Jump to content
Wanze

FieldtypeSecureFile

Recommended Posts

Hi all!

Is it possible to use this module on your localhost (Mamp), for testing? Where do you place te folder?

Cheers!

 

Share this post


Link to post
Share on other sites

@Peejay

Of course, it doesn't matter where you place the folder as long as the user running apache has write permission. So for testing purposes, you could also place the folder inside the document root.

Cheers

  • Like 1

Share this post


Link to post
Share on other sites
On 4/13/2017 at 10:03 AM, Wanze said:

@Peejay

Of course, it doesn't matter where you place the folder as long as the user running apache has write permission. So for testing purposes, you could also place the folder inside the document root.

Cheers

Your solution worked! I wil see what happens when I place the website online.

 

I found a little issue:

The download link doesn't work when the secure fieldtype is used in the user template file. 

You get this link: {your site}admin/access/users/?id=41&ftsd=document_1.pdf (-> then you go to the users list)

But when je place "edit" after users/, the download link works!: {your site}admin/access/users/edit/?id=41&ftsd=document_1.pdf

Cheers! 

Share this post


Link to post
Share on other sites

I needed a way for the files to not force download, so that admin users can quickly view a document in their browser;

i added this to the hookDownloadFile() method:

$options = [];
if($this->wire('input')->get('view')) {
   $options['forceDownload'] = false;
}

and then added options to the download:

$file->download($options); // Access check performed by this method

up in the hookRenderItem i added this:

$segments['view'] = 1;
$link = $this->wire('page')->url . '?' . http_build_query($segments);
$markup .= " | <a href='{$link}' target='_blank'><i class='fa fa-eye'></i> " . $this->_('View File') . "</a>";
$markup .= "</div>";

so now the file looks like this:

view_file.jpg.844bb9bb968564498c1847d5eb41ebc2.jpg

It would be cool to consider adding this functionality, since it can't always be assumed that the files should force download; maybe it needs to be a config option where you choose the behavior or opt in for download and/or view links...

  • Like 2
  • Thanks 2

Share this post


Link to post
Share on other sites

Also, for the field to work in lister/lister pro, some additional changes needed to be made to how the links to the download are formed; this is the complete hookRenderItem method; so basically instead of referencing the page being edited, it would need to reference the $pagefile->page; then since the editUrl already has the id, you don't need to have that in the $segments array.. this works now in listers if you show a secure files field, when it renders in the list you can click on the item to download/view the file...

    public function hookRenderItem(HookEvent $event)
    {
        /** @var PagefileSecure $pagefile */
        $pagefile = $event->arguments('pagefile');
        if (!$pagefile instanceof PagefileSecure) {
            return;
        }
        $markup = $event->return;
        $markup = preg_replace("/<a class='InputfieldFileName'[^>]*>(.*)<\/a>/", "$1", $markup);
        if ($pagefile->field->get('allowDownloadInAdmin') && $pagefile->isDownloadable()) {
            $segments = array(
                //'id' => $this->wire('input')->get('id'),
                self::GET_VAR_DOWNLOAD => urlencode($pagefile->basename),
            );
            //$link = $this->wire('page')->url . '?' . http_build_query($segments);
            $link = $pagefile->page->editUrl . '&' . http_build_query($segments);
            $markup .= "<div class='FieldtypeSecureFileDownload InputfieldFileData'><a href='{$link}'><i class='fa fa-download'></i> " . $this->_('Download File') . "</a>";

            $segments['view'] = 1;
            //$link = $this->wire('page')->url . '?' . http_build_query($segments);
            $link = $pagefile->page->editUrl . '&' . http_build_query($segments);
            $markup .= " | <a href='{$link}' target='_blank'><i class='fa fa-eye'></i> " . $this->_('View File') . "</a>";
            $markup .= "</div>";
        }
        $event->return = $markup;
    }

after additional testing, i can consider forking and pull request, but wanted to run this by here on the forum first..  also haven't setup a module config to account for the showing pref (view and or download).. will possibly get to that soon..

  • Like 2

Share this post


Link to post
Share on other sites

@Macrura

Muchas gracias for your additions! Could you open a pull request against the "dev" branch? I would like to integrate your features :)

Cheers

  • Like 1

Share this post


Link to post
Share on other sites

A little information for the observers here: The feature to view a secret file beside the forced download is now available in version 1.0.3. Thanks @Macrura!

I introduced an additional setting on field level to toggle the "View" possibility.

Cheers

  • Like 2

Share this post


Link to post
Share on other sites

Try to add PW namespace at the very top of the .module file:

<?php namespace ProcessWire;

Lots of older modules can be made PW3-compatible that way... worth a try anyway.

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, pwfans said:

Make it compatible to pw 3.x please ..

@pwfans

i have it running well on a large PW3 site. Did you run into some problem? I didn't need to add any namespace or do anything in particular, it just works.

  • Like 2

Share this post


Link to post
Share on other sites

hey @Wanze I stumbled into an issue after updating the module I ran into some time ago before deploying a site on a Windows 2008 server.

The issue is described there

 

And the fix there :

 

 

Each time I don't remember where the issue come from and I have to google it and re-read my thread.

Are willing to accept a PR ?

 

  • Like 1

Share this post


Link to post
Share on other sites

Hello, I'm trying to make this module to work but It seems that my Processwire knowledge is not enough to make it work.

I have a user profile with some pdf files that I need to be secured for every user. Only the owner can dowload his/her own files.

So, I added the custom field 'profile-contract' to the system user template, so far so good.

The secure file module is saving the files outside of the document root.

Now I have created a new template in the front end (profile.php) so users can download their files and access other information about their profile.

