Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Update for critical security issue in PHPMailer included in release Vanilla 2.3.1

Automatically creating upload folders?

Hello all

Here’s my problem :

The uploading feature available in advanced editor works like a dream but all uploads are mixed into …/uploads/editor/.... So is there a way to automatically create a folder with the user’s name ?
I tried this addon from jackmaessen :
https://open.vanillaforums.com/addon/sfm-plugin
But it does not work from my side, furthermore, it don’t allow other users to download.

I hope my explanations are clear enough.
Any solution ?

Thanks by advance

P.S : I’m not a coder but no fear, I’m here to learn after all :).

Best Answers

  • Accepted Answer

    Thanks for your time, but I found another solution:

    I found a "kindergarden school" (:D) which is kind enough to teach me how to code my own stuff.
    Indeed, it is not the first time I install a Vanilla forum, but for this second one, I have particular needs and to be honnest, It will be a great improvement to my personal knowledge to do it by myself.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator
    Accepted Answer

    I havn't had a closer look at what is possible, but based on this few lines I'm pretty sure you can easily take influence on the "absoluteFileDestination"

    You would have to find out the current user, add the users id as a path and make sure that file a) could be saved and b) doesn't overwrite an existing file.
    hat
    I'm not convinced that I would go that way, but if you think it would be good for you, I will support creating that plugin.

    Get some basics about php, read the docs about plugins and as soon as you have a skeleton plugin up and running and have a basic understanding of what the following code might do, come back and ask for more details:

    public function base_beforeSaveUploads_handler($sender, $args) {
        $userID = Gdn::session->UserID;
        // Find out what $args['AbsoluteFileDestination'] looks like
        // in order to knw how to parse it.
        // Insert $userID."/" before the filename
        // Check if that file exists
        // If no: try to write that file
        // If yes: create a new file name and loop back
        // Change $args['AbsoluteFileDestination']
        // That's it!
    }
    
    keltwookie

Answers

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited August 13

    Have you tried the plugin https://open.vanillaforums.com/addon/myattachments-plugin

    P.S. : This is not a coding kindergarden school, you must know the basics on your own...

    keltwookie
  • Ah, Vrijvlinder….still kind and helpfull
    BTW, I'm a little bit too old to be taken for a kid

    Thanks for the link but it does not work:

    Something has gone wrong.

    We've run into a problem and are unable to handle this request right now.
    Please check back in a little while.

    Regards

    P.S: I promise, next time I want to learn, I will ask elsewhere

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Please look at your server error logs to find out why it does not work for you. I works perfectly for me on several installations.

    Or enable debugging..

  • Accepted Answer

    Thanks for your time, but I found another solution:

    I found a "kindergarden school" (:D) which is kind enough to teach me how to code my own stuff.
    Indeed, it is not the first time I install a Vanilla forum, but for this second one, I have particular needs and to be honnest, It will be a great improvement to my personal knowledge to do it by myself.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    That's great, good luck with that. Too bad others won't benefit from finding out why that plugin did not work for you..

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    What do you want to achieve in the end/why is it a problem that files are mixed in one folder?

    It's great that you found someone who will help you code. Just today I've stumbled upon this article, by the way.
    As soon as you start writing your own code, you will come to a point where you have to face Vanilla specific problems. I guess the best way to solve those problems would be to ask your questions here. Don't hestitate to do so.

    P.S.: you can title your questions with "Kindergarden question" so that it can be avoided by those who do not want to read them.

    whu606
  • What do you want to achieve in the end/why is it a problem that files are mixed in one folder?

    Instead of a long talk, here’s why:
    https://katatrolls.eu/
    (sorry for typos, grammar and syntax, this will be corrected ASAP.)

    Indeed, this project could host commercial licensed games, and in this case, it would be necessary to allow some downloads and not others until a payment was effectively done. To manage efficiently the uploads, I need to know what belongs to who when I browse the files on my hosting service.

    It's great that you found someone who will help you code...

    It’s not « someone » : There are loads of tutorials all over the Internet about PHP, CSS, (X)HTML and so on. It just take time.

    ...I guess the best way to solve those problems would be to ask your questions here. Don't hesitate to do so.

    Many thanks, I will. To be honest, I was a bit astonished by vrijvlinder’s answer. This kind of reply could discourage any newcomer, but maybe I have too much old habits. I always thought « open source » was synonymous of « sharing knowledge ». but I could be wrong.

    P.S.: you can title your questions with "Kindergarden question" so that it can be avoided by those who do not want to read them.

