I needed per user filebase so created 2 droplets

Turskis

I think i haver the .htaccess working. Still user B can access to user A files with url http://someserver.com/wb/media/files/userA_textfile.txt

WB-securedownload gave me:

Fatal error: Call to undefined function mime_content_type() in .... WB-securedownload.php on line 22

So I commented it out.

pcwacht

With this solution only with .htaccess working.


Other options you can try are placing the files outside the html root structure and fetch them through php.
But allso this is posible on a per server base.

John
[url="http://www.ictwacht.nl"]http://www.ictwacht.nl[/url] = Dutch ICT info
[url="http://www.pcwacht.nl"]http://www.pcwacht.nl[/url] = My first
both still work in progress, since years.....

Turskis

Never mind the previous question....

I got it working. BUT is there any way to prevent every logged in user to see all files with direct URL?

Turskis

I think that I cannot use WB-securedownload because my service provider doesn't allow FollowSymlinks. Is there any alternative way?

I'm resulting to incorrect URL

http://www.someserver.com/mos/media/mos/somefile.doc

instead of

http://www.someserver.com/media/mos/somefile.doc

Without WB-securedownload, changing
$output .= "<a href=\"/mos".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";

to

Quote$output .= "<a href=\"".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";

gives me correct URL. But I need to secure the files

pcwacht

I use this fileprotect : https://forum.websitebaker.org/index.php/topic,17482.0.html
The WB-securedownload will allow all images.

That's no problem here cause the images are there just for testing purposes ;)
The users will be handling pdf's, doc's and xls's

This file you'll never get without being validated through login first:
http://www.pcvoe.nl/mos/media/mos/E-mailetiquette.pdf

Thanks for testing and warning me though ;)

John
[url="http://www.ictwacht.nl"]http://www.ictwacht.nl[/url] = Dutch ICT info
[url="http://www.pcwacht.nl"]http://www.pcwacht.nl[/url] = My first
both still work in progress, since years.....

crnogorac081

Hi John,

it looks neat, and I noticed that if I try to access direct link (I missed /mos/ ): http://www.pcvoe.nl/mos/media/admin_eagle.jpg  I get redirected to http://www.pcvoe.nl/mos/WB-securedownload.php?file=admin_eagle.jpg

can you post the code for redirect and for this script WB-securedownload.php (is it same as on link below) ?

but when I type direct http://www.pcvoe.nl/mos/media/mos/admin_eagle.jpg I can download the file.

You should check the script listed on this topic https://forum.websitebaker.org/index.php/topic,16282.0/topicseen.html

cheers
ivan
Web developer

pcwacht

#1
Some people at work want to have a shared filebase where they can exchange documents.
Standard WB doesn't have something like that, or you would trust them in the backend media

I created 2 droplets to handle it.

First,
I cretaed a subdir in media for them (in  my case 'mos')
second: for all the users who are allowed for the files I created a group and gave them no rights and set the homedir to the created subdir ('mos').

Next to every file the username is added in front with _
So a file, somefile.doc become username_somefile.doc
this way I can keep the files per user apart.

Droplet to show a file upload field and handles the upload (adding username_)
?> <?php 
global $wb;

$output '';
$user_name $wb->get_username();
// Check if user is logged in!
if ($user_name<>'') {

  
$up_size  4000//upload size in KB
  
$icons  "http://www.pcvoe.nl/mos/media/upload"//url where icons for upload are stored - no trailing slash

  // Check to see if file was submitted
  
if (isset($_FILES["file"]["size"])) { 
    
// Check to see if user has home folder set, if so append username and date/time to the filename. 
    // Get the users homefolder
    
$currentHome $wb->get_home_folder();
    if (
$currentHome <> "" ) { // User has homefolder set
      // Append user settings!
      
$path WB_PATH.MEDIA_DIRECTORY.$currentHome;
      
$user_name $wb->get_username();
    } else {  
// No home folder set??
      
