Author Topic: I needed per user filebase so created 2 droplets  (Read 4080 times)

Offline pcwacht

  • Posts: 2923
  • Gender: Male
    • Dutch ICT info
I needed per user filebase so created 2 droplets
« on: January 23, 2011, 11:30:01 PM »
Some people at work want to have a shared filebase where they can exchange documents.
Standard WB doesn't have something like that, or you would trust them in the backend media

I created 2 droplets to handle it.

First,
I cretaed a subdir in media for them (in  my case 'mos')
second: for all the users who are allowed for the files I created a group and gave them no rights and set the homedir to the created subdir ('mos').

Next to every file the username is added in front with _
So a file, somefile.doc become username_somefile.d oc
this way I can keep the files per user apart.

Droplet to show a file upload field and handles the upload (adding username_)
Code: [Select]
?> <?php 
global $wb;

$output = &#39;&#39;;
$user_name $wb->get_username();
// Check if user is logged in!
if ($user_name<>&#39;&#39;) {

  
$up_size  4000//upload size in KB
  
$icons  "http://www.pcvoe.nl/mos/media/upload"//url where icons for upload are stored - no trailing slash

  // Check to see if file was submitted
  
if (isset($_FILES["file"]["size"])) { 
    
// Check to see if user has home folder set, if so append username and date/time to the filename. 
    // Get the users homefolder
    
$currentHome $wb->get_home_folder();
    if (
$currentHome <> "" ) { // User has homefolder set
      // Append user settings!
      
$path WB_PATH.MEDIA_DIRECTORY.$currentHome;
      
$user_name $wb->get_username();
    } else {  
// No home folder set??
      
$path WB_PATH.MEDIA_DIRECTORY.&#39;/mos&#39;; 
      
$user_name $wb->get_username();

    }
 
    if(
$_FILES["file"]["size"] > ($up_size1024)){
 

      
$output .= "<img src =&#39;{$icons}/error.gif&#39;> Filesize ".intval(($_FILES["file"]["size"] / 1024)) ." Kb is too big. Allowable upload size is {$up_size} KB - Please upload a smaller one<br /><br />";

    }else{  
// else filesize

      
if ($_FILES["file"]["error"] > 0){
   
         
$output .= "<img src =&#39;{$icons}/error.gif&#39;>  Return Code: " $_FILES["file"]["error"] . "<br /><br />";
      
      }else{  
// else file error
   
         
$output .= "<img src =&#39;{$icons}/accept.png&#39;>  Uploaded file : " $_FILES["file"]["name"] . "<br />";
   
//      echo "<img src =&#39;{$icons}/accept.png&#39;>  Path     : " . $path;
   //      echo "<img src =&#39;{$icons}/accept.png&#39;>  Username     : " . $user_name;
   //      echo "<img src =&#39;{$icons}/accept.png&#39;>  File Size: " . ($_FILES["file"]["size"] / 1024) ." Kb<br />";
   //      echo "<img src =&#39;{$icons}/accept.png&#39;>  File Type: " . $_FILES["file"]["type"] . "<br />";  

   
 move_uploaded_file($_FILES[&#39;file&#39;][&#39;tmp_name&#39;], $path .&#39;/&#39;. $user_name.&#39;_&#39;.$_FILES["file"]["name"]);
         
if (file_exists$path .&#39;/&#39;. $user_name.&#39;_&#39;.$_FILES["file"]["name"] )) {
      
            
$output .= "<img src =&#39;{$icons}/accept.png&#39;>  Succesfully Uploaded. <br>";     
         } else {
 
            
$output .= "<img src =&#39;{$icons}/error.gif&#39;>  There was an error during file upload! ";     

         }
//end if file_exists
      
}//end if file error
    
}//end if filesize
  
} else {
      
$output .= &#39;<br />&#39;;
      
$output .= &#39;<br />&#39;;
  