    LOL, be assured I will

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator
    Accepted Answer

    I havn't had a closer look at what is possible, but based on this few lines I'm pretty sure you can easily take influence on the "absoluteFileDestination"

    You would have to find out the current user, add the users id as a path and make sure that file a) could be saved and b) doesn't overwrite an existing file.
    hat
    I'm not convinced that I would go that way, but if you think it would be good for you, I will support creating that plugin.

    Get some basics about php, read the docs about plugins and as soon as you have a skeleton plugin up and running and have a basic understanding of what the following code might do, come back and ask for more details:

    public function base_beforeSaveUploads_handler($sender, $args) {
        $userID = Gdn::session->UserID;
        // Find out what $args['AbsoluteFileDestination'] looks like
        // in order to knw how to parse it.
        // Insert $userID."/" before the filename
        // Check if that file exists
        // If no: try to write that file
        // If yes: create a new file name and loop back
        // Change $args['AbsoluteFileDestination']
        // That's it!
    }
    
    keltwookie
  • Great !
    Many, many thanks.

    I will follow your instructions and will come back once I have something.

    "I'm a happy wookie now"

    vrijvlinder
  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited August 14

    @keltwookie said:
    Many thanks, I will. To be honest, I was a bit astonished by vrijvlinder’s answer. This kind of >reply could discourage any newcomer, but maybe I have too much old habits. I always thought >« open source » was synonymous of « sharing knowledge ». but I could be wrong.

    Sharing Knowledge is not the same as Teaching someone from step 1 all about php, css, js, html etc..

    P.S : I’m not a coder but no fear, I’m here to learn after all

    Open Source software forum does not mean Coding School for Beginners . Not because of lack of disposition, but from lack of time. It is impossible to achieve no matter how hard anyone here tries. If you don't have any coding experience or personal autodidactic knowledge of coding, any coding, we can't help you until you do. That is all I meant to say because it's true. This is no place for modesty about what you know or not know when you ask a question or want to create a specific plugin, because we don't know if you are a beginner or just pretending to be one when you say you are not a coder.

    If you can create a simple html page and know how to work with CSS , then you are a coder. You might say you are not a great coder but can understand frameworks and logic within software and are willing to learn more.

    Many people come here not knowing anything and before they have had a chance to understand what the software can do, start asking for modifications. Sometimes someone here might become inspired and create a plugin or a theme for these users, and sometimes there is no time or money and no one wants to pay for coding work that takes hours or days... to those people I recommend hiring a professional coder to do the work for them or utilize the Paid Vanilla.
    We are Vanilla Users and volunteers, not paid staff.

    To be honest, I was a bit astonished by vrijvlinder’s answer. This kind of reply could discourage any newcomer

    :( When I first joined here almost 5 years ago, I was treated the same way maybe even worse by some people. But they were right that there is a learning curve and they could not teach me what I should have already known on my own, and it forced me to persevere to instruct myself how to work with this software and learn to ask constructive questions to help myself, many times my questions went unanswered, I had to research it all myself until one day I spoke Vanilla and it made sense. Eventually I was able to create plugins and themes for people, I am still learning. Since then I have logged thousands of volunteer hours helping people here with their forums... as best as I can.
    Some people are grateful others are not. I don't mean to discourage anyone.

    TBB
  • @vrijvlinder:

    To answering to what you posted above, let me tell you a part of my own story if you please :

    I was a musician during 25 years and music teacher during 15. Not because I wanted to teach, but because people asked me. My first lesson was a total mess because I forgot one essential thing what appeared an obvious fact for me : Tuning properly his instrument. It learned me one thing : A total reviewing of my teaching skills.
    This to tell you that even the most talented coders often forget that there were beginners one day.
    And in my mind, being part of a community involves help and basic teach to newcomers, if not, a community can’t grow. And I’m not talking about any staff, but volunteers. I’m registered on several forums/communities all over Europe and every time I asked, I always received advices, examples, etc. no matter what the discipline was.
    The most recent example I can tell you is the Godot Devs forums (which use Vanilla forums too, by the way). I was a pure beginner in 3D modeling one year ago but 2 of the most ancient members of the community helped me A LOT to understand how build something properly (ie : topology. I still meditate the tons of informations they gave me) And they perfectly knew that my knowledge was close to absolute zero but these two members knew one thing about me : I wanted to learn.

    f you can create a simple html page and know how to work with CSS , then you are a coder. You might say you are not a great coder but can understand frameworks and logic within software and are willing to learn more.

