Jump to content



Recommended Posts

The module is working quite nicely, but I cannot click on the file in the backend anymore even though I'm superuser and editor, which I gave download from admin rights.

Edit: Would it be possible to look at the ListerPro styling for the field? 

  • Like 1
Link to comment
Share on other sites

The module is working quite nicely, but I cannot click on the file in the backend anymore even though I'm superuser and editor, which I gave download from admin rights.

I can't reproduce this problem here locally, with the latest dev version. Could you tell me the Pw version and Browser? Thanks!

Edit: Would it be possible to look at the ListerPro styling for the field? 

Of course. I also fixed the bug with the help of your solution on GitHub. I'll add some more options to the module and will push everything on GitHub this evening or tomorrow.

Link to comment
Share on other sites

  • 1 month later...

Another problem:

Cannot upload files with the latest version 1.0.1 of secure files.

I have detected that upload of files is no longer possible with this field type in my case. I cannot point out the exact time when this problem starts because I havent upload secure files for a longer time. In the meantime I have updated PW more times. The upload has worked in the past but now I get the error message, that the folder doesnt exist or is not writeable.

I store all the files in the folders var/securefiles and these folders exist:



All folders has the permission 777 for testing purposes

My settings of the input field:


And this is what I got if I had tried to upload a file:


Help would be appreciated

Best regards

Link to comment
Share on other sites

Hi Juergen,

v 1.0.1 works fine here on the latest dev. What version of ProcessWire are you using?

From your screenshots it looks like the "var" folder is inside the root folder of ProcessWire. You should create your folder "securefiles" inside /var/, which lies on the root of your harddisk, outside of the web-root. Not sure if this is the problem, as you pointed out that everything worked before. But the message you're seeing is an exception of my module, thrown here: https://github.com/wanze/FieldtypeSecureFile/blob/master/FieldtypeSecureFile.module#L69

This indicates that the folder does not exist or is not writable.


Link to comment
Share on other sites

Hello Stefan,

I am using the latest dev 2.7.2 and PHP 5+. The var-folder is in the root, but this was not a problem at all.

Here are some screenshots of uploaded files in the past, which are still located in the folder:



As you can see the files are still there.

As I pointed out - the folders have permission 777 (only for testing) so they are writeable in any case and they are still there.

Best regards Jürgen

Link to comment
Share on other sites

Hi Jürgen,

As LostKObrakai says, I guess your FTP programm shows the directory of your web-root as root, so the path you entered in the config is not correct.

The purpose of this module is that the files are stored outside of the web root. From your screenshot it looks like your "var" folder is beside ProcessWire's "site" folder, this would still be inside your web-root.

  • Like 1
Link to comment
Share on other sites

  • 3 months later...

Hello together,

I´m a bit confused about doing the output of the securefile respectively securefiles...
Wanze wrote this code: 
if ($input->get->download == 1) {

Now I'm a little overstrained and need your help.

I build a template at the frontend for secure files and I generate the current output with this code 

$content = $page->body;
$pdffiles = wire("page")->file;
foreach ($pdffiles as $pf) {
    $content .= "<a href='' title='{$pf->name}'>$pf->name</a>  ($pf->filesizeStr)<br />";

but how can I now tell this link which of the secure files the user wants?

This is the current output...


Thank you for any hint
Link to comment
Share on other sites

Hi Ralf,

I would do this by passing the internal position of the file in the array, e.g.

foreach ($pdffiles as $i => $pf) {
    $content .= "<a href='{$page->url}?fid={$i}' title='{$pf->name}'>$pf->name</a>  ($pf->filesizeStr)<br />";

Then you can grab the file with this ID:

if ($input->get->fid) {
  $file = $page->file->eq((int) $input->get->fid);
  if ($file) {


  • Like 1
Link to comment
Share on other sites


That's exactly the key of this module. There is no url associated with each file, hence the secure nature. You can only "request" the file to be sent to the browser by $file->download() in your code. How the user can request the file from the website is up to you, like Wanze showed above.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...


Yep, it also respects the $config->pagefileExtendedPaths setting, e.g. it creates a folder for each page ID or a nested folder structure, if the setting is enabled.


