Some people at work want to have a shared filebase where they can exchange documents.
Standard WB doesn't have something like that, or you would trust them in the backend media
I created 2 droplets to handle it.
First,
I cretaed a subdir in media for them (in my case 'mos')
second: for all the users who are allowed for the files I created a group and gave them no rights and set the homedir to the created subdir ('mos').
Next to every file the username is added in front with _
So a file, somefile.doc become username_somefile.doc
this way I can keep the files per user apart.
Droplet to show a file upload field and handles the upload (adding username_)
?> <?php
global $wb;
$output = '';
$user_name = $wb->get_username();
// Check if user is logged in!
if ($user_name<>'') {
$up_size = 4000; //upload size in KB
$icons = "http://www.pcvoe.nl/mos/media/upload"; //url where icons for upload are stored - no trailing slash
// Check to see if file was submitted
if (isset($_FILES["file"]["size"])) {
// Check to see if user has home folder set, if so append username and date/time to the filename.
// Get the users homefolder
$currentHome = $wb->get_home_folder();
if ($currentHome <> "" ) { // User has homefolder set
// Append user settings!
$path = WB_PATH.MEDIA_DIRECTORY.$currentHome;
$user_name = $wb->get_username();
} else { // No home folder set??
$path = WB_PATH.MEDIA_DIRECTORY.'/mos';
$user_name = $wb->get_username();
}
if($_FILES["file"]["size"] > ($up_size* 1024)){
$output .= "<img src ='{$icons}/error.gif'> Filesize ".intval(($_FILES["file"]["size"] / 1024)) ." Kb is too big. Allowable upload size is {$up_size} KB - Please upload a smaller one<br /><br />";
}else{ // else filesize
if ($_FILES["file"]["error"] > 0){
$output .= "<img src ='{$icons}/error.gif'> Return Code: " . $_FILES["file"]["error"] . "<br /><br />";
}else{ // else file error
$output .= "<img src ='{$icons}/accept.png'> Uploaded file : " . $_FILES["file"]["name"] . "<br />";
// echo "<img src ='{$icons}/accept.png'> Path : " . $path;
// echo "<img src ='{$icons}/accept.png'> Username : " . $user_name;
// echo "<img src ='{$icons}/accept.png'> File Size: " . ($_FILES["file"]["size"] / 1024) ." Kb<br />";
// echo "<img src ='{$icons}/accept.png'> File Type: " . $_FILES["file"]["type"] . "<br />";
move_uploaded_file($_FILES['file']['tmp_name'], $path .'/'. $user_name.'_'.$_FILES["file"]["name"]);
if (file_exists( $path .'/'. $user_name.'_'.$_FILES["file"]["name"] )) {
$output .= "<img src ='{$icons}/accept.png'> Succesfully Uploaded. <br>";
} else {
$output .= "<img src ='{$icons}/error.gif'> There was an error during file upload! ";
}//end if file_exists
}//end if file error
}//end if filesize
} else {
$output .= '<br />';
$output .= '<br />';
}//end submitted check
// Show form for submitting file
$output .= '
<fieldset><legend>Upload</legend>
<nobr>
<form action="'.htmlentities($_SERVER['PHP_SELF']).'" method="post" name="f" id="upload_echo" enctype="multipart/form-data">
<input type="file" name="file" />
<button>Upload</button>
</form>
</nobr>
</fieldset>';
}
return $output;
Droplet to list only userfiles and give them right to delete their files, it is allso on their My Files page
The username is stripped from filename and used to determine the owner of the file.
Allso the sorting on the header works.
