disable viewers ability to alter preferences in that album

newtothis

Joined: 2002-09-17
Posts: 13

Posted: Sun, 2002-10-06 17:43

Hi,
I want to allow users to login and see a single album...but dont want them to
be able to alter the signon and passwords through the preferences.
Is there a way to disable that for the individual users?
Thanks
Richard

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Mon, 2002-10-07 13:33

It is not possible for users to change their username, however they can change their password. My solution to this was looking up the username files in albums/.users and removing the write permissions for the webserver. This way users will get an error when they try to change their password or any other information connected to the username.

newtothis

Joined: 2002-09-17
Posts: 13

Posted: Tue, 2002-10-08 00:47

I understand the theory...could you be specific about any code changes or
edits required as I am a php novice.

Sounds like it will solve my problem.

Thanks.
Richard

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Tue, 2002-10-08 07:47

There's no PHP editing involved here. Just do the following:

<LI>Make a change to the username you want to protect<LI>Browse to /albums/.users with FTP<LI>Sort files by date<LI>CHMOD 444 the 3 most recent files (note: their filenames should be identical, one without extension, one with .bak and one with .lock

[/]

newtothis

Joined: 2002-09-17
Posts: 13

Posted: Tue, 2002-10-08 22:43

I found the 3 files in the albums folder..and changed them to 444...this did not stop the
change of password at the preferences link.

perhaps i changed the wrong files?

i found the 3 files with those extensions in the subfolders as well.

could you be more specific.

thanks
Richard

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Wed, 2002-10-09 09:54

I just tested it on my own site and it seems it is possible to change the password, but in fact it's not. It's not possible to login with the new password, only with the old one :wink:

So the only problem with this approach is that people (who are not allowed to change the password) think they can change the password and they don't get an error when they do so. But in the end, they can only login with the original password. Works perfectly for me...

Gaile

Joined: 2002-07-20
Posts: 1301

Posted: Wed, 2002-10-09 19:36

Hi

Since I'm curious about this as well - it's the userdb.dat files you are changing permissions on in the users folder, am I right?

Thanks!

newtothis

Joined: 2002-09-17
Posts: 13

Posted: Thu, 2002-10-10 02:39

I also am confused as to which files to change.

Thanks
Richard

m0f

Joined: 2002-10-10
Posts: 1

Posted: Thu, 2002-10-10 02:58

Hey everybody, I just did this today, as I'm trying to integrate with my the rest of my site.

Here's what I did to get rid of the preferences menu altogether

Open albums.php

Comment out the following lines :

if ($gallery->user->isLoggedIn()) {
if ($gallery->userDB->canModifyUser()) {
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
}

Like this :

if ($gallery->user->isLoggedIn()) {
# if ($gallery->userDB->canModifyUser()) {
# $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> ';
# }

Hope this helps

dsm

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Thu, 2002-10-10 11:26

I guess this is another way to do it, but it disables the preferences for all the users. If you want to disable changing preferences for only 1 (or more) users, you have to lookup that username in the albums/.users dir. They look like this: 1040309610_1754202938 and these numbers with .bak and .lock.

Gaile

Joined: 2002-07-20
Posts: 1301

Posted: Thu, 2002-10-10 16:22

BorgKing

For some reason I can't chmod those files (MESSAGE: Operation not permitted !Chmod failed. It may not be permitted on remote site.), and yet I've had no problem with chmod commands and Gallery before this. The user folder is hidden by default (I have to force ws_ftp to show it), I am wondering if hidden files react differently?

This is not a priority for me, but I'd like to know why I can't get it to work, especially when it wasn't a problem for you, and I am assuming - others who have perhaps tried this and succeeded.

Thanks for any insight you might have.

newtothis

Joined: 2002-09-17
Posts: 13

Posted: Fri, 2002-10-11 03:35

I made the changes to albums.php
and commented out the lines suggested by dsm,
and all users are now disabled from preferences.
This is exactly what I wanted to do!
Thanks to all the posters and dsm especially!
Richard

By the way..how does one view the hidden files using ws_ftp?

Gaile

Joined: 2002-07-20
Posts: 1301

Posted: Fri, 2002-10-11 06:34

Type -la into the blank box on the right (under MkDir), and hit enter. Any hidden files will show up.