  • Like 4
Link to comment
Share on other sites

  • 1 month later...

hi wanze,

would it be possible to change the markup a little bit? i got a message that my sorting module ( https://processwire.com/talk/topic/13064-inputfieldfile-image-sorting-autosorting/ ) does not work with your securefile fieldtype. the problem is, that my module sorts the files based on the selector:

tinysort(field.find('li.InputfieldFileItem'), {selector:'a.InputfieldFileName', attr:'title', order:direction}); 

and you are modifying this markup here: https://github.com/wanze/FieldtypeSecureFile/blob/master/FieldtypeSecureFile.module#L98

one solution would be to create a different selector for your fieldtype... i failed when trying to find a solution. would it be possible to modify your markup to an anchor:

<a class="InputfieldFileName" title="thefilename.ext">...</a>


  • Like 1
Link to comment
Share on other sites

  • 1 month later...

This might be useful to anyone trying to convert a (single) existing file field to a secure one, while maintaining integrity of other file fields on the same pages.

Put a file with this content in pw's root directory and run it from the terminal:

include "index.php";

// allow for: $ php filename.php fieldName
$fieldName = !empty($argv[1]) ? $argv[1] : 'file';

$field = $fields->get($fieldName);
$usedInTemplates = $field->getTemplates();

$fp = fopen('files.txt', 'w');

// the use() statement allows for both pre and post pw 3.0 usage without change/compiler
$eachPageUncache = function($selector, callable $callback) use ($pages)
	$num = 0;
	$id = 0;
	while (true) {
		$p = $pages->get("{$selector}, id>$id");
		$id = $p->id;
		if(!$id) break;
	return $num;

try {
	// Alternatively use findMany and a foreach on PW 3.0.19+
	$eachPageUncache("template=$usedInTemplates, include=all, check_access=0", function($page) use($fp, $fieldName, $config) {
		$files = $page->getUnformatted($fieldName);
		foreach ($files as $file) {
			$path = str_replace($config->paths->files, '', $file->pathname);
			fwrite($fp, $path . PHP_EOL);
} finally { // PHP 5.5+

Then you can use the created files.txt to copy files to their new location (add --remove-source-files to also remove the source files). 

rsync -v \
--files-from=PW_ROOT_PATH/files.txt \

Switch the file field to be a secure file field and all files should still work.

  • Like 5
Link to comment
Share on other sites

  • 8 months later...

Is it possible to use relative paths in storageLocation? I have different environment on local/live servers and it would be nice to have same value.

Something like this:

//$storageLocation = rtrim($field->get('storageLocation'), '/') . '/';
$storageLocation = realpath($field->get('storageLocation')) . DIRECTORY_SEPARATOR;


  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...


I tried to use realpath but it is failing to resolve my relative paths. How would you expect this to work, would you enter relative paths from the ProcessWire root or the document root?  Could you give an example? Thanks.


Link to comment
Share on other sites

@Wanze I'm using 

$storageLocation = realpath(wire('config')->paths->root . $field->get('storageLocation')) . DIRECTORY_SEPARATOR;



in Storage Location prefs.

And I get "D:\osp\domains\secure_files\" on dev env and "/var/www/sitename/secure_files/" on live.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By monollonom
      (once again I was surprised to see a work of mine pop up in the newsletter, this time without even listing the module on PW modules website 😅. Thx @teppo !)
      Github: https://github.com/romaincazier/FieldtypeQRCode
      Modules directory: https://processwire.com/modules/fieldtype-qrcode/
      A simple fieldtype generating a QR Code from the public URL of the page, and more.
      Using the PHP library QR Code Generator by Kazuhiko Arase.

