openupload-devel

[openupload-devel] download are incomplete

[Hester, A. <And...@eu...>]

I have 2 sites up, both members only.  One is for outbound file transfers and one for inbound transfers (temporary).  

The inbound site seemed to be working fine until I took a day off to go to the Dr.

Now I am getting reports that the files are being corrupted.

I had a chance to log in this am and confirmed that while the files are uploaded correctly, the same files when downloaded are only 261 bytes.  Oddly enough, I looked at the files table and found that there is a record in there that has a size of 261.  Of course there are many others of varying sizes.

Could it be stuck on a corrupt file?

Also, I don't see the same files in the db as in the data directory? should I?

While trying to fix this I noticed that there was a mime type plugin rule for un registered users that I hadn't noticed before.  I deleted that rule on the idea that it might be causing the download to fail. The only change I've made recently that I can think of is allowing multiple uploads, bu I changed that back and that didn;t resolve the issue either.


Thanks for any help.

-Andy

Re: [openupload-devel] download are incomplete

[Hester, A. <And...@eu...>]

I uploaded and then downloaded a .jpg file after deleting all files.  The file was still only 261 bytes (download - the size in the db shows correctly).  I opened the .jpg with a text editor and found this:

<br />
<b>Warning</b>:  readfile(/usr/local/transfer/data/wn1AmL8STJ) [<a href='function.readfile'>function.readfile</a>]: failed to open stream: No such file or directory in <b>/usr/local/transfer/lib/modules/default/files.inc.php</b> on line <b>408</b><br />

and it is true that it is not in the data directory.  I do have some file id data/tmp but they are not the size if the .jpg file.  www-data has write access to the data directory:

drwxr-xr-x  3 www-data www-data  4096 2009-05-07 10:05 data

off to check logs...



-Andy



-----Original Message-----
From: Hester, Andy [mailto:And...@eu...]
Sent: Thu 5/7/2009 9:49 AM
To: ope...@li...
Subject: [openupload-devel] download are incomplete
 

I have 2 sites up, both members only.  One is for outbound file transfers and one for inbound transfers (temporary).  

The inbound site seemed to be working fine until I took a day off to go to the Dr.

Now I am getting reports that the files are being corrupted.

I had a chance to log in this am and confirmed that while the files are uploaded correctly, the same files when downloaded are only 261 bytes.  Oddly enough, I looked at the files table and found that there is a record in there that has a size of 261.  Of course there are many others of varying sizes.

Could it be stuck on a corrupt file?

Also, I don't see the same files in the db as in the data directory? should I?

While trying to fix this I noticed that there was a mime type plugin rule for un registered users that I hadn't noticed before.  I deleted that rule on the idea that it might be causing the download to fail. The only change I've made recently that I can think of is allowing multiple uploads, bu I changed that back and that didn;t resolve the issue either.


Thanks for any help.

-Andy

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Openupload-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] download are incomplete

[Alessandro B. <ts...@br...>]

hmm, maybe check the .htaccess file in the www directory. it seems that 
Somehow the files are not uploaded correctly (maybe a timeout?)

Did you set both the upload_max_filesize and post_max_size  ?
Also check the max_input_time and max_execution_time
Logs should tell you what's wrong there.

Yes the data directory should contain the files with the names of the 
file ids associated.

The mimetype is only to check uploaded files mime type (not really 
working as it should imho), but if the file mime type is not correct it 
should block your request.

Alessandro

Hester, Andy ha scritto:
> I uploaded and then downloaded a .jpg file after deleting all files.  The file was still only 261 bytes (download - the size in the db shows correctly).  I opened the .jpg with a text editor and found this:
> 
> <br />
> <b>Warning</b>:  readfile(/usr/local/transfer/data/wn1AmL8STJ) [<a href='function.readfile'>function.readfile</a>]: failed to open stream: No such file or directory in <b>/usr/local/transfer/lib/modules/default/files.inc.php</b> on line <b>408</b><br />
> 
> and it is true that it is not in the data directory.  I do have some file id data/tmp but they are not the size if the .jpg file.  www-data has write access to the data directory:
> 
> drwxr-xr-x  3 www-data www-data  4096 2009-05-07 10:05 data
> 
> off to check logs...
> 
> 
> 
> -Andy
> 
> 
> 
> -----Original Message-----
> From: Hester, Andy [mailto:And...@eu...]
> Sent: Thu 5/7/2009 9:49 AM
> To: ope...@li...
> Subject: [openupload-devel] download are incomplete
>  
> 
> I have 2 sites up, both members only.  One is for outbound file transfers and one for inbound transfers (temporary).  
> 
> The inbound site seemed to be working fine until I took a day off to go to the Dr.
> 
> Now I am getting reports that the files are being corrupted.
> 
> I had a chance to log in this am and confirmed that while the files are uploaded correctly, the same files when downloaded are only 261 bytes.  Oddly enough, I looked at the files table and found that there is a record in there that has a size of 261.  Of course there are many others of varying sizes.
> 
> Could it be stuck on a corrupt file?
> 
> Also, I don't see the same files in the db as in the data directory? should I?
> 
> While trying to fix this I noticed that there was a mime type plugin rule for un registered users that I hadn't noticed before.  I deleted that rule on the idea that it might be causing the download to fail. The only change I've made recently that I can think of is allowing multiple uploads, bu I changed that back and that didn;t resolve the issue either.
> 
> 
> Thanks for any help.
> 
> -Andy
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] download are incomplete

