I want to allow my registered visitors to edit their details and and or delete information (subject to admin approval, of course) at will. However, it appears that the only way that is allowed is if they are logged in as an administrator, and there's no way I'm going to allow everybody to become an administrator.
I realize that I can click on the "User Can Edit" box, but when I do that to my registered guest, it still shows a blank box in the "User Can Edit" box in the "Add a New User" chart. It will not allow the user to edit at all.
Is there some sort of permission or something I didn't do right?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You said,
"I realize that I can click on the "User Can Edit" box... but when I do... it still shows a blank box in the "User Can Edit" box"
What I understand from this is that when you go to Admin->User Administration and click on the "edit" link next to the user you want to edit, and then check the "User Can Edit" box and hit save, the list that shows the users doesn't have the name of the gedcom under the user can edit field for that user. And that when you edit the user again the box is again unchecked.
If the above statement is accurate, then what I want to know is if you are able to change any of the other user settings such as the fullname or email address.
It would also be helpful to know if you are using, MySQL or index files and what version of PHP you are running under.
Thanks,
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just created an account and could edit the test account's email address and fullname, but when I check on the edit box, it comes unchecked when I view the account again.
I believe I am running index files.
I'm not sure what version of PHP I am running, but I'll email my host and find that out.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm having a very similar problem. I'm starting from scratch, and I hit upon phpGedView, installed it and got myself going. Now I can create a database (I'm using indexes) which I called test and it sets up the first person in the list, but won't let me change anything (even as the administrator). When I try to give myself permission to edit the file, it tells me that I don't have permission to do so. I try to update the user, but nothing seems to happen.
I then tried to import a ged file with the first user already input. This worked okay, but I still can't edit things and I can't give myself permissions. Is there something I need to change somewhere?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you are an administrator you will automatically have edit permissions on everything.
The message you are getting is probably related to file permissions. PHP needs to be able to edit the gedcom file. All of the files in the index directory need to have edit permissions as well.
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd like to clarify one thing about John's statement "All of the files in the index directory need to have edit permissions"
(Note: my comments below are outside the permission set within the PGV application itself. I'm talking about the web service / file permissions.)
The user who "owns" the web process (i.e. apache in RedHat, or whatever local system account is tied to IIS) is the only one that requires edit privileges. Correct? (this seems to be the case in my setup) PHP is doing the updates, and that process is owned by the web account, and therefore depends on the web accounts privs, not the client.
Otherwise by providing elevated permissions to the global group, *these being the permissions granted to people browsing your site*, to view/edit the xyz.ged file (and others?) allows _anyone_ to bypass the application privacy that you configure. I set the permissions on my gedcom.ged file to -rwx------ (700) and all works great.
I was thinking a blank index.php file in the index directory would also keep people from browsing the directory listing (and it would), but the file structure in that directory is well known and consistent if you know the gedcom file name. Plus security by obscurity isn't the greatest way to do things... but it may not hurt.
I think some additonal info and clarification on this should be updated in the FAQ (and Readme.txt). The FAQ states all files require read access. I don't believe this is true.
Jason
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
To complicate matters further, on my installation at my host, all files in the index directory somehow end up belonging to user "nobody" (the system default php script user) with permissions like this:
rw-r--r-- (644) All files under index.
index directory itself is rwxrwxrwx (777)
And my PGV runs as happy as can be.
I moved the GEDCOMs out of my public_html folder for security.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Setting the appropriate permissions for security is very dependant upon your system. And many of the PGV users probably wouldn't understand what you just wrote. :-)
The best way to secure the index directory is to move it outside of the web domain. The same for your gedcom files. If your website is hosted in a location like /home/users/username/public_html/phpGedView
You should put your index directory and gedcom files in /home/users/username/index
PHP can access the files anywhere on the file system, but visitors to your website can only access files under the public_html directory.
Because of the various filesystem structures, it would make installation and setup too difficult to try and check if the index directory is within web accessible space. I will be adding instructions to the security section of the readme about moving the index directory. There are already instructions about moving the gedcom.
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just created a duplicate of my file "Deacur_Family_Tree.GED" and renamed it "Deacur.GED" and reimported it. I then checked off the box for editing and it did allow everyone I checked to edit the file.
So I guess there is something wrong with the underscore character.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I tried upgrading to version 3 (beta 5) and I still can't save my own changes. I tried adding a mother or father to my file and i am told that I get "you do not have access to this resoruce". Why on earth not? I'm the administrator (and only user configured). What do I need to do to make this thing work? Regretably, I don't understand a lot of what has been discussed above; I'm a pretty primative computer user.