}//end submitted check

  // Show form for submitting file
  
$output .= &#39;
<fieldset><legend>Upload</legend>
<
nobr>
<
form action="&#39;.htmlentities($_SERVER[&#39;PHP_SELF&#39;]).&#39;" method="post" name="f" id="upload_echo" enctype="multipart/form-data">
<
input type="file" name="file" />   
<
button>Upload</button>
</
form>
</
nobr>
</
fieldset>&#39;;
}
return 
$output;


Droplet to list only userfiles and give them right to delete their files, it is allso on their My Files page
The username is stripped from filename and used to determine the owner of the file.
Allso the sorting on the header works.
Code: [Select]
?>  <?php  
# Usage: [[Myfiles]]
global $wb;
$user $wb->get_username().&#39;_&#39;;
$return = &#39;&#39;;
// Check if user is logged in!
if ($user<>&#39;_&#39;) {
  
$sort "f_name";
  
$sortasc "true";
  
$dir = &#39;/media&#39;.$wb->get_home_folder().&#39;/&#39;;
  
if ($wb->get_home_folder()==""$dir = &#39;/media/mos/&#39;;
  
$showmessage = &#39;&#39;;
 
  
if(isset($_GET[&#39;sort&#39;])) $sort = $_GET[&#39;sort&#39;];
  
if(isset($_GET[&#39;sortasc&#39;])) $sortasc = $_GET[&#39;sortasc&#39;];

  // Delete file
  
if(isset($_GET[&#39;delete&#39;])) {
    
$delete $_GET[&#39;delete&#39;];
    
$file_delete WB_PATH.$dir.$delete;
    
// Check to see if file exists!
    
if(!file_exists($file_delete)) {
      
$showmessage = &#39;File does NOT exists!<br />&#39;;
    
} else { 
      if(
unlink($file_delete)) {
        
$showmessage = &#39;File deleted!<br />&#39;;
      
} else {
        
$showmessage = &#39;File NOT deleted!<br />&#39;;
      
}   
    }   
  }
  
  if (!
function_exists(&#39;formatSize&#39;)) {
    
function formatSize($bytes) {
      if (
$bytes 1048576 ) {
        
$output .= sprintf("%." "f"$bytes 1048576 );
        
$output .= " Mb";
      } elseif (
$bytes 1024 ) {
        
$output  sprintf("%." "f"$bytes 1024 );
        
$output .= " Kb";
      } else {
        
$output  sprintf("%." "f"$bytes );
        
$output .= " bytes";
      }
      return 
$output;
    }
  }

  
# Use this function to get the directory contents and sort as directed.
  
if (!function_exists(&#39;getFiles2&#39;)) {
    
function getFiles2($dir$sort$sortasc$starting$datetime) {

      
clearstatcache();
      
$files = array();
      
$handle = @opendir($dir);
      while((
$file readdir($handle)) !== false) {
        if(
substr($file0strlen($starting))== $starting) {
          
$num++;
          
$files[$file][&#39;filename&#39;] = $file;
  $y $file;
  $f_name $y;
  $f_auteur = &#39;-&#39;;
  $x strpos($y,"_");
  if ($x!==false) {
    $f_name substr($y,$x+1);
    $f_auteur substr($y,0,$x);
  }
          
$files[$file][&#39;f_name&#39;] = $f_name;
          
$files[$file][&#39;f_auteur&#39;] = $f_auteur;
          
$files[$file][&#39;lcfilename&#39;] = strtolower($file);
          
$files[$file][&#39;filesize&#39;] = fileSize($dir.$file);
          
$files[$file][&#39;date&#39;] = filemtime($dir.$file);
          
$files[$file][&#39;type&#39;] = substr(strrchr($file, "."), 1);
          
$files[$file][&#39;size&#39;] = filesize($dir.$file);
          
$files[$file][&#39;formattedsize&#39;] = formatSize(filesize($dir.$file));
          
$files[$file][&#39;formatteddate&#39;] = date($datetime, filemtime($dir.$file));

