Download & Extend
Gallerix » Issues

Unauthorized picture modification attempt. Your IP has been logged.

Posted by Jarada on August 2, 2008 at 10:17pm
Project:Gallerix
Version:6.x-1.4
Component:Code
Category:bug report
Priority:normal
Assigned:AlexisWilke
Status:closed (fixed)

Issue Summary

Guys,

I have set permissions for my users to edit albums, but when they try to manage the pictures stored in those albums, they get this error and nothing gets updated. I've looked in the Gallerix permissions, but there is nothing that gives me the power to pass on permissions for managing pictures on top of albums...

Is there something I have overlooked or is it only the Root Admin who can manage photos?

Thanks,

David.

Login or register to post comments

Comments

#1

Posted by silviogutierrez on August 5, 2008 at 3:49am
Status:active» postponed (maintainer needs more info)

David,

When does this error occur? When you go to node/NID/pictures/manage?

Or does this happen when you try to submit something?

Let me know,

Silvio

#2

Posted by Jarada on August 5, 2008 at 9:32am
Status:postponed (maintainer needs more info)» active

Silvio,

It occurs after you have reached the manage screen. You then try and submit any edits (even deletes) to the pictures, and the error occurs when you hit the submit button. When you refresh the manage screen, all changes (even deletes) are reverted visibly again. The error message is shown above the list of pictures and captions.

If it helps I can upload a video of this error occurring so you can have a better idea what is happening...

David.

#3

Posted by silviogutierrez on August 8, 2008 at 5:11pm

That would help narrow the problem down. In the meantime, I'll try to find out what's going on.

#4

Posted by TC44 on August 11, 2008 at 6:38am

Excellent module, but I'm unfortunately getting the same error here also.

Drupal 5.8, Gallerix 5.x-1.3-1

Cheers,

TC

#5

Posted by TC44 on August 12, 2008 at 3:33am

This is now working for me. I don't know what changed, but the error is gone now here.

#6

Posted by yurg on August 28, 2008 at 2:25pm

Same here, as user 1 i'm not able to edit user-created album. *Unauthorized picture modification attempt. Your IP has been logged* each time trying to save changes in album (adding picture description and so).

#7

Posted by Jarada on August 28, 2008 at 12:08pm

Sorry for the delay, I went away on holiday for two weeks. But I'm back, and the error is still here as far as I know...

So, as promised, I have uploaded a video of the error occurring. The video also shows my settings as they appear behind the scenes as well as showing what I expected to be behind the scenes.

http://video.google.co.uk/videoplay?docid=4701250163440467498&hl=en-GB

Sorry if the visual is a little hard to see or the commentary is a little skewed... I have only started producing these kind of videos recently and I'm still not 100% good at them!

Hopefully this helps!

David.

#8

Posted by elbartoo on September 8, 2008 at 1:18pm

same problem here, i use drupal 5.9 and gallerix 5.x-1.3-1

#9

Posted by silviogutierrez on September 30, 2008 at 3:14am
Status:active» postponed (maintainer needs more info)

I watched the video, and tried to replicate the process step by step, but I don't get an access error of any kind. I'm doing this with a test user (not a superuser) with the "create album" and "edit own album" permissions.

Jarada, thanks for the video.

Silvio

#10

Posted by LiC on April 2, 2009 at 8:51pm

too this problem
Drupal 6.10; Gallerix 6.x-1.4

Can't modify by superuser (#1) albums for other users. ((
... but uploading in this albums - worked ....

#11

Posted by LiC on April 2, 2009 at 8:59pm

upd:

i try change "autor" for gallery (ser my name, #1).
result - null (((( same error

#12

Posted by tomhung on May 4, 2009 at 7:27pm

i'm getting this error too.

why are you trying to accomplish with this Error (Unauthorized picture modification attempt)

why not add a permission and check the permission?

how does " if ($user->uid != $picture->uid) {" determine authorization?

Greg

#13

Posted by Tally on June 19, 2009 at 4:34pm
Version:5.x-1.3-1» 6.x-1.4

I get this error when I try to manage images as an administrator. The error does not appear when a user creates the album and uploads images. Basically, I am unable to correct problems when a user encounters them.

Is this project abandoned? Moving issue tracking off the Drupal site was a mistake in my mind. The off-drupal support system is pretty much useless. I am getting ready to move all my albums to Node_Gallery, which is being actively developed and does not have all the problems that I have with Gallerix.

#14

Posted by kamkejj on August 29, 2009 at 12:43am

Basically if you comment out

if ($user->uid != $picture->uid) {

$result = array(
'status' => 'error',
'message' => t("Unauthorized picture modification attempt. Your IP has been logged."),
);

watchdog('gallerix', t('Unauthorized picture modification attempt for picture !picture', array('!picture' => $picture->pid)), WATCHDOG_WARNING);

print gallerix_to_js($result);
exit();
}

in management.inc starting at line 877 you will be able to delete images from other users galleries. It seems the permission system being used is not correct.

#15

Posted by TwiiK on November 13, 2009 at 12:32pm

A customer of mine got this error today and I found the lines kamkejj mentions here. This is some abyssmal code and gives the administrator no way to alter other people's images without hacking the module even when he has the permission "edit album" opposed to "edit own album". Also, what's with "Your IP has been logged"? Are you threatening the user? As far as I can see there's no logging going on in the code either so it's a blind threat at best.

It seems you have abandoned this module so people, including me, are probably better off finding alternatives. I even bought your widget engine in good fate that you would continue to support and improve upon this module.

Also, the fact that you set the status of this issue to "postponed (maintainer needs more info)" I find shocking. You wrote this module and it took me seconds to find where and why this error appears by just looking in your module files.

For anyone else getting this error it is caused by the user trying to edit the pictures being different than the user who uploaded/created them. It doesn't matter what permissions you set, it will not work unless you modify or comment out the this check (in the function gallerix_manage_form_submit() in management.inc):

Around line 881

if ($user->uid != $picture->uid) {
 
  $result = array(
    'status' => 'error',
    'message' => t("Unauthorized picture modification attempt. Your IP has been logged."),
  );
 
  watchdog('gallerix', 'Unauthorized picture modification attempt for picture !picture', array('!picture' => $picture->pid), WATCHDOG_WARNING);
       
  print gallerix_to_js($result);
  exit();
}

#16

Posted by barckhoff on February 22, 2010 at 8:25am

So, the simple fix to allow admin to edit photos and authors to edit their own photos would be...

Modify gallerix_manage_form_submit() in management.inc by changing this:

if ($user->uid != $picture->uid) {

to this:

if ($user->uid != 1 && $user->uid != $picture->uid) {

#17

Posted by AlexisWilke on June 30, 2010 at 9:49am
Category:support request» bug report
Assigned to:Anonymous» AlexisWilke
Status:postponed (maintainer needs more info)» fixed

I added that code (#16) so the admin can always fix albums.

I also added a permission "administer album" so the right can be given to other users.

Thank you.
Alexis

#18

Posted by System Message on July 14, 2010 at 9:50am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.