I have problem with uploading files. I followed these instructions: http://symfony.com/doc/current/cookbook/doctrine/file_uploads.html and everything is working fine, but I want to save uploaded files in a folder that is not public and with random name and then send it to the browser in original name.
I know how to put file in non public folder with random name and how to save original name to database, but what should I do next for getting this file content and send it to browser with original name? How to achieve that?
Store the hidden path in the database, then just read it in your php script that is public available and send your file to a user, if you don't how to send files in php, you can find it out here on stackoverflow.
Related
I have an asp.net web api project using token based authentication. my app uploaded and retrieve images and I keep file path in table_myfiles along with the uploaded user ID.
I would like the user to access only the files he have uploaded, which I can identify from the table.
How to protect my resources to restrict access to only to the user based on table_myfile ? And not to anyone without logging in or direct link / path ?
I have been searching for any possible solution for a week now , I think I should implement a middleware to manage access. But I couldn’t find any resources on how to implement the same.
Currently my api shows all resources just by directly accessing the file path/link.
The simple apporach is to remove the vitural folder, or that folders from the web site folders. That way, no simple URL exists for any of the files.
So, for a user to get/see/use/download a file? You present say a listview or some kind of grid (or repeater) that displays and lists out the files.
Then, when they want to download or view a file?
You use response.write and stream the file down to the client side.
Remember, on the server, code behind uses 100% clean and correct windows file paths. For any web based URL, then that folder must be in a valid path of the web site. When they type in a valid URL, it eventually gets translated to that given folder in the site (or a external folder provided when you create a mapped "virtual" folder in IIS. However, if you don't provide that virtual folder, or the folder is NOT in the web site file/folder sets, then no valid URL's exist. However, that folder can be directly used and hit with code behind - any valid server path/folder name is allowed in code behind.
Because when streaming the file, you need path name, file name, AND ALSO the "mine" type. Thankfully, .net 4.5 or later has this ability.
so, from a database (table) I display the file names like this:
But, if you click on the preview image, that is a image button.
The code behind simply gets/grabs the file name from the database.
I then download (stream) the file to the browser side like this:
if (File.Exists(strInternalFullPath))
{
string strConType = MimeMapping.GetMimeMapping(strInternalFullPath);
binFile = File.ReadAllBytes(strInternalFullPath);
Response.ContentType = strConType;
Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(strWebUrl));
Response.BinaryWrite(binFile);
Response.End();
}
else
MyToast2(this, btnLink.ClientID.ToString, "File Not found", "We no longer have this file avaiable.");
so, this buttion behaves 100% like a link, but there are no existing URL's or path name that points to the files folder from a web based URL.
Remember:
Web based URLs - they auto map from the web site URL to a existing folder.
You can use server.MapPath("some url to file") to "translate" this to a internal file name.
Code based files:
In your .net code (code behind) ANY file name is a standard plane, jane file name that points to a file on the server.
so, once we have that file name from the database, you can steam the file as if the user clicked on a link. But you never have to expose the actual file name, or file path. And no such valid URL's exist on the web site, since you do NOT have that files folder in the web site folder hierarchy - but placed that folder outside of the web site.
As long as that folder is outside of the web folders, and as long as you don't setup a virtual folder that points to that folder outside the web folders?
Then code behind can STILL get/grab/see/use any file on the server. that code uses a full valid windows file name, - but the web site will have no mapping to such a folder - hence no valid URL's will exist or can be typed in.
I'm trying to get the relative path to a file inside a app/cache dir.
I've tried via custom config file using:
parameters:
output_dat_path : %kernel.root_dir%/cache/%kernel.environment%/myfile.dat
Also I tried:
$kernel = $this->get('kernel');
$path = $kernel->getRootDir() . '/cache/' . $kernel->getEnvironment() . 'myfile.dat';
Both ways generate absolute paths, that both work fine using them inside a controller or service, but, I need a relative path to generate a link for the user.
I'm thinking to move the file to the web directory in my service and use asset in the template to generate the link, but the file is private for every user and I don't want to expose it.
Any thought?
Thanks in advance.
UPDATE
I solved this as follows:
User, once authenticated, generates his file. If the file doesn't exists, is generated. If it exists, the controller checks the user rights, time, etc. and returns the file.
If the system has to be generated, the file is created in a private folder and an encrypted name is generated. The encrypted name is generated using base_64 and some changes after that.
The system shows to the user a link. That link is something like /get/privatefile/eDfa...23Hn
When the user clicks on it, the controller checks the user, time from creation, etc.
If all is fine the controller returns the file.
I made this because the file must be created once, and be available for a short period of time and after must be deleted. If an user pass the link to other person, the checksum of the encrypted name fails and the file cannot be accessed.
I am sure that this is not the best solution but it works right know.