        
}
      }
      
closedir($handle);
      if (
$num 0) {
        foreach (
$files as $val) {
          
$sortarray[] = $val[$sort];
        }

        if (
$sortasc == "true" || !isset($sortasc)) {
          
array_multisort($sortarray,SORT_ASCSORT_REGULAR ,$filesSORT_ASCSORT_REGULAR );
        } else {
          
array_multisort($sortarray,SORT_DESCSORT_REGULAR ,$filesSORT_DESCSORT_REGULAR );
        }
      }  
    return 
$files;
    }
  }

  
# Use this function to display the directory contents.
  
if (!function_exists(&#39;listFiles2&#39;)) {
    
function listFiles2($dir$sort$sortasc$starting$datetime) {

      global 
$PHP_SELF;
      
$files getFiles2(WB_PATH.$dir$sort$sortasc$starting$datetime);

      if (
$sortasc == "false") {
        
$sortasc "true";
      } else {
        
$sortasc "false";
      }
      
$output .="<table width=\"99%\">\n";
      
$output .="  <tr>\n";
      
$output .="    <th align=\"left\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=f_name&amp;sortasc=$sortasc\" title=\"sort by name\">Bestandsnaam</a>\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"15%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=f_auteur&amp;sortasc=$sortasc\" title=\"sort by auteur\">Auteur</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"15%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=filesize&amp;sortasc=$sortasc\" title=\"sort by size\">Grootte</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="    <th align=\"right\" width=\"20%\">\n";
      
$output .="      <a href=\"$PHP_SELF?sort=date&amp;sortasc=$sortasc\" title=\"sort by date\">Datum</a>&nbsp;&nbsp;\n";
      
$output .="    </th>\n";
      
$output .="  </tr>";
      
$output .="  ";

      
$num=sizeof($files);
    
      
$varJSSettings "width=300,height=300,resizable=1,scrollbars=1,menubar=0,status=0,titlebar=0,toolbar=0,hotkeys=0,locationbar=0";
      for(
$i=0$i <= $num$i++) {
        if (!
$files[key($files)][&#39;type&#39;]==NULL)  // stripping dirs.
        
{
          
$output .= "<tr> \n";
          
$output .= "  <td align=\"left\" > \n";
          
$output .= "<a href=\"/mos".$dir.$files[key($files)][&#39;filename&#39;]."\" target=\"_blank\">".$files[key($files)][&#39;f_name&#39;]."</a> \n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)][&#39;f_auteur&#39;]."&nbsp;&nbsp;\n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)][&#39;formattedsize&#39;]."&nbsp;&nbsp;\n";
          
$output .= "  </td> \n";
          
$output .= "  <td align=\"right\" > \n";
          
$output .= "    ".$files[key($files)][&#39;formatteddate&#39;]."&nbsp;&nbsp;\n";
          
$output .= &#39;    &nbsp;&nbsp;<a href="#" onclick="javascript: confirm_link(\&#39;Are you sure you want to delete the following file or folder?\n&#39;.$files[key($files)][&#39;f_name&#39;].&#39;\&#39;, \&#39;&#39;.$PHP_SELF.&#39;?delete=&#39;.$files[key($files)][&#39;filename&#39;].&#39;\&#39;);">&#39;;
          
$output .= "<img src=\"http://www.pcvoe.nl/mos/templates/argos_theme/images/delete_16.png\" alt=\"Delete\" border=\"0\" /></a>";
          
$output .= "  </td> \n";
          
$output .= "</tr> \n";
        }   
      
next($files);
      }
    
$output .="</table>\n";
    return 
$output;
    }
  }
  
$datetime "d-m-Y";  # Set date and time display formats for date() function

  
$ShowFiles2 listFiles2($dir$sort$sortasc$user$datetime);  # Go Process $dir listing

  
$showjs = &#39;
<script type="text/javascript">
function 
confirm_link(messageurl) {
if(confirm(message)) location.href url;
}
</
script>&#39;;
  
$return $showjs.$showmessage.$ShowFiles2;
}
  return 
$return;  # Return Results
The ?>  <?php in the beginning are for syntaxhighlighting in this forum only!!

Both droplets adds the username_ where needed and strips it for display purposes.

