Jump to content
Wanze

FieldtypeSecureFile

Recommended Posts

A ProcessWire Fieldtype storing files in a customized location, outside the web root. This module is primarily useful if you need to store sensitive data which should not be accessible directly from the web. Normally, ProcessWire stores all files under /site/assets/files. Direct URL access to these files can be restriced by setting $config->pagefileSecure = true. Still you need to make sure that your template permissions are setup correctly. If something goes wrong, those files could be accessed from outside.

GitHub: https://github.com/wanze/FieldtypeSecureFile

Modules Directory: http://modules.processwire.com/modules/fieldtype-secure-file/

How does it work?

After installing this module, you can create a new field of type SecureFile. Enter your configuration under the "Details" section when editing the field:

  • Storage Location Enter a path outside the web root where the files are stored. You need to create the directory manually. Also make sure that the user running the web server has write permission.
  • Roles allowing to download a secure file Users with a role selected here are able to download the files if a download is requested via the API.
  • Allow Download in Admin If checked, users having a role selected above can download the files when editing a page.

post-582-0-34938400-1439551190_thumb.png

post-582-0-81382500-1439551207_thumb.png

I needed this functionality for a recent project, so I created this module and thought to share it, mabye this is useful for someone else :) Consider it beta, I'm using it on one site but I'm sure it could be improved here and there. Feel free to suggest additional features!

Cheers

  • Like 22
  • Thanks 1

Share this post


Link to post
Share on other sites

This is great! I have one upcoming project in particular where this feature will be necessary.

Thanks for setting this up!

Share this post


Link to post
Share on other sites

Very neat and really simple addition. Maybe I'll use it on one of my current projects.

Share this post


Link to post
Share on other sites

great! will be really nice for things like invoices, sensitive, or copyright/rights managed data in files

Share this post


Link to post
Share on other sites

I get an error when saving, although it seems to still work.

  •  Missing required value (inputfieldClass)

Share this post


Link to post
Share on other sites

I also change line 63 in the module to:

$storageLocation = $this->wire('config')->paths->root.rtrim($field->get('storageLocation'), '/') . '/';

So my secure file path is relative to my web root: eg: ../secure_files/

Which is just one level down from my web root, and is easily configured on most shared hosts.
Just saves a bit of time working out absolute paths on shared accounts.

Might be an option within the module to select "Relative path to Processwire root" or "Absolute Path"

  • Like 4

Share this post


Link to post
Share on other sites

I get an error when saving, although it seems to still work.

  •  Missing required value (inputfieldClass)

Got the error too, but it is really only by pushing the saving button.

Share this post


Link to post
Share on other sites

Thanks for the feedback guys, I'll look into it.

@Mackski

The option to define the path relative to the root directory makes sense to me, I will add this as an option in the next version.

Cheers

Share this post


Link to post
Share on other sites
$secureFile->download(); // Performs the check above and delivers the file via the wireSendFile() function

This opens the file automatically if the page is called. What should be the command to open it only when a link is clicked??

Best regards

Share this post


Link to post
Share on other sites
This opens the file automatically if the page is called. What should be the command to open it only when a link is clicked??

I guess you are using the module in the frontend? You will have to implement this logic on your own. A possible solution would be to use a GET variable or a url segment to indicate a download, something like this:

if ($input->get->download == 1) {
  $yourSecureFile->download();
}

Share this post


Link to post
Share on other sites

I guess you are using the module in the frontend? You will have to implement this logic on your own. A possible solution would be to use a GET variable or a url segment to indicate a download, something like this:

if ($input->get->download == 1) {
  $yourSecureFile->download();
}

I'm always a bit paranoid, so I check like this:

  // download the secure file
  if($input->get->dl == 1) {
    if($file->name && $file->isDownloadable()) {
      $file->download();
      exit;
    } else {
      // erorr
    }
  }

Share this post


Link to post
Share on other sites

@Mackski

Yeah, it's always good to add additional checks. In this situation, $file->isDownloadable() is not necessary, as this check is performed by $file->donwload(). Also ProcessWire's wireSendFile will exit for you if the file was sent :)

Share this post


Link to post
Share on other sites

Is there a possibility to get the size of the file?

Usually I get the filesize like this:

$file       = "path-to-the-file";
$filesize   = (filesize($file) * .0009765625) * .0009765625; // bytes to MB
$filesize   = round($filesize, 2);//rounding 

But in this case it is not possible to use the path to the file.

Share this post


Link to post
Share on other sites

Is there a possibility to get the size of the file?

Usually I get the filesize like this:

$file       = "path-to-the-file";
$filesize   = (filesize($file) * .0009765625) * .0009765625; // bytes to MB
$filesize   = round($filesize, 2);//rounding 

But in this case it is not possible to use the path to the file.

