Jump to content

FieldtypeSecureFile


Wanze

Recommended Posts

A ProcessWire Fieldtype storing files in a customized location, outside the web root. This module is primarily useful if you need to store sensitive data which should not be accessible directly from the web. Normally, ProcessWire stores all files under /site/assets/files. Direct URL access to these files can be restriced by setting $config->pagefileSecure = true. Still you need to make sure that your template permissions are setup correctly. If something goes wrong, those files could be accessed from outside.

GitHub: https://github.com/wanze/FieldtypeSecureFile

Modules Directory: http://modules.processwire.com/modules/fieldtype-secure-file/

How does it work?

After installing this module, you can create a new field of type SecureFile. Enter your configuration under the "Details" section when editing the field:

  • Storage Location Enter a path outside the web root where the files are stored. You need to create the directory manually. Also make sure that the user running the web server has write permission.
  • Roles allowing to download a secure file Users with a role selected here are able to download the files if a download is requested via the API.
  • Allow Download in Admin If checked, users having a role selected above can download the files when editing a page.

post-582-0-34938400-1439551190_thumb.png

post-582-0-81382500-1439551207_thumb.png

I needed this functionality for a recent project, so I created this module and thought to share it, mabye this is useful for someone else :) Consider it beta, I'm using it on one site but I'm sure it could be improved here and there. Feel free to suggest additional features!

Cheers

  • Like 22
  • Thanks 1
Link to comment
Share on other sites

I also change line 63 in the module to:

$storageLocation = $this->wire('config')->paths->root.rtrim($field->get('storageLocation'), '/') . '/';

So my secure file path is relative to my web root: eg: ../secure_files/

Which is just one level down from my web root, and is easily configured on most shared hosts.
Just saves a bit of time working out absolute paths on shared accounts.

Might be an option within the module to select "Relative path to Processwire root" or "Absolute Path"

  • Like 4
Link to comment
Share on other sites

Thanks for the feedback guys, I'll look into it.

@Mackski

The option to define the path relative to the root directory makes sense to me, I will add this as an option in the next version.

Cheers

Link to comment
Share on other sites

$secureFile->download(); // Performs the check above and delivers the file via the wireSendFile() function

This opens the file automatically if the page is called. What should be the command to open it only when a link is clicked??

Best regards

Link to comment
Share on other sites

This opens the file automatically if the page is called. What should be the command to open it only when a link is clicked??

I guess you are using the module in the frontend? You will have to implement this logic on your own. A possible solution would be to use a GET variable or a url segment to indicate a download, something like this:

if ($input->get->download == 1) {
  $yourSecureFile->download();
}
Link to comment
Share on other sites

I guess you are using the module in the frontend? You will have to implement this logic on your own. A possible solution would be to use a GET variable or a url segment to indicate a download, something like this:

if ($input->get->download == 1) {
  $yourSecureFile->download();
}

I'm always a bit paranoid, so I check like this:

  // download the secure file
  if($input->get->dl == 1) {
    if($file->name && $file->isDownloadable()) {
      $file->download();
      exit;
    } else {
      // erorr
    }
  }
Link to comment
Share on other sites

@Mackski

Yeah, it's always good to add additional checks. In this situation, $file->isDownloadable() is not necessary, as this check is performed by $file->donwload(). Also ProcessWire's wireSendFile will exit for you if the file was sent :)

Link to comment
Share on other sites

Is there a possibility to get the size of the file?

Usually I get the filesize like this:

$file       = "path-to-the-file";
$filesize   = (filesize($file) * .0009765625) * .0009765625; // bytes to MB
$filesize   = round($filesize, 2);//rounding 

But in this case it is not possible to use the path to the file.

Link to comment
Share on other sites

Is there a possibility to get the size of the file?

Usually I get the filesize like this:

$file       = "path-to-the-file";
$filesize   = (filesize($file) * .0009765625) * .0009765625; // bytes to MB
$filesize   = round($filesize, 2);//rounding 

But in this case it is not possible to use the path to the file.

I am sure Wanze will be able to offer up a solution to get the filesize from the path. I just wanted to chime in with a nice function for converting to human readable filesizes: http://jeffreysambells.com/2012/10/25/human-readable-filesize-php

function human_filesize($bytes, $decimals = 2) {
   $size = array('B','kB','MB','GB','TB','PB','EB','ZB','YB');
   $factor = floor((strlen($bytes) - 1) / 3);
   return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . @$size[$factor];
}
  • Like 4
Link to comment
Share on other sites

It's ProcessWire :) Use:

$pageFile->filename; // Path & Filename
$pageFile->basename; // Filename without path
$pageFile->filesize; // Size in bytes
$pageFile->filesizeStr; // Human readable Filesize
  • Like 3
Link to comment
Share on other sites

It's ProcessWire :) Use:

$pageFile->filesizeStr; // Human readable Filesize

only issue is i would want the file size to display like 2.97MB but it displays 3,044 kB  using filesizeStr- should i use Adrian's proposed function? would be cool of you could pass some option to filesizeStr to show in MB

Link to comment
Share on other sites

only issue is i would want the file size to display like 2.97MB but it displays 3,044 kB  using filesizeStr- should i use Adrian's proposed function? would be cool of you could pass some option to filesizeStr to show in MB

Thanks for reminding me why I didn't use filesizeStr :)

Link to comment
Share on other sites

Only to mention:

$pageFile->filename; // Path & Filename
$pageFile->basename; // Filename without path
$pageFile->filesize; // Size in bytes
$pageFile->filesizeStr; // Human readable Filesize

This only works if the number of files is set to 1. If it is unlimited (0) only the PW short syntaxes for files (more than 1) work. I ran also into this mistake and I wondered why I didnt got a result.

