openupload-devel — Development and general discussion

Re: [openupload-devel] Logging while behind a reverse proxy

[Alessandro B. <ts...@br...>]

 On Fri, 8 Apr 2011 16:33:15 +0200 (CEST), wal...@no... wrote:
> Hi
>
> I experimented the following set-up :
>
> 0) a server with ha-proxy installed
> 1) 2 web servers with the openupload application , balanced by 
> ha-proxy
> 2) A samba/cifs file server who stores the uploaded files , and the 
> php
> sessions of both web servers
> 3) a server with mysql
>
> (each server was hosted in a virtualbox vm , but that is not relevant 
> here )
>
> I noticed that logging and other different modules (banned ip, 
> grouponip
> ..)  , were getting the proxy ip and not the end-user one: this is 
> because
> to get the ip , openupload is using $_SERVER["REMOTE_ADDR"];
>
> in my case the 'real' ip is retrieved using $_SERVER[X_FORWARDED_FOR]
>
> Maybe it would be best to replaced calls to $_SERVER["REMOTE_ADDR"] 
> by a
> call to a function similar to that one
> 
> http://www.teachmejoomla.net/code/php/remote-ip-detection-with-php.html
>

 Thank you
 I'll consider this in the future.

Re: [openupload-devel] Enabling antivirus check : how I did it

[Alessandro B. <ts...@br...>]

 On Fri, 8 Apr 2011 16:18:45 +0200 (CEST), wal...@no... wrote:
> Hi
>
> here is how I enabled antivirus check in openupload .
>
> The bottom line is : write a plugin that calls clamav to scan a file 
> which
> is uploaded.

 Thank you this was requested by someone.

 Alessandro

Re: [openupload-devel] Getting started

[victor k. <pri...@gm...>]

thanks

On Sat, Apr 9, 2011 at 2:39 PM, Alessandro Briosi <ts...@br...>wrote:

>  On Sat, 9 Apr 2011 11:38:03 +0300, victor katemana wrote:
> > hello everyone. i ma new to sourceforge, i have currently created a
> > project
> > in sourceforge repository. but am facing difficulties in uploading my
> > localhost files in this repository. i need to work with svn where i
> > and my
> > group members can commit changes. i have tried all i can to get
> > things
> > configured but i have failed.  can you people assist me please
>
>  Hi,
>  I don't think this is the right place to ask such questions.
>  SF has plenty of documentation and also can assist you if something is
>  not working.
>
>  Look at your admin panel and you'll find the documentation.
>
>  Alessandro
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
>

Re: [openupload-devel] Solving premature session termination

[Alessandro B. <ts...@br...>]

 On Sat, 09 Apr 2011 09:29:16 +0200, wallander wrote:
> Uploading large files ( 1 Go ) over the internet took several hours 
> in
> my case ( 2 to 3 hours )
>
> I experienced the following problem :
>
> 1) I authenticate
> 2) I upload the large file
> 3) Once the large file has been uploaded, I'm about to fill in the 
> file
> description but I'm logged out before I can do this because the php
> session has expired
> 4) Hence, the upload is unsuccessfull
>
> I had to increase session.gc_maxlifetime in php.ini to fix this
>

 Thanks for the report, actually that depends on the distribution (not 
 all rely on the php session expire),
  also if upload progress is enabled this should not happen.

 Alessandro

Re: [openupload-devel] Getting started

[Alessandro B. <ts...@br...>]

 On Sat, 9 Apr 2011 11:38:03 +0300, victor katemana wrote:
> hello everyone. i ma new to sourceforge, i have currently created a 
> project
> in sourceforge repository. but am facing difficulties in uploading my
> localhost files in this repository. i need to work with svn where i 
> and my
> group members can commit changes. i have tried all i can to get 
> things
> configured but i have failed.  can you people assist me please

 Hi,
 I don't think this is the right place to ask such questions.
 SF has plenty of documentation and also can assist you if something is 
 not working.

 Look at your admin panel and you'll find the documentation.

