Re: File uploads and Media Plugin
Hi stab, I don't really know about ajax-upload. As I'm using plupload in one of my projects and guess it's similar. You're right the media plugin's transfer behavior doesn't natively handle streams, yet. Here's an excerpt of the code I'm using to workaround that: if ($this-RequestHandler-requestedWith('application/octet-stream')) { if (!$in = fopen('php://input', 'rb')) { $this-cakeError('error500', array('api' = true)); } $tmpFile = tempnam('/tmp', 'app_'); $tmp = fopen($tmpFile, 'wb'); while ($buf = fread($in, 4096)) { fwrite($tmp, $buf); } fclose($in); fclose($tmp); $this-data['MediaFile']['file'] = $tmpFile; } else { $this-data['MediaFile'] = $this-params['form']; } Hope this helps, - David On 26 Okt., 10:02, stab sicapi...@gmail.com wrote: I'm trying to use this:http://valums.com/ajax-upload/with the media plugin herehttp://github.com/davidpersson/media I've got it setup ok, and it is attached to a Document model. I can also get the qquploader uploading fine using it's own examples and class libraries. I need to find a way to take the input from the ajax upload and then save it down in the normal manner using the plugin. It does use the php://input method which I think the media plugin doesn't use? Any help appreciated! Thanks Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: File Uploads: What security-issues I have to take care of?
RE The media view - I try and avoid this unless it's a real security requirement, as it means every request for a simple image requires CakePHP to handle it, vastly increasing the load on yoru servers, and the latency for that file. An alternative is to save each file based on a UUID, or similar - this means you can serve the image files directly, but it's basically impossible to guess another user's image UUIDs, meaning it's still very secure. (That's my understanding - I'd be interested if anyone disagrees?) On Aug 31, 7:55 pm, Miles J mileswjohn...@gmail.com wrote: Regarding the mimetype, it allows all mimetypes listed in the config folder. If you want to restrict the type, use the file validation behavior. For the second part of your question. You would do a normal controller action setup like /files/download/1 and then use the media view and your own logic to determine the file. http://book.cakephp.org/view/489/Media-Views --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
@woodsman - No I agree with you. I was simply showing him the media view because you he wanted to supply downloads/files to users. On Sep 1, 4:21 am, the_woodsman elwood.ca...@gmail.com wrote: RE The media view - I try and avoid this unless it's a real security requirement, as it means every request for a simple image requires CakePHP to handle it, vastly increasing the load on yoru servers, and the latency for that file. An alternative is to save each file based on a UUID, or similar - this means you can serve the image files directly, but it's basically impossible to guess another user's image UUIDs, meaning it's still very secure. (That's my understanding - I'd be interested if anyone disagrees?) On Aug 31, 7:55 pm, Miles J mileswjohn...@gmail.com wrote: Regarding the mimetype, it allows all mimetypes listed in the config folder. If you want to restrict the type, use the file validation behavior. For the second part of your question. You would do a normal controller action setup like /files/download/1 and then use the media view and your own logic to determine the file. http://book.cakephp.org/view/489/Media-Views --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
A few things to keep in mind are: * Don't just validate against the MIME type submitted by the client, verify the MIME type by inspecting the uploaded file directly. * Image transformations help to prevent some exploits (i.e. by stripping comment metadata). * Uploaded files shouldn't be directly accessible either only serve i.e. transformed images (see above) or obscure by using UUIDs. - David On 1 Sep., 07:21, the_woodsman elwood.ca...@gmail.com wrote: RE The media view - I try and avoid this unless it's a real security requirement, as it means every request for a simple image requires CakePHP to handle it, vastly increasing the load on yoru servers, and the latency for that file. An alternative is to save each file based on a UUID, or similar - this means you can serve the image files directly, but it's basically impossible to guess another user's image UUIDs, meaning it's still very secure. (That's my understanding - I'd be interested if anyone disagrees?) On Aug 31, 7:55 pm, Miles J mileswjohn...@gmail.com wrote: Regarding the mimetype, it allows all mimetypes listed in the config folder. If you want to restrict the type, use the file validation behavior. For the second part of your question. You would do a normal controller action setup like /files/download/1 and then use the media view and your own logic to determine the file. http://book.cakephp.org/view/489/Media-Views --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Haha awesome, glad someone found it useful :] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