I've got a very strange problem using drupal 7. I've got a wbesite running and using views and content types I have been able to build a lot of functionality. Now the following occurs:
When I add a new field to a content type (new or existing) of the the type file or image, I have this field in the form but when I try to upload a file or image using this form it gives an error "The file could not be uploaded" or the full error (from the recent log messages): "The upload directory public:// for the file field field_katapult_voorpagina could not be created or is not accessible. A newly uploaded file could not be saved in this directory as a consequence, and the upload was canceled."
Strangely, when I upload a file or image using an older existing field (pointing to the same directory: public://) it does not give an error and the files upload without a problem. So this makes me think that the server settings are actually set properly.
Anybody who can help me with this problem?
If not, can anybody point me in the right direction as to where I can find the files that handle the upload process in drupal 7?
Many thanks in advance!
You need to check a couple of things :
where is your public files folder, and if that is writable by the webserver ( in /admin/config/media/file-system )
where does your working field send files (it might be a different directory), and if it is, use that for the new fields as well.
Check you file destination directory setting of new image field. Do not include preceding or trailing slashes. This field supports tokens.
You can also check max, min resolutions, file upload limit, image style (if it is new image style other than thumbnail/ or existing) & number of values ( if it set to 1 you can't upload 2 or more). Finally you have to set it public files type.
I think you should check the files folder permission.
I have video files (mp4's as I want people to be able to view them on ipads etc.) that I serve to users. However some of these videos are only available to users who have a certain number of user points. I have that working in that if a user doesn't have enough user points they can't view the node. All users have the same role (video viewer) and the problem is that it is possible for someone who has enough user points to view the node, grab the url of the video and then give it to someone who has the video viewer role but doesn't have enough user points and then that person can directly download that mp4.
Just looking for a way to limit access to the mp4 file if a user does not have access to the node or hide the path to the file somehow. I have the mp4's stored in a private file system but this hasn't solved the problem as the users have the same role.
I've got this (http://www.ioncube.com/html_encoder.php) working on static pages in my webspace (non drupal pages) but can't get it working in my drupal setup. When I include the php code in my node to include the php file it just gives me a blank page.
Many thanks
There's not much I could say about this that the Drupal documentation doesn't already.
http://drupal.org/documentation/modules/file#access
Managing file locations and access
When you create a file field, you can specify the sub-directory of the site's file system where uploaded files for this content type will be stored. The site's file system paths are defined on the File system page (Administer > Configuration > Media: File system).
You can also specify whether files are stored in a public directory or in a private file storage area. Files in the public directory can be accessed directly through the web server; when public files are listed, direct links to the files are used and anyone who knows a file's URL can download the file. Files in the private directory are not accessible directly through the web server; when private files are listed, the links are Drupal path requests. This adds to server load and download time, since Drupal must resolve the path for each file download request, but allows for access restrictions.
The best practice for public files is to store them in the multi-site directory like: sites/default/files
The default way to securely add a private directory for your files is to use a directory that can not be accessed directly by your web server, but can be accessed by Drupal. Ideally this directory should be located outside of your Drupal root folder.
The simple way to add a private directory for your files is to create a sub-directory under the public directory like: sites/default/files/private
When you specify the private directory in admin/config/media/file-system it will automatically create the sub-directory & create a simple .htaccess file with Deny from all. This stops Apache from serving files from this directory. Make sure that you test this by adding file to that directory and verifying that you can't browse there directly. If this isn't working, all files in this directory will be accessible to anyone who can guess the URL! Note that non-Apache web servers may need additional configuration to secure private file directories.
Accessing Private Files
Once configured, files stored in the private directory are inaccessible via a direct link; however, if Drupal constructs a link to the file, the file will be accessible to anyone who can see the link.
For example: you have created a new content type with a file field which stores files in your site's private file directory. Next you create a node from this new content type and attach two new files. When the node is published links to both attached files are visible and anyone who can view the node may download the files. Now, if you unpublish the node, all attached files become inaccessible for download even if you use the direct link to the files that worked when the node was published.
Re-publish the node, and disable the "display" checkbox for one of the files. Save the node. Now one file is accessible for public download and the other is not accessible--even if you have the direct URL for the file that is not listed you will not be able to download this file.
For finer grained control of who can see/download attached files you will need an additional access control module. You may write a module yourself, or use a contributed module such as Content Access.
In my asp.net web application i have to convert resx file to excelfile and then i should provide an option to download the converted file. I have done the download function using response.Addheader method. Now i wanted to display statics to the user of how many keys are converted from resx file to excel file.
I have placed an label to display no of keys migrated but the code is not exceuted after response.end. Pls help me to get this done
Thanks
Rm
Short answer is that you cannot send some output once the response has closed.
Now to achieve what you want to do, you have to emit statistics along with link to download the actual excel file. For example,
Convert the file and store results into file system. You should use some random key (such as guid) for generating the file name.
Output statistics that you want to show to the user.
In the same output, emit a start-up java-script that would redirect the browser to the url that will download the file generated in step1 - the file name key will useful for creating such URL.
In rare cases where JS doesn't work or re-direct takes more time, The output from #2 should also contain a link that will allow user to download the file manually (the link will be accompanied with some friendly message)