 Alessandro

[openupload-devel] Solving premature session termination

[wallander <wal...@no...>]

Uploading large files ( 1 Go ) over the internet took several hours in
my case ( 2 to 3 hours )

I experienced the following problem :

1) I authenticate
2) I upload the large file
3) Once the large file has been uploaded, I'm about to fill in the file
description but I'm logged out before I can do this because the php
session has expired
4) Hence, the upload is unsuccessfull

I had to increase session.gc_maxlifetime in php.ini to fix this


Regards,

W

[openupload-devel] Getting started

[victor k. <pri...@gm...>]

hello everyone. i ma new to sourceforge, i have currently created a project
in sourceforge repository. but am facing difficulties in uploading my
localhost files in this repository. i need to work with svn where i and my
group members can commit changes. i have tried all i can to get things
configured but i have failed.  can you people assist me please

[openupload-devel] Automatic file deletion

[<wal...@no...>]

Hi,
a last word for today

I'm using a cron task to automatically delete expired files ( I'm using
the expire modules to mark files to get deleted)

The cron task is launching a script shell that mimics an administrator
doing a maintenance task

this is the shell script :
(an administrative account (maitenance,password) is used. You'll see
french url as the only language on my upload site is french, but it is
easy to chnge )


#!/bin/bash
WGET=`which wget`
OUTPUT=/dev/null
OPTION=--quiet
HOTE=localhost

$WGET -O $OUTPUT $OPTION  --proxy=off  --keep-session-cookies 
--save-cookies /tmp/cookies.txt   --post-data
"action=login&step=2&username=maintenance&pwd=password" 
http://$HOTE/index.php
$WGET -O $OUTPUT $OPTION --proxy=off --load-cookies /tmp/cookies.txt  
--post-data
"action=adminmaintenance&step=2&expire=Supprimer+les+expirations"  ht
tp://$HOTE/index.php
$WGET -O $OUTPUT $OPTION  --proxy=off --load-cookies /tmp/cookies.txt   
--post-data "action=adminmaintenance&step=2&delete=Oui%2C+effacer+tout" 
http:/
/$HOTE/index.php
$WGET -O $OUTPUT $OPTION  --proxy=off --load-cookies /tmp/cookies.txt 
http://$HOTE/index.php?action=logout

[openupload-devel] Logging while behind a reverse proxy

[<wal...@no...>]

Hi

I experimented the following set-up :

0) a server with ha-proxy installed
1) 2 web servers with the openupload application , balanced by ha-proxy
2) A samba/cifs file server who stores the uploaded files , and the php
sessions of both web servers
3) a server with mysql

(each server was hosted in a virtualbox vm , but that is not relevant here )

I noticed that logging and other different modules (banned ip, grouponip
..)  , were getting the proxy ip and not the end-user one: this is because
to get the ip , openupload is using $_SERVER["REMOTE_ADDR"];

in my case the 'real' ip is retrieved using $_SERVER[X_FORWARDED_FOR]

Maybe it would be best to replaced calls to $_SERVER["REMOTE_ADDR"] by a
call to a function similar to that one
http://www.teachmejoomla.net/code/php/remote-ip-detection-with-php.html

Regards,
MB

[openupload-devel] Enabling antivirus check : how I did it

[<wal...@no...>]

Hi

here is how I enabled antivirus check in openupload .

The bottom line is : write a plugin that calls clamav to scan a file which
is uploaded.

1) the plugin

here is openupload/plugins/antivirus.inc.php

<?php

class antivirusPlugin extends OpenUploadPlugin {

  function antivirusPlugin() {
    $this->description = tr('Scan files for embedded viruses');
  }

  function uploadOptions(&$finfo, $acl) {
    return true;
  }

  function uploadConfirm(&$finfo, $acl) {
    app()->message(tr('Scanning for viruses ...'));
 foreach ($finfo as $f) {
    $file=$f['tmp'];
    $retcode = cl_scanfile($file, $virusname);
    if ($retcode == CL_VIRUS) {
    app()->error(tr('The file %1 is infected by the virus %2. Upload
process cancelled. No file has been
uploaded.',$f['name'],$virusname));
    return false;
    }
    if ($retcode != CL_CLEAN)
     {
    app()->error(tr('Antivirus could not scan %1. Upload process
cancelled. No file has been uploaded.',$f['name']));
    return false;
     }
}
    app()->message(tr('No viruses found'));
return true;
  }

}

?>

2) Install on your system
( http://www.clamav.net/lang/en/ )
freshclam ( -> update virus definitions)
clamavd ( clamav daemon )

php-clamav ( http://sourceforge.net/projects/php-clamav/ )

add to your php.ini file :
extension_dir = 'directory where php-clamav has been installed'
extension=clamav.so

3) add the antivirus plugin in config.inc.php ( propably best as the first
plugin) , configure the plugin in openupload admin dashboard ( enable it
for selected groups of users )

4) if necessary add translations strings for those new messages strings in
the plugin code

It works well, however I did not carried on extensive tests ( especially
on large files)

Regards
W

Re: [openupload-devel] Problems with grouponip plugin

[<wal...@no...>]

I seem to have found a fix, but I'm not sure there is no side effect : if
anyone could tell me if what I'm doing is  safe :

in openuload/lib/main.inc.php , I move  $this->initPlugins(); upper in the
file source so now it reads :

    $this->initPlugins();
    /* get the handling module */
    $mname = $this->actions[$this->action];
    $m = &$this->modules[$mname];
    $group = $this->user->group();


As the init function of grouponip module is setting the user group, the
call to $group = $this->user->group() gets a valid value and my problems
are solved.

