So Now I try your script
By
>Unpack into your gallery2/lib/support folder<
do you mean to copy password_reset.php into that folder on the host file manager?
and by
>run using "yoursite_dot_com/gallery2/lib/support/password_reset.php" <
do I copy that line (with my site inserted) into the text box in phpMyAdmin ?
Gaynor
Dayo
Joined: 2005-11-04
Posts: 1642
Posted: Wed, 2012-04-04 19:46
1. Copy the file to that location using the file manager or ftp client.
2. Navigate to the path(with your site inserted) using your web browser and follow the on screen instructions.
>
To use the script, do the following:
- Upload the password_reset.php file to the "yoursite_dot_com/gallery_folder/lib/support" folder.
- Navigate to "yoursite_dot_com/gallery_folder/lib/support/password_reset.php" with your web browser and follow the on screen instructions.
<
I'll do that now.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Wed, 2012-04-04 20:13
Well it looked as if it had worked in the onscreen instructions, but it doesn't get me logged in.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Thu, 2012-04-05 10:03
I have just realised that the missing files are probably the difference between my earlier version (I think I had Developer) and the Minimal one we installed.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Thu, 2012-04-05 12:34
Hi Dayo,
One thing that bothers me a bit in the setting up of my Gallery:-
In the Readme file for Gallery 2.3.1, in Preparing to Install/2 Storage, it says :
1. Create a directory for gallery to store photos. This must be writeable by the web server, but for security reasons we suggest that you do not put it in the web root. If you put it in the web root, then anybody can get directly to your images with their web browser which circumvents Gallery 2’s security.
2. Create an empty directory anywhere you please. Gallery will fill this directory with its own files (that you shouldn't mess with). This directory can be anywhere on your filesystem. For security purposes, it's better if the directory is not accessible via your webserver (ie, it should not be in your DocumentRoot). Don't make this the same as your gallery directory!
From my config.php this file is at ‘/hsphere/local/home/gaynormc/galleries_data/g2data_piopionz/'
And the Gallery itself is at /home/piopionz.com/gallery2/
Is that satisfactory? or is it an insecure situation. I did have problems with a hacker a while back, and have not yet been able to edit the hacks out of someonf my multitude of files in piopionz.com. Someone at the time suggested it could have been a security hole in my Gallery.
I argued with my son about it when he was setting the gallery up, but obviously I lost that argument.
Gaynor
Dayo
Joined: 2005-11-04
Posts: 1642
Posted: Thu, 2012-04-05 21:38
Hi,
The chances of anyone hacking your site through G2 are extremely slim. When the G2 installer talks about "security", it is using a slightly misleading phrase. It is mainly referring to unauthorised access to your pictures and not a "web security" or "someone will hack/takeover your site" sense - someone viewing or downloading an image, authorised or unauthorised, does not compromise the integrity of your site.
Note that the warnings about issues with web accessible g2data folders were a bit OTT (even in terms of people accessing pictures) since there are ways to block access and it is not necessarily a problem if they could. Gallery v2.3.0 and v2.3.1 (at least) implement access blocks and I believe the G3 equivalent folder is under the web root by default. Basically, even the devs also develop their skills and knowledge over time. In any case, your g2data folder is outside your web root.
Also bear in mind that the most common hack vectors are poor 3rd plugins on CMS applications or from insecure script files sitting around on the server. Given your running out of webspace issue, I'll bet there are perhaps all sorts of old unused scripts sitting around on the site. These are your real security risks ... in a real "someone will hack/takeover your site" sense. Try to follow a "If you are not using it, delete it" approach.
Regarding the password change, There was a bug in my script which is fixed and attached to the original post that had Version 1.
Delete the copy of password_reset.php you have, upload the updated password_reset.txt file, change the ".txt" part of the file name so that it becomes "password_reset.php" and follow the same steps as you did before to use the script.
Thanks Dayo,
I have a full day of Church events today, being Good Friday.
