disable viewers ability to alter preferences in that album
newtothis
Joined: 2002-09-17
Posts: 13
Posted: Sun, 2002-10-06 17:43
Hi,
I want to allow users to login and see a single album...but dont want them to
be able to alter the signon and passwords through the preferences.
Is there a way to disable that for the individual users?
Thanks
Richard
It is not possible for users to change their username, however they can change their password. My solution to this was looking up the username files in albums/.users and removing the write permissions for the webserver. This way users will get an error when they try to change their password or any other information connected to the username.
newtothis
Joined: 2002-09-17
Posts: 13
Posted: Tue, 2002-10-08 00:47
I understand the theory...could you be specific about any code changes or
edits required as I am a php novice.
Sounds like it will solve my problem.
Thanks.
Richard
BorgKing
Joined: 2002-09-12
Posts: 314
Posted: Tue, 2002-10-08 07:47
There's no PHP editing involved here. Just do the following:
<LI>Make a change to the username you want to protect<LI>Browse to /albums/.users with FTP<LI>Sort files by date<LI>CHMOD 444 the 3 most recent files (note: their filenames should be identical, one without extension, one with .bak and one with .lock
[/]
newtothis
Joined: 2002-09-17
Posts: 13
Posted: Tue, 2002-10-08 22:43
I found the 3 files in the albums folder..and changed them to 444...this did not stop the
change of password at the preferences link.
perhaps i changed the wrong files?
i found the 3 files with those extensions in the subfolders as well.
could you be more specific.
thanks
Richard
BorgKing
Joined: 2002-09-12
Posts: 314
Posted: Wed, 2002-10-09 09:54
I just tested it on my own site and it seems it is possible to change the password, but in fact it's not. It's not possible to login with the new password, only with the old one :wink:
So the only problem with this approach is that people (who are not allowed to change the password) think they can change the password and they don't get an error when they do so. But in the end, they can only login with the original password. Works perfectly for me...
Gaile
Joined: 2002-07-20
Posts: 1301
Posted: Wed, 2002-10-09 19:36
Hi
Since I'm curious about this as well - it's the userdb.dat files you are changing permissions on in the users folder, am I right?
Thanks!
newtothis
Joined: 2002-09-17
Posts: 13
Posted: Thu, 2002-10-10 02:39
I also am confused as to which files to change.
Thanks
Richard
m0f
Joined: 2002-10-10
Posts: 1
Posted: Thu, 2002-10-10 02:58
Hey everybody, I just did this today, as I'm trying to integrate with my the rest of my site.
Here's what I did to get rid of the preferences menu altogether
Open albums.php
Comment out the following lines :
if ($gallery->user->isLoggedIn()) {
if ($gallery->userDB->canModifyUser()) {
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
}
Like this :
if ($gallery->user->isLoggedIn()) {
# if ($gallery->userDB->canModifyUser()) {
# $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
# }
Hope this helps
dsm
BorgKing
Joined: 2002-09-12
Posts: 314
Posted: Thu, 2002-10-10 11:26
I guess this is another way to do it, but it disables the preferences for all the users. If you want to disable changing preferences for only 1 (or more) users, you have to lookup that username in the albums/.users dir. They look like this: 1040309610_1754202938 and these numbers with .bak and .lock.
Gaile
Joined: 2002-07-20
Posts: 1301
Posted: Thu, 2002-10-10 16:22
BorgKing
For some reason I can't chmod those files (MESSAGE: Operation not permitted !Chmod failed. It may not be permitted on remote site.), and yet I've had no problem with chmod commands and Gallery before this. The user folder is hidden by default (I have to force ws_ftp to show it), I am wondering if hidden files react differently?
This is not a priority for me, but I'd like to know why I can't get it to work, especially when it wasn't a problem for you, and I am assuming - others who have perhaps tried this and succeeded.
Thanks for any insight you might have.
newtothis
Joined: 2002-09-17
Posts: 13
Posted: Fri, 2002-10-11 03:35
I made the changes to albums.php
and commented out the lines suggested by dsm,
and all users are now disabled from preferences.
This is exactly what I wanted to do!
Thanks to all the posters and dsm especially!
Richard
By the way..how does one view the hidden files using ws_ftp?
