Jump to content



Recommended Posts

The module is working quite nicely, but I cannot click on the file in the backend anymore even though I'm superuser and editor, which I gave download from admin rights.

Edit: Would it be possible to look at the ListerPro styling for the field? 

  • Like 1
Link to comment
Share on other sites

The module is working quite nicely, but I cannot click on the file in the backend anymore even though I'm superuser and editor, which I gave download from admin rights.

I can't reproduce this problem here locally, with the latest dev version. Could you tell me the Pw version and Browser? Thanks!

Edit: Would it be possible to look at the ListerPro styling for the field? 

Of course. I also fixed the bug with the help of your solution on GitHub. I'll add some more options to the module and will push everything on GitHub this evening or tomorrow.

Link to comment
Share on other sites

  • 1 month later...

Another problem:

Cannot upload files with the latest version 1.0.1 of secure files.

I have detected that upload of files is no longer possible with this field type in my case. I cannot point out the exact time when this problem starts because I havent upload secure files for a longer time. In the meantime I have updated PW more times. The upload has worked in the past but now I get the error message, that the folder doesnt exist or is not writeable.

I store all the files in the folders var/securefiles and these folders exist:



All folders has the permission 777 for testing purposes

My settings of the input field:


And this is what I got if I had tried to upload a file:


Help would be appreciated

Best regards

Link to comment
Share on other sites

Hi Juergen,

v 1.0.1 works fine here on the latest dev. What version of ProcessWire are you using?

From your screenshots it looks like the "var" folder is inside the root folder of ProcessWire. You should create your folder "securefiles" inside /var/, which lies on the root of your harddisk, outside of the web-root. Not sure if this is the problem, as you pointed out that everything worked before. But the message you're seeing is an exception of my module, thrown here: https://github.com/wanze/FieldtypeSecureFile/blob/master/FieldtypeSecureFile.module#L69

This indicates that the folder does not exist or is not writable.


Link to comment
Share on other sites

Hello Stefan,

I am using the latest dev 2.7.2 and PHP 5+. The var-folder is in the root, but this was not a problem at all.

Here are some screenshots of uploaded files in the past, which are still located in the folder:



As you can see the files are still there.

As I pointed out - the folders have permission 777 (only for testing) so they are writeable in any case and they are still there.

Best regards Jürgen

Link to comment
Share on other sites

Hi Jürgen,

As LostKObrakai says, I guess your FTP programm shows the directory of your web-root as root, so the path you entered in the config is not correct.

The purpose of this module is that the files are stored outside of the web root. From your screenshot it looks like your "var" folder is beside ProcessWire's "site" folder, this would still be inside your web-root.

  • Like 1
Link to comment
Share on other sites

  • 3 months later...

Hello together,

I´m a bit confused about doing the output of the securefile respectively securefiles...
Wanze wrote this code: 
if ($input->get->download == 1) {

Now I'm a little overstrained and need your help.

I build a template at the frontend for secure files and I generate the current output with this code 

$content = $page->body;
$pdffiles = wire("page")->file;
foreach ($pdffiles as $pf) {
    $content .= "<a href='' title='{$pf->name}'>$pf->name</a>  ($pf->filesizeStr)<br />";

but how can I now tell this link which of the secure files the user wants?

This is the current output...


Thank you for any hint
Link to comment
Share on other sites

Hi Ralf,

I would do this by passing the internal position of the file in the array, e.g.

foreach ($pdffiles as $i => $pf) {
    $content .= "<a href='{$page->url}?fid={$i}' title='{$pf->name}'>$pf->name</a>  ($pf->filesizeStr)<br />";

Then you can grab the file with this ID:

if ($input->get->fid) {
  $file = $page->file->eq((int) $input->get->fid);
  if ($file) {


  • Like 1
Link to comment
Share on other sites


That's exactly the key of this module. There is no url associated with each file, hence the secure nature. You can only "request" the file to be sent to the browser by $file->download() in your code. How the user can request the file from the website is up to you, like Wanze showed above.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...


Yep, it also respects the $config->pagefileExtendedPaths setting, e.g. it creates a folder for each page ID or a nested folder structure, if the setting is enabled.


  • Like 4
Link to comment
Share on other sites

  • 1 month later...

hi wanze,

would it be possible to change the markup a little bit? i got a message that my sorting module ( https://processwire.com/talk/topic/13064-inputfieldfile-image-sorting-autosorting/ ) does not work with your securefile fieldtype. the problem is, that my module sorts the files based on the selector:

tinysort(field.find('li.InputfieldFileItem'), {selector:'a.InputfieldFileName', attr:'title', order:direction}); 

and you are modifying this markup here: https://github.com/wanze/FieldtypeSecureFile/blob/master/FieldtypeSecureFile.module#L98

one solution would be to create a different selector for your fieldtype... i failed when trying to find a solution. would it be possible to modify your markup to an anchor:

<a class="InputfieldFileName" title="thefilename.ext">...</a>


  • Like 1
Link to comment
Share on other sites

  • 1 month later...

