Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

2

[Snippet] Upload Form

Started by Cris D., Jan 09 2008 01:21 PM

You cannot reply to this topic

9 replies to this topic

#1 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 09 January 2008 - 01:21 PM

File Name: Upload Form
File Submitter: Cris D.
File Submitted: 9 Jan 2008
File Updated: 22 Jan 2008
File Category: Miscellaneous

Document Upload form
Snippet by Cris D.
Date: 2008/01/09
Use: allows etomite users to upload all kinds of files with extentions that you set without access to the manager backend. Can be used for uploading avatars, pictures, documents, movies, songs etc...

Place this snippet in a page where you want the upload form to appear.

Optional parameters that can be set in the snippet call:
The upload folder name.
File extentions allowed.
The maximum file size.
The maximum width and height of images.
Whether you allow images to be uploaded. 1 || 0
The type of authentication required: NULL || simple || roles

This is an example of a snippet cal using many parameters:
[[upload_form?uploaddir=assets/uploads&allowed_ext=jpg,bmp,png&max_size=80000&perms=roles&roles=1,2,3]]

Notes: This snippet attempts to create to folder name that you set but due to some server settings, this
may have to be done manually and CHMOD to 0777. This has been tested on Windows and Linux servers.

All language messages are abstracted out ready for translation and the form is in a chunk-style format for easy editing and markup.

**Please be aware that there are security issues regarding allowing users to upload file types like exe, txt, php and other types of files that allow hackers to run scripts on your server. If this is news to you, perhaps you should read up on security first!**

CHANGELOG:
2008/1/22
*Fixed an error in permissions logic where access was blocked inadvertently for all permissions.

Click here to download this file

Back to top

#2 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 12 January 2008 - 08:07 AM

Just to clarify...

This snippet is NOT a stand-alone snippet to be used in isolation. It is a way to upload a file but does not sort or store the conditions of the uploading or display the uploaded files in any way (except for a temporary preview).

This snippet saves the file to a folder, it does NOT save anything to the database.

It creates a unique filename for the file and saves it in the folder you set (this can be changed from within the snippet).

I wanted to give an example of how this snippet can be used to save usable info to an "uploads" table and use that info to display the upload files.

To access these uploaded files, this snippet can be run as part of another snippet that collects the variables and saves them to a table or a multitude of other methods of storage.

One example would be to do something like this:

global $type_of_file,$uploadFolder,$extension, $filename;

//set the snippet call parameters
$params=array('uploaddir'=>'assets/uploads','max_size'=>'100000','max_width'=>'200',
			  'max_height'=>'500', 'allowed_ext'=>'jpg,jpeg,png,bmp,gif','perms'=>'roles', 
			  'roles'=>'1,2,3');

//run the snippet
$output .=$etomite->runSnippet('uploadform', $params);

//collect variables to save
$fields=array('file'=>$filename, 'folder'=>$uploaddir, 'extension'=>$extension, 'member'=>$_SESSION['internalKey']);

//save the data to the upload table
if($fields['file'] !=''){
$rs=$etomite->putIntTableRows($fields, $into='uploads',  etc...);
}
//show the upload form
return $output;

To display the files, a database query like:

$rs=$etomite->getIntTableRows( ...$where="`internalKey` = '"$_SESSION['internalKey']."'"... ); on the table holding the upload info will display the uploaded files according to the currently logged in user or other requirements as needed (all files from a certain folder, of a specific filename, from a set user, before a certain date, of a certain file extention etc...) and use the results to create web items eg: img src, downloadCounter snippet, a href links, etc...

Hopefully this has stimulated your imagination to design new, exciting and functional features into your Etomite web site.

Back to top

#3 cathode

Loves Etomite Forums!

Staff
648 posts

Gender:Male

Posted 12 January 2008 - 01:59 PM

Cris,
That's a really useful snippet and I can imagine a lot of uses for it: one being a simple file transfer for clients who are not familiar with FTP... I'd put a snippet like this behind password authorization.

