Getting in

WCSC

Joined: 2008-01-22
Posts: 4

Posted: Fri, 2009-07-17 22:26

I just got hacked so I uploaded a backup and it's been some time since I've used or updated my gallery. I have the newest version of Gallery v1 with the last PN software.

How do I get into my gallery from the gallery side and not through Post Nuke. The way my website was set up I cannot add or edit through PN, I have to go into my gallery software.

My question is how do I get in?

I though it was /gallery/index.php or gallery/index.php

I also cannot get into the config wizard gallery/setup

when i do go to these screens I get a "Error: Your userfile is not writeable."

Apache V 1.3.36 (Unix)
PHP V 4.3.11
Firfox

The following information is required to get an answer:
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful):
Gallery version:
Apache version:
PHP version (don't just say PHP 4, please):
Graphics Toolkit:
Operating system:
Web browser/version (if applicable):

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Fri, 2009-07-17 22:37

Quote:

when i do go to these screens I get a "Error: Your userfile is not writeable."

That looks like it means that your albums directory and all files below it need to have their permissions changed so the webserver can write to them. On most hosts this means 777
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC

Joined: 2008-01-22
Posts: 4

Posted: Fri, 2009-07-17 22:52

It looks like I have mixed permissions for different files, does everything in the gallery need to be 777

I just got hacked and don't need to giver permissions to anyone other than me. Do I still 777 everything or just what is in the albums?

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Fri, 2009-07-17 23:55

You most likely didn't get hacked because of permissions set on files. It was probably via FTP, or some other software running on your site.

But how ever your system is setup, your web server needs to have permission to read and write to the directories and files under your /albums directory. Whether that means changing the ownership of the albums directory and all sub-directories and sub-files to the owner of the web server or changing permissions to 777 (for directories) or 666 (for files) is up to you. To change ownership you'll need to contact your host unless you are the system administrator.

Even those this FAQ is for G2 the same principle applies.
FAQ: How can I fix the filesystem permissions of the Gallery storage folder?

____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC

Joined: 2008-01-22
Posts: 4

Posted: Sat, 2009-07-18 02:51

Thank you for the replies Nivekiam, I'll check with my host.

BTW- which is the proper way to access my gallery, it is mysite.com/modules/gallery/index.html ? I noticed this index file is completely blank.

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Sat, 2009-07-18 03:29

modules?

That index.html file shouldn't exist in your Gallery directory

just /gallery/ should be fine if that's where it's installed. If that doesn't work, then /gallery/index.php, if you don't want to have to specify the index.php file, then set DirectoryIndex to include index.php in your .htaccess file:
http://www.javascriptkit.com/howto/htaccess6.shtml
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC

Joined: 2008-01-22
Posts: 4

Posted: Sat, 2009-07-18 05:19

In my gallery directory I have to index files, index.php & index.html I have no way to access anythign to do with my gallery other than viewing it through my PN site.

You know I hired some guy because it had been so long since I used PN, to update my website and now I am noticing I have two gallery directories. One Gallery just has an albums (mysite.com/gallery) directory the other (mysite.com/modules/gallery/) has all the tools, setup, docs netpmb directorys. Both albums seem to be updated the same which is weird. I also can't do all my album editing withing my PN site like i used to before I upgraded. He admitted to me later that he didn't use the gallery ever or know how to properly configure it, which I though was odd. *sigh*

I just don't get that by loading up a backup how everything is all out of whack and the only way to view my gallery is through PN and not directly, weird.....

I'll try to rename deal and see what else gets jacked up, lol

Also in that link you pasted, it says global htaccess file, do I make that edit in the htaccess file in the gallery directory or in my site directory?

hate to make a along code post here but does this seem right for my gallery/index.php file?

Quote:

<?php
/*
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2007 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*
* $Id: index.php 15919 2007-03-05 15:14:55Z jenst $
*/
?>
<?php
// Hack prevention.

global $GALLERY_EMBEDDED_INSIDE;
global $GALLERY_EMBEDDED_INSIDE_TYPE;
global $GALLERY_MODULENAME;
global $MOS_GALLERY_PARAMS;

// Mambo / Joomla calls index.php directly for popups - we need to make
// sure that the option var has been extracted into the environment
// otherwise it just won't work.
$option = isset($_REQUEST['option']) ? $_REQUEST['option'] : null;
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : null;
$mop = isset($_REQUEST['mop']) ? $_REQUEST['mop'] : null;
$name = isset($_REQUEST['name']) ? $_REQUEST['name'] : null;
$include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null;
$postnuke = ( defined('_PN_VERSION_ID') || defined('PN_VERSION_ID') ) ? true : false;
$phpnuke = isset($GLOBALS['nukeurl']) ? true : false;

