rejetto forum

Software => HFS ~ HTTP File Server => FHFS => Topic started by: SonyUSA on June 25, 2016, 04:49:01 PM

Title: User folder as registered email address
Post by: SonyUSA on June 25, 2016, 04:49:01 PM
I was looking through the templates and saw most of the user folder references are by variable, which is good, but for what I'm using it for it would be great if the users folder name was their email address instead of username, that way I can process their uploaded files and easily send them an email reply since I'll have explorer open already. This will help other admins who don't have FHFS admin accounts to find their email addresses easily, also.

For instance: D:\HFS\Uploads\Content-users\stanley@stanleysteamer.com\private\

Any idea what to change to enable this? I feel like it would be an easy thing to do... :)
Title: Re: User folder as registered email address
Post by: bmartino1 on June 26, 2016, 04:12:23 AM
this is a better question for raybob, at the start of FHFS, ther is a startup script where i think a dim / string value can be scripted top do this....

and i think it might be  %e-mail% - Not 100% sure what the string it is for an email address...

the problem i see is the first start creation in with is tries to make a user folder, and the "@" sign would get in the way there...
Title: Re: User folder as registered email address
Post by: SonyUSA on June 26, 2016, 06:04:31 AM
this is a better question for raybob, at the start of FHFS, ther is a startup script where i think a dim / string value can be scripted top do this....

and i think it might be  %e-mail% - Not 100% sure what the string it is for an email address...

the problem i see is the first start creation in with is tries to make a user folder, and the "@" sign would get in the way there...

Thanks for chiming in, I did a search for user-content/^username and did a replace all to user-content/^email (something like that) for 5 occurances, then modified another file as such:

Code: [Select]
{.mkdir|{.from table|installvars|CONTENTDIR.}\content-users\{.upper|{.^account-create-param2.}.}\private.}
And everything seems to work fine, folder names with @ don't seem to be an issue with Windows, there's a few bugs such as admin console showing root file folders for the user being missing, however a larger problem comes into play when you DELETE an account, because as far as I can tell it doesn't pass the user's email address as an "account-delete-param" and therefore I cannot delete or rename their file folder. Which means if someone deletes their account and ANOTHER user creates an account with the same creds, they can access all of that person's files (I tested this)... any hints? :)
Title: Re: User folder as registered email address
Post by: SonyUSA on June 26, 2016, 06:10:32 AM
On a side note, I think I just figured out a security flaw...

User creates a login ID of "deleted.adminguy" and can access that deleted accounts files... ? Maybe even pass the ascii code to generate the dot in the username if name.name is forbidden?
Title: Re: User folder as registered email address
Post by: Mars on June 26, 2016, 01:38:04 PM
no variable of this type %xxxx% can not be added or changed because it is part of the source code, you can use against personal variables macro type using the data available as  {.^user.}  and {.^email.}

for that you must put them in the existing section [Special: alias] located in the template.

[special:alias]
check session=if|{.{.cookie|HFS_SID_.} != {.postvar|token.}.}|{:{.cookie|HFS_SID_|value=|expires=-1.}
{.break|result=bad session}:}
can mkdir=and|{.get|can upload.}|{.!option.newfolder.}
can comment=and|{.get|can upload.}|{.!option.comment.}
can rename=and|{.get|can delete.}|{.!option.rename.}
can change pwd=member of|can change password
can move=or|1|1
escape attr=replace|"|"|$1
commentNL=if|{.pos|<br|$1.}|$1|{.replace|{.chr|10.}|<br />|$1.}
add bytes=switch|{.cut|-1||$1.}|,|0,1,2,3,4,5,6,7,8,9|$1 Bytes|K,M,G,T|$1Bytes
email=%user%
user=substring||@|%user%


each new account must necessarily be registered with the email address, which be used to identify the login of  form name@domain

which can not be changed is the value of %user%=name@domain, at each location of the template, where a comparison with %user% is necessary for the protection of data, it will change nothing.
 By cons, to various places will appear or used email or user name (that of the email) then we can put respectively {.^email.} and {.^user.}.

that's all it is physically possible to the email adrese should serve as an identifier for the connection, and then transmitted as a form for registration be stored separately in a table of HFS type of external file for use in subsequent spots

[special:alias]
......
email=from table|{.load|D:\HFS\emails.txt.}|%user%
user=%user%


example of emails.txt  containing lines as user=name@domain

SonyUSA=Censorius.Hybernatus@gmail.org
root=root@mydomain.com
.....