There is one thing to keep in mind when uploading files and that's the security risks in uploading files to the webroot where people can access them directly. It's generally recommended to upload files to a directory outside of the webservers document root and give them a unique name, so that the file can't be accessed directly. Store a reference in the database as a pointer to the file on the file system. Then you can use Cakes Media view to access the file. This helps prevent people from uploading a malicious file and then executing it on the server. On top of that you can do all kinds of server authentication or even use the ACL to grant proper permissions to the files. On Aug 30, 10:51 am, DigitalDude e.blumsten...@googlemail.com wrote: Hey, in my first real and own project, I want to implement the ability to upload files to a user's account. The filetypes I need to be able to upload are: - PDF - JPG - GIF - PNG - XLS - DOC - OpenOffice Documents - ZIP - RAR Before I start to implement a file-uploading action, I need to consider what are the security-risks of fileuploads in general, and in case of any of the listed filetypes above. What are the dangers of these filetypes, abd how can I prevent myself and my server from getting in danger? Regards, DD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Yeah but thats pretty pointless if your just uploading images. But yes what you said would be the ideal situation if you want to do a download system, or supply files to users. On Aug 31, 4:56 am, Stinkbug justink...@gmail.com wrote: There is one thing to keep in mind when uploading files and that's the security risks in uploading files to the webroot where people can access them directly. It's generally recommended to upload files to a directory outside of the webservers document root and give them a unique name, so that the file can't be accessed directly. Store a reference in the database as a pointer to the file on the file system. Then you can use Cakes Media view to access the file. This helps prevent people from uploading a malicious file and then executing it on the server. On top of that you can do all kinds of server authentication or even use the ACL to grant proper permissions to the files. On Aug 30, 10:51 am, DigitalDude e.blumsten...@googlemail.com wrote: Hey, in my first real and own project, I want to implement the ability to upload files to a user's account. The filetypes I need to be able to upload are: - PDF - JPG - GIF - PNG - XLS - DOC - OpenOffice Documents - ZIP - RAR Before I start to implement a file-uploading action, I need to consider what are the security-risks of fileuploads in general, and in case of any of the listed filetypes above. What are the dangers of these filetypes, abd how can I prevent myself and my server from getting in danger? Regards, DD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Hey, yeah that's what I intend to do. I used your Uploader to upload files for testing purposes, this works well, BUT I think that the allowed mimetypes are not working as they should. I can upload ANY file, although I allowed only JPEG and GIF to the plugin. That's a bit weird, but I'm sure I'll find out why this is happening. Let's assume we have done the work for uploading the files, store the files with a unique name in a separate folder etc. but HOW can I prevent a user getting files from other users? I think at the moment every user can just type in a filename and if it's there, he will be able to download it, no matter if it belongs to that user or not. I've seen several solutions to this issue, mostly there is a php- action involved (let's say download.php?filename.ext) where the permission for the user is checked. But there has to be a cake-style solution to this, right? In my DB I store the user_id to every file that's uploaded, so I can check by $this-Auth-User('id') wether the file belongs to the requesting user, or not. But the direct download is not prevented. Would a certain entry in the ROUTES.PHP file bring any help to that? Maybe to redirect every request to the folder webroot/files to an action that checks the permissions or sth. like that...? I know it's kinda hard to understand what I mean, but if I see once how to to such things, I won't bother you guys anymore, I swear :) Regards, DD On 31 Aug., 18:11, Miles J mileswjohn...@gmail.com wrote: Yeah but thats pretty pointless if your just uploading images. But yes what you said would be the ideal situation if you want to do a download system, or supply files to users. On Aug 31, 4:56 am, Stinkbug justink...