The thing is, I don't have edit privalages for ANYTHING when I try to work with this. If there is something I need to change somewhere, I can probably do that, but I really can't quite figure out what my problem is.
Can anyone help?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
First let me ask the standard questions that can help with debugging this problem. Are you using index mode or mysql? What version of PHP are you using?
In your gedcom configuration have you set "Enable online Editing" to yes?
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>Are you using index mode or mysql? What version
>of PHP are you using?
Um, I don't know. how can I tell that?
>In your gedcom configuration have you
> set "Enable online Editing" to yes?
Yes. And I'm using index mode b/c I really have no idea how to set up or use mySQL databases. If you email me off this board, I can send you the link of the site that I am trying to run the software at if that is any help...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
To get the version of Php you are running log on, go to admin and click on the "Show PHPInfo Page" link. It should give you the version number (and much more)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Agreed, moving the index directory outside the web structure is probably the best idea. Forgot about that option :)
"Setting the appropriate permissions for security is very dependant upon your system. And many of the PGV users probably wouldn't understand what you just wrote."
Unfortunately, that is one of the biggest problems with security in general... Its not easy, nor consistent enough across platforms (and service providers) to provide simple instructions.
J
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
But an idea occurred to me today. Could we prompt like this in the config menu?
phpGedView level below main domain:
And under help say, "Enter the number of directories the root phpGedView folder (the index.php file) is nested below the root web folder (public html directory) of this web server. For example, assume that the root web folder is www. If phpGedView is at www, the level is 0. If phpGedview is at www/phpGedView, the level is 1. If phpGedView is at www/subdomain/subfolder/phpGedview, the level is 3 below www.
Then you could install PGVindex to (n+1) * ../ & PGVindex. Just an idea.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Have you set write permissions to the gedcom file?
Are you able to edit anything? You said you received the error when trying to add parents, have you also received the error when trying to edit a fact like a birth record?
Do you get the access denied error when the editing window first pops up, or after you try to make the changes and click the save button?
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
the .GED file is housed within the index directory and has permissions set as 777 (so does the index directory itself). I cannot edit _anything_ in the genealogy tree...it simply tells me that "You do not have access to this resoruce".
when I look at the directory in my shell, it looks like this:
drwxr-xr-x 2 senior senior 1024 Mar 27 11:57 CVS
-rw-r--r-- 1 www-data www-data 647 Mar 30 11:45 authenticate.php
-rw-r--r-- 1 www-data www-data 348 Mar 27 12:38 gedcoms.php
-rw-r--r-- 1 www-data www-data 148 Mar 27 12:38 news.dat
-rw-r--r-- 1 www-data www-data 588 Mar 30 11:45 pgv-200403.log
-rw-r--r-- 1 www-data www-data 34 Mar 27 12:39 pgv_changes.php
-rw-r--r-- 1 senior senior 133 Mar 27 11:58 readme.txt
-rwxrwxrwx 1 senior senior 200 Mar 27 12:39 test.ged
-rwxr-xr-x 1 www-data www-data 8378 Mar 27 12:38 test.ged_conf.php
-rw-r--r-- 1 www-data www-data 498 Mar 27 12:39 test.ged_index.php
-rwxr-xr-x 1 www-data www-data 11409 Mar 27 12:38 test.ged_priv.php
I uploaded the test.ged file, and phpGedView created everything else.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I want to allow my registered visitors to edit their details and and or delete information (subject to admin approval, of course) at will. However, it appears that the only way that is allowed is if they are logged in as an administrator, and there's no way I'm going to allow everybody to become an administrator.
I realize that I can click on the "User Can Edit" box, but when I do that to my registered guest, it still shows a blank box in the "User Can Edit" box in the "Add a New User" chart. It will not allow the user to edit at all.
Is there some sort of permission or something I didn't do right?
Are you able to change any of the values for your users?
--John
I am as an administrator, but a regular user is not allowed. Even if I check off the box to allow editing for that user.
Sorry, I should have made my question more clear.
You said,
"I realize that I can click on the "User Can Edit" box... but when I do... it still shows a blank box in the "User Can Edit" box"
What I understand from this is that when you go to Admin->User Administration and click on the "edit" link next to the user you want to edit, and then check the "User Can Edit" box and hit save, the list that shows the users doesn't have the name of the gedcom under the user can edit field for that user. And that when you edit the user again the box is again unchecked.
If the above statement is accurate, then what I want to know is if you are able to change any of the other user settings such as the fullname or email address.
It would also be helpful to know if you are using, MySQL or index files and what version of PHP you are running under.
