|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Name: Album.pl - UBB-Integrated Photo Album Description: Adds a ubb-member-database-integrated photo album to your site. Author: Mike Bobbitt Link: Support/Download Page Demo: http://perl.bobbitt.ca/cgi-bin/album.pl Requirement: UBB™ 6.x - tho it can run standalone  Notes: Version 6.1 is here! I thought it would be a good time to begin a thread here, since the old one is in the 6.0 forum and 23 pages long
|
|
|
|
|
Joined: Nov 2001
Posts: 1,080
Member
|
|
Member
Joined: Nov 2001
Posts: 1,080 |
That is sweet. Mike Bobbitt did an awesome job with the photo album. 
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
Thanks guys! The new thread looks much cleaner already!
|
|
|
|
|
Joined: Sep 2001
Posts: 93
Member
|
|
Member
Joined: Sep 2001
Posts: 93 |
thx. cute
|
|
|
|
|
Joined: Jan 2003
Posts: 87
Member
|
|
Member
Joined: Jan 2003
Posts: 87 |
|
|
|
|
|
Joined: Nov 2001
Posts: 1,080
Member
|
|
Member
Joined: Nov 2001
Posts: 1,080 |
Whoa...The "wave" coming to you in 3D.
|
|
|
|
|
Joined: Jan 2003
Posts: 87
Member
|
|
Member
Joined: Jan 2003
Posts: 87 |
Maybe we can get Bobbitt to upgrade the Authority List for UBB v6.4 ![[Linked Image]](http://smilies.sofrayt.com/%5E/_950/cleverman.gif)
|
|
|
|
|
Joined: Jan 2003
Posts: 87
Member
|
|
Member
Joined: Jan 2003
Posts: 87 |
QUESTION: Which file do I edit to make Album.Pl look basically like my forum? I tried the album.pl file to no avail. Is it the .tml files? ![[Linked Image]](http://smilies.sofrayt.com/%5E/_950/lamer.gif)
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
yes, the .tml files are the templates for album.pl
|
|
|
|
|
Joined: Oct 2000
Posts: 2,667
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,667 |
shame this version still doen't work on my server running PSA tho it used to work well when I was running Cpanel 
Do you believe in love at first sight,
or should I walk by again?
|
|
|
|
|
Joined: Feb 2001
Posts: 54
Member
|
|
Member
Joined: Feb 2001
Posts: 54 |
quote: Originally posted by Bob Ferguson: Maybe we can get Bobbitt to upgrade the Authority List for UBB v6.4 So this does or does not work with 6.5?  Checked out the website and it looks sweet!
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
it works with 6.5... Mike is on the beta team
|
|
|
|
|
Joined: Aug 2002
Posts: 29
Junior Member
|
|
Junior Member
Joined: Aug 2002
Posts: 29 |
This is a great feature for communities.
I hope it makes it into the standard UBB.classic.
|
|
|
|
|
Joined: Jan 2002
Posts: 88
Member
|
|
Member
Joined: Jan 2002
Posts: 88 |
really curious about this one...
would be a really nice addon...
thnx!
|
|
|
|
|
Joined: May 2001
Posts: 283
Member
|
|
Member
Joined: May 2001
Posts: 283 |
I have a problem when installing this on Win 2K server... When using the upload feature, the software requires the web server to have write access to the TEMP directory. Apparently this isn't the Windows default Temp directory, it's a temp directory defined by IIS ( according to Mike Bobbit who made the software ). Have any of you installed this on Win2K? If so, can you tell me how to change where IIS wants the Temp directory to be? Right now, it's wanting the root of my web directory to be the Temp directory and I can't allow write permission there! That would be suicide! Thanks for your help.
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
I installed it on a win2k server, but don't remember having to set that... is this a dedicated server?
|
|
|
|
|
Joined: May 2001
Posts: 283
Member
|
|
Member
Joined: May 2001
Posts: 283 |
No, it's running several sites.
|
|
|
|
|
Joined: May 2001
Posts: 283
Member
|
|
Member
Joined: May 2001
Posts: 283 |
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
You've got some unsual problems here and on other mods... I'm not sure how reliable your host is...