Gaile
Joined: 2002-07-20
Posts: 1301
Posted: Fri, 2002-10-11 06:34
Type -la into the blank box on the right (under MkDir), and hit enter. Any hidden files will show up.
:smile:
psuter
Joined: 2002-11-27
Posts: 7
Posted: Sun, 2002-12-01 22:11
Hi
i've just installed Gallery some days ago and i really like it.. so i startet with my first mods on the script (actually on gallery 1.3.2) as i saw your thread i realized the problem and here is my (easy to use) solution to it.
first open your albums.php file and find the following line:
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a>&nbsp;';
in an unchanged script this would be line 128.
now replace the line above it which looks like this:
if ($gallery->userDB->canModifyUser()) {
with this:
$generalUsers=file("general_users.txt");
if ($gallery->userDB->canModifyUser() && !array_search($gallery->user->getUsername(),$generalUsers)) {
then save and close your albums.php file
now creat a new text file named "general_users.txt" in your gallerie's root directory (where albums.php is too) and write down the list of users you want not to edit their pereferencies. use a new line for each user and do not put any spaces or any other letters behind or before the username. it is essential that there is only one single user name and nothing else on every line! otherwise it won't work.
after you have done all this, none of the users in your general_users.txt file should see the pereferences link anymore.. whereas others will still be able to see the link.
so this will probably do the job for most of you.
BUT. if you had a nasty little hacker on your page who knew you where using Gallery he could still enter user_preferences.php behind your Gallery's url and edit his user's details. so if you want to protect your gallery from even these users you have to do a little mod to the user_preferences.php script:
open your user_preferences.php file and find the following lines:
if (!$gallery->user->isLoggedIn()) {
exit;
}
in an unchanged script these would be lines 32 to 34.
after the "}" insert a new line and then add the following lines:
$generalUsers=file("general_users.txt");
if (array_search($gallery->user->getUsername(),$generalUsers)) {
exit;
}
CAUTION: DO NOT replace anything.. just add these lines!
after this is done, save your file and try to open your gallery, login as a user from your general_users.txt file and then see if you still see the link.. you should not..
if you don't see the link anymore, replace whatever there is behind your gallerie's root directory with "user_preferences.php" and you should see a blank page, instead of the whole preferences dialog..
if this is all ture, you've done it right.. if it doesn't work.. please read more careful :wink:
hope i could help somebody
greetings from switzerland
pascal
psuter
Joined: 2002-11-27
Posts: 7
Posted: Sun, 2002-12-08 13:18
sorry.. i've found an error in my mod above ..
it only works with the last username in the general_users.txt file..
to make it work correctly add the following to the top of every file you had to modify before.. :
<?php
function array_find($needle, $haystack)
{
for($i = 0; $i < count($haystack); $i++)
{
if (strstr($haystack[$i],$needle))
return $haystack[$i];
}
return false;
}
?>
after this replace array_search with array_find in all the mods you've made (i mean in the ones proposed by me of course)
Posts: 314
It is not possible for users to change their username, however they can change their password. My solution to this was looking up the username files in albums/.users and removing the write permissions for the webserver. This way users will get an error when they try to change their password or any other information connected to the username.
Posts: 13
I understand the theory...could you be specific about any code changes or
edits required as I am a php novice.
Sounds like it will solve my problem.
Thanks.
Richard
Posts: 314
There's no PHP editing involved here. Just do the following:
<LI>Make a change to the username you want to protect<LI>Browse to /albums/.users with FTP<LI>Sort files by date<LI>CHMOD 444 the 3 most recent files (note: their filenames should be identical, one without extension, one with .bak and one with .lock
[/]
Posts: 13
I found the 3 files in the albums folder..and changed them to 444...this did not stop the
change of password at the preferences link.
perhaps i changed the wrong files?
i found the 3 files with those extensions in the subfolders as well.
could you be more specific.
thanks
Richard
Posts: 314
I just tested it on my own site and it seems it is possible to change the password, but in fact it's not. It's not possible to login with the new password, only with the old one :wink:
So the only problem with this approach is that people (who are not allowed to change the password) think they can change the password and they don't get an error when they do so. But in the end, they can only login with the original password. Works perfectly for me...
Posts: 1301
Hi
Since I'm curious about this as well - it's the userdb.dat files you are changing permissions on in the users folder, am I right?
Thanks!
Posts: 13
I also am confused as to which files to change.