[Hester, A. <And...@eu...>]

-----Original Message-----
From: Alessandro Briosi [mailto:ts...@br...]
Sent: Thu 5/7/2009 11:42 AM
To: OpenUpload Delvel and General talk
Subject: Re: [openupload-devel] download are incomplete
 
hmm, maybe check the .htaccess file in the www directory. it seems that 
Somehow the files are not uploaded correctly (maybe a timeout?)

Did you set both the upload_max_filesize and post_max_size  ?
Also check the max_input_time and max_execution_time
Logs should tell you what's wrong there.



Yes the data directory should contain the files with the names of the 
file ids associated.

The mimetype is only to check uploaded files mime type (not really 
working as it should imho), but if the file mime type is not correct it 
should block your request.

Alessandro
--------------------------------------

These files vary from 1k to 500k and they all upload within a few seconds.  The website reports the correct size after upload and writes the correct size into the db, but never writes a file to /data or /data/tmp

The last thing that I had done was to set up clamav and run some manual scans and I use the /data directory and I wonder if this may have caused a problem.

-Andy

Re: [openupload-devel] download are incomplete

[Alessandro B. <ts...@br...>]

> 
> These files vary from 1k to 500k and they all upload within a few seconds.  The website reports the correct size 
 > after upload and writes the correct size into the db, but never 
writes a file to /data or /data/tmp
> 
> The last thing that I had done was to set up clamav and run some manual scans and I use the /data directory and 
 > I wonder if this may have caused a problem.
> 

It might be, but don't think so.

I opt for a $CONFIG['multiupload'] value equal to 0, (I have tested it 
and get the same result as you have)
this naming might be misleading, but it means how many files can be 
uploaded and a value of 0 means NO FILE. It should be bigger or equal to 
1 (yes I'll need a check and default to at least 1)

The fact that uploads are "fast" is a bit odd though.
Also PHP should report if there was a partial transfer or an upload error.

If nothing else helps and if you have some PHP knowledge I'd go for a 
few debug lines in the files.inc.php, something like

insert this lines at the beginning of function uploadOptions(
echo '<pre>';
print_r($_FILES);
echo '</pre>';
exit;

then move the "exit;" line and place it
before the $this->nextStep(app()->step);
this should stop the upload right after the file should be moved to the 
/data/tmp directory
and tell you the files details PHP passes to Open Upload.

and if nothing displays try before all the redirect and so on


Alessandro

Re: [openupload-devel] download are incomplete

[Alessandro B. <ts...@br...>]

Hmm, I might have spoken too early.
If the multiupload value is 0 then it gets back to 1 (so the check is 
there :)

But got the problem 'cause the /data/tmp directory was not writable by 
the www-data user ...

Alessandro

Alessandro Briosi ha scritto:
>> These files vary from 1k to 500k and they all upload within a few seconds.  The website reports the correct size 
>  > after upload and writes the correct size into the db, but never 
> writes a file to /data or /data/tmp
>> The last thing that I had done was to set up clamav and run some manual scans and I use the /data directory and 
>  > I wonder if this may have caused a problem.
> 
> It might be, but don't think so.
> 
> I opt for a $CONFIG['multiupload'] value equal to 0, (I have tested it 
> and get the same result as you have)
> this naming might be misleading, but it means how many files can be 
> uploaded and a value of 0 means NO FILE. It should be bigger or equal to 
> 1 (yes I'll need a check and default to at least 1)
> 
> The fact that uploads are "fast" is a bit odd though.
> Also PHP should report if there was a partial transfer or an upload error.
> 
> If nothing else helps and if you have some PHP knowledge I'd go for a 
> few debug lines in the files.inc.php, something like
> 
> insert this lines at the beginning of function uploadOptions(
> echo '<pre>';
> print_r($_FILES);
> echo '</pre>';
> exit;
> 
> then move the "exit;" line and place it
> before the $this->nextStep(app()->step);
> this should stop the upload right after the file should be moved to the 
> /data/tmp directory
> and tell you the files details PHP passes to Open Upload.
> 
> and if nothing displays try before all the redirect and so on
> 
> 
> Alessandro
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] download are incomplete

