rejetto forum

is there a way to allow anonymous upload but not download?

0 Members and 1 Guest are viewing this topic.

Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
hi guys,
i use HFS beta #271, working great

I have an 'upload' folder that I want friends, family etc to be able to connect to (without log in) just anonymous and upload files... but I don't want anyone to be able to download anything from that folder.  So far I have been able to achieve this by setting the "no download" flag on the folder properties in HFS.  But I want to create a special "super user" who can Log In and thus be able to download any file from the uploads folder.   

Is this possible?   I couldn't make it work.  thanks so much for any guides.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2051
    • View Profile
select the real folder on vfs an right click to see  properties

flags >> check  "no download"

permissions >> upload >> select "anyone" or check the accounts allowed to upload in this folder

 ;)


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
But I want to create a special "super user" who can Log In and thus be able to download any file from the uploads folder.   

Drag the Upload folder from the disk directory and drop it on a different directory in the virtual file system window, so that now you have it in two different places in the vfs.
Go to properties and give access, etc as you wish, to this second copy. I usually rename it to Upload2,
and put it in a folder reserved for remote admin items.
I use this method, so that Admin has remote access to all.
There is also a way to do a blind Upload folder, so that all users see is the upload form, but it
is a bit more complex.


Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
select the real folder on vfs an right click to see  properties

flags >> check  "no download"

permissions >> upload >> select "anyone" or check the accounts allowed to upload in this folder

 ;)
sorry but I tried that and it doesnt work-- yes it locks the folder and yes if I log in I can download but the problem is, now I have to enter a password to even enter the folder-- so it means even though I have set permissions/upload to "anyone", they will never reach there because they get prompted for password as soon as they click the upload folder... :(


Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
Drag the Upload folder from the disk directory and drop it on a different directory in the virtual file system window, so that now you have it in two different places in the vfs.
Go to properties and give access, etc as you wish, to this second copy.
yes this method does indeed work. thanks for the tip!!
Quote
There is also a way to do a blind Upload folder, so that all users see is the upload form, but it
is a bit more complex.
I am interested in more details about this... is it documented anywhere?  i would like to hear more if you have the time  :)


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2051
    • View Profile
yes this method does indeed work. thanks for the tip!!I am interested in more details about this... is it documented anywhere?  i would like to hear more if you have the time  :)

go to properties of the folder and put that on the diff template

Quote
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">
   <title>HFS %folder%</title>
   <link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
</head>
  <body style='margin:2em;'>
  <h1>{.!Upload Page.}</h1>
  <form action="." method='post' enctype="multipart/form-data" style='text-align:left;'> <input type='file' name='file' style='display:block;' /><input type='submit' value='{.!Upload.}' style='margin-top:0.5em;' />
  </form>
<br>
{.if| {.%folder% != / .} | <a href=".."><img src="/~img14"> {.!Up.}</a> .}
</body>
</html>


set flags as at the image

It is already the beginning, you can update to your choice ;)
« Last Edit: October 21, 2010, 02:13:32 PM by Mars »


Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile

Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
thanks, I tried the blind upload folder... it works but I thought it will allow the admin user (if he logs in) to see the contents of the folder.  But it does not, it shows the blind form to everyone, logged in or not.  Is there any way to change the template to show the anonymous user the blind upload, but show the full folder contents (and allow download) to the logged in admin users??


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
Create real folder in root, (could be in subfolder of root if you don't use index page)
In properties for the folder > Permissions, only check Uploads "Anyone". Nothing for Access
or Delete.In Flags, check Browsable and No download. In tab Diff template put
{.redirect|/LOCATION/WHERE YOUR LINK IS/PAGE.html.}
Put a link to the folder used for blind up load like <a href="/YOUR FOLDER NAME/~upload">Your Folder Name</a>
some where on a page where your users can get to it without logging in, or it could be added as a Link available after log in.
You can also add this folder a second time to your secure path as in my first post, for remote admin access.
Note that I use my own template and 2.3 Beta.  I don't know how this would set up in any others.
As usual, there is more than one way to do this, and it depends on how your server, vfs and
tpl is configured as to what works best for you.

I tested Mars solution and, of course it works here. Difference is, mine calls original template
upload form.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2051
    • View Profile
thanks r][m

@luckman212

at first you have to modify the default template hfs.tpl
find the principal section and insert the text in blue

[]
{.section|main.}
[main]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
.....

replace the diff template by adding the first and the last lines

Quote
{.if|%user%|{:{.section|main.}:}|{:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">
   <title>HFS %folder%</title>
   <link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
</head>
  <body style='margin:2em;'>
  <h1>{.!Upload Page.}</h1>
  <form action="." method='post' enctype="multipart/form-data" style='text-align:left;'> <input type='file' name='file' style='display:block;' /><input type='submit' value='{.!Upload.}' style='margin-top:0.5em;' />
  </form>
<br>
{.if| {.%folder% != / .} | <a href=".."><img src="/~img14"> {.!Up.}</a> .}
</body>
</html>
:}.}

this will allow this upload page only for anonymous and main page for registed users, but the folder is download-forbidden for all user, because flag 'no download' is cheched


Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
Thanks Mars.  I tried what you suggested and it works a treat.
the only problem I guess, is that if I have 'no download' flag checked, then even admin user cannot download what has been uploaded.  For now I have just un-checked the 'no download' box.  I guess this does not pose a problem because not-logged-in user cannot see the file list anyway.  So unless they guess file names they will not be able to download.

the other "problem" I guess is that we have to manually edit hfs.tpl so now if the template changes (new hfs versions) then  it can break.   I don't know a way around that problem.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2051
    • View Profile
Quote
the other "problem" I guess is that we have to manually edit hfs.tpl so now if the template changes (new hfs versions) then  it can break.   I don't know a way around that problem.
rename the edited template and choose this name as current template, the choice is saved inside options.


Offline luckman212

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
great, that works perfectly!!
thanks guys.   :D
I also realized during this process how old my hfs.tpl was... I was not keeping current with the changes.  now that I have made a separate file (hfs-custom.tpl) I can restore the default template after new beta releases and just diff them to see what is new.


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
the only problem I guess, is that if I have 'no download' flag checked, then even admin user cannot download what has been uploaded.  For now I have just un-checked the 'no download' box. 
@ luckman212
In my second post I mentioned that you can add this folder a second time as in my first post.
Then set what ever permissions, download, delete, etc for the second copy completely different
than the first instance.
In that way you have both configurations for one folder.