Jump to content

FieldtypeSecureFile


Recommended Posts

@Peejay

Of course, it doesn't matter where you place the folder as long as the user running apache has write permission. So for testing purposes, you could also place the folder inside the document root.

Cheers

  • Like 1
Link to post
Share on other sites
On 4/13/2017 at 10:03 AM, Wanze said:

@Peejay

Of course, it doesn't matter where you place the folder as long as the user running apache has write permission. So for testing purposes, you could also place the folder inside the document root.

Cheers

Your solution worked! I wil see what happens when I place the website online.

 

I found a little issue:

The download link doesn't work when the secure fieldtype is used in the user template file. 

You get this link: {your site}admin/access/users/?id=41&ftsd=document_1.pdf (-> then you go to the users list)

But when je place "edit" after users/, the download link works!: {your site}admin/access/users/edit/?id=41&ftsd=document_1.pdf

Cheers! 

Link to post
Share on other sites
  • 6 months later...

I needed a way for the files to not force download, so that admin users can quickly view a document in their browser;

i added this to the hookDownloadFile() method:

$options = [];
if($this->wire('input')->get('view')) {
   $options['forceDownload'] = false;
}

and then added options to the download:

$file->download($options); // Access check performed by this method

up in the hookRenderItem i added this:

$segments['view'] = 1;
$link = $this->wire('page')->url . '?' . http_build_query($segments);
$markup .= " | <a href='{$link}' target='_blank'><i class='fa fa-eye'></i> " . $this->_('View File') . "</a>";
$markup .= "</div>";

so now the file looks like this:

view_file.jpg.844bb9bb968564498c1847d5eb41ebc2.jpg

It would be cool to consider adding this functionality, since it can't always be assumed that the files should force download; maybe it needs to be a config option where you choose the behavior or opt in for download and/or view links...

  • Like 2
  • Thanks 2
Link to post
Share on other sites

Also, for the field to work in lister/lister pro, some additional changes needed to be made to how the links to the download are formed; this is the complete hookRenderItem method; so basically instead of referencing the page being edited, it would need to reference the $pagefile->page; then since the editUrl already has the id, you don't need to have that in the $segments array.. this works now in listers if you show a secure files field, when it renders in the list you can click on the item to download/view the file...

    public function hookRenderItem(HookEvent $event)
    {
        /** @var PagefileSecure $pagefile */
        $pagefile = $event->arguments('pagefile');
        if (!$pagefile instanceof PagefileSecure) {
            return;
        }
        $markup = $event->return;
        $markup = preg_replace("/<a class='InputfieldFileName'[^>]*>(.*)<\/a>/", "$1", $markup);
        if ($pagefile->field->get('allowDownloadInAdmin') && $pagefile->isDownloadable()) {
            $segments = array(
                //'id' => $this->wire('input')->get('id'),
                self::GET_VAR_DOWNLOAD => urlencode($pagefile->basename),
            );
            //$link = $this->wire('page')->url . '?' . http_build_query($segments);
            $link = $pagefile->page->editUrl . '&' . http_build_query($segments);
            $markup .= "<div class='FieldtypeSecureFileDownload InputfieldFileData'><a href='{$link}'><i class='fa fa-download'></i> " . $this->_('Download File') . "</a>";

            $segments['view'] = 1;
            //$link = $this->wire('page')->url . '?' . http_build_query($segments);
            $link = $pagefile->page->editUrl . '&' . http_build_query($segments);
            $markup .= " | <a href='{$link}' target='_blank'><i class='fa fa-eye'></i> " . $this->_('View File') . "</a>";
            $markup .= "</div>";
        }
        $event->return = $markup;
    }

after additional testing, i can consider forking and pull request, but wanted to run this by here on the forum first..  also haven't setup a module config to account for the showing pref (view and or download).. will possibly get to that soon..

  • Like 2
Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...

A little information for the observers here: The feature to view a secret file beside the forced download is now available in version 1.0.3. Thanks @Macrura!

I introduced an additional setting on field level to toggle the "View" possibility.

Cheers

  • Like 2
Link to post
Share on other sites
  • 4 months later...

Try to add PW namespace at the very top of the .module file:

<?php namespace ProcessWire;

Lots of older modules can be made PW3-compatible that way... worth a try anyway.

  • Like 1
Link to post
Share on other sites
6 hours ago, pwfans said:

Make it compatible to pw 3.x please ..

@pwfans

i have it running well on a large PW3 site. Did you run into some problem? I didn't need to add any namespace or do anything in particular, it just works.

  • Like 2
Link to post
Share on other sites

hey @Wanze I stumbled into an issue after updating the module I ran into some time ago before deploying a site on a Windows 2008 server.

The issue is described there

 

And the fix there :

 

 

Each time I don't remember where the issue come from and I have to google it and re-read my thread.

Are willing to accept a PR ?

 

  • Like 1
Link to post
Share on other sites
  • 3 months later...

Hello, I'm trying to make this module to work but It seems that my Processwire knowledge is not enough to make it work.

I have a user profile with some pdf files that I need to be secured for every user. Only the owner can dowload his/her own files.

