Hi. I have a simple form that allows a user to attach a file, then it used PDF action to create a pdf of the form contents and emails that and the attached file to the recipient.
I also have a simple chronoconnectivity link that displays all the submitted forms for the currently logged in user. The chrono connectivity table lists some key details from the form but then if a document was attached, it gives the user a link to it and also a link to download the pdf version of the completed form that was submitted.
Problem I have is security. In Joomlatools Docman, the upload/download folders are protected by .htaccess deny from all - this won't work with Chronoconnectivity out of the box because the forms are denied access to upload the files to such a protected directory.
Although there's an index.html file in the directory, a user could still theoretically download an uploaded document or pdf of the completed form.
Ideally, the chrono directories could be outside of the webroot, so not accessible.
Any idea how to achieve this?
thanks mark
Hi Mark,
You can specify a folder above the root for the Upload Files action. (I've just tested and it does work.)
If that isn't working then you may need to check that the Joomla! User (the server use, that is) has the necessary write permission to save in the specified folder.
Bob
Hey Bob!
Ok - so on any of the pdf actions or file upload actions, i could specify an out of root folder - relatively, like ../../cf_file_uploads/ with the webserver user given permission - that's great.
I may need to wrangle the way cc allows the user to then download the files when they view a record but it's a great start. I'll give it a go over the next couple of days.
Thank you and Merry Christmas!
mark
Hi. Sorry for the delay - yes works perfectly so now the TCPDF files and uploads are outside the webroot. Only trick is now that I have a simple CC list to view some basic details of all recorded submissions - ID, date, name etc. There was also a link to the TCPDF generated file and uploaded files - this was achieved using the html section of the model view - obviously that no longer works because the files are outside the webroot.
I can get away with ignoring the uploaded files but it would be very useful to still be able to offer the link to the TCPDF file as this contains all details of the submitted form - is there a method to still be able to reference it in a link?
thanks, mark
Also - on the cf end, when a user submits a form, they were given the link to download the pdf file in the "Thanks" page. I did this because the tcpdf save and download action worked ok (but the download happens so fast that the user is generally unaware it happened) but didn't seem to continue on to a thanks message and save the data in the db - it sticks at the form submit stage.
So I just used the "save" action.
Again, there's no way to embed a link to the TCPDF generated file, being out of the web root - but I added a "file download" action and that lets me specify the absolute path to a file - however, I can't specify the file to be cf_pdf_file so that it would be dynamic. Is there a simple change necessary to the file download action to allow this?
mark
Hi Mark,
Please remove the file download action and use a "custom code" action, then use this code:
<?php
\GCore\Libs\Download::send("PATH_TO_FILE_HERE");
And add the path to the file you want to download, that should send the file to the browser for download.
Regards,
Max
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
Hey Max - thanks - just tried it - maybe the line I put in is wrong:
<?php
\GCore\Libs\Download::send("../cf-files/forms/spaform/{cf_pdf_file}"); ?>
As soon as this is in place under the display message action, I get a blank, white screen - no debugger info. So, syntax is wrong? It tried replacing the {cf_pdf_file} with an actual file I know is there - still blank screen.
sorry to be a pain. mark
ok - update - even putting in a absolute /var/www/ path no file is delivered. I'm not able to tail the logs at the moment - will post any message or obvious error I made as soon as I'm able to check them.
mark
Hi Mark,
You need to use the full absolute path, in order to get the error, you can set the "Error reporting" to maximum under the Joomla global config!
Regards,
Max
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
Brilliant. Thanks Max - download action works.
mark