Thanks
Richard
Posts: 1
Hey everybody, I just did this today, as I'm trying to integrate with my the rest of my site.
Here's what I did to get rid of the preferences menu altogether
Open albums.php
Comment out the following lines :
if ($gallery->user->isLoggedIn()) {
if ($gallery->userDB->canModifyUser()) {
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
}
Like this :
if ($gallery->user->isLoggedIn()) {
# if ($gallery->userDB->canModifyUser()) {
# $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
# }
Hope this helps
dsm
Posts: 314
I guess this is another way to do it, but it disables the preferences for all the users. If you want to disable changing preferences for only 1 (or more) users, you have to lookup that username in the albums/.users dir. They look like this: 1040309610_1754202938 and these numbers with .bak and .lock.
Posts: 1301
BorgKing
For some reason I can't chmod those files (MESSAGE: Operation not permitted !Chmod failed. It may not be permitted on remote site.), and yet I've had no problem with chmod commands and Gallery before this. The user folder is hidden by default (I have to force ws_ftp to show it), I am wondering if hidden files react differently?
This is not a priority for me, but I'd like to know why I can't get it to work, especially when it wasn't a problem for you, and I am assuming - others who have perhaps tried this and succeeded.
Thanks for any insight you might have.
Posts: 13
I made the changes to albums.php
and commented out the lines suggested by dsm,
and all users are now disabled from preferences.
This is exactly what I wanted to do!
Thanks to all the posters and dsm especially!
Richard
By the way..how does one view the hidden files using ws_ftp?
Posts: 1301
Type -la into the blank box on the right (under MkDir), and hit enter. Any hidden files will show up.
:smile:
Posts: 7
Hi
i've just installed Gallery some days ago and i really like it.. so i startet with my first mods on the script (actually on gallery 1.3.2) as i saw your thread i realized the problem and here is my (easy to use) solution to it.
first open your albums.php file and find the following line:
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a>&nbsp;';
in an unchanged script this would be line 128.
now replace the line above it which looks like this:
if ($gallery->userDB->canModifyUser()) {
with this:
$generalUsers=file("general_users.txt");
if ($gallery->userDB->canModifyUser() && !array_search($gallery->user->getUsername(),$generalUsers)) {
then save and close your albums.php file
now creat a new text file named "general_users.txt" in your gallerie's root directory (where albums.php is too) and write down the list of users you want not to edit their pereferencies. use a new line for each user and do not put any spaces or any other letters behind or before the username. it is essential that there is only one single user name and nothing else on every line! otherwise it won't work.
after you have done all this, none of the users in your general_users.txt file should see the pereferences link anymore.. whereas others will still be able to see the link.
so this will probably do the job for most of you.
BUT. if you had a nasty little hacker on your page who knew you where using Gallery he could still enter user_preferences.php behind your Gallery's url and edit his user's details. so if you want to protect your gallery from even these users you have to do a little mod to the user_preferences.php script:
open your user_preferences.php file and find the following lines:
if (!$gallery->user->isLoggedIn()) {
exit;
}
in an unchanged script these would be lines 32 to 34.
after the "}" insert a new line and then add the following lines:
$generalUsers=file("general_users.txt");
if (array_search($gallery->user->getUsername(),$generalUsers)) {
exit;
}
CAUTION: DO NOT replace anything.. just add these lines!
after this is done, save your file and try to open your gallery, login as a user from your general_users.txt file and then see if you still see the link.. you should not..
if you don't see the link anymore, replace whatever there is behind your gallerie's root directory with "user_preferences.php" and you should see a blank page, instead of the whole preferences dialog..
if this is all ture, you've done it right.. if it doesn't work.. please read more careful :wink:
hope i could help somebody
greetings from switzerland
pascal
Posts: 7
sorry.. i've found an error in my mod above ..
it only works with the last username in the general_users.txt file..
to make it work correctly add the following to the top of every file you had to modify before.. :
<?php
function array_find($needle, $haystack)
{
for($i = 0; $i < count($haystack); $i++)
{
if (strstr($haystack[$i],$needle))
return $haystack[$i];
}
return false;
}
?>
after this replace array_search with array_find in all the mods you've made (i mean in the ones proposed by me of course)
now it should work..
Posts: 1
Nicely done. thanks for solving a problem for me.