[Hester, A. <And...@eu...>]

-----Original Message-----
From: Alessandro Briosi [mailto:ts...@br...]
Sent: Thu 5/7/2009 6:47 PM
To: OpenUpload Delvel and General talk
Subject: Re: [openupload-devel] download are incomplete
 
Hmm, I might have spoken too early.
If the multiupload value is 0 then it gets back to 1 (so the check is 
there :)

But got the problem 'cause the /data/tmp directory was not writable by 
the www-data user ...

--------------------------------------------
Right.  I did another check of file permissions and found that the tmp directory permissions were not the same as the other site.  ( I have 2 sites with 2 separate IPs and separate directories)  Setting the permissions back solved th problem.   

So what caused the /data/tmp dir to have the wrong permissions?

-Andy

Re: [openupload-devel] download are incomplete

[Alessandro B. <ts...@br...>]

Hester, Andy ha scritto:
> Right.  I did another check of file permissions and found that the tmp directory permissions were not the same as the other site.  ( I have 2 sites with 2 separate IPs and separate directories)  Setting the permissions back solved th problem.   
> 
Good at least it was not completely an Open Upload fault :)

> So what caused the /data/tmp dir to have the wrong permissions?
> 

That's dificult to guess. Maybe your testing with clamav/clamd, if it 
was working before. otherwise you might have missed a -R switch

Alessandro

[openupload-devel] New Plugin: account_expire

[Jochen D. <jo...@co...>]

Dear Alessandro,

I've finally come round to finishing the first version of the account_expire
plugin. The administrator can now enter an expiration date in the user form.
This date is checkec when the user tries to log on, to allow or deny
authentication.

I did have to make some minor changes to the admin module (to call and
display plugins in the useredit method) in order to get this plugin to work.
The code I've provided is probably not up to the standards of the rest of
the code base. I think mostly acl is missing from this plugin. I would still
appreciate it if you could take a look and tell me what you think.

I'm going to work on assigning files to groups now, I might do it
differently then what you had in mind, due to the database code not being
able to do joins. Anyway, I'll patch something together (-:

Thanks,
Jochen

Re: [openupload-devel] New Plugin: account_expire

[Alessandro B. <ts...@br...>]

H Jochen,
from a fast check it seems ok.
I'll be looking at it later and get back to you.

Thanks,
Alessandro


Jochen Derwae ha scritto:
> Dear Alessandro,
> 
> I've finally come round to finishing the first version of the account_expire
> plugin. The administrator can now enter an expiration date in the user form.
> This date is checkec when the user tries to log on, to allow or deny
> authentication.
> 
> I did have to make some minor changes to the admin module (to call and
> display plugins in the useredit method) in order to get this plugin to work.
> The code I've provided is probably not up to the standards of the rest of
> the code base. I think mostly acl is missing from this plugin. I would still
> appreciate it if you could take a look and tell me what you think.
> 
> I'm going to work on assigning files to groups now, I might do it
> differently then what you had in mind, due to the database code not being
> able to do joins. Anyway, I'll patch something together (-:
> 
> Thanks,
> Jochen
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables 
> unlimited royalty-free distribution of the report engine 
> for externally facing server and web deployment. 
> http://p.sf.net/sfu/businessobjects
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] New Plugin: account_expire

[Alessandro B. <ts...@br...>]

Hi Jochen,
I'm not really convinced about this.
Though coding is correct (only minor fixes), the plugin must be enabled 
also for admins to be used in the administration page.

Imho, we should differenciate between plugins for functionality, and 
administration.

Won't commit it right now. I'll have a look in the next few days on how 
to fix this.
I already thought that a module and a plugin should handle the 
administration of itself, and not the admin module. That's another thing 
I want to change for 0.5

Ciao,
Alessandro

P.S. I suppose you are coding on Windows as I had some troubles finding 
out that the directory for the templates was called accountExpire and 
not accountexpire. Please use all lowercase for the file/directories.