So I probably won't get to this again till tonight. (it is now early afternoon)
While "doing nothing" yesterday, I decided to try to install a brand new G2.3.1 on another sub.domain (Waitomo.come2see.co.nz)and unfortunately uploaded the Gallery folder to the site before thinking about the installer feature.
I am working through the Readme file and have not gone beyond repair. Got to that storage bit, and decided to wait for your reply before placing the data file which is "g2data_wc2c" into
'/hsphere/local/home/gaynormc/galleries_data/g2data_wc2c/'
I think I'll need your guidance in this next step at least - ie settings for the database, before I save it.
Does it make sense for me to give the admin the same password as the admin of the upgraded gallery we've been working on? or should I make it unique?
At one stage I did know more about working in MYSQL but have forgotten most of it, and one mistake could / would ruin the whole thing.
I also worked comfortably in snv at one stage - I was helping the guy working on Google Maps Module.
Again that has all gone from my head.
I'd quite like to get back to doing it,and once I have these galleries updated and my sites all cleaned up and updated I'll be able to get back to map work.
Must go back to the Church. Probably be away from computer for 8 hours.
Thanks for the 'heads-up' Dayo. I have fixed it now. I had sent that message without checking it as I was in a hurry to go to the service.
I have repeated the script process and it got me into the admin user of the Gallery,
I got into the Gallery Site Admin page and was able to set passwords for the useful user names, and remove the others - including one I have no idea who it was.
I cannot see any way of checking or setting permissions for the various users,
and when I checked one that was not the admin, it opens to the account page and I had to work out to click the link to the galleries. Below that tabs bar, it just had 'Welcome Gaynor', and two links, 'to its own account settings, and "change Password"
Then I tested them in another browser and no logins work. The repeat attempts get the line asking me to type in the letters in the picture, but don't give any picture of letters.
While in Site Admin, I remembered that broken thumbs used to be fixed by changing the Graphics thing and there are only two mentioned in the Left column. So I checked Plugins in the left column, and got a blank page.
I checked the themes page, and it is working. I didn't mess with any of the themes shown as I know that is a long process, but I clicked the link in the text to add Plugins and got a blank page again.
I did find a page in site admin to do with settings, and a line in it about showing thumbnails, with a "Run Now" so I am running it. It has quite a long way to go as the gallery is huge
This is crazy ! In one browser (Opera) I can get Piopionz.com but when I click the Gallery tab, I just get a page with only the background image on it, not even any text, header, etc.
All it has is the toolbars, and the one starting with home, index, contents - all tabs are inactive.
The getting the logins to work is going to be important. I am wondering if perhaps that also has not been activated. I'll have to wait till the thumbnails thing has completed to investigate that.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Sat, 2012-04-07 02:06
In Internet Explorer, when I click the Login tab, I get the login page. (All good so far)
When I enter correct information for a user or admin,it returns to the original page with the tab saying "login" and no user tabs such as ability to add images.
If I enter incorrect information it tells me I have entered incorrect information and offers the password recover link.
Gaynor
Dayo
Joined: 2005-11-04
Posts: 1642
Posted: Sat, 2012-04-07 03:12
Hi.
I think that since you have been able to upgrade your installation and log into the site (at least once), it will be best to consider your specific question on this post answered and that you consider follow on issues as separate issues.
In that case, try to search for answers to similar issues on the site (or on Google) and if you can't find any, create a new thread accordingly to widen the pool of potential reponders.
On your last query however, the likely answer is that you are seeing the effects of browser caching and you should force refresh after you log in.
Thanks for all your help and patience with me.
Yes I can now log in or out with Firefox and with Chrome. (And Opera once I have got to the Gallery page - The nav bar links in Opera don't work. I had to go to source, copy the gallery URL and paste it into the address bar - but this is not a Gallery problem)
Re the Internet Explorer, I have forced refresh several times and get the same results as above every time.