@gmail.com wrote: There is one thing to keep in mind when uploading files and that's the security risks in uploading files to the webroot where people can access them directly. It's generally recommended to upload files to a directory outside of the webservers document root and give them a unique name, so that the file can't be accessed directly. Store a reference in the database as a pointer to the file on the file system. Then you can use Cakes Media view to access the file. This helps prevent people from uploading a malicious file and then executing it on the server. On top of that you can do all kinds of server authentication or even use the ACL to grant proper permissions to the files. On Aug 30, 10:51 am, DigitalDude e.blumsten...@googlemail.com wrote: Hey, in my first real and own project, I want to implement the ability to upload files to a user's account. The filetypes I need to be able to upload are: - PDF - JPG - GIF - PNG - XLS - DOC - OpenOffice Documents - ZIP - RAR Before I start to implement a file-uploading action, I need to consider what are the security-risks of fileuploads in general, and in case of any of the listed filetypes above. What are the dangers of these filetypes, abd how can I prevent myself and my server from getting in danger? Regards, DD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Regarding the mimetype, it allows all mimetypes listed in the config folder. If you want to restrict the type, use the file validation behavior. For the second part of your question. You would do a normal controller action setup like /files/download/1 and then use the media view and your own logic to determine the file. http://book.cakephp.org/view/489/Media-Views --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
A few here: - Check the extension as well as the mimetype - Only allow certain types - Check the filesize if needed - Make sure the file is a valid file resource - Make sure there are no errors upon uploading I however have create a file upload plugin. You can use the plugin itself or you can take a look at how its written and get an idea. http://www.milesj.me/resources/script/uploader-plugin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Hey, I couldn't wait and tried out your Plugin. And, well, it works like a charme! It does everything I want to do right from the start, the data I need is stored, I can even set the path where the files are uploaded to within the action (so I can save the files in a separate directory for each user!). This is by far the best and easiest to use plugin I've ever seen! I was searching the web for weeks to get a working component but NONE worked well! I'm really excited now and would love to go on with my project now, but I gotta go to sleep because of work tomorrow :( ! The first thing I'll do tomorrow afternoon is working on that topic! Thanks a lot man, you really saved my day! Regards, DD On 31 Aug., 01:09, DigitalDude e.blumsten...@googlemail.com wrote: Hey, this looks nice, and I like the fact that it can handle mutliple files at one time! I will try to implement this into my project, and then start to customize it to fit my requirements. I want to create some records in the database for each uploaded file, but I'm sure this is gonna work with a little work and some thinking :)! Thanks for the link, I'll let you know if I could use it! Regards, DD On 30 Aug., 20:44, Miles J mileswjohn...@gmail.com wrote: A few here: - Check the extension as well as the mimetype - Only allow certain types - Check the filesize if needed - Make sure the file is a valid file resource - Make sure there are no errors upon uploading I however have create a file upload plugin. You can use the plugin itself or you can take a look at how its written and get an idea. http://www.milesj.me/resources/script/uploader-plugin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads: What security-issues I have to take care of?
Hey, this looks nice, and I like the fact that it can handle mutliple files at one time! I will try to implement this into my project, and then start to customize it to fit my requirements. I want to create some records in the database for each uploaded file, but I'm sure this is gonna work with a little work and some thinking :)! Thanks for the link, I'll let you know if I could use it! Regards, DD On 30 Aug., 20:44, Miles J mileswjohn...@gmail.com wrote: A few here: - Check the extension as well as the mimetype - Only allow certain types - Check the filesize if needed - Make sure the file is a valid file resource - Make sure there are no errors upon uploading I however have create a file upload plugin. You can use the plugin itself or you can take a look at how its written and get an idea. http://www.milesj.me/resources/script/uploader-plugin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads - getting an undefined index.