?> <?php
# Usage: [[Myfiles]]
global $wb;
$user = $wb->get_username().'_';
$return = '';
// Check if user is logged in!
if ($user<>'_') {
$sort = "f_name";
$sortasc = "true";
$dir = '/media'.$wb->get_home_folder().'/';
if ($wb->get_home_folder()=="") $dir = '/media/mos/';
$showmessage = '';
if(isset($_GET['sort'])) $sort = $_GET['sort'];
if(isset($_GET['sortasc'])) $sortasc = $_GET['sortasc'];
// Delete file
if(isset($_GET['delete'])) {
$delete = $_GET['delete'];
$file_delete = WB_PATH.$dir.$delete;
// Check to see if file exists!
if(!file_exists($file_delete)) {
$showmessage = 'File does NOT exists!<br />';
} else {
if(unlink($file_delete)) {
$showmessage = 'File deleted!<br />';
} else {
$showmessage = 'File NOT deleted!<br />';
}
}
}
if (!function_exists('formatSize')) {
function formatSize($bytes) {
if ($bytes > 1048576 ) {
$output .= sprintf("%." . 1 . "f", $bytes / 1048576 );
$output .= " Mb";
} elseif ($bytes > 1024 ) {
$output = sprintf("%." . 0 . "f", $bytes / 1024 );
$output .= " Kb";
} else {
$output = sprintf("%." . 0 . "f", $bytes );
$output .= " bytes";
}
return $output;
}
}
# Use this function to get the directory contents and sort as directed.
if (!function_exists('getFiles2')) {
function getFiles2($dir, $sort, $sortasc, $starting, $datetime) {
clearstatcache();
$files = array();
$handle = @opendir($dir);
while(($file = readdir($handle)) !== false) {
if(substr($file, 0, strlen($starting))== $starting) {
$num++;
$files[$file]['filename'] = $file;
$y = $file;
$f_name = $y;
$f_auteur = '-';
$x = strpos($y,"_");
if ($x!==false) {
$f_name = substr($y,$x+1);
$f_auteur = substr($y,0,$x);
}
$files[$file]['f_name'] = $f_name;
$files[$file]['f_auteur'] = $f_auteur;
$files[$file]['lcfilename'] = strtolower($file);
$files[$file]['filesize'] = fileSize($dir.$file);
$files[$file]['date'] = filemtime($dir.$file);
$files[$file]['type'] = substr(strrchr($file, "."), 1);
$files[$file]['size'] = filesize($dir.$file);
$files[$file]['formattedsize'] = formatSize(filesize($dir.$file));
$files[$file]['formatteddate'] = date($datetime, filemtime($dir.$file));
}
}
closedir($handle);
if ($num > 0) {
foreach ($files as $val) {
$sortarray[] = $val[$sort];
}
if ($sortasc == "true" || !isset($sortasc)) {
array_multisort($sortarray,SORT_ASC, SORT_REGULAR ,$files, SORT_ASC, SORT_REGULAR );
} else {
array_multisort($sortarray,SORT_DESC, SORT_REGULAR ,$files, SORT_DESC, SORT_REGULAR );
}
}
return $files;
}
}
# Use this function to display the directory contents.
if (!function_exists('listFiles2')) {
function listFiles2($dir, $sort, $sortasc, $starting, $datetime) {
global $PHP_SELF;
$files = getFiles2(WB_PATH.$dir, $sort, $sortasc, $starting, $datetime);
if ($sortasc == "false") {
$sortasc = "true";
} else {
$sortasc = "false";
}
$output .="<table width=\"99%\">\n";
$output .=" <tr>\n";
$output .=" <th align=\"left\">\n";
$output .=" <a href=\"$PHP_SELF?sort=f_name&sortasc=$sortasc\" title=\"sort by name\">Bestandsnaam</a>\n";
$output .=" </th>\n";
$output .=" <th align=\"right\" width=\"15%\">\n";
$output .=" <a href=\"$PHP_SELF?sort=f_auteur&sortasc=$sortasc\" title=\"sort by auteur\">Auteur</a> \n";
$output .=" </th>\n";
$output .=" <th align=\"right\" width=\"15%\">\n";
$output .=" <a href=\"$PHP_SELF?sort=filesize&sortasc=$sortasc\" title=\"sort by size\">Grootte</a> \n";
$output .=" </th>\n";
$output .=" <th align=\"right\" width=\"20%\">\n";
$output .=" <a href=\"$PHP_SELF?sort=date&sortasc=$sortasc\" title=\"sort by date\">Datum</a> \n";
$output .=" </th>\n";
$output .=" </tr>";
$output .=" ";
$num=sizeof($files);
$varJSSettings = "width=300,height=300,resizable=1,scrollbars=1,menubar=0,status=0,titlebar=0,toolbar=0,hotkeys=0,locationbar=0";
for($i=0; $i <= $num; $i++) {
if (!$files[key($files)]['type']==NULL) // stripping dirs.
