Forum

Thread tagged as: Question, Members

Members area with secure uploaded files

Can I achieve the following easily with Perch -

Create members area with login giving different people access to different uploaded file categories. Can the files be held outside the webroot so that there is no web accessible URL. Hope that makes sense.

Thanks

Keith Winter

Keith Winter 0 points

  • 7 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

Thanks Drew Just to clarify, can I have different members accessing different secure content - for example if I have 3 departments in the company can I use to perch to manage multiple users in to 'groups' or 'departments' and then how would I give different groups access to their content only? Hope that makes sense and thanks again for your help.

I have had a look at the members app and i think, if I'm correct it could work like this -

I would create a secure upload folder for each department. I would then create a page to list those files for each department that only allowed the page to be viewed if the signed user had the correct 'tag'. Is that the best way to handle this?

Am I right in assuming I can create multiple secure upload folders to allow an admin user to upload files into different department's area? If so how would I achieve this in the admin area?

Drew McLellan

Drew McLellan 2638 points
Perch Support

Think of an item in the region as being a pairing of a file and a tag.

When finding the file to deliver, filter the region to find the matching item, check the tag, and if it matches only then stream the file.

Hi Drew Thanks for your help. As usual I have very little time to get this secure docs/members area working and I am new to Perch. I have created buckets.php in config and successfully uploaded assets to both folders -

<?php return array( 'secure1' => array( 'web_path' => '/secure1', 'file_path' => '/Applications/MAMP/htdocs/secure1', ),

'secure2' => array(
    'web_path'  => 'secure2',
    'file_path' => '/Applications/MAMP/htdocs/secure2',
),

); ?>

What I am finding hard to understand from the documentation is how I add a loop with links to the uploaded files using download.php script on my resources page. I have this code in my resources.php page-

<?php if (perch_member_has_tag('admin')) {

// I want to add a list here of all assets (uploaded files) in the secure1 folder

} else { perch_content(''); }

; ?>

I assume I need a loop.

Sorry of I am missing anything but the documentation seems a little fragmented, without a clear end to end example.

I'm sure it'll all make sense once I've done it once.

Many many thanks.

Drew McLellan

Drew McLellan 2638 points
Perch Support

There's no end-to-end example, because every body's needs are different. This is a set of general tools for membership tasks.

The listing should be the content region the files have been added to. Use perch_content() or perch_content_custom() to output the region.

Thanks Drew I have managed to get a bit further now and have already used the custom content loop to show the assets added to the region. As usual I've had to dive in to something without having had the experience using Perch for straight forward content delivery first. All good anyway, I like Perch a lot, thanks very much for your help.

Another question regarding Assets. Can I add another field to the asset. I can give each uploaded file a title but could I add a description also? How do I add another text field to the asset details? Is this possible? Thanks

Another question regarding Assets. Can I add another field to the asset. I can give each uploaded file a title but could I add a description also? How do I add another text field to the asset details? Is this possible? Thanks

Hi Is there a way of checking if an admin or editor user is logged in?

When I am in the admin area I cannot view uploaded assets as I have set the web_path to the secure files like this -

In buckets.php

'Management' => array( 'web_path' => '/resources/download.php?file=', 'file_path' => '/home/fourelms/secure/secure0', ), 'Accounts' => array( 'web_path' => '/resources/download.php?file=', 'file_path' => '/home/fourelms/secure/secure1', ),

'Bodyshop - Maidstone' => array(
    'web_path'  => '/resources/download.php?file=',
    'file_path' => '/home/fourelms/secure/secure2',
),

Then in download.php -

$bucket_secure0 = 'Management'; $bucket_secure1 = 'Accounts'; $bucket_secure2 = 'Bodyshop - Maidstone'; $url_param = 'file';

$allow_download = false;

if (perch_member_logged_in()) { $allow_download = true; }

if ($allow_download) { if (perch_member_has_tag('management')) { perch_members_secure_download(perch_get($url_param), $bucket_secure0); };
if (perch_member_has_tag('accounts')) { perch_members_secure_download(perch_get($url_param), $bucket_secure1); }; if (perch_member_has_tag('bodyshop_maidstone')) { perch_members_secure_download(perch_get($url_param), $bucket_secure2); }; }

The problem is that I click the link to the uploaded asset in the asset edit screen to view the file but it tries to use download.php to view and I am logged in as Admin not as a member so I get nothing. I have 5 secure buckets and an admin or editor user needs to be able to both upload and view these files in the admin area.