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
V6.2 has been released. Note that there are a number of fixes, including a security fix that prevents users from execuruting programs from the hosting system. (Programs are executed with the privileges of the web server user, and have to be pre-existing on the system.) An advisory detailing the problem will hit BugTraq on April 27th. (Thanks to AresU for finding this and for responsible disclosure!) As a result, I *strongly* recommend that everyone upgrade to V6.2. Download here . New Features- Added a new "Popular" option. This shows the 10 (by default) most popular photos or albums. Popularity is based on rating, number of times rated and number of times viewed. New for this feature: popular_button and most_popular config items, thmb_album_popular.gif graphic, popular style sheet class and updated album_header.tml.
- SSI setting for popular modes defines number of images to display. (I.E. ssi=10 shows 10 most popular)
- Added self-administration: users can now create sub-albums and set album thumbnails for albums they own.
- Added new user class: guest. Guests are defined through the "default_guests" config item, and are like regular users but cannot upload.
- Added ability to set photo and album owners through the "Update Titles & Descriptions" form.
- Admins are now excluded from quota checking.
- A "thmb_root.jpg" image added to the root album will now be used as the album thumbnail for the root album.
- Re-organized Configuration Management screen into sections.
- Added "Edit User List" capability for flatfile authentication (authentication_type=1). This form shows up on the Configuration Management screen.
- Added jhead_comments config item, which uses jhead to automatically insert a photo's title/description (if present) as a comment in the EXIF header.
- Added a check to ensure the style sheet is working, through the use of a "hidden" class that hides the error when things are working properly.
- Added "postupload" config item, which allows an ImageMagick command to be run on a pic after upload.
- Added 2 new sort options: newest first and oldest first, by file creation date.
- Added public_albums option to protect only photos (thumbnail view is pulic).
- Login errors now display as a popup window.
- Improved "fatal error" troubleshooting.
- Jump Station will now go to target album on click (submit not required).
- Automatic ImageMagick sensing for new configs has been added.
- Allowed entered passwords to override cookies.
- Made DB code more robust.
Bug Fixes- Major security hole fixed where any program can be remotely executed has been closed -- thanks to AresU for finding this and for responsible disclosure!
- Fixed broken SSI code - it now won't display all the "extra stuff" in SSI mode. The ssirecentuploads style class has also been updated.
- Fixed security hole around creating albums.
- Fixed bug where first level sub albums showed their own thumbnail for the "root" album's nav button.
- Fixed problem where ()'s in album filenames broke the nav footer.
- Photos without a thumbnail are no longer displayed on the "Set Album Thumbnail" screen.
- Fixed "Update Titles & Descriptions" bug for "empty" albums.
- Movies can now be viewed when browsing through a batch of photos and movies.
- Fixed a bug where setting thumbnails for sub-sub albums threw an error.
- Fixed a bug where the "Full Size" viewing button didn't work if you had defined a default size.
- Removed double /'s from thumbnail links.
- Fixed a bug where rating_location wasn't being honoured.
- Fixed broken movie links on search results page.
|
|
|
|
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
quote:
Originally posted by Mike Bobbitt: An advisory detailing the problem will hit BugTraq on April 27th. (Thanks to AresU for finding this and for responsible disclosure!)
It must have went out on BugTraq early because I just got it: quote:
[qb]AresU Advisory
04/27/2003
Album.pl Vulnerability
Severity : High (CGI Remote Command Execution)
Systems Affected: Album.pl up to v6.1
Vendor URL: http://perl.bobbitt.ca/album
Vuln Type : CGI Remote Command Execution
Status : Vendor contacted, new fixed version available
Author : AresU
Greetz to : Mike B., Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, nimdA, Br0374l, FreshFirst, Algorithm All 1ndonesian Security Team (1st) http://www.bosen.net/releases/ http://bosen.blogspot.com
Summary
=======
album.pl is a popular web photo album application that allows you to simply drop new photo files into a directory, and they will automatically be accessible via the web. Any user can execute commands with Web Server privileges (normally nobody) when use an alternate configuration file.
Solution
========
Upgrade to a newer album.pl version (at least 6.2) http://perl.bobbitt.ca/album/album62.zip
Acknowledgments
===============
Vulnerability discovery and advisory by AresU
Vendor Response
===============
Vendor has been contacted and new fixed version is available.