Thanks,
--John
Correct.
I just created an account and could edit the test account's email address and fullname, but when I check on the edit box, it comes unchecked when I view the account again.
I believe I am running index files.
I'm not sure what version of PHP I am running, but I'll email my host and find that out.
Thanks.
It's PHP 4.2.3
So, is there a way I can allow my users to edit then?
From your setup everything should be ok.
What is the filename of the gedcom you are trying to give the users permissions for?
I have seen this problem with some filenames that have special characters in them.
--John
Deacur_Family_Tree.GED
Deacur_Family_Tree.GED shouldn't be a problem, but you might try something simpler like deacur.ged and see if that makes a difference.
--John
I'm having a very similar problem. I'm starting from scratch, and I hit upon phpGedView, installed it and got myself going. Now I can create a database (I'm using indexes) which I called test and it sets up the first person in the list, but won't let me change anything (even as the administrator). When I try to give myself permission to edit the file, it tells me that I don't have permission to do so. I try to update the user, but nothing seems to happen.
I then tried to import a ged file with the first user already input. This worked okay, but I still can't edit things and I can't give myself permissions. Is there something I need to change somewhere?
If you are an administrator you will automatically have edit permissions on everything.
The message you are getting is probably related to file permissions. PHP needs to be able to edit the gedcom file. All of the files in the index directory need to have edit permissions as well.
--John
I'd like to clarify one thing about John's statement "All of the files in the index directory need to have edit permissions"
(Note: my comments below are outside the permission set within the PGV application itself. I'm talking about the web service / file permissions.)
The user who "owns" the web process (i.e. apache in RedHat, or whatever local system account is tied to IIS) is the only one that requires edit privileges. Correct? (this seems to be the case in my setup) PHP is doing the updates, and that process is owned by the web account, and therefore depends on the web accounts privs, not the client.
Otherwise by providing elevated permissions to the global group, *these being the permissions granted to people browsing your site*, to view/edit the xyz.ged file (and others?) allows _anyone_ to bypass the application privacy that you configure. I set the permissions on my gedcom.ged file to -rwx------ (700) and all works great.
I was thinking a blank index.php file in the index directory would also keep people from browsing the directory listing (and it would), but the file structure in that directory is well known and consistent if you know the gedcom file name. Plus security by obscurity isn't the greatest way to do things... but it may not hurt.
I think some additonal info and clarification on this should be updated in the FAQ (and Readme.txt). The FAQ states all files require read access. I don't believe this is true.
Jason
To complicate matters further, on my installation at my host, all files in the index directory somehow end up belonging to user "nobody" (the system default php script user) with permissions like this:
rw-r--r-- (644) All files under index.
index directory itself is rwxrwxrwx (777)
And my PGV runs as happy as can be.
I moved the GEDCOMs out of my public_html folder for security.
Setting the appropriate permissions for security is very dependant upon your system. And many of the PGV users probably wouldn't understand what you just wrote. :-)
The best way to secure the index directory is to move it outside of the web domain. The same for your gedcom files. If your website is hosted in a location like /home/users/username/public_html/phpGedView
You should put your index directory and gedcom files in /home/users/username/index
PHP can access the files anywhere on the file system, but visitors to your website can only access files under the public_html directory.
Because of the various filesystem structures, it would make installation and setup too difficult to try and check if the index directory is within web accessible space. I will be adding instructions to the security section of the readme about moving the index directory. There are already instructions about moving the gedcom.
--John
I just created a duplicate of my file "Deacur_Family_Tree.GED" and renamed it "Deacur.GED" and reimported it. I then checked off the box for editing and it did allow everyone I checked to edit the file.
So I guess there is something wrong with the underscore character.
I tried upgrading to version 3 (beta 5) and I still can't save my own changes. I tried adding a mother or father to my file and i am told that I get "you do not have access to this resoruce". Why on earth not? I'm the administrator (and only user configured). What do I need to do to make this thing work? Regretably, I don't understand a lot of what has been discussed above; I'm a pretty primative computer user.
The thing is, I don't have edit privalages for ANYTHING when I try to work with this. If there is something I need to change somewhere, I can probably do that, but I really can't quite figure out what my problem is.
Can anyone help?
jsc,
First let me ask the standard questions that can help with debugging this problem. Are you using index mode or mysql? What version of PHP are you using?
In your gedcom configuration have you set "Enable online Editing" to yes?
--John
Yalnifj,
>Are you using index mode or mysql? What version
>of PHP are you using?
Um, I don't know. how can I tell that?
>In your gedcom configuration have you
> set "Enable online Editing" to yes?