Any thoughts on this  ?

Regards,

W.


> Hi,
> first I'dl like to thank Allesandro for his good work.
>
> I have some problems with the grouponip plugin. (openupload 0.4.2)
>
> I activated it such people coming with our corporate Ip addresses can
> upload without authenticating .
>
> Problem 1
> Strangely enough, if I enter the website url in the browser adress bar I
> get redirected to the authentication form. If I remove the
> 'index.php?action=login' in the adress bar and then hit enter, then I can
> see the upload form.
>
> Problem 2
> One a user gets the link to delete file, if he clicks once on the links he
> get redirected to the autentication form. If he clicks a second time, then
> he can see the deletion form. This is very disturbing for our end users.
>
> I guess the two problems are related.
>
> Any idea of how to solve it ?
>
> Regards
> W
>
>
>

[openupload-devel] Problems with grouponip plugin

[<wal...@no...>]

Hi,
first I'dl like to thank Allesandro for his good work.

I have some problems with the grouponip plugin. (openupload 0.4.2)

I activated it such people coming with our corporate Ip addresses can
upload without authenticating .

Problem 1
Strangely enough, if I enter the website url in the browser adress bar I
get redirected to the authentication form. If I remove the
'index.php?action=login' in the adress bar and then hit enter, then I can
see the upload form.

Problem 2
One a user gets the link to delete file, if he clicks once on the links he
get redirected to the autentication form. If he clicks a second time, then
he can see the deletion form. This is very disturbing for our end users.

I guess the two problems are related.

Any idea of how to solve it ?

Regards
W

Re: [openupload-devel] permissions

[Alessandro B. <ts...@br...>]

Il 04/04/2011 16:49, Yoshikawa, Makoto ha scritto:
> Is there a way to set a user’s access so they can only upload but not
> remove the files?
> 

Yes, disable the "r" action from the files module in the permissions for
the group (and also for the unregistered I suppose if needed)

Alessandro

Re: [openupload-devel] better way to alert that the notification email is important?

[Daniel B. <da...@fi...>]

Le mercredi 30 mars 2011 à 18:31 +0200, Alessandro Briosi a écrit :
> Il 30/03/2011 17:42, Daniel Berteaud ha scritto:
> > Great, invitation to let external users upload a file is a feature I'm
> > really interested in. Is 0.5 planed to be released any time soon ?
> > 
> > Regards, Daniel
> 
> Well, this is a good question :)
> 
> Lately I have so reduced spare time that I haven't done much development
> on 0.5.

I can easily understand that ;)

> 
> Long time ago I wanted to release an alpha, but it needed more things to
> be released.
> 
> I have a couple of 0.5 installations in production which seem to perform
> good, but it misses things I think might be crucial to call it a release.

Is there a list somewhere of those crucial things ?

> 
> I've also been thinking on backporting this functionality to 0.4 which I
> think is one important feature missing from it.

This could be interesting, if easy enough.

> 
> I'd really like to give you some more info. I absolutely want to push
> out a 0.5 version but it's taking more time than I thought.
> 
> So, back to the original question. the answer is:
> 0.5 will be released, probably not soon unless somebody else steps up to
> help with it.
> 
> Ciao,
> Alessandro
> 
> P.S. If you are willing to experiment and have some knowledge of
> php/mysql you could try out svn version, and report.
> The installation must be done manually as the setup is not working.

I'll try to install svn version when I find some spare time (I'm also
running out of spare time, who decided a day should only be 24
hours ? ;)). My PHP/MySQL skills are very limited, but I'll try to
report if I find something, and maybe provide patches for simple things.

Regards, and thanks for your efforts on OpenUpload

> 
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself; 
> WebMatrix provides all the features you need to develop and 
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: da...@fi...
Web : http://www.firewall-services.com

Re: [openupload-devel] better way to alert that the notification email is important?

[Alessandro B. <ts...@br...>]

Il 30/03/2011 17:42, Daniel Berteaud ha scritto:
> Great, invitation to let external users upload a file is a feature I'm
> really interested in. Is 0.5 planed to be released any time soon ?
> 
> Regards, Daniel

Well, this is a good question :)

Lately I have so reduced spare time that I haven't done much development
on 0.5.