I am sure Wanze will be able to offer up a solution to get the filesize from the path. I just wanted to chime in with a nice function for converting to human readable filesizes: http://jeffreysambells.com/2012/10/25/human-readable-filesize-php

function human_filesize($bytes, $decimals = 2) {
   $size = array('B','kB','MB','GB','TB','PB','EB','ZB','YB');
   $factor = floor((strlen($bytes) - 1) / 3);
   return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . @$size[$factor];
}
  • Like 4

Share this post


Link to post
Share on other sites

It's ProcessWire :) Use:

$pageFile->filename; // Path & Filename
$pageFile->basename; // Filename without path
$pageFile->filesize; // Size in bytes
$pageFile->filesizeStr; // Human readable Filesize
  • Like 3

Share this post


Link to post
Share on other sites
$pageFile->filesizeStr; // Human readable Filesize

I forgot about that - should have remembered there was something built in  :)

Share this post


Link to post
Share on other sites

I forgot about that - should have remembered there was something built it :)

And I have never heard about that :undecided:

Share this post


Link to post
Share on other sites

It's ProcessWire :) Use:

$pageFile->filesizeStr; // Human readable Filesize

only issue is i would want the file size to display like 2.97MB but it displays 3,044 kB  using filesizeStr- should i use Adrian's proposed function? would be cool of you could pass some option to filesizeStr to show in MB

Share this post


Link to post
Share on other sites

only issue is i would want the file size to display like 2.97MB but it displays 3,044 kB  using filesizeStr- should i use Adrian's proposed function? would be cool of you could pass some option to filesizeStr to show in MB

Thanks for reminding me why I didn't use filesizeStr :)

Share this post


Link to post
Share on other sites

Only to mention:

$pageFile->filename; // Path & Filename
$pageFile->basename; // Filename without path
$pageFile->filesize; // Size in bytes
$pageFile->filesizeStr; // Human readable Filesize

This only works if the number of files is set to 1. If it is unlimited (0) only the PW short syntaxes for files (more than 1) work. I ran also into this mistake and I wondered why I didnt got a result.

Maybe you have to use an foreach loop if you have more than 1 file (I have not tried it).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      TrelloWire
      This is a module that allows you to automatically create Trello cards for ProcessWire pages and update them when the pages are updated. This allows you to setup connected workflows. Card properties and change handling behaviour can be customized through the extensive module configuration. Every action the module performs is hookable, so you can modify when and how cards are created as much as you need to. The module also contains an API-component that makes it easy to make requests to the Trello API and build your own connected ProcessWire-Trello workflows.
      Features
      All the things the module can do for you without any custom code: Create a new card on Trello whenever a page is added or published (you can select applicable templates). Configure the target board, target list, name and description for new cards. Add default labels and checklists to the card. Update the card whenever the page is updated (optional). When the status of the card changes (published / unpublished, hidden / unhidden, trashed / restored or deleted), move the card to a different list or archive or delete it (configurable). You can extend this through hooks in many ways: Modifiy when and how cards are created. Modify the card properties (Target board & list, title, description, et c.) before they are sent to Trello. Create your own workflows by utilizing an API helper class with many convenient utility methods to access the Trello API directly. Feedback & Future Plans
      Let me know what you think! In particular:
      If you find any bugs report them here or on Github, I'll try to fix them. This module was born out of a use-case for a client project where we manage new form submissions through Trello. I'm not sure how many use-cases there are for this module. If you do use it, tell me about it! The Trello API is pretty extensive, I'll try to add some more helper methods to the TrelloWireApi class (let me know if you need anything in particular). I'll think about how the module can support different workflows that include Twig – talk to me if you have a use-case! Next steps could be a dashboard to manage pages that are connected to a Trello card, or a new section in the settings tab to manage the Trello connection. But it depends on whether there is any interest in this 🙂 Links
      Repository on Github Complete module documentation (getting started, configuration & API documentation) [Module directory pending approval] Module configuration

    • By MoritzLost
      Process Cache Control
      This module provides a simple solution to clearing all your cache layers at once, and an extensible interface to perform various cache-related actions.
      The simple motivation behind this module was that I was tired of manually clearing caches in several places after deploying a change on a live site. The basic purpose of this module is a simple Clear all caches link in the Setup menu which clears out all caches, no matter where they hide. You can customize what exactly the module does through it's configuration menu:
      Expire or delete all cache entries in the database, or selectively clear caches by namespace ($cache API) Clear the the template render cache. Clear out specific folders inside your site's cache directory (/site/assets/cache) Clear the ProCache page render cache (if your site is using ProCache) Refresh version strings for static assets to bust client-side browser caches (this requires some setup, see the full documentation for details). This is the basic function of the module. However, you can also add different cache management action through the API and execute them through the module's interface. For this advanced usage, the module provides:
      An interface to see all available cache actions and execute them. A system log and logging output on the module page to see verify what the module is doing. A CacheControlTools class with utility functions to clear out different caches. An API to add cache actions, execute them programmatically and even modify the default action. Permission management, allowing you granular control over which user roles can execute which actions. The complete documentation can be found in the module's README.
      Plans for improvements
      If there is some interest in this, I plan to expand this to a more general cache management solution. I particular, I would like to add additional cache actions. Some ideas that came to mind:
      Warming up the template render cache for publicly accessible pages. Removing all active user sessions. Let me know if you have more suggestions!
      Links
      https://github.com/MoritzLost/ProcessCacheControl ProcessCacheControl in the Module directory CHANGELOG in the repository Screenshots