Jochen Derwae ha scritto:
> Dear Alessandro,
> 
> I've finally come round to finishing the first version of the account_expire
> plugin. The administrator can now enter an expiration date in the user form.
> This date is checkec when the user tries to log on, to allow or deny
> authentication.
> 
> I did have to make some minor changes to the admin module (to call and
> display plugins in the useredit method) in order to get this plugin to work.
> The code I've provided is probably not up to the standards of the rest of
> the code base. I think mostly acl is missing from this plugin. I would still
> appreciate it if you could take a look and tell me what you think.
> 
> I'm going to work on assigning files to groups now, I might do it
> differently then what you had in mind, due to the database code not being
> able to do joins. Anyway, I'll patch something together (-:
> 
> Thanks,
> Jochen
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables 
> unlimited royalty-free distribution of the report engine 
> for externally facing server and web deployment. 
> http://p.sf.net/sfu/businessobjects
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] New Plugin: account_expire

[Jochen D. <jo...@co...>]

Hey Alessandro,

Thanks for reviewing it and giving me feedback. Although, sorry to say, I'm
not entirely sure what you mean. Are you saying that I misused the plugin
system for administrating user data (should I have made a module?) Or do you
mean that plugins altogether where never meant as an enhancement of the user
(or other) administration?

The way I interpreted it is that plugins can (or could or should) manipulate
all entities in the system (users, groups, ...) and not just files.

Please let me know if I can be of any assistance with making changes to
either the plugin or any other part of the system.


Indeed I code on windows, my apologies for not catching the case sensitivity
of the filenames. It might have been more of a reflex, writing the directory
name in camelcase (-:


In the mean while, I've made progres on the group assignment of files. I
have managed to implement it using a plugin as well. I did have to make some
(very minor) changes to the base system to get it to work but, I'll write
you later today or tomorrow to with the patch and an explanation.


There is one potentially critical issue I noticed though: anyone can
download files without necessarily having the rights to them. When a user
has the right to download files and knows the id of a file in the system
(not necessarily one he has access to) he can still download it. I did not
find any check on ownership of the file in the whole download procedure
(downloadForm, downloadRequest and downloadConfirm). Any user with the
download rights can thus craft a request string
(http://localhost/~OpenUpload/www/?action=d&id=******) and proceed with the
download.

I have tested this a bit, but I'm not yet sure if it's definitely,
absolutely always the case. Some of my tests blocked the download from
happening, others allowed it.  I also didn't test on a clean system, so
perhaps my changes broke something.


Enjoy

Jochen


-----Original Message-----
From: Alessandro Briosi [mailto:ts...@br...] 
Sent: vrijdag 22 mei 2009 19:16
To: OpenUpload Delvel and General talk
Subject: Re: [openupload-devel] New Plugin: account_expire

Hi Jochen,
I'm not really convinced about this.
Though coding is correct (only minor fixes), the plugin must be enabled also
for admins to be used in the administration page.

Imho, we should differenciate between plugins for functionality, and
administration.

Won't commit it right now. I'll have a look in the next few days on how to
fix this.
I already thought that a module and a plugin should handle the
administration of itself, and not the admin module. That's another thing I
want to change for 0.5

Ciao,
Alessandro

P.S. I suppose you are coding on Windows as I had some troubles finding out
that the directory for the templates was called accountExpire and not
accountexpire. Please use all lowercase for the file/directories.

Jochen Derwae ha scritto:
> Dear Alessandro,
> 
> I've finally come round to finishing the first version of the 
> account_expire plugin. The administrator can now enter an expiration date
in the user form.
> This date is checkec when the user tries to log on, to allow or deny 
> authentication.
> 
> I did have to make some minor changes to the admin module (to call and 
> display plugins in the useredit method) in order to get this plugin to
work.
> The code I've provided is probably not up to the standards of the rest 
> of the code base. I think mostly acl is missing from this plugin. I 
> would still appreciate it if you could take a look and tell me what you
think.
> 
> I'm going to work on assigning files to groups now, I might do it 
> differently then what you had in mind, due to the database code not 
> being able to do joins. Anyway, I'll patch something together (-:
> 
> Thanks,
> Jochen
> 
> 
> ----------------------------------------------------------------------
> --
> 
> ----------------------------------------------------------------------
> -------- Crystal Reports - New Free Runtime and 30 Day Trial Check out 
> the new simplified licensing option that enables unlimited 
> royalty-free distribution of the report engine for externally facing 
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> 
> 
> ----------------------------------------------------------------------
> --
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

----------------------------------------------------------------------------
--
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a
gathering of tech-side developers & brand creativity professionals. Meet the
minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________
Openupload-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openupload-devel

[openupload-devel] New Plugin: groupfiles

[Jochen D. <jo...@co...>]

Hey Alessandro,

Here is the second plugin I've created. This one provides access to a file
for a whole group. When the plugin is enabled for a certain user, this user
can select one or more groups that can have access to the file.