Back to top

#4 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 13 January 2008 - 12:02 AM

Quote

I'd put a snippet like this behind password authorization.

Definately, although the code above does not use permissions explicitly, it has already been taken care of with the snippet.

1) the page could be authenticated.
2) the snippet itself will only show the upload form if a user is logged in and their role is in the list of roles authorised to see it as is set in the snippet configuration (unless $perms='NULL').

Therefore it has 'simple' (for users with group-based permissions turned off) and role-based checking built in within the snippet. If not authorised, it does not show the form.

Edited by Cris D., 13 January 2008 - 01:09 AM.

Back to top

#5 Ralph

Loves Etomite Forums!

Admin
6,524 posts

Gender:Male

Posted 13 January 2008 - 05:30 PM

Using $etomite->checkPermissions() within the snippet itself would allow for greater flexibility because that API function allows both simple and full authentications... Something as simple as the following control structure is all that would be required...

if($etomite->checkPermissions())
{
... do whatever needs to be done ...
}
else
{
... return whatever warning or perform a redirect as desired ...
}

Back to top

#6 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 13 January 2008 - 08:22 PM

I've had issues with that in the past because if visitor authentication is enabled and a user is logged in, the API returns true if they have access to the page. That is why I added role-checking to the snippet.

From the index.php:

Quote

// Query will only return the value of 1 or 0
// 1 = the user is in a group that has permission to access this document
// 0 = the user is NOT in a group that has permission to access this document

This does not take into account the situation where multiple users are allowed access to the page...
(eg. user1: role1:: download files and ser2:role 2:: download and upload files)
...but only select users should able to access snippets or snippet generated information on the page (eg to upload the files). In this case, the checkPermissions() will return true for user1 and user2.

Back to top

#7 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 22 January 2008 - 09:55 AM

Please note: anyone who has downloaded this prior to today, I made a typo in the permissions logic that inadvertently stopped access for everyone using $perms=simple or $perms=roles. Sorry for the inconvenience!

Again, I remind myself I should test, test, test! :blush:

Back to top

#8 katherholt

Likes Etomite Forums!

Member
323 posts

Posted 19 June 2009 - 07:17 PM

I have this excellent snippet working. How can I show a list of the filenames in that directory on the page after the affirmation that the file has been uploaded?

http://www.villarica.org/webcasts.html

I'm unsure about this:

$rs=$etomite->getIntTableRows(  ...$where="`internalKey` = '"$_SESSION['internalKey']."'"... ); on the table holding the upload info will display the uploaded files according to the currently logged in user or other requirements as needed  (all files from a certain folder, of a specific filename, from a set user, before a certain date, of a certain file extention etc...) and use the results to create web items eg: img src, downloadCounter snippet, a href links, etc...

Cris D., on Jan 12 2008, 03:07 AM, said:

Just to clarify...

This snippet is NOT a stand-alone snippet to be used in isolation. It is a way to upload a file but does not sort or store the conditions of the uploading or display the uploaded files in any way (except for a temporary preview).

This snippet saves the file to a folder, it does NOT save anything to the database.

It creates a unique filename for the file and saves it in the folder you set (this can be changed from within the snippet).

I wanted to give an example of how this snippet can be used to save usable info to an "uploads" table and use that info to display the upload files.

To access these uploaded files, this snippet can be run as part of another snippet that collects the variables and saves them to a table or a multitude of other methods of storage.

