Anonymous (Public) Upload

[reko]

Hi dosboy, see the documentation about the User Control Panel: https://www.phoca.cz/documents/2-phoca-g ... ser-upload and the Global Configuration-Upload Settings https://www.phoca.cz/documents/2-phoca-g ... d_Settings

regards
/rk

[unleash.it]

Hi, I've read that but I still can't figure out how to allow the public to upload. In the category, the "Upload and User Access rights" are "nobody" "registered users", etc., but no "public". With access, I can deselect them all, and the the public has access. But with upload rights, it just reverts to "nobody".

Is there a way to allow public uploads? (not the user control panel, but within a category?)

Thanks for the help.

[Jan]

Hi, public cannot upload images. It is a large security issue to allow public users to upload. In such case some protection like captcha (not 100%), etc (not secure like login) needs to be used

[unleash.it]

Hi Jan, I appreciate the answer. Yes, I agree allowing a public upload is not ideal when it comes to security/spamming. However, this site is for a client that has had public upload on their old site for years without problem (and they made it clear they really want it to stay that way!). But... do you think if I hack a solution, I could be making a serious mistake as far as security (never mind spamming)? Serious to me would be a vulnerability beyond just the gallery (like access to the db).

I've succssfully modified cateogories/default.php to show the form to the public, and unless you say this presents a serious vulnerability, I will try to find the right files to override the user check for the upload form. Any help on that would be appreciated.

Thanks Jan, I am about to send you a PM to find out how I can donate some $$ to remove the back link