Attached a screen of how it could look in a site. Site is dutch, sorry
Here the two droplets are added on opne page, the Mijn bestanden page (My files)
The red warning is simple wysiywg bbetween the dropletts.

Have fun,
John

[gelöscht durch Administrator]
« Last Edit: January 23, 2011, 11:32:27 PM by pcwacht »
http://www.ictwacht.nl = Dutch ICT info
http://www.pcwacht.nl = My first
both still work in progress, since years.....

Offline crnogorac081

  • Posts: 1974
  • Gender: Male
Re: I needed per user filebase so created 2 droplets
« Reply #1 on: January 24, 2011, 09:46:58 AM »
Hi John,

it looks neat, and I noticed that if I try to access direct link (I missed /mos/ ): http://www.pcvoe.nl/mos/media/admin_eagle.jpg  I get redirected to http://www.pcvoe.nl/mos/WB-securedownload.php?file=admin_eagle.jpg

can you post the code for redirect and for this script WB-securedownload.php (is it same as on link below) ?

but when I type direct http://www.pcvoe.nl/mos/media/mos/admin_eagle.jpg I can download the file.

You should check the script listed on this topic https://forum.WebsiteBaker.org/index.php/topic,16282.0/topicseen.html

cheers
ivan
UI / UX Designer

Offline pcwacht

  • Posts: 2923
  • Gender: Male
    • Dutch ICT info
Re: I needed per user filebase so created 2 droplets
« Reply #2 on: January 24, 2011, 10:38:47 AM »
I use this fileprotect : https://forum.WebsiteBaker.org/index.php/topic,17482.0.html
The WB-securedownload will allow all images.

That's no problem here cause the images are there just for testing purposes ;)
The users will be handling pdf's, doc's and xls's

This file you'll never get without being validated through login first:
http://www.pcvoe.nl/mos/media/mos/E-mailetiquette.pdf

Thanks for testing and warning me though ;)

John
http://www.ictwacht.nl = Dutch ICT info
http://www.pcwacht.nl = My first
both still work in progress, since years.....

Offline Turskis

  • Posts: 50
Re: I needed per user filebase so created 2 droplets
« Reply #3 on: August 22, 2011, 01:28:32 PM »
I think that I cannot use WB-securedownload because my service provider doesn't allow FollowSymlinks. Is there any alternative way?

I'm resulting to incorrect URL

http://www.someserver.com/mos/media/mos/somefile.doc

instead of

http://www.someserver.com/media/mos/somefile.doc

Without WB-securedownload, changing
Code: [Select]
$output .= "<a href=\"/mos".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";
to

Quote
$output .= "<a href=\"".$dir.$files[key($files)]['filename']."\" target=\"_blank\">".$files[key($files)]['f_name']."</a> \n";

gives me correct URL. But I need to secure the files

Offline Turskis

  • Posts: 50
Re: I needed per user filebase so created 2 droplets
« Reply #4 on: August 24, 2011, 07:08:39 AM »
Never mind the previous question....

I got it working. BUT is there any way to prevent every logged in user to see all files with direct URL?

Offline pcwacht

  • Posts: 2923
  • Gender: Male
    • Dutch ICT info
Re: I needed per user filebase so created 2 droplets
« Reply #5 on: August 24, 2011, 08:04:10 AM »
With this solution only with .htaccess working.


Other options you can try are placing the files outside the html root structure and fetch them through php.
But allso this is posible on a per server base.

John
http://www.ictwacht.nl = Dutch ICT info
http://www.pcwacht.nl = My first
both still work in progress, since years.....

Offline Turskis

  • Posts: 50
Re: I needed per user filebase so created 2 droplets
« Reply #6 on: August 24, 2011, 08:22:08 AM »
I think i haver the .htaccess working. Still user B can access to user A files with url http://someserver.com/wb/media/files/userA_textfile.txt

WB-securedownload gave me:

Fatal error: Call to undefined function mime_content_type() in .... WB-securedownload.php on line 22

So I commented it out.