One example would be to do something like this:

global $type_of_file,$uploadFolder,$extension, $filename;

//set the snippet call parameters
$params=array('uploaddir'=>'assets/uploads','max_size'=>'100000','max_width'=>'200',
			  'max_height'=>'500', 'allowed_ext'=>'jpg,jpeg,png,bmp,gif','perms'=>'roles', 
			  'roles'=>'1,2,3');

//run the snippet
$output .=$etomite->runSnippet('uploadform', $params);

//collect variables to save
$fields=array('file'=>$filename, 'folder'=>$uploaddir, 'extension'=>$extension, 'member'=>$_SESSION['internalKey']);

//save the data to the upload table
if($fields['file'] !=''){
$rs=$etomite->putIntTableRows($fields, $into='uploads',  etc...);
}
//show the upload form
return $output;

To display the files, a database query like:

$rs=$etomite->getIntTableRows( ...$where="`internalKey` = '"$_SESSION['internalKey']."'"... ); on the table holding the upload info will display the uploaded files according to the currently logged in user or other requirements as needed (all files from a certain folder, of a specific filename, from a set user, before a certain date, of a certain file extention etc...) and use the results to create web items eg: img src, downloadCounter snippet, a href links, etc...

Hopefully this has stimulated your imagination to design new, exciting and functional features into your Etomite web site.

Back to top

#9 Cris D.

Loves Etomite Forums!

Developers
1,104 posts

Gender:Male

Posted 20 June 2009 - 11:18 AM

The easiest way to do this out of the box is to use a the snippet front-endFileManager. This uses the same upload form and also displays the contents that have been uploaded (optional). There is also a link to a live example that you can test. This snippet also handles deletions of the uploaded files.

If it does not suit you needs, then what you need to know is that when a file is uploaded, the details for the path can be stored in the database as per the example above. To show them, all you need to do is do a query on the table for all records that match the criteria and display them using the normal API means.

The following things are stored for each record:

//collect variables to save
$fields=array('file'=>$filename, 'folder'=>$uploaddir, 'extension'=>$extension, 'member'=>$_SESSION['internalKey']);

Quote

All uploads are stored in the upload folder and all upload info stored in a dedicated table including:
upload user id, type of file, folder where stored, filename, file extention, timestamp.

To do a query like the one you suggested (all contents of a directory), simply do a query like this:

$rs=$etomite->getIntTableRows("*","uploads","folder='my_upload_folder'");

//This will collect all records if you have put the name you used in your snippet for the upload folder is the same as the name entered here

Then get some html ready to show in the normal templating manner (this example is a chunk)

$chunk=
<<<END
<a href="http://mysite/{folder}/{filename}.{extension}">{filename}.{extension}</a>< /br>
END;

Then parse each record through your template using the normal methods (php looping, parsechunk, mergecodevariables etc) like this:

$output = $etomite->parseChunk($chunk, $rs, $prefix="{", $suffix="}");

Now you are ready to show your results:

return $output;

This code can easily be used as a stand-alone snippet or added to the upload snippet depending on your needs.

If you prefer to simply show the contents of a directory without database to-ing and fro-ing, there are a few snippets that do that, One that comes to mind is vision-viewer

if(!function_exists('IsDir')){
function IsDir($directory = null, $sub = false) {
	if($dir = opendir($directory)) {

		$tmp = Array();

		// add the files
		while($file = readdir($dir)) {
// make sure we're looking at a file
			if($file != "." && $file != ".." && $file[0] != '.') {
				// if a directiry, list all files within it
				if(is_dir($directory . "/" . $file) && $sub == true) {
					$tmp2 = IsDir($directory . "/" . $file);
					if(is_array($tmp2)) {
						$tmp = array_merge($tmp, $tmp2);
					}
// make sure not to include folder names, only file names
				} else if(strstr($file,".")) {
					array_push($tmp, $directory . "/" . $file);
				}
			}
		}
		closedir($dir);
		return $tmp;
	}
}

This code reads the contents of a directory and stores it in an array for you to use in a similar manner to the $rs above.

Hope this helps. By the way, I have not tested the code above, it is possible that I may have missed a comma or quote here or there, this code also assumes a basic level of understanding of arrays, variables and etomite APIs.

Cheers,
Cris D.

Edited by Cris D., 20 June 2009 - 11:32 AM.