Long time ago I wanted to release an alpha, but it needed more things to
be released.

I have a couple of 0.5 installations in production which seem to perform
good, but it misses things I think might be crucial to call it a release.

I've also been thinking on backporting this functionality to 0.4 which I
think is one important feature missing from it.

I'd really like to give you some more info. I absolutely want to push
out a 0.5 version but it's taking more time than I thought.

So, back to the original question. the answer is:
0.5 will be released, probably not soon unless somebody else steps up to
help with it.

Ciao,
Alessandro

P.S. If you are willing to experiment and have some knowledge of
php/mysql you could try out svn version, and report.
The installation must be done manually as the setup is not working.

Re: [openupload-devel] Question

[Alessandro B. <ts...@br...>]

Il 30/03/2011 17:50, Yoshikawa, Makoto ha scritto:
> Is there any plan to add the ability for folder creation/deletion?
> 
>  
> 
> Thank you,

I thought about it, but not really in the near future I guess, unless
somebody else takes the time to implement it.

Alessandro

Re: [openupload-devel] better way to alert that the notification email is important?

[Daniel B. <da...@fi...>]

Le mercredi 30 mars 2011 à 16:20 +0200, Alessandro Briosi a écrit :
> Il 30/03/2011 15:13, Jonathan Mergy ha scritto:
> > 
> >> Hi Jonathan,
> >> I'm not sure I do understand the problem, but I guess you are referring
> >> to the fact that the person uploads the file and then is requested more
> >> information about the uploaded file.
> >> Your users are lazy so they don't send the e-mail to the correct person?
> >>
> >> Alessandro
> > 
> > Correct. I don't know if it is lazy, but yes the notification side is a step
> > that is not being done. We have been using it more for new hires to submit
> > video or other large files for job interviews, so we are dealing with people
> > who are new to openupload.
> 
> I'm still not sure I do understand the problem, sorry.
> 
> The concept around this version of Open Upload is I give it to the
> internal people to send a file to external people. I (the administrator)
> am not supposed to know to who my users send the file to, and surely
> open upload cannot know the destination of a file (or is there any magic
> I am missing?).
> 
> Now the problem could be if I give external people an account (either
> registered or not) to send files to internal people.
> This is a different way of using it, as I need someone to upload a file
> for me, and this led me to implement the "invitation" in 0.5 version
> (which is in svn and not yet ready, although I have used it in
> production and it seems to work fine)

Great, invitation to let external users upload a file is a feature I'm
really interested in. Is 0.5 planed to be released any time soon ?

Regards, Daniel

> 
> There is another way of using it, which is internal users upload files
> for internal users, and here the assigntouser plugin probably will solve
> the issue.
> 
> For what I see in the first case I cannot think of any way to solve it,
> unless modifying the template (whith a HUGE warning) or code and force
> the people to specify to who to send the e-mail to.
> 
> Let me know if this helps you in any way.
> Alessandro
> 
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself; 
> WebMatrix provides all the features you need to develop and 
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: da...@fi...
Web : http://www.firewall-services.com

Re: [openupload-devel] better way to alert that the notification email is important?

[Jonathan M. <jm...@lw...>]

> For what I see in the first case I cannot think of any way to solve it,
> unless modifying the template (whith a HUGE warning) or code and force
> the people to specify to who to send the e-mail to.

I think I will try this. Perhaps even something on the upload page itself
that notes to let the user you want to send the file to know about it

"Next Step: Notify the person the files can be downloaded"

or something. 


Jonathan
................................
Jonathan Mergy <jm...@lw...>
Director Of Technology
Lick-Wilmerding High School
755 Ocean Ave, SF CA 94112
P:415.585.1725 x365
http://www.lwhs.org

Re: [openupload-devel] CAS Authentication

[Alessandro B. <ts...@br...>]

Il 30/03/2011 16:43, Daniel Berteaud ha scritto:
> I think you're talking about my patch implementing the httpldap auth
> module (called httpldap because it just relies on the web server to
> validate credentials, and then uses the standard ldap module to get
> user/group information). I've attached the patch here.
> 
> 
> Regards, Daniel
> 

Thanks for the prompt reply.

Alessandro

Re: [openupload-devel] CAS Authentication

[Daniel B. <da...@fi...>]

Le mercredi 30 mars 2011 à 16:38 +0200, Alessandro Briosi a écrit :
> Il 30/03/2011 16:26, Florent Vallée ha scritto:
> > 
> > Hi,
> > 
> > Is it possible to use CAS Authentication with OpenUpload ? If so, how ?
> > 
> 
> Somebody has implemented the HTTP auth module (so open upload
> authenticates with the HTTP credentials)
> But have not the mails at hand.