$path WB_PATH.MEDIA_DIRECTORY.'/mos'
      
$user_name $wb->get_username();

    }
 
    if(
$_FILES["file"]["size"] > ($up_size1024)){
 

      
$output .= "<img src ='{$icons}/error.gif'> Filesize ".intval(($_FILES["file"]["size"] / 1024)) ." Kb is too big. Allowable upload size is {$up_size} KB - Please upload a smaller one<br /><br />";

    }else{  
// else filesize

      
if ($_FILES["file"]["error"] > 0){
   
         
$output .= "<img src ='{$icons}/error.gif'>  Return Code: " $_FILES["file"]["error"] . "<br /><br />";
      
      }else{  
// else file error
   
         
$output .= "<img src ='{$icons}/accept.png'>  Uploaded file : " $_FILES["file"]["name"] . "<br />";
   
//      echo "<img src ='{$icons}/accept.png'>  Path     : " . $path;
   //      echo "<img src ='{$icons}/accept.png'>  Username     : " . $user_name;
   //      echo "<img src ='{$icons}/accept.png'>  File Size: " . ($_FILES["file"]["size"] / 1024) ." Kb<br />";
   //      echo "<img src ='{$icons}/accept.png'>  File Type: " . $_FILES["file"]["type"] . "<br />";  

   
 move_uploaded_file($_FILES['file']['tmp_name'], $path .'/'$user_name.'_'.$_FILES["file"]["name"]);
         if (
file_exists$path .'/'$user_name.'_'.$_FILES["file"]["name"] )) {
      
            
$output .= "<img src ='{$icons}/accept.png'>  Succesfully Uploaded. <br>";     
         } else {
 
            
$output .= "<img src ='{$icons}/error.gif'>  There was an error during file upload! ";     

         }
//end if file_exists
      
}//end if file error
    
}//end if filesize
  
} else {
      
$output .= '<br />';
      
$output .= '<br />';
  }
//end submitted check

  // Show form for submitting file
  
$output .= '
<fieldset><legend>Upload</legend>
<nobr>
<form action="'
.htmlentities($_SERVER['PHP_SELF']).'" method="post" name="f" id="upload_echo" enctype="multipart/form-data">
<input type="file" name="file" />   
<button>Upload</button>
</form>
</nobr>
</fieldset>'
;
}
return 
$output;



Droplet to list only userfiles and give them right to delete their files, it is allso on their My Files page
The username is stripped from filename and used to determine the owner of the file.
Allso the sorting on the header works.
?>  <?php  
# Usage: [[Myfiles]]
global $wb;
$user $wb->get_username().'_';
$return '';
// Check if user is logged in!
if ($user<>'_') {
  
$sort "f_name";
  
$sortasc "true";
  
$dir '/media'.$wb->get_home_folder().'/';
  if (
$wb->get_home_folder()==""$dir '/media/mos/';
  
$showmessage '';
 
  if(isset(
$_GET['sort'])) $sort $_GET['sort'];
  if(isset(
$_GET['sortasc'])) $sortasc $_GET['sortasc'];

  
// Delete file
  
if(isset($_GET['delete'])) {
    
$delete $_GET['delete'];
    
$file_delete WB_PATH.$dir.$delete;
    
// Check to see if file exists!
    
if(!file_exists($file_delete)) {
      
$showmessage 'File does NOT exists!<br />';
    } else { 
      if(
unlink($file_delete)) {
        
$showmessage 'File deleted!<br />';
      } else {
        
$showmessage 'File NOT deleted!<br />';
      }   
    }   
  }
  
  if (!
function_exists('formatSize')) {
    function 
formatSize($bytes) {
      if (
$bytes 1048576 ) {
        
$output .= sprintf("%." "f"$bytes 1048576 );
        
$output .= " Mb";
      } elseif (
$bytes 1024 ) {
        
$output  sprintf("%." "f"$bytes 1024 );
        
$output .= " Kb";
      } else {
        
$output  sprintf("%." "f"$bytes );
        
$output .= " bytes";
      }
      return 
$output;
    }
  }

  
# Use this function to get the directory contents and sort as directed.
  
if (!function_exists('getFiles2')) {
    function 
getFiles2($dir$sort$sortasc$starting$datetime) {

      
clearstatcache();
      
$files = array();
      
$handle = @opendir($dir);
      while((
$file readdir($handle)) !== false) {
        if(
substr($file0strlen($starting))== $starting) {
          
$num++;
          
$files[$file]['filename'] = $file;
  $y $file;
  $f_name $y;
  $f_auteur '-';
  $x strpos($y,"_");
  if ($x!==false) {
    $f_name substr($y,$x+1);
    $f_auteur substr($y,0,$x);
  }
          
$files[$file]['f_name'] = $f_name;
          
$files[$file]['f_auteur'] = $f_auteur;
          
$files[$file]['lcfilename'] = strtolower($file);
          
