a drawback for them to have to ftp-upload, batch-add and then again ftp-delete the pics, which would mean an additional step for them). I suggest coding an add-on that will allow to import files that were ftp-uploaded, with all files being moved to the coppermine albums folder instead of "just" creating db entries and thumbnails/intermediates. You could use the code from searchnew.php to code your add-on. Please share your code here if you succeed.

GauGau
Logged

edi

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: silly question
« Reply #10 on: July 20, 2004, 10:20:34 am »

50/50 i will do it. w/o this behaviour, this function acts in some part quite like simple static gallery generator.

btw, deleting the files after sucessful import is not nessesarry manual;).

wwell edi

OK, I understand what you mean. The ftp-upload simply wasn't meant as an import folder, but a folder where the pics would stay permanently. Although I can see it might be usefull for some users to have this sort of "import" function I doubt the majority of coppermine users would like to have the batch-add changed completely to work like this (might be a drawback for them to have to ftp-upload, batch-add and then again ftp-delete the pics, which would mean an additional step for them). I suggest coding an add-on that will allow to import files that were ftp-uploaded, with all files being moved to the coppermine albums folder instead of "just" creating db entries and thumbnails/intermediates. You could use the code from searchnew.php to code your add-on. Please share your code here if you succeed.

GauGau
Logged
Pages: [1]   Go Up
 

Page created in 0.034 seconds with 19 queries.