Forum for discussing general topics related to Couch.
5 posts Page 1 of 1
Hi, if you wanted to use securefile to let trusted users upload a file from the front-end (Couch lets do this with securefile), then you might be stuck with ways to use uploaded file somewhere else, like in CSV importer.

By default, the direct (non-obfuscated) link to physical file is not available. Also <cms:show_securefile > tag pair doesn't output disk file name. This I am going to solve now and share with you.

1. A little query to database. Since nobody sees that - it's pretty simple and secure.
Code: Select all

    <cms:query sql=
    "   
    SELECT sf.file_disk_name AS `name`, sf.file_extension AS `extension`
      FROM <cms:php>echo K_TBL_ATTACHMENTS;</cms:php> sf
     WHERE sf.attach_id = <cms:show file_id />
    "
    >

    <cms:set securefile_handle = "<cms:concat name '.' extension />" scope='global' />

    </cms:query>




2. Get path to the hidden gold.

Code: Select all

<cms:php>global $Config; echo $Config['UserFilesAbsolutePath'].'attachments'.'/';</cms:php>


Code above comes right from CouchCMS, so will be always correct in determining your /uploads/attachments/ folder, whether you have changed it in config.php or left default value.

3. Bring it all together.

Code: Select all

<cms:show_securefile 'csv' >
    <cms:query sql=
    "   
    SELECT sf.file_disk_name AS `name`, sf.file_extension AS `extension`
      FROM <cms:php>echo K_TBL_ATTACHMENTS;</cms:php> sf
     WHERE sf.attach_id = <cms:show file_id />
    "
    >
    <cms:set securefile_handle = "<cms:concat name '.' extension />" scope='global' />
    <cms:set securefile_fullpath = "<cms:php>global $Config; echo $Config['UserFilesAbsolutePath'].'attachments'.'/';</cms:php><cms:concat name '.' extension />" scope='global' />
    </cms:query>
</cms:show_securefile>




4. Use anywhere, like in csv_reader:
<cms:csv_reader
file=securefile_fullpath
paginate='1'
limit='100'
prefix='_'
use_cache='1'
>


P.S. Editable definition for template:
<cms:editable name='csv' required='0' allowed_ext='csv' max_size='2000000' type='securefile' label='CSV' />
Here is full working form definition and outside button 'Start!', which submits the form.

Code: Select all

<div class="panel-body">
    <div class="row">
        <div class="col-md-12">
                   
        <div class="form-group">
        <cms:form masterpage=k_template_name
                    mode='edit'
                    page_id=k_page_id
                    enctype="multipart/form-data"
                    method='post'
                    anchor='0'
                    id='csv_file_form'
                    >
            <cms:if k_success >       

                <cms:db_persist_form />

                <cms:if k_success >
                   
                    <cms:pages show_future_entries='1' >
                        <cms:show_securefile 'csv' >
                            <cms:set uploaded_csv = file_id scope='global' />
                        </cms:show_securefile>
                    </cms:pages>
                   
                    <cms:if uploaded_csv >
                        <cms:redirect "<cms:add_querystring k_template_link 'import=1' />" />
                    <cms:else />
                        <cms:redirect "<cms:show k_template_link />" />
                    </cms:if>
                   
                </cms:if>
               
               
               
            </cms:if>

            <cms:if k_error >
                <font color='red'><cms:each k_error ><cms:show item /><br /></cms:each></font>
            </cms:if>
           
            <cms:hide>
                <cms:input name='csv' type="bound" />
            </cms:hide>
               
            <label for="csv_input" >Attach CSV file</label>
            <input name='f_csv' id="csv_input" style="/*display:none;*/" type="file" class="file-styled" placeholder="" />
        </cms:form>
        </div>                                               

        </div>                                               
    </div>                                               
</div>                                               



<button class="btn btn-primary" type="submit" form="csv_file_form" >Start!<i class="icon-arrow-right14 position-right"></i></button>




In the code above, I wanted to never show existing secure_file, since user needs only to upload file. If user submits form without choosing the file, then it will be autodeleted from backend. If user chooses the file, then it replace existing file, and this is very comfortable solution, because currently Couch makes us first delete securefile, then upload new one. This solution with hidden 'bound' input lets replace file right away without deleting first (so, without reloading page twice).
What's great about this solution is that it WORKS.

Today I was attaching PDF Viewing facilitator script from here https://pdfobject.com/#examples to Couch template and it required a link to a file. What's really important is that it works with cloak_url link that I prepared with this snippet and didn't work with cloak_url link, that we normally use with <cms:show_securefile ><cms:cloak_url link=file_id />. Strange, but it saved me.

Below is some modified link, that outputs http:// link to the file. Can be used instead of that from the first post, which outputs absolute path on hosting.

Code: Select all
<cms:set securefile_fullpath = "<cms:php>global $Config; echo $Config['k_append_url'] . $Config['UserFilesPath'] . 'attachments' . '/' ;</cms:php><cms:show securefile_handle />"  />
With a new tag 'cms:securefile_link' shipping with core code, this interim solution became obsolete.
Parameters of the new tag are: id, thumbnail, physical_path.
Cool :)
Details and sample code of the <cms:securefile_link> tag referred to by @trendoman above can be found here -
viewtopic.php?f=4&t=10910#p27939
5 posts Page 1 of 1

Who is online

In total there are 3 users online :: 1 registered, 1 hidden and 1 guest
(based on users active over the past 5 minutes)

Users browsing this forum: Bing [Bot] and 1 guest