/*
* Detect PHP-Nuke, Postnuke, phpBB2 or Mambo and react accordingly.
* Gallery can run embedded in GeekLog too, but to catch this we need config.php
* Therefore we have to detect GeekLog in init.php.
*/

if ($postnuke ||
$phpnuke ||
!strcmp($op, "modload") ||
!strcmp($mop, "modload") ||
isset($option)) {
/*
* Change this variable if your Gallery module has a different
* name in the Nuke or phpBB2 modules directory.
*/

if (isset($name)) {
$GALLERY_MODULENAME = $name;
define ('GALLERY_URL',"modules/$GALLERY_MODULENAME");
}

if (isset($option)) {
$GALLERY_MODULENAME = $option;
$mamboDir = getcwd();
$GALLERY_EMBEDDED_INSIDE = 'mambo';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'mambo';

if (isset($GLOBALS['_VERSION']->PRODUCT) &&
$GLOBALS['_VERSION']->PRODUCT == 'Joomla!') {
$GALLERY_EMBEDDED_INSIDE = 'joomla';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'joomla';
}
}
elseif (isset($GLOBALS['phpbb_root_path'])) {
$GALLERY_EMBEDDED_INSIDE='phpBB2';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'phpBB2';
}
elseif ($postnuke) {
$GALLERY_EMBEDDED_INSIDE='nuke';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'postnuke';
if(defined('PN_VERSION_NUM')) {
// postNuke 0.8
$GALLERY_POSTNUKE_VERSION = PN_VERSION_NUM;
}
else {
$GALLERY_POSTNUKE_VERSION = _PN_VERSION_NUM;
}
}
elseif ($GLOBALS['user_prefix'] == "nukea") {
$GALLERY_EMBEDDED_INSIDE='nuke';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'nsnnuke';
}
elseif (defined('CPG_NUKE')) {
$GALLERY_EMBEDDED_INSIDE='nuke';
$GALLERY_EMBEDDED_INSIDE_TYPE='cpgnuke';
}
else {
$GALLERY_EMBEDDED_INSIDE='nuke';
$GALLERY_EMBEDDED_INSIDE_TYPE = 'phpnuke';
}

if (empty($include)) {
$include = "albums.php";
}

/*
* As a security precaution, only allow one of the following files to be included.
* If you want Gallery to allow you to include other files (such as the random photo block)
* then you need to add the name of the file including any relevant path components to this
* array.
*/
$safe_to_include =
array(
"add_comment.php",
"add_photos.php",
"add_photos_frame.php",
"admin-page.php",
"administer_startpage.php",
"album_permissions.php",
"albums.php",
"block-random.php",
"captionator.php",
"copy_photo.php",
"create_user.php",
"delete_album.php",
"delete_photo.php",
"delete_user.php",
"do_command.php",
"download.php",
"ecard_form.php",
"edit_appearance.php",
"edit_caption.php",
"edit_field.php",
"edit_thumb.php",
"edit_watermark.php",
"extra_fields.php",
"gallery_remote.php",
"gallery_remote2.php",
"help/imagemap.php",
"help/metadataOnUpload.php",
"highlight_photo.php",
"imagemap.php",
"lib/colorpicker.php",
"login.php",
"manage_users.php",
"modify_user.php",
"move_album.php",
"move_photo.php",
"multi_create_user.php",
"photo_owner.php",
"poll_properties.php",
"poll_results.php",
"progress_uploading.php",
"publish_xp.php",
"publish_xp_docs.php",
"rearrange.php",
"rebuild_capture_dates.php",
"register.php",
"rename_album.php",
"reset_votes.php",
"resize_photo.php",
"rotate_photo.php",
"rss.php",
"save_photos.php",
"search.php",
"slideshow.php",
"slideshow_high.php",
"slideshow_low.php",
"sort_album.php",
"stats-wizard.php",
"stamp_preview.php",
"stats.php",
"tools/find_orphans.php",
"tools/despam-comments.php",
"tools/validate_albums.php",
"upgrade_album.php",
"upgrade_users.php",
"user_preferences.php",
"view_album.php",
"view_comments.php",
"view_photo.php",
"view_photo_properties.php",
"watermark_album.php",
);

if (!in_array($include, $safe_to_include)) {
$include = htmlentities($include);
print sprintf(_("Security error! The file you tried to include is not on the approved file list. To include this file you must edit %s's index.php and add %s to the \$safe_to_include array"),
'Gallery', $include);
exit;
}
include(dirname(__FILE__) . "/$include");
} else {
include("albums.php");
}
?>