$files[$file]['filesize'] = fileSize($dir.$file);
          
$files[$file]['date'] = filemtime($dir.$file);
          
$files[$file]['type'] = substr(strrchr($file"."), 1);
          
$files[$file]['size'] = filesize($dir.$file);
          
$files[$file]['formattedsize'] = formatSize(filesize($dir.$file));
          
$files[$file]['formatteddate'] = date($datetimefilemtime($dir.$file));

        }
      }
      
closedir($handle);
      if (
$num 0) {
        foreach (
$files as $val) {
          
$sortarray[] = $val[$sort];
        }

        if (
$sortasc == "true" || !isset($sortasc)) {
          
array_multisort($sortarray,SORT_ASCSORT_REGULAR ,$filesSORT_ASCSORT_REGULAR );
        } else {
          
array_multisort($sortarray,SORT_DESCSORT_REGULAR ,$filesSORT_DESCSORT_REGULAR );
        }
      }  
    return 
$files;
    }
  }

  
# Use this function to display the directory contents.
  
if (!function_exists('listFiles2')) {
    function 
listFiles2($dir$sort$sortasc$starting$datetime) {

      global 
$PHP_SELF;
      
$files getFiles2(WB_PATH.$dir$sort$sortasc$starting$datetime);

      if (
$sortasc == "false") {
        
$sortasc "true";
      } else {
        
$sortasc "false";
      }
      
$output .="<table width=\"99%\">\n";
      
$output .="  <tr>\n";
      
$output .="    <th align=\"left\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=f_name&amp;sortasc=$sortasc\" title=\"sort by name\">Bestandsnaam</a>\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"15%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=f_auteur&amp;sortasc=$sortasc\" title=\"sort by auteur\">Auteur</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"15%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=filesize&amp;sortasc=$sortasc\" title=\"sort by size\">Grootte</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"20%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=date&amp;sortasc=$sortasc\" title=\"sort by date\">Datum</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="  </tr>";
      
$output .="  ";

      
$num=sizeof($files);
    
      
$varJSSettings "width=300,height=300,resizable=1,scrollbars=1,menubar=0,status=0,titlebar=0,toolbar=0,hotkeys=0,locationbar=0";
      for(
$i=0$i <= $num$i++) {
        if (!
$files[key($files)]['type']==NULL)  // stripping dirs.
        
{
          
$output .= "<tr> \n";
          
$output .= "  <td align=\"left\" > \n";
          
$output .= "<a href=\"/mos".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)]['f_auteur']."&nbsp;&nbsp;\n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)]['formattedsize']."&nbsp;&nbsp;\n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)]['formatteddate']."&nbsp;&nbsp;\n";
          
$output .= '    &nbsp;&nbsp;<a href="#" onclick="javascript: confirm_link(\'Are you sure you want to delete the following file or folder?\n'.$files[key($files)]['f_name'].'\', \''.$PHP_SELF.'?delete='.$files[key($files)]['filename'].'\');">';
          
$output .= "<img src=\"http://www.pcvoe.nl/mos/templates/argos_theme/images/delete_16.png\" alt=\"Delete\" border=\"0\" /></a>";
          
$output .= "  </td> \n";
          
$output .= "</tr> \n";
        }   
      
next($files);
      }
    
$output .="</table>\n";
    return 
$output;
    }
  }
  
$datetime "d-m-Y";  # Set date and time display formats for date() function

  
$ShowFiles2 listFiles2($dir$sort$sortasc$user$datetime);  # Go Process $dir listing

  
$showjs '
<script type="text/javascript">
function confirm_link(message, url) {
if(confirm(message)) location.href = url;
}
</script>'
;
  
$return $showjs.$showmessage.$ShowFiles2;
}
  return 
$return;  # Return Results

The ?>  <?php in the beginning are for syntaxhighlighting in this forum only!!

Both droplets adds the username_ where needed and strips it for display purposes.

Attached a screen of how it could look in a site. Site is dutch, sorry
Here the two droplets are added on opne page, the Mijn bestanden page (My files)
The red warning is simple wysiywg bbetween the dropletts.

Have fun,
John

[gelöscht durch Administrator]
[url="http://www.ictwacht.nl"]http://www.ictwacht.nl[/url] = Dutch ICT info
[url="http://www.pcwacht.nl"]http://www.pcwacht.nl[/url] = My first
both still work in progress, since years.....