I have been using this:

$user->profile_name, $user->birth_date etc to access custom field data from the user template and printed to the profile.php template

The question is how can I make a link to download a secured file stored in the user system template?, in this case a custom field named $user->profile_contract in to the profile.php template

Thank you.

 

 

 

Edited by Krlos
Typo

Share this post


Link to post
Share on other sites
On 8/14/2018 at 7:53 PM, Krlos said:

The question is how can I make a link to download a secured file stored in the user system template?, in this case a custom field named $user->profile_contract in to the profile.php template

@Krlos You can echo a link to the external file like that (I might not understood all the issue...) :

echo $user->profile_contract->first()->filename;

 

To offer a download to your client, check this tutorial and adapt it for your needs (credit: @jmartsch) : https://jensmartsch.de/blog/simple-file-downloads-with-processwire/

  • Like 1

Share this post


Link to post
Share on other sites

Hello Again!

I was able to make this module work... but now my client wants to open the PDF file on a lightbox or something so users don't need to download and open the files everytime.

I have tried many things but browers allways open download prompt, there is a way I can alter the behavior?

Much appreciated

 

Share this post


Link to post
Share on other sites

AFAIK, this is a browser specific setting, that you hardly can override if you only serve a download link.

But if you use a service like g**gle docs, it should work: https://nogajski.de/autosoftproof/ (the last link in the list)

Share this post


Link to post
Share on other sites
2 hours ago, Krlos said:

I have tried many things but browers allways open download prompt, there is a way I can alter the behavior?

there is, at least in the dev branch (not sure if it was committed to main)  – there should be a download file, and a view file option.

and if you are serving the file, make sure to supply the $options, with ['forceDownload'] => false

Share this post


Link to post
Share on other sites
1 hour ago, Macrura said:

$options, with ['forceDownload'] => false

That is exactly what cannot override the customers private browser setting for file downloads of type PDF. If you serve a file of type PDF you can tell the browser "your wishes", but every individual browser may have its own preferences that cannot be overridden.

I had understand that it should be not downloaded but directly shown as document, what only can be asured if you also provide the app for displaying the doc, as you don't know if a browser has a setting that enables such a behave.

Share this post


Link to post
Share on other sites
2 minutes ago, horst said:

That is exactly what cannot override the customers private browser setting for file downloads of type PDF. If you serve a file of type PDF you can tell the browser "your wishes", but every individual browser may have its own preferences that cannot be overridden.

Exactly, I know about this.

Could be posible to capture the download file and open it in pdf.js for example?

Right now I'm using secure file like this:

I pass the file ID to a download template where it queries and serve the file.

I was experimenting with Fancybox, usign this code:

<a data-fancybox data-type="iframe" data-src="download/?=fid" href="javascript:;">
    Sample PDF file 
</a>

If I use a hardcoded or a relative pdf url it woks, but as SecureFile has no URL (As far as I know) I'm getting an error not found.

Share this post


Link to post
Share on other sites

The download url is the $page editor, with some parameters; the person accessing the file needs the correct role/perms

the file has to be delivered to the browser, since it is in a non-web accessible location.

Share this post


Link to post
Share on other sites

When setting description fields to 0 the download links are not displayed in backend.

ProcessWire 3.0.98

 

 

 

Share this post


Link to post
Share on other sites
On 9/3/2018 at 2:37 PM, NorbertH said:

When setting description fields to 0 the download links are not displayed in backend.

ProcessWire 3.0.98

 

 

 

Same here. Any chance of a fix @Wanze. I use this module a lot.

Share this post


Link to post
Share on other sites

I was not able to make this work on due to the following issue: 

 ProcessWire: ProcessUser: Secure File: Path '/' does not exist or is not writeable

I have tried multiple directories and approaches to change permissions, but PW could simply not find the path I specified with pwd. I am running the local server on Processwire 3.0.148.

Any suggestions?

Share this post


Link to post
Share on other sites
31 minutes ago, Testic said:

 ProcessWire: ProcessUser: Secure File: Path '/' does not exist or is not writeable

U need absolute/relative filepath but not url. Ex: /var/www/secure/ or c:\www\secure or something like ./../secure if U use windows local server and linux production server

  • Like 3

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By bernhard
      --- Please use RockFinder3 ---
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory (pending approval) If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      Since 0.0.4, instructions and changelog can be found in the README only. You can find it here  🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github, thanks!
    • By MoritzLost
      Sorry for the convoluted title. I have a problem with Process modules that define a custom page using the page key through getModuleInfo (as demonstrated in this excellent tutorial by @bernhard). Those pages are created automatically when the module is installed. The problem is that the title of the page only gets set in the current language. That's not a problem if the current language (language of the superuser who is installing the module) is the default language; if it isn't, the Process page is missing a title in the default language. This has the very awkward effect that a user using the backend in the default language (or any other language) will see an empty entry in the setup menu:

      This screenshot comes from my Cache Control module which includes a Process page. Now I realize the description sounds obscure, but for us it's a common setup: We a multiple bilingual sites where the default language is German and the second language is English. While the clients use the CMS in German, as a developer I prefer the English interface, so whenever I install a Process module I get this problem.
      As a module author, is there a way to handle this situation? I guess it would be possible to use post-installation hooks or create the pages manually, but I very much prefer the declarative approach. The page title is already translatable (through the __ function), but of course at the time of installation there is no translation, and as far as I'm aware it's not possible to ship translations with a module so they are used automatically. Could this situation be handled better in the core? I would prefer if the module installation process would always set the title of the Process page in the default language, instead of the language of the current user.
×
×
  • Create New...