Apologies for the late reply - I solved this, it was a really silly error on my part! I was accessing the array but not the specific field I needed. On Jun 21, 5:37 pm, brian bally.z...@gmail.com wrote: What does the controller code look like now? Specifically, where it interacts with your ImageComponent. On Sun, Jun 21, 2009 at 11:46 AM, number9xpozit...@gmail.com wrote: OK, so I have solved theundefinedindex problem - the view file was wrong, it should have been Tip.image instead of just image. However, I changed it to Img.pic so as not to clash with image. I'm now getting the following error when trying to add: Notice (8): Array to string conversion [APP\controllers\components \image.php, line 50] Warning (2): strrpos() expects parameter 1 to be string, array given [APP\controllers\components\image.php, line 145] I've done some searching, and I understand that the error means an array is being given as opposed to a string, but I didn't really come across a fix? Has anybody got any ideas? Thanks in advance! On Jun 20, 6:19 pm, number9 xpozit...@gmail.com wrote: I'm trying to add the ability to upload files on an existing add method within a controller, but no matter which method I use to try and upload files I get an undefinedindex error on the name of the field within the view and I cannot understand why. I thought it may have been a problem with the components I was trying, but after stripping back to a simple bit of code found here (http://www.davidgolding.net/cakephp/using-the-file-functions-in-cakep...) - I am still getting the error. Code looks like this: // Controller: if ($this-data['Tip']['image']) { $file = new File($this-data['Tip']['image']); $ext = $file-ext(); if ($ext != 'jpg' $ext != 'jpeg' $ext != 'gif' $ext != 'png') { $this-Session-setFlash('You may only upload image files.'); $this-render(); } else { $date = $this-data['Tip']['created']; $filename = $date['year'].'-'.$date['month'].'-'.$date['day'].'- post-image.'.$ext; $data= $file-read(); $file-close(); $file = new File(WWW_ROOT.'/img/'.$filename,true); $file-write($data); $file-close(); } } // View file: ?php echo $form-create('Tip',array('type'='file')); ? fieldset legend?php __('Add Tip');?/legend ?php echo $form-input('comment_count'); echo $form-input('name'); echo $form-input('slug'); echo $form-input('description'); echo $form-input('image',array('type'='file')); echo $form-input('expires'); echo $form-input('rating'); echo $form-select('Tip.category_id', $cat_list, null, array(), true); echo $form-input('site_id'); echo $form-input('user_id'); echo $form-input('Tag.name',array( 'type' = 'text', 'label' = __('Add Tags',true), 'after' = __('Seperate each tag with a comma. Eg: family, sports, icecream',true) )); ? /fieldset ?php echo $form-end('Submit');? There is more in the controller file, but I thought I would include just the relevant information for the time being. Is it possible that something else in there is conflicting with the code? I tried also adding ['tmp_name'] but no joy... Any insight would be appreciated. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads - getting an undefined index.
OK, so I have solved the undefined index problem - the view file was wrong, it should have been Tip.image instead of just image. However, I changed it to Img.pic so as not to clash with image. I'm now getting the following error when trying to add: Notice (8): Array to string conversion [APP\controllers\components \image.php, line 50] Warning (2): strrpos() expects parameter 1 to be string, array given [APP\controllers\components\image.php, line 145] I've done some searching, and I understand that the error means an array is being given as opposed to a string, but I didn't really come across a fix? Has anybody got any ideas? Thanks in advance! On Jun 20, 6:19 pm, number9 xpozit...@gmail.com wrote: I'm trying to add the ability to upload files on an existing add method within a controller, but no matter which method I use to try and upload files I get an undefined index error on the name of the field within the view and I cannot understand why. I thought it may have been a problem with the components I was trying, but after stripping back to a simple bit of code found here (http://www.davidgolding.net/cakephp/using-the-file-functions-in-cakephp.html) - I am still getting the error. Code looks like this: // Controller: if ($this-data['Tip']['image']) { $file = new File($this-data['Tip']['image']); $ext = $file-ext(); if ($ext != 'jpg' $ext != 'jpeg' $ext != 'gif' $ext != 'png') { $this-Session-setFlash('You may only upload image files.'); $this-render(); } else { $date = $this-data['Tip']['created']; $filename = $date['year'].'-'.$date['month'].'-'.$date['day'].'- post-image.'.$ext; $data = $file-read(); $file-close(); $file = new File(WWW_ROOT.'/img/'.$filename,true); $file-write($data); $file-close(); } } // View file: ?php echo $form-create('Tip',array('type'='file')); ? fieldset legend?php __('Add Tip');?/legend ?php echo $form-input('comment_count'); echo $form-input('name'); echo $form-input('slug'); echo $form-input('description'); echo $form-input('image',array('type'='file')); echo $form-input('expires'); echo $form-input('rating'); echo $form-select('Tip.category_id', $cat_list, null, array(), true); echo $form-input('site_id'); echo $form-input('user_id'); echo $form-input('Tag.name',array( 'type' = 'text', 'label' = __('Add Tags',true), 'after' = __('Seperate each tag with a comma. Eg: family, sports, icecream',true) )); ? /fieldset ?php echo $form-end('Submit');? There is more in the controller file, but I thought I would include just the relevant information for the time being. Is it possible that something else in there is conflicting with the code? I tried also adding ['tmp_name'] but no joy... Any insight would be appreciated. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads - getting an undefined index.