It clearly makes a difference between attempting to login with correct bonafide user details, and attempting with incorrect details, but when it has logged the user in, it does not redirect to the logged in page.
I guess this should go to a new thread.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Sat, 2012-04-07 08:50
Hi Dayo,
I have done as you advised re admin user, and will now start a new thread for the IE problem etc.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Sat, 2012-04-07 09:39
How do I close this thread?
I can't find instructions in a search of FAQ etc.
Gaynor
gaynormcc
Joined: 2003-09-05
Posts: 426
Posted: Sat, 2012-04-07 12:42
Hi Dayo,
I am trying to find all the information to put in the bottom section of the new thread
In the part asking for phpinfo link I have followed the FAQ etc and it gets to
>If there is a warning for missing or modified files in the installer or upgrader, you should take it seriously. Neither the install or upgrade process nor G2 as an application can work correctly with missing or modified files. Upload the modified / missing files again to your server until the warnings disappear. <
At that point in the upgrade I got told
Output buffering disabled Warning
Warning: Output buffering is enabled in your PHP by theoutput_buffering parameter(s) in php.ini. Gallery can function with this setting - downloading files is even faster - but Gallery might be unable to serve large files (e.g. large videos) and run into the memory limit. Also, some features like the progress bars might not work correctly if output buffering is enabled unless ini_set() is allowed.
Looking through that list (attached) I see that CAPTCHA is on it as are a lot of the themes that are not needed or not consistent with the new version of Gallery.
Others missing probably cause the other problems.
One thing that comes to my mind as probably needing to be dealt with first is getting the SiteAdmin/Plugins working as a lot of the rest, including CAPTCHA should be able to be fixed through Plugins.
In the SiteAdmin/Maintenance, I have been running the Rebuild Thumbnails one and it stops at 495 out of over 3000 images
It has a lot of information after that which I don't understand.
etc etc
I am wondering if a lot of this is because we did the minimal upgrade on the Gallery that was the Dev version.
What should I do about this?
Should I make a new Forum Thread about this? - but I can't get the phpinfo link required in the System Info for starting a new forum.
Should I perhaps upgrade to the Dev version over the top of the current one?
And if so am I going to run into the 'problems of understanding' that I have had all through this.
Or should I Set up a new gallery for this website and then build it from the current one, cleaning out all the junk and incompatibles as I go?
If this option, Which version? My interests as far as development is concerned are Maps, themes, Image Frames, Colorpacks etc.
My head is too old for too much else new in coding etc.
OR should I just clean out the junk from the current gallery first, then come back to this other? If nothing else that would greatly reduce the 3666 images.
Gaynor
suprsidr
Joined: 2005-04-17
Posts: 8339
Posted: Sat, 2012-04-07 13:25
@gaynormcc, please start a new forum thread with this new question as it is not related to the original question.
Just copy and paste this question into a new thread and I will help you from there.
Posts: 1642
I see. Go on to the end of the installation process and then go to the gallery page and try the password recovery steps.
--
dakanji.com
Posts: 426
OK I have found your script.
What do I do with it?
Gaynor
Posts: 1642
The password in the config.php is not necessarily the same as the admin password (and usually should not be anyway).
run the following in phpMyAdmin ...
... and try the password recovery again.
If it doesn't work, scroll above and try the posted script. Instructions were posted earlier.
--
dakanji.com
Posts: 426
It says "TRUNCATE `g2_RecoverPasswordMap`;
doesn't exist."
Should that be TRUNCATE `g2ppnz_RecoverPasswordMap`;
Gaynor
Posts: 1642
Yes it should
--
dakanji.com
Posts: 426
This resulted in
>
TRUNCATE `g2ppnz_RecoverPasswordMap`;# MySQL returned an empty result set (i.e. zero rows).
TRUNCATE `g2ppnz_SessionMap`;# MySQL returned an empty result set (i.e. zero rows).