    • By Macrura
      PrevNextTabs Module
      Github: https://github.com/outflux3/PrevNextTabs
      Processwire helper modules for adding page navigation within the editor.
      Overview
      This is a very simple module that adds Previous and Next links inline with the tabs on the page editor. Hovering over the tab shows the title of the previous or next page (using the admin's built in jqueryUI tooltips.)
      Usage
      This module is typically used during development where you or your editors need to traverse through pages for the purpose of proofing, flagging and/or commenting. Rather than returning to the page tree or lister, they can navigate with these links.
      Warnings
      If you are using PW version 2.6.1 or later, the system will prevent you from leaving the page if you have unsaved edits.
      For earlier versions, to avoid accidentally losing changes made to a page that might occur if a user accidentally clicks on one of these, make sure to have the Form Save Reminder module installed.
      http://modules.processwire.com/modules/prev-next-tabs/
    • By Gadgetto
      SnipWire - Snipcart integration for ProcessWire
      Snipcart is a powerful 3rd party, developer-first HTML/JavaScript shopping cart platform. SnipWire is the missing link between Snipcart and the content management framework ProcessWire.
      With SnipWire, you can quickly turn any ProcessWire site into a Snipcart online shop. The SnipWire plugin helps you to get your store up and running in no time. Detailed knowledge of the Snipcart system is not required.
      SnipWire is free and open source licensed under Mozilla Public License 2.0! A lot of work and effort has gone into development. It would be nice if you could donate an amount to support further development:

      Status update links (inside this thread) for SnipWire development
      2020-03-21 -- SnipWire 0.8.5 (beta) released! Improves SnipWires webhooks interface and provides some other fixes and additions 2020-03-03 -- SnipWire 0.8.4 (beta) released! Improves compatibility for Windows based Systems. 2020-03-01 -- SnipWire 0.8.3 (beta) released! The installation and uninstallation process has been heavily revised. 2020-02-08 -- SnipWire 0.8.2 (beta) released! Added a feature to change the cart and catalogue currency by GET, POST or SESSION param 2020-02-03 -- SnipWire 0.8.1 (beta) released! All custom classes moved into their own namespaces. 2020-02-01 -- SnipWire is now available via ProcessWire's module directory! 2020-01-30 -- SnipWire 0.8.0 (beta) first public release! (module just submitted to the PW modules directory) 2020-01-28 -- added Custom Order Fields feature (first SnipWire release version is near!) 2020-01-21 -- Snipcart v3 - when will the new cart system be implemented? 2020-01-19 -- integrated taxes provider finished (+ very flexible shipping taxes handling) 2020-01-14 -- new date range picker, discount editor, order notifiactions, order statuses, and more ... 2019-11-15 -- orders filter, order details, download + resend invoices, refunds 2019-10-18 -- list filters, REST API improvements, new docs platform, and more ... 2019-08-08 -- dashboard interface, currency selector, managing Orders, Customers and Products, Added a WireTabs, refinded caching behavior 2019-06-15 -- taxes provider, shop templates update, multiCURL implementation, and more ... 2019-06-02 -- FieldtypeSnipWireTaxSelector 2019-05-25 -- SnipWire will be free and open source Plugin Key Features
      Fast and simple store setup Full integration of the Snipcart dashboard into the ProcessWire backend (no need to leave the ProcessWire admin area) Browse and manage orders, customers, discounts, abandoned carts, and more Multi currency support Custom order and cart fields Process refunds and send customer notifications from within the ProcessWire backend Process Abandoned Carts + sending messages to customers from within the ProcessWire backend Complete Snipcart webhooks integration (all events are hookable via ProcessWire hooks) Integrated taxes provider (which is more flexible then Snipcart own provider) Useful Links
      SnipWire in PW modules directory SnipWire Docs (please note that the documentation is a work in progress) SnipWire @GitHub (feature requests and suggestions for improvement are welcome - I also accept pull requests) Snipcart Website  
      ---- INITIAL POST FROM 2019-05-25 ----
       
×
×
  • Create New...