What does the controller code look like now? Specifically, where it interacts with your ImageComponent. On Sun, Jun 21, 2009 at 11:46 AM, number9xpozit...@gmail.com wrote: OK, so I have solved the undefined index problem - the view file was wrong, it should have been Tip.image instead of just image. However, I changed it to Img.pic so as not to clash with image. I'm now getting the following error when trying to add: Notice (8): Array to string conversion [APP\controllers\components \image.php, line 50] Warning (2): strrpos() expects parameter 1 to be string, array given [APP\controllers\components\image.php, line 145] I've done some searching, and I understand that the error means an array is being given as opposed to a string, but I didn't really come across a fix? Has anybody got any ideas? Thanks in advance! On Jun 20, 6:19 pm, number9 xpozit...@gmail.com wrote: I'm trying to add the ability to upload files on an existing add method within a controller, but no matter which method I use to try and upload files I get an undefined index error on the name of the field within the view and I cannot understand why. I thought it may have been a problem with the components I was trying, but after stripping back to a simple bit of code found here (http://www.davidgolding.net/cakephp/using-the-file-functions-in-cakephp.html) - I am still getting the error. Code looks like this: // Controller: if ($this-data['Tip']['image']) { $file = new File($this-data['Tip']['image']); $ext = $file-ext(); if ($ext != 'jpg' $ext != 'jpeg' $ext != 'gif' $ext != 'png') { $this-Session-setFlash('You may only upload image files.'); $this-render(); } else { $date = $this-data['Tip']['created']; $filename = $date['year'].'-'.$date['month'].'-'.$date['day'].'- post-image.'.$ext; $data = $file-read(); $file-close(); $file = new File(WWW_ROOT.'/img/'.$filename,true); $file-write($data); $file-close(); } } // View file: ?php echo $form-create('Tip',array('type'='file')); ? fieldset legend?php __('Add Tip');?/legend ?php echo $form-input('comment_count'); echo $form-input('name'); echo $form-input('slug'); echo $form-input('description'); echo $form-input('image',array('type'='file')); echo $form-input('expires'); echo $form-input('rating'); echo $form-select('Tip.category_id', $cat_list, null, array(), true); echo $form-input('site_id'); echo $form-input('user_id'); echo $form-input('Tag.name',array( 'type' = 'text', 'label' = __('Add Tags',true), 'after' = __('Seperate each tag with a comma. Eg: family, sports, icecream',true) )); ? /fieldset ?php echo $form-end('Submit');? There is more in the controller file, but I thought I would include just the relevant information for the time being. Is it possible that something else in there is conflicting with the code? I tried also adding ['tmp_name'] but no joy... Any insight would be appreciated. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads timing out
Are you using safari by any chance? I sometimes find that safari gets stuck while doing POSTs containing files, while firefox doesn't have a problem and I've never got to the bottom of it. But this was happening to me before I started using cake as well as now. On Oct 31, 11:08 pm, Adam Royle [EMAIL PROTECTED] wrote: You didn't mention what technique you were using to upload files, however here is one idea. If you are doing a flash upload, some browsers (can't remember which) won't complete the request until data is returned from the server. So in my upload action I always output a space. exit(' '); Also, are you testing locally or on a server? Do any errors show up in the apache, php or cakephp logs? Cheers, Adam On Nov 1, 6:37 am, pj [EMAIL PROTECTED] wrote: Hi all, I've been drawn back into cake (and some of you may remember me from WAAAY back - I have ticket number 1 on cake :) , wondering if anyone can help: My image uploads appear to be timing out - I'm using the Authenticate component and some digging has revealed some sort of issue over session ids, I've tried the tricks that have been suggested but with no joy (sometimes I'll get the chance to upload one or two files and then after that it'll just appear to stop working) I've tried logging things through and it looks like the entire thing is progressing all the way through the to view file but nothing is being rendered on screen. Any ideas? Cheers - pjwww.infurious.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads timing out