UPDATE g2ppnz_PluginMap SET gppnz_active=0 WHERE gppnz_pluginId='captcha';# 1 row affected.
<
So now you want me to try the recovery again.
Gaynor
Posts: 1642
Yes. Try that and if doesn't work, try the script. I posted the instructions for that earlier.
I'll have a look back at things later.
--
dakanji.com
Posts: 426
That again said the letters were incorrect
So Now I try your script
By
>Unpack into your gallery2/lib/support folder<
do you mean to copy password_reset.php into that folder on the host file manager?
and by
>run using "yoursite_dot_com/gallery2/lib/support/password_reset.php" <
do I copy that line (with my site inserted) into the text box in phpMyAdmin ?
Gaynor
Posts: 1642
1. Copy the file to that location using the file manager or ftp client.
2. Navigate to the path(with your site inserted) using your web browser and follow the on screen instructions.
I need to run now. Will check in later.
Good luck.
--
dakanji.com
Posts: 426
Ah I have found clearer instructions.
>
To use the script, do the following:
- Upload the password_reset.php file to the "yoursite_dot_com/gallery_folder/lib/support" folder.
- Navigate to "yoursite_dot_com/gallery_folder/lib/support/password_reset.php" with your web browser and follow the on screen instructions.
<
I'll do that now.
Gaynor
Posts: 426
Well it looked as if it had worked in the onscreen instructions, but it doesn't get me logged in.
Gaynor
Posts: 426
I have just realised that the missing files are probably the difference between my earlier version (I think I had Developer) and the Minimal one we installed.
Gaynor
Posts: 426
Hi Dayo,
One thing that bothers me a bit in the setting up of my Gallery:-
In the Readme file for Gallery 2.3.1, in Preparing to Install/2 Storage, it says :
1. Create a directory for gallery to store photos. This must be writeable by the web server, but for security reasons we suggest that you do not put it in the web root. If you put it in the web root, then anybody can get directly to your images with their web browser which circumvents Gallery 2’s security.
2. Create an empty directory anywhere you please. Gallery will fill this directory with its own files (that you shouldn't mess with). This directory can be anywhere on your filesystem. For security purposes, it's better if the directory is not accessible via your webserver (ie, it should not be in your DocumentRoot). Don't make this the same as your gallery directory!
From my config.php this file is at ‘/hsphere/local/home/gaynormc/galleries_data/g2data_piopionz/'
And the Gallery itself is at /home/piopionz.com/gallery2/
Is that satisfactory? or is it an insecure situation. I did have problems with a hacker a while back, and have not yet been able to edit the hacks out of someonf my multitude of files in piopionz.com. Someone at the time suggested it could have been a security hole in my Gallery.
I argued with my son about it when he was setting the gallery up, but obviously I lost that argument.
Gaynor
Posts: 1642
Hi,
The chances of anyone hacking your site through G2 are extremely slim. When the G2 installer talks about "security", it is using a slightly misleading phrase. It is mainly referring to unauthorised access to your pictures and not a "web security" or "someone will hack/takeover your site" sense - someone viewing or downloading an image, authorised or unauthorised, does not compromise the integrity of your site.
Note that the warnings about issues with web accessible g2data folders were a bit OTT (even in terms of people accessing pictures) since there are ways to block access and it is not necessarily a problem if they could. Gallery v2.3.0 and v2.3.1 (at least) implement access blocks and I believe the G3 equivalent folder is under the web root by default. Basically, even the devs also develop their skills and knowledge over time. In any case, your g2data folder is outside your web root.
Also bear in mind that the most common hack vectors are poor 3rd plugins on CMS applications or from insecure script files sitting around on the server. Given your running out of webspace issue, I'll bet there are perhaps all sorts of old unused scripts sitting around on the site. These are your real security risks ... in a real "someone will hack/takeover your site" sense. Try to follow a "If you are not using it, delete it" approach.
--
dakanji.com
Posts: 1642
Regarding the password change, There was a bug in my script which is fixed and attached to the original post that had Version 1.