Users in said groups will see that file in their file list can see the
details and download the file. The plugin implements the fileList,
uploadOptions, uploadConfirm and fileDetails actions.

I have made some changes to files.inc.php, more specifically in fileList and
fileDetails:
fileList: the plugin gets an array in which count, rows, offset and the file
list are passed. In the same array, the additional file list from the plugin
and the total number of additional files from the plugin are passed back
through the same array. This way the file list can be reconstructed with the
files from the plugins appended to the original file list. Pagination should
continue to work.

fileDetails: the plugin can manipulate the finfo array, before access to the
file details are checked. This was done specifically to allow the groupfiles
plugin to let the user see files that are not his, but visible to his group.
Ther might be a more elegant way to do this, but I couldn't immediately find
one. Furthermore, the file options can be manipulated by the plugins and the
fileDetails method will save them back to the database. This allows plugins
to alter the file_options even after the file has been uploaded (which I
think would be a good overall feature).

I might have overstepped some design philosophies you had for OpenUpload to
implement this plugin, let me know how it works out for you. As always, I'm
happy to make changes to let it fit better with what you had in mind.

enjoy
jochen

Re: [openupload-devel] New Plugin: groupfiles

[Alessandro B. <ts...@br...>]

Here I am again.
<preable>
I'm thinking on implementing a sort of file listing (file manager) for 
"registered" users which probably would solve all this.
It seems to be a required feature...
</preamble>

Jochen Derwae ha scritto:
> Hey Alessandro,
> 
> Here is the second plugin I've created. This one provides access to a file
> for a whole group. When the plugin is enabled for a certain user, this user
> can select one or more groups that can have access to the file.
> 
> Users in said groups will see that file in their file list can see the
> details and download the file. The plugin implements the fileList,
> uploadOptions, uploadConfirm and fileDetails actions.
> 
ok. I think we must clarify first what's the task to be acomplished by 
the plugin. Here we have 2 ways.
1. the file can be downloaded from other people (even unregistered) if 
they know the id (and eventually the protection), but the group can see 
it in it's files list.
2. the file can be only viewd/downloaded by a group

The first option is pretty straight forward.

The second one is a bit tricky (but it makes more sense to me).
Probably it only needs a check on the download request, and if the user 
is not part of that group, redirect with an error.


> I have made some changes to files.inc.php, more specifically in fileList and
> fileDetails:
> fileList: the plugin gets an array in which count, rows, offset and the file
> list are passed. In the same array, the additional file list from the plugin
> and the total number of additional files from the plugin are passed back
> through the same array. This way the file list can be reconstructed with the
> files from the plugins appended to the original file list. Pagination should
> continue to work.
> 
ok.

> fileDetails: the plugin can manipulate the finfo array, before access to the
> file details are checked. This was done specifically to allow the groupfiles
> plugin to let the user see files that are not his, but visible to his group.
> Ther might be a more elegant way to do this, but I couldn't immediately find
> one. Furthermore, the file options can be manipulated by the plugins and the
> fileDetails method will save them back to the database. This allows plugins
> to alter the file_options even after the file has been uploaded (which I
> think would be a good overall feature).
> 
I'm not sure why you change the owner of the file...
Also I think that the user might decide to not share the file within a 
group.

> I might have overstepped some design philosophies you had for OpenUpload to
> implement this plugin, let me know how it works out for you. As always, I'm
> happy to make changes to let it fit better with what you had in mind.
> 

Somehow yes, but imho it's an OpenUpload design shortage.

Alessandro

Re: [openupload-devel] New Plugin: account_expire

[Alessandro B. <ts...@br...>]

Hi Jochen,
sorry for the late reply.

> Thanks for reviewing it and giving me feedback. Although, sorry to say, I'm
> not entirely sure what you mean. Are you saying that I misused the plugin
> system for administrating user data (should I have made a module?) Or do you
> mean that plugins altogether where never meant as an enhancement of the user
> (or other) administration?
>
No, I'm saying that the way OpenUpload is designed right now has not 
considered plugins to extend the user data. Which should be fixed in 
next version imho.

