Jump to content



- - - - -

[CONTRIBUTION] File uploads as an Option Feature


  • Please log in to reply
482 replies to this topic

#1   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 23 September 2003 - 08:27 PM

I am releasing a file uploading contribution.  This will be the support thread for the contribution.  More details will follow after I finish uploading to the contribution area.

Thanks,
Matt

#2   interbikes

interbikes
  • Members
  • 352 posts
  • Real Name:interbikes

Posted 23 September 2003 - 08:30 PM

hurry..

#3   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 23 September 2003 - 08:45 PM

Here is the web page for the contribution.

Essentially, this adds a file type to the existing four ways of displaying the attributes for a product with the Products Attributes - Option Type Feature contribution (drop down menu, text box, radio buttons, check box).  One can use the standard HTML FILE input field (the one with the browse button) to upload a file to the server.  The contribution will then rename it uniquely and store the original and new names in a database table.

The idea is so that you can upload logos, etc. for placement on things like mugs, t-shirts, and so forth.  If you want different kinds of files, you might have to modify the code somewhat.

Hth,
Matt

#4   jarrodcoyles

jarrodcoyles
  • Members
  • 4 posts
  • Real Name:Jarrod

Posted 24 September 2003 - 01:29 AM

Hi,

I just need to clarify, before I go and install this one . . .

Is it the customer that can upload the file so it is available to the admin? OR
Is it the admin that uploads the file so that it is available to the customer?

Regards,
Jarrod

#5   azer

azer
  • Members
  • 842 posts
  • Real Name:azer
  • Location:Paris, france

Posted 24 September 2003 - 02:57 AM

could u post a screenshot ?  tahnks for your work in advance  :rolleyes:
MS2

#6   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 24 September 2003 - 05:47 AM

THANK YOU.

this is what i was searching for the last year...GREAT!

iŽll try it now...
WAR is not the answer!

#7   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 24 September 2003 - 08:17 PM

i have a problem:

if i upload an image it is saved as a file without any extension.

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

whats the reason? maybe i did a mistake while the installation?

hope for fast help!
WAR is not the answer!

#8   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 25 September 2003 - 12:32 AM

Morbantokk, on Sep 24 2003, 04:17 PM, said:

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"
whats the reason? maybe i did a mistake while the installation?
No, that's just the way it works.  You can change this behavior by changing the following line in application_top.php (around 375):  
                 $products_options_file->set_filename("$insert_id");
to (for example)
                  $products_options_file->set_filename("$insert_id" . $products_options_file->filename);
Hth,
Matt

#9   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 25 September 2003 - 12:38 AM

jarrodcoyles, on Sep 23 2003, 09:29 PM, said:

Is it the customer that can upload the file so it is available to the admin? OR
Is it the admin that uploads the file so that it is available to the customer?
The customer uploads a file.  

Hth,
Matt

#10   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 25 September 2003 - 06:05 AM

iiinetworks, on Sep 25 2003, 01:32 AM, said:

Morbantokk, on Sep 24 2003, 04:17 PM, said:

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"
whats the reason? maybe i did a mistake while the installation?
No, that's just the way it works.  You can change this behavior by changing the following line in application_top.php (around 375):  
                 $products_options_file->set_filename("$insert_id");
to (for example)
                  $products_options_file->set_filename("$insert_id" . $products_options_file->filename);
Hth,
Matt
thank you. now it works ;)

but the next wish i have is to allow only some file extensions like gif or jpg...

the user shouldnŽt upload zip-files or whatever...

i want only graphic and vektor-files..

how can i realise this?

Ron
WAR is not the answer!

#11   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 25 September 2003 - 06:49 AM

i have tried to realise the extension-thing by myself...

and it works.

iŽve changed the classes/upload.php

old code:

   function upload($file = '', $destination = '', $permissions = '777', $extensions = '') {


new code:

function upload($file = '', $destination = '', $permissions = '777', $extensions = array("jpg", "jpeg", "gif", "png", "eps", "cdr", "ai", "pdf")) {

iŽm happy ;)


but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?
WAR is not the answer!

