Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Protected downloads in SS3 + random upload folders + how safe is my client center


Go to End


7 Posts   1333 Views

Avatar
mimamo

Community Member, 22 Posts

15 July 2013 at 6:05am

Hi there,

I'm building a Client Area on my Website, where they'll be able to download their invoices, project files, and so on.
The problem is, that everyone who has the filelink, can download the file...

Is there a way to secure the assets folder? So that only logged in users can download files?

The Second Problem is the following.
Each client page uses the ClientPage Type. So each upload folder is the same (otherwise you change it by yourself).
But is there a way to create subfolders for each ClientPage automatically?
For example: AllClients/485(random number)874/

Or perhaps you can insert a dynamic path in the pagetype?
Something like this?

	$file = new UploadField('File', 'Datei');
     	$file->setFolderName('AllClients/$RandomNumber/$ClientName');

ClientName whould be a textfield on the page.

And last but not least:

After the login, the User gets redirected to the Client Center, where he can see all his files and information. This Content comes from a Child Page of Client Center (each Client has one Page) on each Page is a Field named ClientEMailAddress, its Content is similar to the Email Address stored in the user account. It helps me to identify the correct content for the correct user in the template.

	<% if ClientEMailAddress = CurrentMember.Email %>
		$Content
	<% end_if %>

Can someone tell me how safe this is?

Okay, that'S pretty much now, and my english isn't the best ...
but i hope that someone understands my problem an can help me :)

best regards
benni

Avatar
swaiba

Forum Moderator, 1899 Posts

15 July 2013 at 2:54pm

I think this may be what you are after...

https://github.com/hamishcampbell/silverstripe-securefiles

Avatar
mimamo

Community Member, 22 Posts

15 July 2013 at 5:48pm

But this is not for SS3?

Avatar
swaiba

Forum Moderator, 1899 Posts

15 July 2013 at 6:02pm

You are asking how to make secure files - so I show you the standard silverstripe way...

and if you had looked closer you may have seen...

https://github.com/hamishcampbell/silverstripe-securefiles/pulls

Avatar
mimamo

Community Member, 22 Posts

15 July 2013 at 6:22pm

Ah okay great :)
So its SS3 compatible.

Thx a lot!

Avatar
mimamo

Community Member, 22 Posts

15 July 2013 at 8:28pm

after the installation i receive an server error when i try to access the file section ..

what can i do? :/

Avatar
swaiba

Forum Moderator, 1899 Posts

15 July 2013 at 8:52pm

>>what can i do? :/

Debug it