Eltom Posted May 22, 2013 Posted May 22, 2013 Hi there, Is there a way to upload files (e.g. ZIP-files) via a File-field for only a given user? I need a way to upload files only for a given user. Thanks in advance, Thomas
Wanze Posted May 22, 2013 Posted May 22, 2013 You can extend the user template with an files field, then each user can hold multiple files. Under Setup > Templates > Filter > Show system templates => yes. Now you can select the user template and add custom fields e.g. a files field
Eltom Posted May 23, 2013 Author Posted May 23, 2013 Yes, I do know that, but if I know the path to a Document of an another user, the Doc is downloaded, regardless of the user. I have to avoid this scenario. Regards, Thomas
Soma Posted May 23, 2013 Posted May 23, 2013 You could use the config options for page secure files... $config->pagefileSecure = true; $config->pagefileSecurePathPrefix = '-'; and make unpublished pages and their files will not be accessible via url. So you could create child pages under the users page with a file field, and leave those pages unpublished. The assets directory will be prefixed with "-" which is restricted by htaccess. But then you can use a passthru script to send the file to the user if certain requirements are given using wireSendFile(); So for example construct the download link to the file like this on a page the user can see. <a href="/download.php?user=1007&file=filename.pdf">Download file</a> and in download.php with something like this for the passthru and user check // bootstrap PW include("./index.php"); // make sure user is logged in if(wire("user")->isLoggedin()){ $file = $_GET['file']; $userid = $_GET['user']; $userpage = wire("pages")->get(wire("user")->id); if($userpage->id != $userid) die("no access"); // make sure it's the user if($filepage = $userpage->child("include=all")){ // since page is unpublished we add include all // get the file from the page $filename = $filepage->images->get($file)->filename; if(!$filename) die("download not found"); // send file to browser wireSendFile($filename, array('exit' => true)); } else { die("no user page found"); } } else { wire("session")->redirect("/somepage/"); } 9
ryan Posted August 22, 2013 Posted August 22, 2013 Soma, is it necessary to pass the $userid in the URL since you'd already know the user from the wire('user')? 3
Darrin Hert Posted August 11, 2015 Posted August 11, 2015 Soma's process worked great for our needs! Made a couple of modifications to meet our requirements: we are protecting content based on invoice lookup from Unity3D.com. Once the authorization has been achieved it is stored in a session var. We also created a field in our invoice-protected page template for entering the pageID of the UNpublished page holding the download files. The only thing that needs to be passed to the passthru script at this point is the filename. The Unpublished pageID and the user's authentication status are "passed" to the passthru script via session variables -- keeping auth and page location behind the scenes. The passthru script checks for authentication via the session var and looks up the file on the page using the pageID session var. If the file is not found, we redirect to an unlisted page with information on what the user should do. Thanks a bunch Soma!!! 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now