Delete the copy of password_reset.php you have, upload the updated password_reset.txt file, change the ".txt" part of the file name so that it becomes "password_reset.php" and follow the same steps as you did before to use the script.
--
dakanji.com
Posts: 426
Thanks Dayo,
I have a full day of Church events today, being Good Friday.
So I probably won't get to this again till tonight. (it is now early afternoon)
While "doing nothing" yesterday, I decided to try to install a brand new G2.3.1 on another sub.domain (Waitomo.come2see.co.nz)and unfortunately uploaded the Gallery folder to the site before thinking about the installer feature.
I am working through the Readme file and have not gone beyond repair. Got to that storage bit, and decided to wait for your reply before placing the data file which is "g2data_wc2c" into
'/hsphere/local/home/gaynormc/galleries_data/g2data_wc2c/'
I think I'll need your guidance in this next step at least - ie settings for the database, before I save it.
Does it make sense for me to give the admin the same password as the admin of the upgraded gallery we've been working on? or should I make it unique?
At one stage I did know more about working in MYSQL but have forgotten most of it, and one mistake could / would ruin the whole thing.
I also worked comfortably in snv at one stage - I was helping the guy working on Google Maps Module.
Again that has all gone from my head.
I'd quite like to get back to doing it,and once I have these galleries updated and my sites all cleaned up and updated I'll be able to get back to map work.
Must go back to the Church. Probably be away from computer for 8 hours.
Then will see if the new pw thing works. Thanks
Gaynor
Posts: 426
Hi Dayo,
Sad news - when I uploaded the new script, opened http://www.piopionz.com/gallery2/lib/support/password_reset.php in my browser, the page opens but was comes
up but is completely empty. - a blank page.
Gaynor
Posts: 1642
Delete the version you have and download it from the post afresh and go through the process again.
I just confirmed it works on my server.
If you open the file itself, it should read
$script_version = "4";
near the top.On your other query, it is always more secure to use unique passwords.
I'll also suggest editing the post to delete the your admin username.
Going off to a BBQ. I might be a while.
--
dakanji.com
Posts: 426
Thanks for the 'heads-up' Dayo. I have fixed it now. I had sent that message without checking it as I was in a hurry to go to the service.
I have repeated the script process and it got me into the admin user of the Gallery,
I got into the Gallery Site Admin page and was able to set passwords for the useful user names, and remove the others - including one I have no idea who it was.
I cannot see any way of checking or setting permissions for the various users,
and when I checked one that was not the admin, it opens to the account page and I had to work out to click the link to the galleries. Below that tabs bar, it just had 'Welcome Gaynor', and two links, 'to its own account settings, and "change Password"
Then I tested them in another browser and no logins work. The repeat attempts get the line asking me to type in the letters in the picture, but don't give any picture of letters.
While in Site Admin, I remembered that broken thumbs used to be fixed by changing the Graphics thing and there are only two mentioned in the Left column. So I checked Plugins in the left column, and got a blank page.
I checked the themes page, and it is working. I didn't mess with any of the themes shown as I know that is a long process, but I clicked the link in the text to add Plugins and got a blank page again.
I did find a page in site admin to do with settings, and a line in it about showing thumbnails, with a "Run Now" so I am running it. It has quite a long way to go as the gallery is huge
This is crazy ! In one browser (Opera) I can get Piopionz.com but when I click the Gallery tab, I just get a page with only the background image on it, not even any text, header, etc.
All it has is the toolbars, and the one starting with home, index, contents - all tabs are inactive.
The getting the logins to work is going to be important. I am wondering if perhaps that also has not been activated. I'll have to wait till the thumbnails thing has completed to investigate that.
Gaynor
Posts: 426
In Internet Explorer, when I click the Login tab, I get the login page. (All good so far)
When I enter correct information for a user or admin,it returns to the original page with the tab saying "login" and no user tabs such as ability to add images.