This might be useful to anyone trying to convert a (single) existing file field to a secure one, while maintaining integrity of other file fields on the same pages.

Put a file with this content in pw's root directory and run it from the terminal:

include "index.php";

// allow for: $ php filename.php fieldName
$fieldName = !empty($argv[1]) ? $argv[1] : 'file';

$field = $fields->get($fieldName);
$usedInTemplates = $field->getTemplates();

$fp = fopen('files.txt', 'w');

// the use() statement allows for both pre and post pw 3.0 usage without change/compiler
$eachPageUncache = function($selector, callable $callback) use ($pages)
	$num = 0;
	$id = 0;
	while (true) {
		$p = $pages->get("{$selector}, id>$id");
		$id = $p->id;
		if(!$id) break;
	return $num;

try {
	// Alternatively use findMany and a foreach on PW 3.0.19+
	$eachPageUncache("template=$usedInTemplates, include=all, check_access=0", function($page) use($fp, $fieldName, $config) {
		$files = $page->getUnformatted($fieldName);
		foreach ($files as $file) {
			$path = str_replace($config->paths->files, '', $file->pathname);
			fwrite($fp, $path . PHP_EOL);
} finally { // PHP 5.5+

Then you can use the created files.txt to copy files to their new location (add --remove-source-files to also remove the source files). 

rsync -v \
--files-from=PW_ROOT_PATH/files.txt \

Switch the file field to be a secure file field and all files should still work.

  • Like 5
Link to comment
Share on other sites

  • 8 months later...

Is it possible to use relative paths in storageLocation? I have different environment on local/live servers and it would be nice to have same value.

Something like this:

//$storageLocation = rtrim($field->get('storageLocation'), '/') . '/';
$storageLocation = realpath($field->get('storageLocation')) . DIRECTORY_SEPARATOR;


  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...


I tried to use realpath but it is failing to resolve my relative paths. How would you expect this to work, would you enter relative paths from the ProcessWire root or the document root?  Could you give an example? Thanks.


Link to comment
Share on other sites

@Wanze I'm using 

$storageLocation = realpath(wire('config')->paths->root . $field->get('storageLocation')) . DIRECTORY_SEPARATOR;



in Storage Location prefs.

And I get "D:\osp\domains\secure_files\" on dev env and "/var/www/sitename/secure_files/" on live.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By kixe
      Field that stores one or more references to ProcessWire pages with additional data in field context.
      Values are editable via page edit modal of the referenced page provided from the field if module AdminPageFieldEditLinks is installed and "Enable link to create new pages?" is checked in field settings.
      Requirements: AdminPageFieldEditLinks >= 3.1.4
      Use case example:
      The planning of the Tonmeistertagung in the CCD (Congress Center Düsseldorf) from November 3rd, 2021 to November 6th, 2021 is in the finalization phase.
      The conference consists of a conference part and an exhibition. The planning is done via a separate frontendless PW instance. There, all companies (pages) that are active at various events are kept in a pool. Changes (address, logo) can always be done there. For the exhibition of the current conference in November, the exhibitor-companies (pages) are selected via a page reference field. A stand number must now be assigned to each selected company (page). We had originally solved this using the Profield FieldtypeTable. However, this had the disadvantage that each entry again made all companies available for selection and did not recognize which were already selected in a previous table row. The new field type now allows the value (company's stand number) to be assigned to a Company (page) in context to a specific Pagefield living in a specific page.
    • By Robin S
      This module lets you add some custom menu items to the main admin menu, and you can set the dropdown links dynamically in a hook if needed.
      Sidenote: the module config uses some repeatable/sortable rows for the child link settings, similar to the ProFields Table interface. The data gets saved as JSON in a hidden textarea field. Might be interesting to other module developers?
      Custom Admin Menus
      Adds up to three custom menu items with optional dropdowns to the main admin menu.
      The menu items can link to admin pages, front-end pages, or pages on external websites.
      The links can be set to open in a new browser tab, and child links in the dropdown can be given an icon.
      Requires ProcessWire v3.0.178 or newer.
      Example of menu items

      Module config for the menus

      Link list shown when parent menu item is not given a URL

      Setting child menu items dynamically
      If needed you can set the child menu items dynamically using a hook.
      $wire->addHookAfter('CustomAdminMenus::getMenuChildren', function(HookEvent $event) { // The menu number is the first argument $menu_number = $event->arguments(0); if($menu_number === 1) { $colours = $event->wire()->pages->findRaw('template=colour', ['title', 'url', 'page_icon']); $children = []; foreach($colours as $colour) { // Each child item should be an array with the following keys $children[] = [ 'icon' => $colour['page_icon'], 'label' => $colour['title'], 'url' => $colour['url'], 'newtab' => false, ]; } $event->return = $children; } }); Create multiple levels of flyout menus
      It's also possible to create multiple levels of flyout submenus using a hook.