    In my opinion, a coder understands all parts of his code, I’m far pretending doing so, even if I understand the main principles. But honestly, everyone can code a basic html page, I learned in less than an hour, and concerning css, it’s more an artist view that a coder view in my opinion, so, most my field. Did you know that my first reference in css was one of your works (DeepSpace theme) ?

    When I first joined here almost 5 years ago, I was treated the same way maybe even worse by some people. But they were right that there is a learning curve and they could not teach me what I should have already known on my own….

    Still in my opinion only, it is a not a reason to do the same, and no madam, there were wrong. Fortunately and like me, you apparently have had the luck to have parents or teachers who taught you to make work your brain, because yes, a brain is as any muscle, it have to work to remain efficient. But what about those who haven't had this luck ? Do we have to let them in complete ignorance ? If yes, it is a really sad world. Really sorry if I look like an old ridiculous hippie, but it is really what I think.

    To close this and paraphrase one of my hero :
    « Ignorance is responsible for all the evils on Earth: Disease, famine, poverty, wars and violence are the result.” (Mohandas Karamchand Gandhi – 1869-1948)

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    @vrijvlinder said:
    Please look at your server error logs to find out why it does not work for you. I works perfectly for me on several installations.

    MyAttachments is using the MediaModel from the FileUpload plugin without stating that in the RequiredPlugins info. So it will fail anywhere where that plugin is missing

    keltwookie
  • Many thanks again, it now works perfectly :awesome:

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    I thought I had uploaded the plugin with the fix already ... I will upload new version asap.

  • @R_J

    I'm not convinced that I would go that way, but if you think it would be good for you..,

    I'm still studying your instructions above, but how would you manage this? FTP account?

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    I'm not sure because I didn't understood what you would try to do "in the end".

    @keltwookie said:
    Indeed, this project could host commercial licensed games, and in this case, it would be necessary to allow some downloads and not others until a payment was effectively done. To manage efficiently the uploads, I need to know what belongs to who when I browse the files on my hosting service.

    What does "manage" mean? What do you want to do with the uploads?

  • I gonna try to be more explicit:

    It is a matter to just not mix commercial licensed works with free downloads, in this latest case, the vrijvlinder’s plugin would be sufficient, but in the other case, no. The uploaders who would want to sell their works must be assured that nobody could download without authorizations.
    So, the only way I found for now is to separate the two kinds of works, free and not free, to set permissions case by case.

    And that’s why I asked if you had another (and surely better) idea :)

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    But if the url is known, anybody could download the files. There are no permissions you can set which would allow some users to download the file and others not.

    Any upload that a Vanilla user makes (no matter which folder is used) is available for download for every user. The only "security" you can rely on is that the file name cannot be guessed.

    When thinking about solving that problem I can think of following options:

    • uploaded file must be saved to a .htpasswd protected place and vendor only have to give the link and the password (not sure if this would realy work, though)
    • a download link which is only valid for a short time (link is a script with a parameter and the file itself is "only" streamed)
    • make it their problem: don't offer them a solution but point them to google drive, box.com, dropbox or anything else

    Most elegant solution: make it really secure by offering an upload option to a storage which is not accessible by anybody accept you and let users create short time links.
    Everything else is only "security by obscurity" which might be good enough, to be fair.

    Most simple solution: tell your users to upload all commercial games in a conversation with themselves, and pass the link they will see in such a conversation to their buyers.

    keltwookie
  • Most elegant solution: make it really secure by offering an upload option to a storage which is not accessible by anybody accept you and let users create short time links.

    I like this one very much, so, I would have to create (S)FTP accounts for vendors, these ones would be, as you said, manageable by admin team and those who are involved only. I know that I can create these (S)FTP accounts, I just have to check what is possible or not and how create these « short time links ». Indeed, I must type a tutorial to explain the way it works.

    Well, well, well … It seems I have a solution here, thanks to you. I will study this with a great care.

    Once again and sincerely, many thanks

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    Folder structures

    I wouldn't have thought about one folder per user as this sounds quite tedious. I would have thought about saving to a folder that is outside of the web root, so that web users cannot access that files directly. Think about following folder structure:

    /var/www - the root folder for everything related to your online activities. Make sure that this folder itself is not reachable through a web browser!

    /var/www/yoursitename - the root folder for everything which is connected with your page
    /var/www/yoursitename/vanilla - the vanilla installation. Your web root shoot point to that folder
    /var/www/yoursitename/commercial_uploads - every file saved here cannot be accessed through the browser

    By saving the files in a folder which is outside of the web root, nobody can directly access this files. That is the grade of security your vendors would ask for.