:smile:

psuter

Joined: 2002-11-27
Posts: 7

Posted: Sun, 2002-12-01 22:11

Hi
i've just installed Gallery some days ago and i really like it.. so i startet with my first mods on the script (actually on gallery 1.3.2) as i saw your thread i realized the problem and here is my (easy to use) solution to it.

first open your albums.php file and find the following line:
$adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a>&nbsp;';
in an unchanged script this would be line 128.

now replace the line above it which looks like this:
if ($gallery->userDB->canModifyUser()) {
with this:
$generalUsers=file("general_users.txt");
if ($gallery->userDB->canModifyUser() && !array_search($gallery->user->getUsername(),$generalUsers)) {

then save and close your albums.php file

now creat a new text file named "general_users.txt" in your gallerie's root directory (where albums.php is too) and write down the list of users you want not to edit their pereferencies. use a new line for each user and do not put any spaces or any other letters behind or before the username. it is essential that there is only one single user name and nothing else on every line! otherwise it won't work.

after you have done all this, none of the users in your general_users.txt file should see the pereferences link anymore.. whereas others will still be able to see the link.
so this will probably do the job for most of you.
BUT. if you had a nasty little hacker on your page who knew you where using Gallery he could still enter user_preferences.php behind your Gallery's url and edit his user's details. so if you want to protect your gallery from even these users you have to do a little mod to the user_preferences.php script:

open your user_preferences.php file and find the following lines:
if (!$gallery->user->isLoggedIn()) {
exit;
}
in an unchanged script these would be lines 32 to 34.

after the "}" insert a new line and then add the following lines:
$generalUsers=file("general_users.txt");
if (array_search($gallery->user->getUsername(),$generalUsers)) {
exit;
}
CAUTION: DO NOT replace anything.. just add these lines!

after this is done, save your file and try to open your gallery, login as a user from your general_users.txt file and then see if you still see the link.. you should not..
if you don't see the link anymore, replace whatever there is behind your gallerie's root directory with "user_preferences.php" and you should see a blank page, instead of the whole preferences dialog..
if this is all ture, you've done it right.. if it doesn't work.. please read more careful :wink:

hope i could help somebody

greetings from switzerland
pascal

psuter

Joined: 2002-11-27
Posts: 7

Posted: Sun, 2002-12-08 13:18

sorry.. i've found an error in my mod above ..

it only works with the last username in the general_users.txt file..

to make it work correctly add the following to the top of every file you had to modify before.. :
<?php
function array_find($needle, $haystack)
{
for($i = 0; $i < count($haystack); $i++)
{
if (strstr($haystack[$i],$needle))
return $haystack[$i];
}

return false;
}
?>

after this replace array_search with array_find in all the mods you've made (i mean in the ones proposed by me of course)

now it should work..

Biggles

Joined: 2002-12-15
Posts: 1

Posted: Sun, 2002-12-15 01:40

Nicely done. thanks for solving a problem for me.

newtothis Joined: 2002-09-17 Posts: 13	Posted: Sun, 2002-10-06 17:43
	Hi, I want to allow users to login and see a single album...but dont want them to be able to alter the signon and passwords through the preferences. Is there a way to disable that for the individual users? Thanks Richard
	XUser login Username: * Password: * Create new account Request new password
BorgKing Joined: 2002-09-12 Posts: 314	Posted: Mon, 2002-10-07 13:33
	It is not possible for users to change their username, however they can change their password. My solution to this was looking up the username files in albums/.users and removing the write permissions for the webserver. This way users will get an error when they try to change their password or any other information connected to the username.

newtothis Joined: 2002-09-17 Posts: 13	Posted: Tue, 2002-10-08 00:47
	I understand the theory...could you be specific about any code changes or edits required as I am a php novice. Sounds like it will solve my problem. Thanks. Richard

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Tue, 2002-10-08 07:47
	There's no PHP editing involved here. Just do the following: <LI>Make a change to the username you want to protect<LI>Browse to /albums/.users with FTP<LI>Sort files by date<LI>CHMOD 444 the 3 most recent files (note: their filenames should be identical, one without extension, one with .bak and one with .lock [/]

newtothis Joined: 2002-09-17 Posts: 13	Posted: Tue, 2002-10-08 22:43
	I found the 3 files in the albums folder..and changed them to 444...this did not stop the change of password at the preferences link. perhaps i changed the wrong files? i found the 3 files with those extensions in the subfolders as well. could you be more specific. thanks Richard

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Wed, 2002-10-09 09:54
	I just tested it on my own site and it seems it is possible to change the password, but in fact it's not. It's not possible to login with the new password, only with the old one :wink: So the only problem with this approach is that people (who are not allowed to change the password) think they can change the password and they don't get an error when they do so. But in the end, they can only login with the original password. Works perfectly for me...