{
$output .= "<tr> \n";
$output .= " <td align=\"left\" > \n";
$output .= "<a href=\"/mos".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";
$output .= " </td> \n";
$output .= " <td align=\"right\" > \n";
$output .= " ".$files[key($files)]['f_auteur']." \n";
$output .= " </td> \n";
$output .= " <td align=\"right\" > \n";
$output .= " ".$files[key($files)]['formattedsize']." \n";
$output .= " </td> \n";
$output .= " <td align=\"right\" > \n";
$output .= " ".$files[key($files)]['formatteddate']." \n";
$output .= ' <a href="#" onclick="javascript: confirm_link(\'Are you sure you want to delete the following file or folder?\n'.$files[key($files)]['f_name'].'\', \''.$PHP_SELF.'?delete='.$files[key($files)]['filename'].'\');">';
$output .= "<img src=\"http://www.pcvoe.nl/mos/templates/argos_theme/images/delete_16.png\" alt=\"Delete\" border=\"0\" /></a>";
$output .= " </td> \n";
$output .= "</tr> \n";
}
next($files);
}
$output .="</table>\n";
return $output;
}
}
$datetime = "d-m-Y"; # Set date and time display formats for date() function
$ShowFiles2 = listFiles2($dir, $sort, $sortasc, $user, $datetime); # Go Process $dir listing
$showjs = '
<script type="text/javascript">
function confirm_link(message, url) {
if(confirm(message)) location.href = url;
}
</script>';
$return = $showjs.$showmessage.$ShowFiles2;
}
return $return; # Return Results
The ?> <?php in the beginning are for syntaxhighlighting in this forum only!!
Both droplets adds the username_ where needed and strips it for display purposes.
Attached a screen of how it could look in a site. Site is dutch, sorry
Here the two droplets are added on opne page, the Mijn bestanden page (My files)
The red warning is simple wysiywg bbetween the dropletts.
Have fun,
John
[gelöscht durch Administrator]
Hi John,
it looks neat, and I noticed that if I try to access direct link (I missed /mos/ ): http://www.pcvoe.nl/mos/media/admin_eagle.jpg I get redirected to http://www.pcvoe.nl/mos/WB-securedownload.php?file=admin_eagle.jpg
can you post the code for redirect and for this script WB-securedownload.php (is it same as on link below) ?
but when I type direct http://www.pcvoe.nl/mos/media/mos/admin_eagle.jpg I can download the file.
You should check the script listed on this topic https://forum.WebsiteBaker.org/index.php/topic,16282.0/topicseen.html
cheers
ivan
I use this fileprotect : https://forum.WebsiteBaker.org/index.php/topic,17482.0.html
The WB-securedownload will allow all images.
That's no problem here cause the images are there just for testing purposes ;)
The users will be handling pdf's, doc's and xls's
This file you'll never get without being validated through login first:
http://www.pcvoe.nl/mos/media/mos/E-mailetiquette.pdf
Thanks for testing and warning me though ;)
John
I think that I cannot use WB-securedownload because my service provider doesn't allow FollowSymlinks. Is there any alternative way?
I'm resulting to incorrect URL
http://www.someserver.com/mos/media/mos/somefile.doc
instead of
http://www.someserver.com/media/mos/somefile.doc
Without WB-securedownload, changing
$output .= "<a href=\"/mos".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";to
Quote$output .= "<a href=\"".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";
gives me correct URL. But I need to secure the files
Never mind the previous question....
I got it working. BUT is there any way to prevent every logged in user to see all files with direct URL?
With this solution only with .htaccess working.
Other options you can try are placing the files outside the html root structure and fetch them through php.
But allso this is posible on a per server base.
John
I think i haver the .htaccess working. Still user B can access to user A files with url http://someserver.com/wb/media/files/userA_textfile.txt
WB-securedownload gave me:
Fatal error: Call to undefined function mime_content_type() in .... WB-securedownload.php on line 22
So I commented it out.