You didn't mention what technique you were using to upload files, however here is one idea. If you are doing a flash upload, some browsers (can't remember which) won't complete the request until data is returned from the server. So in my upload action I always output a space. exit(' '); Also, are you testing locally or on a server? Do any errors show up in the apache, php or cakephp logs? Cheers, Adam On Nov 1, 6:37 am, pj [EMAIL PROTECTED] wrote: Hi all, I've been drawn back into cake (and some of you may remember me from WAAAY back - I have ticket number 1 on cake :) , wondering if anyone can help: My image uploads appear to be timing out - I'm using the Authenticate component and some digging has revealed some sort of issue over session ids, I've tried the tricks that have been suggested but with no joy (sometimes I'll get the chance to upload one or two files and then after that it'll just appear to stop working) I've tried logging things through and it looks like the entire thing is progressing all the way through the to view file but nothing is being rendered on screen. Any ideas? Cheers - pjwww.infurious.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads
also, if you want to store the data of the file in the database instead of just in a file, you should also base64_encode(); the data before saving it to either a blog or text datatype. when you want to retreive you do: ?php // header to let the browser know what type of file it is // saee http://us2.php.net/header if you want to know how to make the file downloadable header('Content-type: '.$var['MyFileModel']['type']); // output the file itself echo base64_decode($var['MyFileModel']['datafield']); ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Re: File Uploads
which can have the effect of tripling the data size, just so you keep that in mind when setting up your db On 12/5/06, Brian French [EMAIL PROTECTED] wrote: also, if you want to store the data of the file in the database instead of just in a file, you should also base64_encode(); the data before saving it to either a blog or text datatype. when you want to retreive you do: ?php // header to let the browser know what type of file it is // saee http://us2.php.net/header if you want to know how to make the file downloadable header('Content-type: '.$var['MyFileModel']['type']); // output the file itself echo base64_decode($var['MyFileModel']['datafield']); ? -- == S. DeVore (the old fart) the advice is free, the lack of crankiness will cost you --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads
I wouldn't save to a DB. Just move the file based upon the user id or something and automatically create folders based on the user id or whatever. I would think it to be a security hazard if you did do that. Also, you will increase the size of your db which could degrade performance. People are generally very liberal in their use of findAll() in Cake. Loading ALL.. the image data would be quite interesting if you had many images. Whether you display those images or not, just parsing all that to an array...mmm...so you gotta be careful how you handle data. NOT that it's impossible to store the images in a DB table and not that it can't be effective to do so. It could also tidy up a bunch of directory structures all over the site and calling back those images could perhaps be very easy, rather than messing with DS this and DS that yada yada and if it's installed to a different path on another server...you get the idea. There's two sides to the coin. I have a fairly simple file upload component that I've put together, it's really just snippets of various parts of other file upload scripts found on the wiki and cakeforge. I will ultimately try to post it as a tutorial soon. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File Uploads