      In the field’s Details tab you can change between .gif or .svg formats. If you select .svg you will have the option to directly output the markup instead of a base64 image. SVG is the default.
      You can also change what is used to generate the QR code and even have several sources. The accepted sources (separated by a comma) are: httpUrl, editUrl, or the name of any text/URL/file/image field.
      If LanguageSupport is installed the compatible sources (httpUrl, text field, ...) will return as many QR codes as there are languages. Note however that when outputting on the front-end, only the languages visible to the user will be generated.
      Unformatted value
      When using $page->getUnformatted("qrcode_field") it returns an array with the following structure:
      [ [ "label" => string, // label used in the admin "qr" => string, // the qrcode image "source" => string, // the source, as defined in the configuration "text" => string // and the text used to generate the qrcode ], ... ] Formatted value
      The formatted value is an <img>/<svg> (or several right next to each other). There is no other markup.
      Should you need the same markup as in the admin you could use:
      $field = $fields->get("qrcode_field"); $field->type->markupValue($page, $field, $page->getUnformatted("qrcode_field")); But it’s a bit cumbersome, plus you need to import the FieldtypeQRCode's css/js. Best is to make your own markup using the unformatted value.
      Static QR code generator
      You can call FieldtypeQRCode::generateQRCode to generate any QR code you want. Its arguments are:
      string $text bool $svg Generate the QR code as svg instead of gif ? (default=true) bool $markup If svg, output its markup instead of a base64 ? (default=false) Hooks
      Please have a look at the source code for more details about the hookable functions.
      $wire->addHookAfter("FieldtypeQRCode::getQRText", function($event) { $page = $event->arguments("page"); $event->return = $page->title; // or could be: $event->return = "Your custom text"; }) $wire->addHookAfter("FieldtypeQRCode::generateQRCodes", function($event) { $qrcodes = $event->return; // keep everything except the QR codes generated from editUrl foreach($qrcodes as $key => &$qrcode) { if($qrcode["source"] === "editUrl") { unset($qrcodes[$key]); } } unset($qrcode); $event->return = $qrcodes; })
    • By Sebi
      AppApiFile adds the /file endpoint to the AppApi routes definition. Makes it possible to query files via the api. 
      This module relies on the base module AppApi, which must be installed before AppApiFile can do its work.
      You can access all files that are uploaded at any ProcessWire page. Call api/file/route/in/pagetree?file=test.jpg to access a page via its route in the page tree. Alternatively you can call api/file/4242?file=test.jpg (e.g.,) to access a page by its id. The module will make sure that the page is accessible by the active user.
      The GET-param "file" defines the basename of the file which you want to get.
      The following GET-params (optional) can be used to manipulate an image:
      width height maxwidth maxheight cropX cropY Use GET-Param format=base64 to receive the file in base64 format.
    • By MarkE
      This fieldtype and inputfield bundle was built for storing measurement values within a field, rendering them in a variety of formats and converting them to other units or otherwise modifying them via the API.
      The API consists of a number of predefined functions, some of which include...
      render() for rendering the measurement object, valueAs() for converting the value to another unit value, convertTo() for converting the whole measurement object to different units, and add() and subtract() for for modifying the stored value by the value (converted as required) in another measurement. In the admin the inputfield includes a checkbox (which can be optionally disabled) for converting values on page save. For an example if a value was typed in as centimeters, the unit was changed to metres, and the page saved with this checkbox selected, said value would be automatically converted so that e.g. 170 cm becomes 1.7 m.

      A simple length field using Fieldtype Measurement and Inputfield Measurement.
      Combination units (e.g. feet and inches) are also supported.
      Please note that this module is 'proof of concept' at the moment - there are limited units available and quite a lot of code tidying to do. More units will be added shortly.
      See the GitHub at https://github.com/MetaTunes/FieldtypeMeasurement for full details and updates.
    • By tcnet
      File Manager for ProcessWire is a module to manager files and folders from the CMS backend. It supports creating, deleting, renaming, packing, unpacking, uploading, downloading and editing of files and folders. The integrated code editor ACE supports highlighting of all common programming languages.

      This module is probably the most powerful module. You might destroy your processwire installation if you don't exactly know what you doing. Be careful and use it at your own risk!
      ACE code editor
      This module uses ACE code editor available from: https://github.com/ajaxorg/ace

      This module uses the JavaScript dragscroll available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability to drag the table horizontally with the mouse pointer.
      PHP File Manager
      This module uses a modified version of PHP File Manager available from: https://github.com/alexantr/filemanager
    • By tcnet
      This module implements the website live chat service from tawk.to. Actually the module doesn't have to do much. It just need to inserted a few lines of JavaScript just before the closing body tag </body> on each side. However, the module offers additional options to display the widget only on certain pages.
      Create an account
      Visit https://www.tawk.to and create an account. It's free! At some point you will reach a page where you can copy the required JavaScript-code.

      Open the module settings and paste the JavaScript-code into the field as shown below. Click "Submit" and that's all.

      Open the module settings
      The settings for this module are located int the menu Modules=>Configure=>LiveChatTawkTo.

  • Create New...