Exploit Code
============
I have refrained from publishing a more functional exploit at this time,
to delay attacks against album.pl installations.
-----------------------------------------------
This mail sent through http://webmail.bosen.net
[/qb]
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Nice upgrade Mike, those are some sweet features 
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
It went out on Indonesian time.
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
Note: at least one site has been hacked through the album.pl vulnerability, so I can't stress enough that users should complete this upgrade.
There is also a quick patch available here for those who don't want to tackle an upgrade right away:
http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=740;start=new;boardseen=1
Cheers
|
|
|
|
|
Joined: Nov 2000
Posts: 2,759
Pooh-Bah
|
|
Pooh-Bah
Joined: Nov 2000
Posts: 2,759 |
Hi Mike,
Are there any particular settings required for talking to the ubb.x users table?
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
Ummm. I'm not really familiar with UBB.x's underlying settings. In case there's similar to UBB.thread's, here *they* are (from the Database section of album.cfg):
db_driver=mysql
db_name=[dbname]
db_hostname=localhost
db_user=[username]
db_password=[password]
db_port=3306
db_membertable=w3t_users
db_username=U_LoginName
db_passwdfield=U_Password
If anyone knows of corrections for UBB.x, I'd gladly add them to the config notes...
Cheers
|
|
|
|
|
Joined: Nov 2000
Posts: 2,759
Pooh-Bah
|
|
Pooh-Bah
Joined: Nov 2000
Posts: 2,759 |
The settings should be: db_driver=mysql db_name=[yourwebsite_com] db_hostname=localhost db_user=[username] db_password=[password] db_port=3306 db_membertable=USERS db_username=USERNAME db_passwdfield=PASSWORD I've gotten as far as getting a line 2696 error I posted a similar thread @ infopop http://community.infopop.net/2/OpenTopic?a=tpc&s=729094322&f=1853060105&m=3403056517 I'll have to check the case settings for the table/fields when I get home
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
Thanks for the info, I've added it to the "standard" config that comes with album.pl...
As for the error, was there a message to go with the line number? That's pretty much smack dab in the middle of DB code, which sounds right I guess...
|
|
|
|
|
Joined: May 2003
Posts: 19
Junior Member
|
|
Junior Member
Joined: May 2003
Posts: 19 |
How do I add a link in the
my profile | register | search |faq | forum home
for the Album?
on UBB.classicTM 6.3.1.2
Thank-You
in advance for your help...
BUZN_WILDLY
|
|
|
|
|
Joined: Aug 2001
Posts: 103
Member
|
|
Member
Joined: Aug 2001
Posts: 103 |
are there idiot instructions on how to integrate this into the ubb, i mean pure idiot instructions because i can't figure it out.
|
|
|
|
|
Joined: Jun 2003
Posts: 3
Junior Member
|
|
Junior Member
Joined: Jun 2003
Posts: 3 |
In public_common.pl, find: # Forum HomeAdd Under: #Album
push(@items, qq($vars_wordlets_mods{album_link}));================================================= In vars_wordlets_mods.cgi, find: %vars_wordlets_mods = (Add Under: q!album_link! => q!Album!,DON'T FORGET TO BACKUP THE ABOVE MENTIONED FILES PRIOR TO EDITTING THEM!
|
|
|
|
|
Joined: May 2003
Posts: 19
Junior Member
|
|
Junior Member
Joined: May 2003
Posts: 19 |
I've tryed to make that link work, But not having any luck with it! I even altered the line q!album_link! => q!Album!, to album_link => "album" And still doesn't work... and I'm thinking you have to add #Album
push(@items, qq($vars_wordlets_mods{album_link})); Add Under: # Forum Home
push(@items, qq($vars_wordlets{forum_home_link}));Would You Have any other Idea's? UBB.classicTM 6.3.1.2 Thank-You BUZN_WILDLY
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
Sorry I haven't replied - I don't get notified on this thread, so I never know when it's active... Do you get anything at all when you add those lines, or is it just the same? V6.3.1.2 has different templates from more recent versions (as I recall) so public_common.pl may look and act a bit differently...
|
|
|
|
|
Joined: May 2001
Posts: 58
Member
|
|
Member
Joined: May 2001
Posts: 58 |
The album works great on our forum installed on a Win2k box. The only suggestion I have is to sort the albums by username, not the member number. I realize that is probably hard to do, but many of my members have asked for it.