Sorry, after a bit of a reread don't forget to record the path of your file somewhere. Either in the database itself or I tend to include it as a constant or attribute of my model so I can move stuff easily. cheers, mikee On 05/12/06, Mikee Freedom [EMAIL PROTECTED] wrote: Hey Paul, File uploads can be tricky sometimes. Have you gone through the information found in the PHP manual? http://nz.php.net/manual/en/features.file-upload.php Some good pointers in there. In a nutshell, a file input field is going to be interpreted by PHP as an array. It is full of data about the file the user has uploaded. Do a debug() (or good old print_r()) on the $this-data array or even better on the field that uploads the file. You won't be able to get Cake to insert that information straight in to the database, you're going to have to run some code to process it first and then update your $this-data array prior to saving. What I tend to do is have my file upload as a seperate input field not attached to the data array. i.e. input name=my_file_upload type=file / Then in my controller I look to see whether a file has been uploaded successfully using: $this-params['form']; SEE: http://manual.cakephp.org/chapter/controllers What I would be looking for in this instance would be $this-params['form']['my_file_upload']; Then I run my file upload processes i.e. move_uploaded_file() and all that jazz. If this goes successfully then I update the file_location field of my model. $this-data['MyFileModel']['file-location'] = $this-params['form']['my_file_upload']['name']; and then I can save my model. As I said do a debug on : $this-params['form']['my_file_upload']; and you'll know more about what is going on. I've got a file_handler component that I wrote that I will put in to the pastes: http://cakephp.org/pastes/show/56da1a8477e9814a877e64014d3babbf Your best reference for this stuff is the PHP manual - absolute gold! HTH, mikee On 05/12/06, Websta* [EMAIL PROTECTED] wrote: Ok so i am having some major issues getting file uploads going on my cake app. Firstly what seems to happen is as soon as i add 'enctype=multipart/form-data' to mthe form in my view, my call to $this-Model-save($this-data) in the controller spits the dummy as the file field is now an array of the related file info (tmp_name,name,size etc) and cake spits this at me: Notice: Array to string conversion in /var/users/visionnz/cake/cake/libs/model/datasources/dbo_source.php on line 502 And the sql insert also fails as the file value is now Array as opposed to 'filename', so corrupting the sql. If anyone has any pointers how the hell i get my data to save and also if anyone could suggest a good source for a file upload component - i have tried a couple neither of wich i got to test properly due to this other problem. Any feedback is much appreciated, i have spent many hours pulling my hair out and scouring the net to no avail for a solution to my problem!! Cheers. Paul. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: File uploads, image uploads
hi jon and all what is on line 219 of your /myserver/app/controllers/businesses_controller.php ? for file upload, I actually use this component which does perfectly the job : http://cakeforge.org/snippet/detail.php?type=snippetid=36 I've written my own File model, FilesController and stuff around it, all of which are quite simple (the files table has only id,name,location,mime,extension)... and I populate the db by manipulating the $this-params['data'] array after doing the FileHandler stuff, and before saving the model for you it would be probably somethin like : $this-params['data']['Business']['imageFile'] = $_FILES[filename][name]; // or in my case : $this-fileHandler-filename $this-Business-save($this-params['data']); (I don't know if it's the good way, but it works quite well to me) (my File::add() function is in the bottom of this msg) anyway it seems to me more a CakePHP MVC issue than a problem of file upload itself (you could get this error trying to populate your db with any off the conventions stuff) could you please tell us more about your businesses table, your Business model and you businessesController ? clemos = = = = = function add(){ if(empty($this-params['data'])){ }else{ if($this-FileHandler-upload(upload,app/webroot/files/,null,true)){ $this-params['data']['Fichier']['location'] = $this-webroot . substr($this-FileHandler-location,12); //don't remember why it's substr 12... $this-params['data']['Fichier']['filename'] = $this-FileHandler-filename; $this-params['data']['Fichier']['mime'] = $this-FileHandler-type; // added this property to FileHandler component myself $this-params['data']['Fichier']['extension'] = strtolower($this-FileHandler-ext); // and this one too $this-Fichier-set($this-params['data']); $this-Fichier-save(); $this-flash('fichier enregistré','/fichiers/'); }else{ $this-flash('erreur #'.