> The way I interpreted it is that plugins can (or could or should) manipulate
> all entities in the system (users, groups, ...) and not just files.
> 
yep.

> Please let me know if I can be of any assistance with making changes to
> either the plugin or any other part of the system.
> 
Well, the problem here is noted above. It's not correct to have to 
enable the plugin for the administrators in this case.

> 
> Indeed I code on windows, my apologies for not catching the case sensitivity
> of the filenames. It might have been more of a reflex, writing the directory
> name in camelcase (-:
> 
no prob.
> 
> In the mean while, I've made progres on the group assignment of files. I
> have managed to implement it using a plugin as well. I did have to make some
> (very minor) changes to the base system to get it to work but, I'll write
> you later today or tomorrow to with the patch and an explanation.
> 
> 
> There is one potentially critical issue I noticed though: anyone can
> download files without necessarily having the rights to them. When a user
> has the right to download files and knows the id of a file in the system
> (not necessarily one he has access to) he can still download it. I did not
> find any check on ownership of the file in the whole download procedure
> (downloadForm, downloadRequest and downloadConfirm). Any user with the
> download rights can thus craft a request string
> (http://localhost/~OpenUpload/www/?action=d&id=******) and proceed with the
> download.
> 
Because it was not meant to work this way. The captcha and the password 
(better), should be the protection to the file.
Probably implementing a check on the file that only the users on that 
group can download that file is the way to go. (it's like an hidden 
password)

I will discuss this in the next e-mail....

Alessandro

Re: [openupload-devel] download are incomplete

[Alessandro B. <ts...@br...>]

btw: do the 2 sites use the same database and data directory?
Are they on the same webserver name (i.e. www.ou.com/upload and 
www.ou.com/download) ?

Is the temporary php upload directory on the same partition as the open 
upload data directory? Just a wild guess. And the data/tmp ?

Is the CONFIG['multiupload'] set to at least 1?

Open Upload is supposed to:
1. upload a file via standard php functions
2. move the uploaded file to the data/tmp directory so php won't delete 
the file at the end of the script
3. if everything is good then it will generate the new ID and move the 
file to the data directory with the new ID name.

Something here fails.

Alessandro

P.S. I should add a check and raise an error if the file is not found on 
the filesystem. Also a few checks if the file was moved (renamed) correctly.

Hester, Andy ha scritto:
> I uploaded and then downloaded a .jpg file after deleting all files.  The file was still only 261 bytes (download - the size in the db shows correctly).  I opened the .jpg with a text editor and found this:
> 
> <br />
> <b>Warning</b>:  readfile(/usr/local/transfer/data/wn1AmL8STJ) [<a href='function.readfile'>function.readfile</a>]: failed to open stream: No such file or directory in <b>/usr/local/transfer/lib/modules/default/files.inc.php</b> on line <b>408</b><br />
> 
> and it is true that it is not in the data directory.  I do have some file id data/tmp but they are not the size if the .jpg file.  www-data has write access to the data directory:
> 
> drwxr-xr-x  3 www-data www-data  4096 2009-05-07 10:05 data
> 
> off to check logs...
> 
> 
> 
> -Andy
> 
> 
> 
> -----Original Message-----
> From: Hester, Andy [mailto:And...@eu...]
> Sent: Thu 5/7/2009 9:49 AM
> To: ope...@li...
> Subject: [openupload-devel] download are incomplete
>  
> 
> I have 2 sites up, both members only.  One is for outbound file transfers and one for inbound transfers (temporary).  
> 
> The inbound site seemed to be working fine until I took a day off to go to the Dr.
> 
> Now I am getting reports that the files are being corrupted.
> 
> I had a chance to log in this am and confirmed that while the files are uploaded correctly, the same files when downloaded are only 261 bytes.  Oddly enough, I looked at the files table and found that there is a record in there that has a size of 261.  Of course there are many others of varying sizes.
> 
> Could it be stuck on a corrupt file?
> 
> Also, I don't see the same files in the db as in the data directory? should I?
> 
> While trying to fix this I noticed that there was a mime type plugin rule for un registered users that I hadn't noticed before.  I deleted that rule on the idea that it might be causing the download to fail. The only change I've made recently that I can think of is allowing multiple uploads, bu I changed that back and that didn;t resolve the issue either.
> 
> 
> Thanks for any help.
> 
> -Andy
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel