Jump to content

Recommended Posts

Posted

Hi there,

Is there a way to upload files (e.g. ZIP-files) via a File-field for only a given user?

I need a way to upload files only for a given user.

Thanks in advance,

Thomas

Posted

You can extend the user template with an files field, then each user can hold multiple files.

Under Setup > Templates > Filter > Show system templates => yes.

Now you can select the user template and add custom fields e.g. a files field :)

Posted

Yes, I do know that, but if I know the path to a Document of an another user, the Doc is downloaded, regardless of the user. I have to avoid this scenario.

Regards,

Thomas

Posted

You could use the config options for page secure files...

$config->pagefileSecure = true;
$config->pagefileSecurePathPrefix = '-';

and make unpublished pages and their files will not be accessible via url.

So you could create child pages under the users page with a file field, and leave those pages unpublished. The assets directory will be prefixed with "-" which is restricted by htaccess.

But then you can use a passthru script  to send the file to the user if certain requirements are given using wireSendFile();

So for example construct the download link to the file like this on a page the user can see.

<a href="/download.php?user=1007&file=filename.pdf">Download file</a>

and in download.php with something like this for the passthru and user check

// bootstrap PW
include("./index.php");

// make sure user is logged in
if(wire("user")->isLoggedin()){
    $file = $_GET['file'];
    $userid = $_GET['user'];
    $userpage = wire("pages")->get(wire("user")->id);
    if($userpage->id != $userid) die("no access"); // make sure it's the user
    if($filepage = $userpage->child("include=all")){ // since page is unpublished we add include all
        // get the file from the page
        $filename = $filepage->images->get($file)->filename;
        if(!$filename) die("download not found");
        // send file to browser
        wireSendFile($filename, array('exit' => true));
    } else {
        die("no user page found");
    }
} else {
    wire("session")->redirect("/somepage/");
}
  • Like 9
  • 2 months later...
Posted

Soma, is it necessary to pass the $userid in the URL since you'd already know the user from the wire('user')?

  • Like 3
  • 1 year later...
Posted

Soma's process worked great for our needs!

Made a couple of modifications to meet our requirements: we are protecting content based on invoice lookup from Unity3D.com. Once the authorization has been achieved it is stored in a session var. We also created a field in our invoice-protected page template for entering the pageID of the UNpublished page holding the download files.

The only thing that needs to be passed to the passthru script at this point is the filename. The Unpublished pageID and the user's authentication status are "passed" to the passthru script via session variables -- keeping auth and page location behind the scenes. The passthru script checks for authentication via the session var and looks up the file on the page using the pageID session var. If the file is not found, we redirect to an unlisted page with information on what the user should do.

Thanks a bunch Soma!!!

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...