Chris
|
|
|
|
|
Joined: Apr 2001
Posts: 237
Member
|
|
Member
Joined: Apr 2001
Posts: 237 |
V6.3 has been released. ( Download ) New Features - You can now create links to photos in other albums. The new "Link" item on the admin menu allows you to create links to existing photos. Only the original photo exists, with links simply pointing to it. Useful for a "favourites" album, without keeping multiple copies of your photos.
- Local templates now supported. Any template files found in an album directory will automatically be used for that album.
- New buttons!
- Added ssi=2 mode, which shows actual photos, not just thumbnails. (Good for use with random/slideshow features.)
- Added support for YaBB SE 1.5.1+ password protection. Digest::HMAC_MD5 Perl module required.
- Added ####NAVPREV####, ####NAVUP####, ####NAVNEXT#### and ####NAVJUMP#### tags, for extra granularity with the navigation footer. Updated album_footer.tml to use these tags.
- Added ####MOVIESIZE#### tag for the upload form, to show the max allowed movie upload size.
- Added "logout" button for flatfile authentication (type 1). Includes logout_button config item and thmb_album_logout.gif image.
- The postupload command can now use all regular ####TAGS####. (Such as ####CONFIG=loggedin#### to show the logged in user's name.)
- Improved cookie deletion (thanks Scouter!)
- Additional check to prevent bogus config update added.
- Tuned up album_test.pl.
- Added new default_linkdir to allow fast linking.
- Added new "delcookie" function to forcibly delete any album related cookies.
New Config Items - link_button: Filename of the "Link" button graphic.
- default_linkdir: When added, clicking on the "link" button will auto create the link in this directory, instead of prompting the user for a destination (not present by default).
- logout_button: Filename of the "Logout" button graphic
- db_displaynamefield: Used to define the database field containing a user's display name. Optional.
- movie_upload_size_limit: Allows admins to specify the max size for uploaded movies, separate from photos.
Bug Fixes - User edit no longer adds a blank line to the end of the list.
- Nav "up" link now takes you up to the right page.
- Album URLs are now properly escaped, allowing characters such as + in the album filenames.
- Fixed flatfile password carryover problem.
- Fixed ssi / authentication problem.
- Fixed a bug where search results weren't displayed properly.
- Fixed up static HTML to honour local configs.
- Fixed broken movie links.
Files to replace - album.pl
- album_test.pl
- album_footer.tml
- album_strings.txt (or appropriate language file)
- Photo_Album.css
New files Enjoy! P.S. caroth, that's on the to do list, hope to get to it some time.
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
thanks Mike
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Do these errors look familiar? https://www.ubbdev.com/cgi-bin/album.pl And the images, even tho they are in the folder as specified in the config settings aren't being found (config settings say my setting is correct, even tho it's looking for the images in the public pages from a different url - appears to be looking for them in cgi_web and not album_web).
|
|
|
|
|
Joined: Oct 2002
Posts: 394
Enthusiast
|
|
Enthusiast
Joined: Oct 2002
Posts: 394 |
Allen, the path, in your case is only: cgi-bin/img/ so in the album.cfg would show something like this: quote:
# The path to the directory containing all icons and buttons. This should be relative to album.pl's location, as it is appended to album_web to get the actual URL.
img_dir=cgi-bin/img In my case was img_dir=ubb/img because I didnt want to mix the "img" folder in the cgi-bin, it doesnt have to be there. I have a question though: I dont get "Rate picture" and also dont get the Admin options: Delete, Move, Edit etc. Do you know why? Is there a page for Admin settings other than album.cfg file? http://romanianational.com/cgi-bin/album.pl Thank you, Felix
|
|
|
|
|
Joined: Oct 2002
Posts: 394
Enthusiast
|
|
Enthusiast
Joined: Oct 2002
Posts: 394 |
My pleasure Allan. I saw that it work I figured it out why dont have the "Rate it" button. I missed to create the ratings.txt file Thank you Felix
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 87
Joined: December 2001
|
|
|
Forums63
Topics37,575
Posts293,931
Members13,824
| |
Most Online6,139
Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
![[Linked Image]](http://smilies.sofrayt.com/%5E/_950/ole.gif)