If I enter incorrect information it tells me I have entered incorrect information and offers the password recover link.
Gaynor
Posts: 1642
Hi.
I think that since you have been able to upgrade your installation and log into the site (at least once), it will be best to consider your specific question on this post answered and that you consider follow on issues as separate issues.
In that case, try to search for answers to similar issues on the site (or on Google) and if you can't find any, create a new thread accordingly to widen the pool of potential reponders.
On your last query however, the likely answer is that you are seeing the effects of browser caching and you should force refresh after you log in.
--
dakanji.com
Posts: 426
Thanks for all your help and patience with me.
Yes I can now log in or out with Firefox and with Chrome. (And Opera once I have got to the Gallery page - The nav bar links in Opera don't work. I had to go to source, copy the gallery URL and paste it into the address bar - but this is not a Gallery problem)
Re the Internet Explorer, I have forced refresh several times and get the same results as above every time.
It clearly makes a difference between attempting to login with correct bonafide user details, and attempting with incorrect details, but when it has logged the user in, it does not redirect to the logged in page.
I guess this should go to a new thread.
Gaynor
Posts: 426
Hi Dayo,
I have done as you advised re admin user, and will now start a new thread for the IE problem etc.
Gaynor
Posts: 426
How do I close this thread?
I can't find instructions in a search of FAQ etc.
Gaynor
Posts: 426
Hi Dayo,
I am trying to find all the information to put in the bottom section of the new thread
In the part asking for phpinfo link I have followed the FAQ etc and it gets to
>If there is a warning for missing or modified files in the installer or upgrader, you should take it seriously. Neither the install or upgrade process nor G2 as an application can work correctly with missing or modified files. Upload the modified / missing files again to your server until the warnings disappear. <
At that point in the upgrade I got told
Output buffering disabled Warning
Warning: Output buffering is enabled in your PHP by theoutput_buffering parameter(s) in php.ini. Gallery can function with this setting - downloading files is even faster - but Gallery might be unable to serve large files (e.g. large videos) and run into the memory limit. Also, some features like the progress bars might not work correctly if output buffering is enabled unless ini_set() is allowed.
Gallery file integrity Warning
+ Missing files (68)
+ Modified files (11)
Looking through that list (attached) I see that CAPTCHA is on it as are a lot of the themes that are not needed or not consistent with the new version of Gallery.
Others missing probably cause the other problems.
One thing that comes to my mind as probably needing to be dealt with first is getting the SiteAdmin/Plugins working as a lot of the rest, including CAPTCHA should be able to be fixed through Plugins.
In the SiteAdmin/Maintenance, I have been running the Rebuild Thumbnails one and it stops at 495 out of over 3000 images
It has a lot of information after that which I don't understand.
etc etc
I am wondering if a lot of this is because we did the minimal upgrade on the Gallery that was the Dev version.
What should I do about this?
Should I make a new Forum Thread about this? - but I can't get the phpinfo link required in the System Info for starting a new forum.
Should I perhaps upgrade to the Dev version over the top of the current one?
And if so am I going to run into the 'problems of understanding' that I have had all through this.
Or should I Set up a new gallery for this website and then build it from the current one, cleaning out all the junk and incompatibles as I go?
If this option, Which version? My interests as far as development is concerned are Maps, themes, Image Frames, Colorpacks etc.
My head is too old for too much else new in coding etc.
OR should I just clean out the junk from the current gallery first, then come back to this other? If nothing else that would greatly reduce the 3666 images.
Gaynor
Posts: 8339
@gaynormcc, please start a new forum thread with this new question as it is not related to the original question.
Just copy and paste this question into a new thread and I will help you from there.
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2
Posts: 426
Thanks Suprsidr,
New Thread is http://gallery.menalto.com/node/105972
I don't know how to close this thread.
I thought there was a way to rename a thread to add "Closed" but can't see how.
Gaynor
Posts: 8339
Comments are now locked for this topic.