So, I added the custom field 'profile-contract' to the system user template, so far so good.

The secure file module is saving the files outside of the document root.

Now I have created a new template in the front end (profile.php) so users can download their files and access other information about their profile.

I have been using this:

$user->profile_name, $user->birth_date etc to access custom field data from the user template and printed to the profile.php template

The question is how can I make a link to download a secured file stored in the user system template?, in this case a custom field named $user->profile_contract in to the profile.php template

Thank you.

 

 

 

Edited by Krlos
Typo
Link to post
Share on other sites
On 8/14/2018 at 7:53 PM, Krlos said:

The question is how can I make a link to download a secured file stored in the user system template?, in this case a custom field named $user->profile_contract in to the profile.php template

@Krlos You can echo a link to the external file like that (I might not understood all the issue...) :

echo $user->profile_contract->first()->filename;

 

To offer a download to your client, check this tutorial and adapt it for your needs (credit: @jmartsch) : https://jensmartsch.de/blog/simple-file-downloads-with-processwire/

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...

Hello Again!

I was able to make this module work... but now my client wants to open the PDF file on a lightbox or something so users don't need to download and open the files everytime.

I have tried many things but browers allways open download prompt, there is a way I can alter the behavior?

Much appreciated

 

Link to post
Share on other sites
2 hours ago, Krlos said:

I have tried many things but browers allways open download prompt, there is a way I can alter the behavior?

there is, at least in the dev branch (not sure if it was committed to main)  – there should be a download file, and a view file option.

and if you are serving the file, make sure to supply the $options, with ['forceDownload'] => false

Link to post
Share on other sites
1 hour ago, Macrura said:

$options, with ['forceDownload'] => false

That is exactly what cannot override the customers private browser setting for file downloads of type PDF. If you serve a file of type PDF you can tell the browser "your wishes", but every individual browser may have its own preferences that cannot be overridden.

I had understand that it should be not downloaded but directly shown as document, what only can be asured if you also provide the app for displaying the doc, as you don't know if a browser has a setting that enables such a behave.

Link to post
Share on other sites
2 minutes ago, horst said:

That is exactly what cannot override the customers private browser setting for file downloads of type PDF. If you serve a file of type PDF you can tell the browser "your wishes", but every individual browser may have its own preferences that cannot be overridden.

Exactly, I know about this.

Could be posible to capture the download file and open it in pdf.js for example?

Right now I'm using secure file like this:

I pass the file ID to a download template where it queries and serve the file.

I was experimenting with Fancybox, usign this code:

<a data-fancybox data-type="iframe" data-src="download/?=fid" href="javascript:;">
    Sample PDF file 
</a>

If I use a hardcoded or a relative pdf url it woks, but as SecureFile has no URL (As far as I know) I'm getting an error not found.

Link to post
Share on other sites

The download url is the $page editor, with some parameters; the person accessing the file needs the correct role/perms

the file has to be delivered to the browser, since it is in a non-web accessible location.

Link to post
Share on other sites
  • 2 months later...
  • 11 months later...
  • 3 months later...

I was not able to make this work on due to the following issue: 

 ProcessWire: ProcessUser: Secure File: Path '/' does not exist or is not writeable

I have tried multiple directories and approaches to change permissions, but PW could simply not find the path I specified with pwd. I am running the local server on Processwire 3.0.148.

Any suggestions?

Link to post
Share on other sites
31 minutes ago, Testic said:

 ProcessWire: ProcessUser: Secure File: Path '/' does not exist or is not writeable

U need absolute/relative filepath but not url. Ex: /var/www/secure/ or c:\www\secure or something like ./../secure if U use windows local server and linux production server

  • Like 3
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By monollonom
      (once again I was surprised to see a work of mine pop up in the newsletter, this time without even listing the module on PW modules website 😅. Thx @teppo !)
      Github: https://github.com/romaincazier/FieldtypeQRCode
      Modules directory: https://processwire.com/modules/fieldtype-qrcode/
      This is a simple module I made so a client could quickly grab a QR Code of the page's url in the admin.
      There's not much to it for now, but if need be you can output anything using a hook:
      $wire->addHookAfter("FieldtypeQRCode::getQRText", function($event) { $event->return = "Your custom text"; }) You can also output the QR code on your front-end by calling the field:
      echo $page->qr_code_field; The module uses the PHP library QR Code Generator by Kazuhiko Arase. When looking for a way to generate a QR Code in PW I came across @ryan's integration in his TFA module. I'm not very familiar with fieldtype/inputfield module development so I blindly followed @bernhard (great) tutorial and his BaseFieldtypeRuntime. At some point I'll take a deeper look to make a module on my own.
      Some ideas for improvements :
      add the ability to choose what to ouput : page's url / editUrl / file(s) / image(s) / ... allow to output multiple QR codes ?
    • By Chris Bennett
      https://github.com/chrisbennett-Bene/AdminThemeTweaker
      Inspired by @bernhard's excellent work on the new customisable LESS CSS getting rolled into the core soon, I thought I would offer up the module for beta testing, if it is of interest to anyone.