$this-FileHandler-error.' de téléchargement du fichier ','/fichiers/'); } } } = = = = On 6/25/06, linkingarts [EMAIL PROTECTED] wrote: jb- thanks for the input but that isn't exactly the issue. What I don't quite get is a) why I'm getting an index error, and b) how to populate the db (with the imageFile [name] value in addition to the other values passed by the form) at the same time I'm uploading the file into a specific directory. BTW enctype is not the issue, it is in the form tag correctly (I mentioned that in the original post). Just still trying to get the hang of Cake overall; I'm getting most things to work here and there but it seems like every new thing I want to do takes 6 hrs to figure out. Then it's like, ooh, sh---... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: File uploads, image uploads
hi friends, if v upload a file ,then the file(which was uploading by me) goes to where?? whether it wil go to database/webserver??? plz reply immediately.. i am new to php... clemos wrote: hi jon and all what is on line 219 of your /myserver/app/controllers/businesses_controller.php ? for file upload, I actually use this component which does perfectly the job : http://cakeforge.org/snippet/detail.php?type=snippetid=36 I've written my own File model, FilesController and stuff around it, all of which are quite simple (the files table has only id,name,location,mime,extension)... and I populate the db by manipulating the $this-params['data'] array after doing the FileHandler stuff, and before saving the model for you it would be probably somethin like : $this-params['data']['Business']['imageFile'] = $_FILES[filename][name]; // or in my case : $this-fileHandler-filename $this-Business-save($this-params['data']); (I don't know if it's the good way, but it works quite well to me) (my File::add() function is in the bottom of this msg) anyway it seems to me more a CakePHP MVC issue than a problem of file upload itself (you could get this error trying to populate your db with any off the conventions stuff) could you please tell us more about your businesses table, your Business model and you businessesController ? clemos = = = = = function add(){ if(empty($this-params['data'])){ }else{ if($this-FileHandler-upload(upload,app/webroot/files/,null,true)){ $this-params['data']['Fichier']['location'] = $this-webroot . substr($this-FileHandler-location,12); //don't remember why it's substr 12... $this-params['data']['Fichier']['filename'] = $this-FileHandler-filename; $this-params['data']['Fichier']['mime'] = $this-FileHandler-type; // added this property to FileHandler component myself $this-params['data']['Fichier']['extension'] = strtolower($this-FileHandler-ext); // and this one too $this-Fichier-set($this-params['data']); $this-Fichier-save(); $this-flash('fichier enregistré','/fichiers/'); }else{ $this-flash('erreur #'.$this-FileHandler-error.' de téléchargement du fichier ','/fichiers/'); } } } = = = = On 6/25/06, linkingarts [EMAIL PROTECTED] wrote: jb- thanks for the input but that isn't exactly the issue. What I don't quite get is a) why I'm getting an index error, and b) how to populate the db (with the imageFile [name] value in addition to the other values passed by the form) at the same time I'm uploading the file into a specific directory. BTW enctype is not the issue, it is in the form tag correctly (I mentioned that in the original post). Just still trying to get the hang of Cake overall; I'm getting most things to work here and there but it seems like every new thing I want to do takes 6 hrs to figure out. Then it's like, ooh, sh---... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: File uploads, image uploads
jb- thanks for the input but that isn't exactly the issue. What I don't quite get is a) why I'm getting an index error, and b) how to populate the db (with the imageFile [name] value in addition to the other values passed by the form) at the same time I'm uploading the file into a specific directory. BTW enctype is not the issue, it is in the form tag correctly (I mentioned that in the original post). Just still trying to get the hang of Cake overall; I'm getting most things to work here and there but it seems like every new thing I want to do takes 6 hrs to figure out. Then it's like, ooh, sh---... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
Re: File uploads go where?
Oh... apparently they go in /app/webroot/img... what a surprise. Nothing to see here :-) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---