X3Photo Gallery Forums

We fixed critical issue with admin login, if you put V2 online, please download again and replace imagevue directory.

If you editred configs you could keep imagevue/config intact.

pain wrote:We fixed critical issue with admin login, if you put V2 online, please download again and replace imagevue directory.

If you editred configs you could keep imagevue/config intact.

If this is regarding the admin login being open...you can change the password on the update, but you can ALSO still use passwd and it will let you in! Even after the password has been changed and saved. Just thought I would let you know. Not sure if this resides in the "users.php" file in the imagevue\admin\protected folder? This might be what is allowing the override. Not a programmer but this is the only place that I have found that access. Just an FYI! The one part we want to keep secure

Are you sure it could actually write to file?

Hey there..

Maybe you should mention somewhere that you don't need to set the folder/files to 777. This is mostly a security problem. If you set up your web server with php as cgi you can set the directories to 755 and files to 644 and it works like a charm. Setting files and folders to 777 means it is read and writeable by world, if someone has a bit knowledge he can easily beat your whole machine.

neutron wrote:Hey there..

Maybe you should mention somewhere that you don't need to set the folder/files to 777. This is mostly a security problem. If you set up your web server with php as cgi you can set the directories to 755 and files to 644 and it works like a charm. Setting files and folders to 777 means it is read and writeable by world, if someone has a bit knowledge he can easily beat your whole machine.

Thanks for the tip! We will dwell into permissions, and create some further guidelines.

pain wrote:Are you sure it could actually write to file?

Yes. I could write and save to file just as a standard admin.