Yes. And I'm using index mode b/c I really have no idea how to set up or use mySQL databases. If you email me off this board, I can send you the link of the site that I am trying to run the software at if that is any help...
To get the version of Php you are running log on, go to admin and click on the "Show PHPInfo Page" link. It should give you the version number (and much more)
maybe this will help. Sorry, its kinda long.
PHP Version 4.1.2
System Linux (none) 2.4.20-6um #1 SMP Fri Jun 6 10:15:19 EDT 2003 i686 unknown
Build Date Jul 15 2003
Configure Command '../configure' '--prefix=/usr' '--with-apxs=/usr/bin/apxs' '--with-regex=php' '--with-config-file-path=/etc/php4/apache' '--disable-rpath' '--disable-debug' '--enable-memory-limit' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-bcmath' '--with-bz2' '--enable-ctype' '--with-db2' '--with-iconv' '--with-ndbm' '--enable-exif' '--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets' '--enable-wddx' '--with-xml=/usr' '--with-expat-dir=/usr' '--enable-yp' '--with-zlib' '--without-pgsql' '--disable-static' '--with-layout=GNU' '--with-curl=shared,/usr' '--with-dom=shared,/usr' '--with-zlib-dir=/usr' '--with-gd=shared,/usr' '--with-jpeg-dir=shared,/usr' '--with-xpm-dir=shared,/usr/X11R6' '--with-png-dir=shared,/usr' '--with-freetype-dir=shared,/usr' '--with-imap=shared,/usr' '--with-ldap=shared,/usr' '--with-mcal=shared,/usr' '--with-mhash=shared,/usr' '--with-mm' '--with-mysql=shared,/usr' '--with-unixODBC=shared,/usr' '--with-recode=shared,/usr' '--enable-xslt' '--with-xslt-sablot=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-sybase-ct=shared,/usr' '--with-ttf=shared,/usr' '--with-t1lib=shared,/usr'
Server API Apache
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php4/apache/php.ini
ZEND_DEBUG disabled
Thread Safety disabled
Agreed, moving the index directory outside the web structure is probably the best idea. Forgot about that option :)
"Setting the appropriate permissions for security is very dependant upon your system. And many of the PGV users probably wouldn't understand what you just wrote."
Unfortunately, that is one of the biggest problems with security in general... Its not easy, nor consistent enough across platforms (and service providers) to provide simple instructions.
J
But an idea occurred to me today. Could we prompt like this in the config menu?
phpGedView level below main domain:
And under help say, "Enter the number of directories the root phpGedView folder (the index.php file) is nested below the root web folder (public html directory) of this web server. For example, assume that the root web folder is www. If phpGedView is at www, the level is 0. If phpGedview is at www/phpGedView, the level is 1. If phpGedView is at www/subdomain/subfolder/phpGedview, the level is 3 below www.
Then you could install PGVindex to (n+1) * ../ & PGVindex. Just an idea.
Everything appears to be correct in your setup.
Have you set write permissions to the gedcom file?
Are you able to edit anything? You said you received the error when trying to add parents, have you also received the error when trying to edit a fact like a birth record?
Do you get the access denied error when the editing window first pops up, or after you try to make the changes and click the save button?
--John
the .GED file is housed within the index directory and has permissions set as 777 (so does the index directory itself). I cannot edit _anything_ in the genealogy tree...it simply tells me that "You do not have access to this resoruce".
when I look at the directory in my shell, it looks like this:
drwxr-xr-x 2 senior senior 1024 Mar 27 11:57 CVS
-rw-r--r-- 1 www-data www-data 647 Mar 30 11:45 authenticate.php
-rw-r--r-- 1 www-data www-data 348 Mar 27 12:38 gedcoms.php
-rw-r--r-- 1 www-data www-data 148 Mar 27 12:38 news.dat
-rw-r--r-- 1 www-data www-data 588 Mar 30 11:45 pgv-200403.log
-rw-r--r-- 1 www-data www-data 34 Mar 27 12:39 pgv_changes.php
-rw-r--r-- 1 senior senior 133 Mar 27 11:58 readme.txt
-rwxrwxrwx 1 senior senior 200 Mar 27 12:39 test.ged
-rwxr-xr-x 1 www-data www-data 8378 Mar 27 12:38 test.ged_conf.php
-rw-r--r-- 1 www-data www-data 498 Mar 27 12:39 test.ged_index.php
-rwxr-xr-x 1 www-data www-data 11409 Mar 27 12:38 test.ged_priv.php
I uploaded the test.ged file, and phpGedView created everything else.