Hope I have explained the problem and you have a solution. Thanks

Hi Drew Ok have

// Check an admin user is logged in
$Users = new PerchUsers;
    $CurrentUser = $Users->get_current_user();
    if (is_object($CurrentUser) && $CurrentUser->logged_in()) {
    $isadmin = true;
    $allow_download = true;
}

if (perch_member_has_tag('management') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure0);
        };
        if (perch_member_has_tag('accounts') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure1);
        };
        if (perch_member_has_tag('bodyshop_maidstone') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure2);
        };
        if (perch_member_has_tag('bodyshop_rochester') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure3);
        };
        if (perch_member_has_tag('forecourts') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure4);
        };
        if (perch_member_has_tag('workshop') OR $isadmin) {
        perch_members_secure_download(perch_get($url_param), $bucket_secure5);
        };

That seems to work. Or is there a more elegant solution? Will my check for admin login work for just Administrators or Editors too?

Drew McLellan

Drew McLellan 2638 points
Perch Support

Your check will work for any logged in Perch user account, but not member accounts, which is what you want I think.

Many thanks.

Another question regarding Assets. Can I add another info field to the asset. I can give each uploaded file a title but could I add a description when I add that file to the page also?

How do I add another text field to the file details? Is this possible? Thanks

Drew McLellan

Drew McLellan 2638 points
Perch Support

Not with Assets, no. They're elemental - designed to used within other compound content items rather than being compound themselves.

Ah ok thanks. I guess though I could create a 'file' item that has title, description and attached file. I'll have a play if client needs it. Again thanks for all your help.

Drew McLellan

Drew McLellan 2638 points
Perch Support

You can create a content item like that. The file would be one of its fields.

Having trouble enforcing a strong password when member changes their password. have added to the form code block

<perch:error for="password" type="format">Your password is too short</perch:error>

This does not appear to be working, I can create a 2 character password!

Other error catches are working eg. type=match.

Please advise.

Drew McLellan

Drew McLellan 2638 points
Perch Support

How are you attempting to do that?

Hi Drew I am using the following code in password.html in templates/members/forms.

<perch:form id="password" method="post" app="perch_members">

<div>

<perch:error for="old_password" type="required"><p class="error">Please enter your current password</p></perch:error> <perch:error for="old_password" type="valid"><p class="error">That password doesn't match our records</p></perch:error> <perch:error for="password" type="required"><p class="error">Please enter a new password</p></perch:error> <perch:error for="password" type="format"><p class="error">Your password is too short</p></perch:error> <perch:error for="password" type="match"><p class="error">Passwords do not match</p></perch:error> <perch:error for="password2" type="required"><p class="error">Please repeat your password</p></perch:error>

<div class="form_row"> <div class="form_title">Password:</div> <perch:input type="password" id="old_password" required="true" class="form_input" /> <div class="clearall"></div> </div>

<div class="form_row"> <div class="form_title">New:</div> <perch:input type="password" id="password" required="true" match-with="password2" class="form_input" /> <div class="clearall"></div> </div>

<div class="form_row"> <p>NB. Password should be secure, at least 8 characters.<br /> At least one Capital letter and one number.</p> <div class="clearall"></div> </div>

<div class="form_row"> <div class="form_title">Repeat New:</div> <perch:input type="password" id="password2" required="true" class="form_input" />

<div class="clearall"></div> </div>

<div id="submit_wrapper">

<!--<input type="submit" value="Login" class="submit_btn">--> <perch:input type="submit" value="Set new password" class="submit_btn" /> <perch:input type="hidden" id="token" />

<div class="clearall"></div> </div>

</div>

<perch:success>
    <p>Your password has been updated.</p>
</perch:success>

</perch:form>

Drew McLellan

Drew McLellan 2638 points
Perch Support

I still can't see where you're enforcing the password requirements - can you point it out?