I think you're talking about my patch implementing the httpldap auth
module (called httpldap because it just relies on the web server to
validate credentials, and then uses the standard ldap module to get
user/group information). I've attached the patch here.


Regards, Daniel


> 
> Once this works it's only a matter to configure the web server to
> authenticate.
> 
> Alessandro
> 
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself; 
> WebMatrix provides all the features you need to develop and 
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: da...@fi...
Web : http://www.firewall-services.com

Re: [openupload-devel] CAS Authentication

[Alessandro B. <ts...@br...>]

Il 30/03/2011 16:26, Florent Vallée ha scritto:
> 
> Hi,
> 
> Is it possible to use CAS Authentication with OpenUpload ? If so, how ?
> 

Somebody has implemented the HTTP auth module (so open upload
authenticates with the HTTP credentials)
But have not the mails at hand.

Once this works it's only a matter to configure the web server to
authenticate.

Alessandro

[openupload-devel] CAS Authentication

[Florent V. <flo...@en...>]

Hi,

Is it possible to use CAS Authentication with OpenUpload ? If so, how ?

Thx

Re: [openupload-devel] better way to alert that the notification email is important?

[Alessandro B. <ts...@br...>]

Il 30/03/2011 15:13, Jonathan Mergy ha scritto:
> 
>> Hi Jonathan,
>> I'm not sure I do understand the problem, but I guess you are referring
>> to the fact that the person uploads the file and then is requested more
>> information about the uploaded file.
>> Your users are lazy so they don't send the e-mail to the correct person?
>>
>> Alessandro
> 
> Correct. I don't know if it is lazy, but yes the notification side is a step
> that is not being done. We have been using it more for new hires to submit
> video or other large files for job interviews, so we are dealing with people
> who are new to openupload.

I'm still not sure I do understand the problem, sorry.

The concept around this version of Open Upload is I give it to the
internal people to send a file to external people. I (the administrator)
am not supposed to know to who my users send the file to, and surely
open upload cannot know the destination of a file (or is there any magic
I am missing?).

Now the problem could be if I give external people an account (either
registered or not) to send files to internal people.
This is a different way of using it, as I need someone to upload a file
for me, and this led me to implement the "invitation" in 0.5 version
(which is in svn and not yet ready, although I have used it in
production and it seems to work fine)

There is another way of using it, which is internal users upload files
for internal users, and here the assigntouser plugin probably will solve
the issue.

For what I see in the first case I cannot think of any way to solve it,
unless modifying the template (whith a HUGE warning) or code and force
the people to specify to who to send the e-mail to.

Let me know if this helps you in any way.
Alessandro

Re: [openupload-devel] better way to alert that the notification email is important?

[Jonathan M. <jm...@lw...>]

> Hi Jonathan,
> I'm not sure I do understand the problem, but I guess you are referring
> to the fact that the person uploads the file and then is requested more
> information about the uploaded file.
> Your users are lazy so they don't send the e-mail to the correct person?
> 
> Alessandro

Correct. I don't know if it is lazy, but yes the notification side is a step
that is not being done. We have been using it more for new hires to submit
video or other large files for job interviews, so we are dealing with people
who are new to openupload.


Jonathan
................................
Jonathan Mergy <jm...@lw...>
Director Of Technology
Lick-Wilmerding High School
755 Ocean Ave, SF CA 94112
P:415.585.1725 x365
http://www.lwhs.org

Re: [openupload-devel] better way to alert that the notification email is important?

[Alessandro B. <ts...@br...>]

Il 29/03/2011 17:05, Jonathan Mergy ha scritto:
> Very happy with openupload and have tweaked it a bit to really make it
> slick for us. But, for whatever reason, people don’t seem to want to do
> the notification part post-upload. Do others have this issue? Basically,
> I get alerted by the receiver that the file is there from the sender and
> I have to pop-in as admin and see the file id then send the link to the
> receiver.
> 
> Have other run into this? If so, have you done anything to mod the
> notification page or something to let the senders know just uploading
> doesn’t do it and you NEED to let the person receiving know how to get
> the file(s) you are sending?
> 
> Any help appreciated.
> 
> Jonathan

Hi Jonathan,
I'm not sure I do understand the problem, but I guess you are referring
to the fact that the person uploads the file and then is requested more
information about the uploaded file.
Your users are lazy so they don't send the e-mail to the correct person?

Alessandro