      For each level a submenu can be defined in a "children" item. Example:
      $wire->addHookAfter('CustomAdminMenus::getMenuChildren', function(HookEvent $event) { // The menu number is the first argument $menu_number = $event->arguments(0); if($menu_number === 1) { $children = [ [ 'icon' => 'adjust', 'label' => 'One', 'url' => '/one/', 'newtab' => false, ], [ 'icon' => 'anchor', 'label' => 'Two', 'url' => '/two/', 'newtab' => false, 'children' => [ [ 'icon' => 'child', 'label' => 'Red', 'url' => '/red/', 'newtab' => false, ], [ 'icon' => 'bullhorn', 'label' => 'Green', 'url' => '/green/', 'newtab' => false, 'children' => [ [ 'icon' => 'wifi', 'label' => 'Small', 'url' => '/small/', 'newtab' => true, ], [ 'icon' => 'codepen', 'label' => 'Medium', 'url' => '/medium/', 'newtab' => false, ], [ 'icon' => 'cogs', 'label' => 'Large', 'url' => '/large/', 'newtab' => false, ], ] ], [ 'icon' => 'futbol-o', 'label' => 'Blue', 'url' => '/blue/', 'newtab' => true, ], ] ], [ 'icon' => 'hand-o-left', 'label' => 'Three', 'url' => '/three/', 'newtab' => false, ], ]; $event->return = $children; } }); Showing/hiding menus according to user role
      You can determine which menu items can be seen by a role by checking the user's role in the hook.
      For example, if a user has or lacks a role you could include different child menu items in the hook return value. Or if you want to conditionally hide a custom menu altogether you can set the return value to false. Example:
      $wire->addHookAfter('CustomAdminMenus::getMenuChildren', function(HookEvent $event) { // The menu number is the first argument $menu_number = $event->arguments(0); $user = $event->wire()->user; // For custom menu number 1... if($menu_number === 1) { // ...if user does not have some particular role... if(!$user->hasRole('foo')) { // ...do not show the menu $event->return = false; } } });  
    • By tcnet
      This module for ProcessWire sends a notification email for each failed login attempt. Similar modules exists already in the module directory of ProcessWire. However, this module is designed to notify, even if specified user doesn't exist.
      The settings for this module are located in the menu Modules=>Configure=>LoginFailNotifier.
      Notification email
      Specifies the email address to which the notification emails should be sent.
        Email subject
      Specifies the subject line for the notification email.
        Post variables
      Specifies the $_POST variables to be included in the notification email. Each variable must be separated by a comma. For example: login_name,login_pass
        Server variables
      Specifies the $_SERVER variables to be included in the notification email. Each variable must be separated by a comma. For example: REMOTE_ADDR,HTTP_USER_AGENT
      Link to ProcessWire module directory:
      Link to github.com:
    • By Fokke
      ProcessWire 3.x markup module for rendering meta tags in HTML document head section. Note that this module is not a full-blown SEO solution, but rather a simple tool for rendering meta tags based on module configuration. Adding custom meta tags is also supported.
      Built-in meta tags
      The following meta tags are supported out-of-the-box:
      Document title consisting of page title and site name Character set Canonical Viewport Description Keywords Hreflang tags Open Graph og:title og:site_name og:type og:url og:description og:image og:image:width og:image:height Twitter meta tags twitter:card twitter:site twitter:creator twitter:title twitter:description twitter:image Facebook meta tags fb:app_id The full documentation with configurable options can be found here: https://github.com/Fokke-/MarkupMetadata
      ProcessWire>=3.0.0 PHP >=7.1 Installation using Composer
      composer require fokke/markup-metadata Manual installation
      Download latest version from https://github.com/Fokke-/MarkupMetadata/archive/master.zip Extract module files to site/modules/MarkupMetadata directory.
    • By m.sieber
      ITRK-Service for ProcessWire
      Module for the automated transfer of imprint, data protection declaration and terms and conditions from IT-Recht Kanzlei to your ProcessWire installation
      What is ITRK Service for ProcessWire?
      ITRK-Service for ProcessWire is a free module for ProcessWire CMS. It provides an interface to the update service of IT-Recht Kanzlei, via which the legal texts of your online presence are automatically updated. In this way, the texts remain legally secure and warning-proof in the long term. Imprint, data protection declaration, revocation and general terms and conditions are currently supported.
      You can find our documentation (in german language) here: https://www.pupit.de/itrk-service-for-processwire/dokumentation/

      Download: https://www.pupit.de/itrk-service-for-processwire/
      Github: https://github.com/pupit-de/pwItrkServiceConnector
  • Create New...