#12   dugs

dugs
  • Members
  • 7 posts
  • Real Name:Alain

Posted 25 September 2003 - 10:57 AM

Great contribution !

and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !

Regards

#13   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 26 September 2003 - 05:27 PM

dugs, on Sep 25 2003, 06:57 AM, said:

and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !
Execute permissions on a directory just allow a directory listing (without them, the directory is essentially useless).  However, looking at the code, you are correct that there is a danger involved with possible uploading of executable files.  To fix this, you can do three things:  one, change line 18 of upload.php to say
, $permissions = '666',
two, add the $extensions default as suggested above (same line); three, copy the .htaccess file from the includes directory to the upload directory.  Note:  each of these is a separate (albeit related) vulnerability, so one should do all three rather than just one.  I'll look into adding these in a replacement upload sometime next week, probably with a revised .htaccess file.

Hth,
Matt

Edited by iiinetworks, 26 September 2003 - 05:28 PM.


#14   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 26 September 2003 - 05:35 PM

Morbantokk, on Sep 25 2003, 02:49 AM, said:

but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?
I'll try playing with the error messages next week as well.  It might be as simple as moving the messageStack lines (around 523-6 of application_top.php) up above the switch (around line 329) and uncommenting the error lines from upload.php.

Hth,
Matt

#15   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 27 September 2003 - 10:52 AM

my problem is that i use the older version MS1 of osc..there exists no classes/message_stack.php

iŽve tried to copy the file to my classes but it doesn`t work...

what can i do?
WAR is not the answer!

#16   iiinetworks

iiinetworks
  • Members
  • 3,734 posts
  • Real Name:Matt

Posted 28 September 2003 - 02:40 PM

The simplest way to implement error messages for older snapshots would be to use a global variable, turn off the redirect at the end of the add_products case (at least on error), and react to the error on the product_info page.  

Just to let you know, I find it unlikely at the moment that I will undertake a project to backport the messages to older snapshots.  In fact, unless it is simple, it may be a while before I get around to making messages work for MS2.  

Good luck,
Matt

#17   Morbantokk

Morbantokk
  • Members
  • 57 posts
  • Real Name:Morbantokk
  • Location:Germany

Posted 28 September 2003 - 04:29 PM

maybe you could describe this a little bit more? canŽt follow you..
WAR is not the answer!

#18   dugs

dugs
  • Members
  • 7 posts
  • Real Name:Alain

Posted 29 September 2003 - 09:09 AM

Just noticed a weird thing in 0.7 version of code that I downloaded from link above:
In application_top.php I see $products_options_file->set_destination(DIR_FS_UPLOAD); ; but in configure.php I see define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);

And of course when I add my item (with file input option) to my cart I get: Not writeable! DIR_FS_UPLOAD:

Changing to DIR_FR_UPLOAD (with no S at end) in configure.php helps.

Besides, In configure.php, code has been changed compared to OSC original file from define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); to define('DIR_FS_CATALOG', $FS_DOCUMENT_ROOT . DIR_WS_HTTP_CATALOG);. I reset this back to original code to have contrib working, ... but I was wondering why these changes... ?

#19   Dunster

Dunster
  • Members
  • 3 posts
  • Real Name:Dunster

Posted 06 October 2003 - 11:04 AM

This is a great contribution and I manged to get everything generally working. It will be nice to generated some error messages on an invalid file type.

I have noticed one problem though. In the admin area when I try to change the "Value Price" for the upload (or any option) I get a SQL error:

Quote

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'products_options where products_options_id = '3'' at line 1

select products_options_type fro products_options where products_options_id = '3'

Any idea if this is just a problem on my system or how I would go about debugging it?

#20   Dunster

Dunster
  • Members
  • 3 posts
  • Real Name:Dunster

Posted 06 October 2003 - 11:14 AM

That bug is easy:

Just change "fro" to "from" in about line 134 in product_attributes.php in the admin code.