Gossamer Forum
Home : Products : Gossamer Links : Version 1.x :

File Uploads

Quote Reply
File Uploads
I have a few questions about this feature, before I start to play with it.

Are there any built-in limits on what can be uploaded? For instance, size or type?

Can uploads be restricted to registered users in an easy manner?

Can uploads (or are they) limited to one upload per Link/entry?

I'm concerned about security holes in allowing people to upload, and the potential for someone to be able to upload a lot of stuff and try to distribute it at my expense.

Quote Reply
Re: File Uploads In reply to
 
Quote:
Are there any built-in limits on what can be uploaded? For instance, size or type?

No, but there are two upload paths, one for approved links and one for links awaiting validation. I would strongly recommend making the path to attachments waiting for validation be outside of the document tree so they are not accessible on the web.

Quote:
Can uploads be restricted to registered users in an easy manner?

Not by default, but adding in a check that a user is logged in before accepting the upload is very easy.

Quote:
Can uploads (or are they) limited to one upload per Link/entry?

You can only upload one file at a time, but one link can have one or more attachments attached to it.

It's still a little rough, but I'd be interested to hear your thoughts..

Cheers,

Alex

Quote Reply
Re: File Uploads In reply to
This will probably sound bad, but this feature is already built in? If so, YES!!!! Smile

------------------
James L. Murray
VirtueTech, Inc.
www.virtuetech.com


Quote Reply
Re: File Uploads In reply to
Is there a secret to getting the Attach a file function to work. I noticed in the Links.pm file that there's a note saying I have to rebuild the definitions if I define or redefine the path.

I defined the graphics location in Links.pm by saying

$LINKS{attach_dir} = "$LINKS{build_root_path}/Images";

I did the same for the user directory, the temp directory as well using different subdirectories.

I manually created the appropriate directories and chmoded them to 777

Just doing that didn't work, soooo....

then I dropped all the tables using setup.cgi
then I created all the tables using setup.cgi
then I recreated all the .defs using setup.cgi

I even tried adding a field called ATTACH-ADD but whether I tried it through php-admin or through the database editor that is provided with Linksql, I always get an error due to the " - " in the field name.

Anyway, The setup process created the following tables in addition to tables that previously existed. Users_Attach, Links_Attach, and Validate_Attach.

When setup.cgi was completed, there were no additional fields in any of the .defs' to hold the image(i.e links.def, users.def etc...), and there were no Users_Attach.def, Links_Attach.def, or Validate_Attach.def file created in my /def directory.

I tried to submit and attach a file but nothing happens except that my link gets put into the validation database. (Filename not included.) Am I supposed to do something else?

I searched the forum on the topic and only found this entry. (I do search before I post, VERY IMPORTANT) Anyone know what I'm doing wrong? I even searched everyone of my files for anything called Validate_Attach and _Attach, to figure out what it might be called from, but there's nothing that I can find to give me a clue. Is anyone else having this problem?

I have noticed in all the "sites in action" that no one actually uses this feature (I checked all ten sites), not even postcards.com. Uhmm, have any of you tried it?

Peace.

Kyle



[This message has been edited by klangan (edited January 25, 2000).]

[This message has been edited by klangan (edited January 26, 2000).]
Quote Reply
Re: File Uploads In reply to
Hi Kyle,

getting the file-upload working is quite tricky.

1. define the directorys in Links.pm
2. drop all tables in setup.cgi
3. rebuild the database with setup.cgi
4. modify the add.html template form

<form action="../../cgi-bin/lsql/add.cgi" method="POST" name="add" enctype="multipart/form-data" >

where the enctype=.. is the important stuff
now insert the file field:

<input type="file" size=50 name="ATTACH-ADD">

5. if you use the resync function of admin.cgi (table maintanance) be shure to edit the links.def and validate.def files because the upload directorys get blanked out.
change
$attach_dir = '';
to
$attach_dir = '/var/www/upload';
('/var/www/upload' is to be changed to your dir)

Now the upload with add.cgi should work.

the only problem is modifying the uploads.
I still dind't get it to work properly.

regards Alexander
Quote Reply
Re: File Uploads In reply to
Thank You Alexander,

The instructions you gave did the trick.