    Saving files

    You would have to find a way to let your users upload files with a special marker/in a special form so that Vanilla you can prevent Vanilla from saving files to any subfolder of Vanillas /uploads folder and instead use the commercial_uploads (that name is stupid, but it is the best I could come up with).

    Creating a page with a form is quite easy. I would go that way and give vendors a special role. Only forum members with that role would be able to see the upload page. Since this would be a special page created by you, it would be easier to save the file where you would like it to be, in comparison to making it an attachment.

    Later on you could extend that page:
    1. List all previous uploads
    2. Request download link
    3. Allow deleting files from that list
    4. Allow editing file information (like file name)

    There is another option for uploading files. You could create a dedicated "trading user", some kind of a bot. Your users would have to write a conversation message to that bot user account, attaching the file and maybe give some additional info to it in a standardized form. I don't know if you ask them for categories, tags or any meta information.
    When the file is attached, it would be saved to Vanillas uploads folder, but you would have to track the creation of new messages and when you see a message with an attachment to that bot user, you can move that file to the "secured" folder.

    The dedicated upload page is easier and cleaner, but bots are more fun :wink:


    "Serving" files

    All commercial files will be in that safe area. So how would a buyer be able to access it? You would have to provide a download script. You can create that by adding something like that to your plugin:

    public function pluginController_market_create($sender, $args) {
        // get requested file name
        // check if session user is legitimated to get that file
        // look up in a table for that file name and get real file name
        // readfile(real file name)
        // stream download
    }
    

    I did a quick search for "php stream zip file download" and found that link: http://www.media-division.com/the-right-way-to-handle-file-downloads-in-php/
    I think it would be a good start and it talks about security, too, which is important when reading files from your file system.


    Selling files

    Well, you would have to offer some kind of possibility so that a vendor can mark another user as a legitimate downloader. There are several ways to handle that.
    You can leve it all up to the users how they handle it and only provide short time links for the downloads. Your vendors would see a list of their uploads and get an option to request a download link with a given life time, maybe you allow them to chose that themselves. You would need a table with entries like that for something like this:

    MarketItemID - Every table should have an ID column
    Filename - The name which should appear when the browser shows a "Save As" window
    Path - The complete path (including the real file name)
    InsertUserID - You might prefer "Owner" or "Vendor", but Vanilla-speak is InsertUserID
    CountSales - Would be interesting, wouldn't it?

    And another table which shows every selling activity

    MarketPurchaseID - Every table should have an ID column :wink:
    MarketItemID - What has been sold
    InsertUserID - Who made the purchase
    DateInserted - Date of purchase
    DownloadCode - Some arbitrary characters
    LinkLifeTime - How long link should be valid
    DateUpdated - Vanilla speak

    When a link (it would look like /plugin/market?id=123&code=abcdefgh) is clicked, our plugin would look up

    • if the code provided matches the provided id
    • if (DateUpdated is given, else DateInserted) + LinkLifeTime <= now

    If not, the buyer must request a new code. With such a code, anybody could download a file

    If you handle the selling somehow in your forum, you must give the vendor a way to mark a user as a customer who has bought a product. Afterwards you could pass a general link to that user. The check then would be

    • if code and DownloadCode match AND
    • if session user is InsertUserID

    In such a case no one who hasn't been marked as a customer would be able to download the file.

    If buyers can be users who are no users of the forum, you would have to use the first option (short valid links), if they will always be forum users, you should prefer the second option.


    Passing a download link, marking as buyers

    There are a million ways to do so, but I would go the bot way:

    In a conversation between buyer and vendor, add the MarketBot to the conversation. Vendor must write a message
    @MarketBot sold "Filename"
    MarketBot would reply with either "Congrats buyer, you can download the file from link..." or "Sorry vendor, there must be a typo. I cannot find file..."

    Wouldn't that be great? =)

    Instead of this you could also create a form where vendor sees a dropdown with his uploads and can enter a username behind it. When the form is submitted, the result would be a link that has to be given to the buyer. How that link is passed must be decided by the vendor. Boring, but if the buyer is not a forum user that solution is needed.


    Since you are a beginner, I would recommend you go the easiest way which would be using simple forms. Once you have understood how they work the rest would be fairly easy.

    You need an upload form and a form which allows your vendors to add buyers to products.

    And then, when you are getting more experienced, introduce the Market Bot to your community :mrgreen:

    rbrahmson
Sign In or Register to comment.