Forums

Linking to uploads / downloads outside web root

sem 23 Dec, 2014
Hi. I have a simple form that allows a user to attach a file, then it used PDF action to create a pdf of the form contents and emails that and the attached file to the recipient.

I also have a simple chronoconnectivity link that displays all the submitted forms for the currently logged in user. The chrono connectivity table lists some key details from the form but then if a document was attached, it gives the user a link to it and also a link to download the pdf version of the completed form that was submitted.

Problem I have is security. In Joomlatools Docman, the upload/download folders are protected by .htaccess deny from all - this won't work with Chronoconnectivity out of the box because the forms are denied access to upload the files to such a protected directory.

Although there's an index.html file in the directory, a user could still theoretically download an uploaded document or pdf of the completed form.

Ideally, the chrono directories could be outside of the webroot, so not accessible.

Any idea how to achieve this?

thanks mark
GreyHead 24 Dec, 2014
1 Likes
Hi Mark,

You can specify a folder above the root for the Upload Files action. (I've just tested and it does work.)

If that isn't working then you may need to check that the Joomla! User (the server use, that is) has the necessary write permission to save in the specified folder.

Bob
sem 24 Dec, 2014
Hey Bob!

Ok - so on any of the pdf actions or file upload actions, i could specify an out of root folder - relatively, like ../../cf_file_uploads/ with the webserver user given permission - that's great.

I may need to wrangle the way cc allows the user to then download the files when they view a record but it's a great start. I'll give it a go over the next couple of days.

Thank you and Merry Christmas!

mark
sem 11 Jan, 2015
Hi. Sorry for the delay - yes works perfectly so now the TCPDF files and uploads are outside the webroot. Only trick is now that I have a simple CC list to view some basic details of all recorded submissions - ID, date, name etc. There was also a link to the TCPDF generated file and uploaded files - this was achieved using the html section of the model view - obviously that no longer works because the files are outside the webroot.

I can get away with ignoring the uploaded files but it would be very useful to still be able to offer the link to the TCPDF file as this contains all details of the submitted form - is there a method to still be able to reference it in a link?

thanks, mark
sem 11 Jan, 2015
Also - on the cf end, when a user submits a form, they were given the link to download the pdf file in the "Thanks" page. I did this because the tcpdf save and download action worked ok (but the download happens so fast that the user is generally unaware it happened) but didn't seem to continue on to a thanks message and save the data in the db - it sticks at the form submit stage.

So I just used the "save" action.

Again, there's no way to embed a link to the TCPDF generated file, being out of the web root - but I added a "file download" action and that lets me specify the absolute path to a file - however, I can't specify the file to be cf_pdf_file so that it would be dynamic. Is there a simple change necessary to the file download action to allow this?

mark
Max_admin 12 Jan, 2015
Answer
Hi Mark,

Please remove the file download action and use a "custom code" action, then use this code:

<?php
\GCore\Libs\Download::send("PATH_TO_FILE_HERE");


And add the path to the file you want to download, that should send the file to the browser for download.

Regards,
Max
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
sem 13 Jan, 2015
Hey Max - thanks - just tried it - maybe the line I put in is wrong:

<?php
\GCore\Libs\Download::send("../cf-files/forms/spaform/{cf_pdf_file}"); ?>

As soon as this is in place under the display message action, I get a blank, white screen - no debugger info. So, syntax is wrong? It tried replacing the {cf_pdf_file} with an actual file I know is there - still blank screen.

sorry to be a pain. mark
sem 13 Jan, 2015
ok - update - even putting in a absolute /var/www/ path no file is delivered. I'm not able to tail the logs at the moment - will post any message or obvious error I made as soon as I'm able to check them.

mark
Max_admin 13 Jan, 2015
Hi Mark,

You need to use the full absolute path, in order to get the error, you can set the "Error reporting" to maximum under the Joomla global config!

Regards,
Max
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
sem 15 Jan, 2015
Brilliant. Thanks Max - download action works.

mark
This topic is locked and no more replies can be posted.