Next..... How do I get the build process to add the image to the link? There's not an image field in the Links database to access, so there must be a different way to do this. Does anybody know it?

Peace.

Kyle
Quote Reply
Re: File Uploads In reply to
Hi Kyle,

There are two ways to solve this problem.

1. If you only allow one image to be included for each link you can use the
quick 'n dirty way: by inserting an image href="Validated_Upload_Dir/<%ID%>.fil"
The browsers Netscape an Iexplore will both display them correctly.

2.Do it the recomended way (Alex's idea)(needs Perl knowledge)
Insert and modify following code

$att_list = $db->list_attach (SOMEIDNUMBER);
$att_list is an array ref of hash refs. So you could do:
foreach my $attach (@$att_list) {

}

and $attach can access any of:

ServerName
FileName
FileType
FileSize

3. Debug modify.cgi and compare it with admin.cgi and find out why modifying works in admin
and not in modify.cgi. (that where I am at the moment and need help!!)

regards, Alexander
Quote Reply
Re: File Uploads In reply to
Thanks Alexander,


I was able to get the quick and dirty way to work, however, I can't use that because I am using multiple attachments.

Unfortunately, I'm still confused about this.

In what file would I add and modify the perl the following code you suggested. nph-build.cgi, HTML_templates? and in what subroutine?

$att_list = $db->list_attach (SOMEIDNUMBER);
$att_list is an array ref of hash refs. So you could do:
foreach my $attach (@$att_list) {

AND WHAT MIGHT GO HERE? ANY EXAMPLES

}

You don't by chance have code that you're actually using that allows you to grab and display attachments do you? Examples are extremely useful to me cause I can usually extrapolate from an example that actually works.

also: do AOL and other browsers outside the IE and Netscape range understand how to read the headers on .fil?

Finally to add to your quick and dirty method - to get the image to display properly I had to add a variable in to Links.pm under the upload area:
$LINKS{view_attach_dir} = "$LINKS{build_root_url}/Images";

and in HTML_Templates I added in %GLOBALS:

build_attach_dir => $LINKS{view_attach_dir},

That way in my template I could use
<img src="<%build_attach_dir%>/<%ID%">>

That at least helped me accomplish the quick and dirty method. Thanks for that idea.

I'll take a look at modify.cgi and see if I can see anything that might be useful to you. Thanks for your help.


Anybody else who might know something about these question, please jump in!

Peace.

Kyle


[This message has been edited by klangan (edited January 27, 2000).]
Quote Reply
Re: File Uploads In reply to
Ok,

Lets say you want a tag named <%image%> in your detailed page

Modify the sub generate_detailed_page in page.cgi

before the line:
print $in->header;

insert :

# Generate image tag
my $image = '';
my $att_list = $link_db->list_attach ($id);
foreach my $attach (@$att_list) {
$image= $attach->{ServerName};
}

I don't use the foreach loop. You have to change the $image=$attach->(Servername) to an array of $images

now change
print &site_html_detailed ($link, { grand_total => $GRAND_TOTAL, title_linked => $title_linked}, $in);

to:
print &site_html_detailed ($link, { grand_total => $GRAND_TOTAL, title_linked => $title_linked, image => $image }, $in);

now you can add a tag <%image%> in your template.

You got to fix it for your multiple images

regards, Alexander
Quote Reply
Re: File Uploads In reply to
Alexander,

If you can email me telnet info, I'll take a look and see if I can fix up the modify on your site..

Cheers,

Alex
Quote Reply
Re: File Uploads In reply to
Hi Alex,

The server I am working on is offline as we have the server in our lan to configure it. I did not change anything in modify.cgi nor in admin.cgi.

Modifing with admin.cgi works fine. But when a user uploads a file via modify.cgi the admin-validation form does not display any attachements. (the file itself gets copied, renamed and validated) If you validate this link all attachements get mixed-up.

regards, Alexander