Gaile Joined: 2002-07-20 Posts: 1301	Posted: Wed, 2002-10-09 19:36
	Hi Since I'm curious about this as well - it's the userdb.dat files you are changing permissions on in the users folder, am I right? Thanks!

newtothis Joined: 2002-09-17 Posts: 13	Posted: Thu, 2002-10-10 02:39
	I also am confused as to which files to change. Thanks Richard

m0f Joined: 2002-10-10 Posts: 1	Posted: Thu, 2002-10-10 02:58
	Hey everybody, I just did this today, as I'm trying to integrate with my the rest of my site. Here's what I did to get rid of the preferences menu altogether Open albums.php Comment out the following lines : if ($gallery->user->isLoggedIn()) { if ($gallery->userDB->canModifyUser()) { $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> '; } Like this : if ($gallery->user->isLoggedIn()) { # if ($gallery->userDB->canModifyUser()) { # $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a> '; # } Hope this helps dsm

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Thu, 2002-10-10 11:26
	I guess this is another way to do it, but it disables the preferences for all the users. If you want to disable changing preferences for only 1 (or more) users, you have to lookup that username in the albums/.users dir. They look like this: 1040309610_1754202938 and these numbers with .bak and .lock.

Gaile Joined: 2002-07-20 Posts: 1301	Posted: Thu, 2002-10-10 16:22
	BorgKing For some reason I can't chmod those files (MESSAGE: Operation not permitted !Chmod failed. It may not be permitted on remote site.), and yet I've had no problem with chmod commands and Gallery before this. The user folder is hidden by default (I have to force ws_ftp to show it), I am wondering if hidden files react differently? This is not a priority for me, but I'd like to know why I can't get it to work, especially when it wasn't a problem for you, and I am assuming - others who have perhaps tried this and succeeded. Thanks for any insight you might have.

newtothis Joined: 2002-09-17 Posts: 13	Posted: Fri, 2002-10-11 03:35
	I made the changes to albums.php and commented out the lines suggested by dsm, and all users are now disabled from preferences. This is exactly what I wanted to do! Thanks to all the posters and dsm especially! Richard By the way..how does one view the hidden files using ws_ftp?

Gaile Joined: 2002-07-20 Posts: 1301	Posted: Fri, 2002-10-11 06:34
	Type -la into the blank box on the right (under MkDir), and hit enter. Any hidden files will show up. :smile:

psuter Joined: 2002-11-27 Posts: 7	Posted: Sun, 2002-12-01 22:11
	Hi i've just installed Gallery some days ago and i really like it.. so i startet with my first mods on the script (actually on gallery 1.3.2) as i saw your thread i realized the problem and here is my (easy to use) solution to it. first open your albums.php file and find the following line: $adminCommands .= '<a href="#" onClick="'.popup("user_preferences.php").'">[preferences]</a>&nbsp;'; in an unchanged script this would be line 128. now replace the line above it which looks like this: if ($gallery->userDB->canModifyUser()) { with this: $generalUsers=file("general_users.txt"); if ($gallery->userDB->canModifyUser() && !array_search($gallery->user->getUsername(),$generalUsers)) { then save and close your albums.php file now creat a new text file named "general_users.txt" in your gallerie's root directory (where albums.php is too) and write down the list of users you want not to edit their pereferencies. use a new line for each user and do not put any spaces or any other letters behind or before the username. it is essential that there is only one single user name and nothing else on every line! otherwise it won't work. after you have done all this, none of the users in your general_users.txt file should see the pereferences link anymore.. whereas others will still be able to see the link. so this will probably do the job for most of you. BUT. if you had a nasty little hacker on your page who knew you where using Gallery he could still enter user_preferences.php behind your Gallery's url and edit his user's details. so if you want to protect your gallery from even these users you have to do a little mod to the user_preferences.php script: open your user_preferences.php file and find the following lines: if (!$gallery->user->isLoggedIn()) { exit; } in an unchanged script these would be lines 32 to 34. after the "}" insert a new line and then add the following lines: $generalUsers=file("general_users.txt"); if (array_search($gallery->user->getUsername(),$generalUsers)) { exit; } CAUTION: DO NOT replace anything.. just add these lines! after this is done, save your file and try to open your gallery, login as a user from your general_users.txt file and then see if you still see the link.. you should not.. if you don't see the link anymore, replace whatever there is behind your gallerie's root directory with "user_preferences.php" and you should see a blank page, instead of the whole preferences dialog.. if this is all ture, you've done it right.. if it doesn't work.. please read more careful :wink: hope i could help somebody greetings from switzerland pascal

psuter Joined: 2002-11-27 Posts: 7	Posted: Sun, 2002-12-08 13:18
	sorry.. i've found an error in my mod above .. it only works with the last username in the general_users.txt file.. to make it work correctly add the following to the top of every file you had to modify before.. : <?php function array_find($needle, $haystack) { for($i = 0; $i < count($haystack); $i++) { if (strstr($haystack[$i],$needle)) return $haystack[$i]; } return false; } ?> after this replace array_search with array_find in all the mods you've made (i mean in the ones proposed by me of course) now it should work..

Biggles Joined: 2002-12-15 Posts: 1	Posted: Sun, 2002-12-15 01:40
	Nicely done. thanks for solving a problem for me.

disable viewers ability to alter preferences in that album

XUser login