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Sat, 2009-07-18 05:45

Well I know nothing about PN (postnuke, phpnuke, what ever). If you don't have any other way to manage your website than through some CMS I can't be of much help. And the stuff you're describing has me totally lost. I'd say you need to hire that guy back and fix what ever needs to be fixed.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC Joined: 2008-01-22 Posts: 4	Posted: Fri, 2009-07-17 22:26
	I just got hacked so I uploaded a backup and it's been some time since I've used or updated my gallery. I have the newest version of Gallery v1 with the last PN software. How do I get into my gallery from the gallery side and not through Post Nuke. The way my website was set up I cannot add or edit through PN, I have to go into my gallery software. My question is how do I get in? I though it was /gallery/index.php or gallery/index.php I also cannot get into the config wizard gallery/setup when i do go to these screens I get a "Error: Your userfile is not writeable." Apache V 1.3.36 (Unix) PHP V 4.3.11 Firfox The following information is required to get an answer: Get this information from the PHP diagnostic (in the configuration wizard). Gallery URL (optional but very useful): Gallery version: Apache version: PHP version (don't just say PHP 4, please): Graphics Toolkit: Operating system: Web browser/version (if applicable):
	XUser login Username: * Password: * Create new account Request new password
nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Fri, 2009-07-17 22:37
	Quote: when i do go to these screens I get a "Error: Your userfile is not writeable." That looks like it means that your albums directory and all files below it need to have their permissions changed so the webserver can write to them. On most hosts this means 777 ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC Joined: 2008-01-22 Posts: 4	Posted: Fri, 2009-07-17 22:52
	It looks like I have mixed permissions for different files, does everything in the gallery need to be 777 I just got hacked and don't need to giver permissions to anyone other than me. Do I still 777 everything or just what is in the albums?

nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Fri, 2009-07-17 23:55
	You most likely didn't get hacked because of permissions set on files. It was probably via FTP, or some other software running on your site. But how ever your system is setup, your web server needs to have permission to read and write to the directories and files under your /albums directory. Whether that means changing the ownership of the albums directory and all sub-directories and sub-files to the owner of the web server or changing permissions to 777 (for directories) or 666 (for files) is up to you. To change ownership you'll need to contact your host unless you are the system administrator. Even those this FAQ is for G2 the same principle applies. FAQ: How can I fix the filesystem permissions of the Gallery storage folder? ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC Joined: 2008-01-22 Posts: 4	Posted: Sat, 2009-07-18 02:51
	Thank you for the replies Nivekiam, I'll check with my host. BTW- which is the proper way to access my gallery, it is mysite.com/modules/gallery/index.html ? I noticed this index file is completely blank.

nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Sat, 2009-07-18 03:29
	modules? That index.html file shouldn't exist in your Gallery directory just /gallery/ should be fine if that's where it's installed. If that doesn't work, then /gallery/index.php, if you don't want to have to specify the index.php file, then set DirectoryIndex to include index.php in your .htaccess file: http://www.javascriptkit.com/howto/htaccess6.shtml ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