Maybe you have to use an foreach loop if you have more than 1 file (I have not tried it).

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By MarkE
      This fieldtype and inputfield bundle was built for storing measurement values within a field, rendering them in a variety of formats and converting them to other units or otherwise modifying them via the API.
      The API consists of a number of predefined functions, some of which include...
      render() for rendering the measurement object, valueAs() for converting the value to another unit value, convertTo() for converting the whole measurement object to different units, and add() and subtract() for for modifying the stored value by the value (converted as required) in another measurement. In the admin the inputfield includes a checkbox (which can be optionally disabled) for converting values on page save. For an example if a value was typed in as centimeters, the unit was changed to metres, and the page saved with this checkbox selected, said value would be automatically converted so that e.g. 170 cm becomes 1.7 m.

      A simple length field using Fieldtype Measurement and Inputfield Measurement.
      Combination units (e.g. feet and inches) are also supported.
      Please note that this module is 'proof of concept' at the moment - there are limited units available and quite a lot of code tidying to do. More units will be added shortly.
      See the GitHub at https://github.com/MetaTunes/FieldtypeMeasurement for full details and updates.
    • By tcnet
      File Manager for ProcessWire is a module to manager files and folders from the CMS backend. It supports creating, deleting, renaming, packing, unpacking, uploading, downloading and editing of files and folders. The integrated code editor ACE supports highlighting of all common programming languages.
      https://github.com/techcnet/ProcessFileManager

      Warning
      This module is probably the most powerful module. You might destroy your processwire installation if you don't exactly know what you doing. Be careful and use it at your own risk!
      ACE code editor
      This module uses ACE code editor available from: https://github.com/ajaxorg/ace

      Dragscroll
      This module uses the JavaScript dragscroll available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability to drag the table horizontally with the mouse pointer.
      PHP File Manager
      This module uses a modified version of PHP File Manager available from: https://github.com/alexantr/filemanager
       
    • By tcnet
      This module implements the website live chat service from tawk.to. Actually the module doesn't have to do much. It just need to inserted a few lines of JavaScript just before the closing body tag </body> on each side. However, the module offers additional options to display the widget only on certain pages.
      Create an account
      Visit https://www.tawk.to and create an account. It's free! At some point you will reach a page where you can copy the required JavaScript-code.

      Open the module settings and paste the JavaScript-code into the field as shown below. Click "Submit" and that's all.

      Open the module settings
      The settings for this module are located int the menu Modules=>Configure=>LiveChatTawkTo.

       
    • By tcnet
      Session Viewer is a module for ProcessWire to list session files and display session data. This module is helpful to display the session data of a specific session or to kick out a logged in user by simply delete his session file. After installation the module is available in the Setup menu.

      The following conditions must be met for the module to work properly:
      Session files
      Session data must be stored in session files, which is the default way in ProcessWire. Sessions stored in the database are not supported by this module. The path to the directory where the session files are stored must be declared in the ProcessWire configuration which is by default: site/assets/sessions.
      Serialize handler
      In order to transform session data easier back to a PHP array, the session data is stored serialized. PHP offers a way to declare a custom serialize handler. This module supports only the default serialize handlers: php, php_binary and php_serialize. WDDX was dropped in PHP 7.4.0 and is therefore not supported by this module as well as any other custom serialize handler. Which serialize handler is actually used you can find out in the module configuration which is available under Modules=>Configure=>SessionViewer.

      Session data
      The session data can be displayed in two different ways. PHP's default output for arrays print_r() or by default for this module nice_r() offered on github: https://github.com/uuf6429/nice_r. There is a setting in the module configuration if someone prefers print_r(). Apart from the better handling and overview of the folded session data the output of nice_r() looks indeed nicer.

      Links
      ProcessWire module directory
      github.com
    • By Robin S
      Repeater Easy Sort
      Adds a compact "easy-sort" mode to Repeater and Repeater Matrix, making those fields easier to sort when there are a large number of items.
      The module also enhances Repeater Matrix by allowing a colour to be set for each matrix type. This colour is used in the item headers and in the "add new" links, to help visually distinguish different matrix types in the inputfield.
      Screencasts
      A Repeater field

      A Repeater Matrix field with custom header colours

      Easy-sort mode
      Each Repeater/Matrix item gets an double-arrow icon in the item header. Click this icon to enter easy-sort mode.
      While in easy-sort mode:
      The items will reduce in width so that more items can be shown on the screen at once. The minimum width is configurable in the field settings. Any items that were in an open state are collapsed, but when you exit easy-sort mode the previously open items will be reopened. You can drag an item left/right/up/down to sort it within the items. The item that you clicked the icon for is shown with a black background. This makes it easier to find the item you want to move in easy-sort mode. You can click an item header to open the item. An "Exit easy-sort mode" button appears at the bottom of the inputfield. Configuration
      In the field settings for Repeater and Repeater Matrix fields you can define a minimum width in pixels for items in easy-sort mode. While in easy-sort mode the items will be sized to neatly fill the available width on any screen size but will never be narrower than the width you set here.
      In the field settings for Repeater Matrix you can define a custom header colour for each matrix type using an HTML "color" type input. The default colour for this type of input is black, so when black is selected in the input it means that no custom colour will be applied to the header.
      Exclusions
      The easy-sort mode is only possible on Repeater/Matrix fields that do not use the "item depth" option.
       
      https://github.com/Toutouwai/RepeaterEasySort
      https://processwire.com/modules/repeater-easy-sort/
×
×
  • Create New...