      It takes a different approach to admin styling, basically using the Cascade part of CSS to over-ride default UiKit values.
      Values are stored in ModuleConfig Module creates a separate AdminThemeTweaker Folder at root, so it can link to AdminThemeTweaker.php as CSS AdminThemeTweaker.php reads the module values, constructs the CSS variables then includes the CSS framework Can be switched on and off with a click. Uninstall removes everything, thanks to bernhard's wonderful remove dir & contents function.
      It won't touch your core. It won't care if stuff is upgraded. You won't need to compile anything and you don't need to touch CSS unless you want to.

      It won't do much at all apart from read some values from your module config, work out the right CSS variables to use (auto contrast based on selected backgrounds) and throw it on your screen.
      You can configure a lot of stuff, leave it as it comes (dark and curvy), change two main colors (background and content background) or delve deep to configure custom margins, height of mastheads, and all manner of silly stuff I never use.

      Have been developing it for somewhere around 2 years now. It has been (and will continue to be) constantly tweaked over that time, as I click on something and find something else to do.
      That said, it is pretty solid and has been in constant use as my sole Admin styling option for all of those 2 years.

      If nothing else, it would be great if it can provide any assistance to @bernhard or other contributor's who may be looking to solve some of the quirkier UiKit behavior.
      Has (in my opinion) more robust and predictable handling of hidden Inputfields, data-colwidths and showIf wrappers.
      I am very keen to help out with that stuff in any way I can, though LESS (and any css frameworks/tools basically) are not my go.
      I love CSS variables and banging-rocks-together, no-dependency CSS you can write with notepad.



       

    • By opalepatrick
      I see old posts saying that repeaters are not the way to go in Custom Process Modules. If that is the case, when using forms (as I am trying to do) how would one tackle things like repeat contact fields where there can be multiple requirements for contact details with different parameters? (Like point of contact, director, etc) or even telephone numbers that have different uses?
      Just for background I am creating a process module that allows me to create types of financial applications in the admin area (no need to publish any of this, pure admin) that require a lot of personal or company information.
      Maybe I am thinking about this incorrectly?
    • By HMCB
      I ran across a reference to IftRunner module. The post was 6 years ago. I cant find it in available modules. Has it been pulled?
    • By tcnet
      PageViewStatistic for ProcessWire is a module to log page visits of the CMS. The records including some basic information like IP-address, browser, operating system, requested page and originate page. Please note that this module doesn't claim to be the best or most accurate.
      Advantages
      One of the biggest advantage is that this module doesn't require any external service like Google Analytics or similar. You don't have to modify your templates either. There is also no Javascript or image required.
      Disadvantages
      There is only one disadvantage. This module doesn't record visits if the browser loads the page from its browser cache. To prevent the browser from loading the page from its cache, add the following meta tags to the header of your page:
      <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Expires" content="0" /> How to use
      The records can be accessed via the Setup-menu of the CMS backend. The first dropdown control changes the view mode.

      Detailed records
      View mode "Detailed records" shows all visits of the selected day individually with IP-address, browser, operating system, requested page and originate page. Click the update button to see new added records.

      Cached visitor records
      View modes other than "Detailed records" are cached visitor counts which will be collected on a daily basis from the detailed records. This procedure ensures a faster display even with a large number of data records. Another advantage is that the detailed records can be deleted while the cache remains. The cache can be updated manually or automatically in a specified time period. Multiple visits from the same IP address on the same day are counted as a single visitor.

      Upgrade from older versions
      Cached visitor counts is new in version 1.0.8. If you just upgraded from an older version you might expire a delay or even an error 500 if you display cached visitor counts. The reason for this is that the cache has to be created from the records. This can take longer if your database contains many records. Sometimes it might hit the maximally execution time. Don't worry about that and keep reloading the page until the cache is completely created.
      Special Feature
      PageViewStatistic for ProcessWire can record the time a visitor viewed the page. This feature is deactivated by default. To activate open the module configuration page and activate "Record view time". If activated you will find a new column "S." in the records which means the time of view in seconds. With every page request, a Javascript code is inserted directly after the <body> tag. Every time the visitor switches to another tab or closes the tab, this script reports the number of seconds the tab was visible. The initial page request is recorded only as a hyphen (-).

      Settings
      You can access the module settings by clicking the Configuration button at the bottom of the records page. The settings page is also available in the menu: Modules->Configure->ProcessPageViewStat.
      IP2Location
      This module uses the IP2Location database from: http://www.ip2location.com. This database is required to obtain the country from the IP address. IP2Location updates this database at the begin of every month. The settings of ProcessPageViewStat offers the ability to automatically download the database monthly. Please note, that automatically download will not work if your webspace doesn't allow allow_url_fopen.
      Dragscroll
      This module uses DragScroll. A JavaScript available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability in view mode "Day" to drag the records horizontally with the mouse pointer.
      parseUserAgentStringClass
      This module uses the PHP class parseUserAgentStringClass available from: http://www.toms-world.org/blog/parseuseragentstring/. This class is required to filter out the browser type and operating system from the server request.
×
×
  • Create New...