WCSC Joined: 2008-01-22 Posts: 4	Posted: Sat, 2009-07-18 05:19
	In my gallery directory I have to index files, index.php & index.html I have no way to access anythign to do with my gallery other than viewing it through my PN site. You know I hired some guy because it had been so long since I used PN, to update my website and now I am noticing I have two gallery directories. One Gallery just has an albums (mysite.com/gallery) directory the other (mysite.com/modules/gallery/) has all the tools, setup, docs netpmb directorys. Both albums seem to be updated the same which is weird. I also can't do all my album editing withing my PN site like i used to before I upgraded. He admitted to me later that he didn't use the gallery ever or know how to properly configure it, which I though was odd. sigh I just don't get that by loading up a backup how everything is all out of whack and the only way to view my gallery is through PN and not directly, weird..... I'll try to rename deal and see what else gets jacked up, lol Also in that link you pasted, it says global htaccess file, do I make that edit in the htaccess file in the gallery directory or in my site directory? hate to make a along code post here but does this seem right for my gallery/index.php file? Quote: <?php /* * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2007 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. * * $Id: index.php 15919 2007-03-05 15:14:55Z jenst $ / ?> <?php // Hack prevention. global $GALLERY_EMBEDDED_INSIDE; global $GALLERY_EMBEDDED_INSIDE_TYPE; global $GALLERY_MODULENAME; global $MOS_GALLERY_PARAMS; // Mambo / Joomla calls index.php directly for popups - we need to make // sure that the option var has been extracted into the environment // otherwise it just won't work. $option = isset($_REQUEST['option']) ? $_REQUEST['option'] : null; $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : null; $mop = isset($_REQUEST['mop']) ? $_REQUEST['mop'] : null; $name = isset($_REQUEST['name']) ? $_REQUEST['name'] : null; $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null; $postnuke = ( defined('_PN_VERSION_ID') \|\| defined('PN_VERSION_ID') ) ? true : false; $phpnuke = isset($GLOBALS['nukeurl']) ? true : false; / * Detect PHP-Nuke, Postnuke, phpBB2 or Mambo and react accordingly. * Gallery can run embedded in GeekLog too, but to catch this we need config.php * Therefore we have to detect GeekLog in init.php. / if ($postnuke \|\| $phpnuke \|\| !strcmp($op, "modload") \|\| !strcmp($mop, "modload") \|\| isset($option)) { / * Change this variable if your Gallery module has a different * name in the Nuke or phpBB2 modules directory. / if (isset($name)) { $GALLERY_MODULENAME = $name; define ('GALLERY_URL',"modules/$GALLERY_MODULENAME"); } if (isset($option)) { $GALLERY_MODULENAME = $option; $mamboDir = getcwd(); $GALLERY_EMBEDDED_INSIDE = 'mambo'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'mambo'; if (isset($GLOBALS['_VERSION']->PRODUCT) && $GLOBALS['_VERSION']->PRODUCT == 'Joomla!') { $GALLERY_EMBEDDED_INSIDE = 'joomla'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'joomla'; } } elseif (isset($GLOBALS['phpbb_root_path'])) { $GALLERY_EMBEDDED_INSIDE='phpBB2'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'phpBB2'; } elseif ($postnuke) { $GALLERY_EMBEDDED_INSIDE='nuke'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'postnuke'; if(defined('PN_VERSION_NUM')) { // postNuke 0.8 $GALLERY_POSTNUKE_VERSION = PN_VERSION_NUM; } else { $GALLERY_POSTNUKE_VERSION = _PN_VERSION_NUM; } } elseif ($GLOBALS['user_prefix'] == "nukea") { $GALLERY_EMBEDDED_INSIDE='nuke'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'nsnnuke'; } elseif (defined('CPG_NUKE')) { $GALLERY_EMBEDDED_INSIDE='nuke'; $GALLERY_EMBEDDED_INSIDE_TYPE='cpgnuke'; } else { $GALLERY_EMBEDDED_INSIDE='nuke'; $GALLERY_EMBEDDED_INSIDE_TYPE = 'phpnuke'; } if (empty($include)) { $include = "albums.php"; } / * As a security precaution, only allow one of the following files to be included. * If you want Gallery to allow you to include other files (such as the random photo block) * then you need to add the name of the file including any relevant path components to this * array. */ $safe_to_include = array( "add_comment.php", "add_photos.php", "add_photos_frame.php", "admin-page.php", "administer_startpage.php", "album_permissions.php", "albums.php", "block-random.php", "captionator.php", "copy_photo.php", "create_user.php", "delete_album.php", "delete_photo.php", "delete_user.php", "do_command.php", "download.php", "ecard_form.php", "edit_appearance.php", "edit_caption.php", "edit_field.php", "edit_thumb.php", "edit_watermark.php", "extra_fields.php", "gallery_remote.php", "gallery_remote2.php", "help/imagemap.php", "help/metadataOnUpload.php", "highlight_photo.php", "imagemap.php", "lib/colorpicker.php", "login.php", "manage_users.php", "modify_user.php", "move_album.php", "move_photo.php", "multi_create_user.php", "photo_owner.php", "poll_properties.php", "poll_results.php", "progress_uploading.php", "publish_xp.php", "publish_xp_docs.php", "rearrange.php", "rebuild_capture_dates.php", "register.php", "rename_album.php", "reset_votes.php", "resize_photo.php", "rotate_photo.php", "rss.php", "save_photos.php", "search.php", "slideshow.php", "slideshow_high.php", "slideshow_low.php", "sort_album.php", "stats-wizard.php", "stamp_preview.php", "stats.php", "tools/find_orphans.php", "tools/despam-comments.php", "tools/validate_albums.php", "upgrade_album.php", "upgrade_users.php", "user_preferences.php", "view_album.php", "view_comments.php", "view_photo.php", "view_photo_properties.php", "watermark_album.php", ); if (!in_array($include, $safe_to_include)) { $include = htmlentities($include); print sprintf(_("Security error! The file you tried to include is not on the <b>approved file list</b>. To include this file you must edit %s's index.php and add <b>%s</b> to the <i>\$safe_to_include</i> array"), 'Gallery', $include); exit; } include(dirname(__FILE__) . "/$include"); } else { include("albums.php"); } ?>

nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Sat, 2009-07-18 05:45
	Well I know nothing about PN (postnuke, phpnuke, what ever). If you don't have any other way to manage your website than through some CMS I can't be of much help. And the stuff you're describing has me totally lost. I'd say you need to hire that guy back and fix what ever needs to be fixed. ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

XUser login