[Gallery Remote] Access Violation

seaquake · Beginner Joined: May 12, 2008 Posts: 6

Hi all,
i have a problem with the gallery remote, like admin i can access with it without problem.
But if i change to a normal user (that have auth [core] Insert album [core] Insert object) gallery remote cannot login.

If i go @ the url of gallery i receive (like admin or normal user) this error:

--------------------
Security Violation

The action you attempted is not permitted.

Back to the Gallery
Error Detail -
Error (ERROR_PERMISSION_DENIED)

* in main.php at line 346 (GalleryCoreApi::error)
* in main.php at line 94
* in main.php at line 83

System Information
Gallery version 2.2.4
PHP version 5.0.4 cgi
Webserver Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 PHP/5.1.2
Database mysqli 4.1.22-standard-log
Toolkits Thumbnail, Gd
Operating system Linux opus04 2.6.20.1 #1 SMP Wed Feb 28 11:55:00 CET 2007 i686
Browser Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.8.1.14; .NET CLR 3.0; ffco7) Gecko/20080404 Firefox/2.0.0.14
----------------------------------------------

Can some one help me? i cannot understand where is the auth problem for normal user with gallery remote. Rolling Eyes

Thanks a lot

AdBot

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

I seem to remember someone else with a gallery remote problem after integration. I don't use it so don't know for sure. You may have to set the gallery config file to embed mode only = false.

Code: › $gallery->setConfig('mode.embed.only', false);

seaquake · Beginner Joined: May 12, 2008 Posts: 6

no that don't resolve the problem with gallery remote Sad

thanks anyway

seaquake · Beginner Joined: May 12, 2008 Posts: 6

i think is a problem on the authorizzation, because with admin account gallery remote work correctly, but if i give all the auth @ normal account gallery remote don't work! :p

But i don't find where is this miss auth! Mad

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

I would guess that might have something to do with the way passwords are stored in the Gallery db. The admin works because the account already existed before the integration and is encrypted using the gallery method. The phpbb users are imported with the phpbb password scheme, which is different. Gallery remote is supposed to work in embedded galleries but maybe there is a password verification problem.

Maybe when I get time I'll try installing gallery remote and see if I can find the problem because you are not the first to report an issue with gallery remote. Confused

seaquake · Beginner Joined: May 12, 2008 Posts: 6

Thanks a lot jerryrat Wink

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

Just as a test you could try creating a regular user in stand-alone gallery and see if that user works. That would pretty much narrow it down to being an integrated user problem...

seaquake · Beginner Joined: May 12, 2008 Posts: 6

Perfect! you have center the problem! Wink

With an user create by the gallery is all ok with gallery remote. (Like the admin one) Very Happy

All other user that are "imported" or "created when log in" by the "script of the integration" are falled :p

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

Just did some testing. In fact imported users cannot even login to Gallery in stand-alone mode. The problem is that phpbb3 uses a salted md5 hash on it's passwords and gallery thinks it is just md5 so they don't match in the gallery db. Don't know if there is way around that...will have to check it out more.

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

That is the problem. The imported user password stored in the gallery db is useless. Gallery has no way to verify it because the phpbb encryption is not standard md5 so, there is no means to login to Gallery directly, which means gallery remote will not work for imported users.

Dari - Am I missing something? Seems as though Gallery should have a way to hook an external password method for users imported from embedding apps that use a salted password scheme.

jettyrat · Moderator Joined: Nov 28, 2005 Posts: 912

Here is a klunky workaround -

Open: gallery2/modules/core/classes/GalleryUser.class

Find:

Code: › function isCorrectPassword($password) {
$valid = $this->getHashedPassword();

After, add:

Code: › if (substr($valid, 0, 3) == '$H$'){
   define('IN_PHPBB', true);
   require('/htdocs/phpBB3/includes/functions.php');
   return phpbb_check_hash($password, $valid);
}

Make sure to replace the 'require' line with your actual file path to the phpbb file.

I didn't test it with gallery remote, but it allows direct login to gallery for imported phpbb users...

seaquake · Beginner Joined: May 12, 2008 Posts: 6

Thanks a lot, i had made a try with a new account created by the phpbb3 and now gallery remote work correctly Very Happy

I cannot direct login to gallery, but this isn't a problem for me Very Happy

Thanks