Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIBUTION] File uploads as an Option Feature


Guest

Recommended Posts

I am releasing a file uploading contribution. This will be the support thread for the contribution. More details will follow after I finish uploading to the contribution area.

 

Thanks,

Matt

Link to comment
Share on other sites

  • Replies 482
  • Created
  • Last Reply

Top Posters In This Topic

Here is the web page for the contribution.

 

Essentially, this adds a file type to the existing four ways of displaying the attributes for a product with the Products Attributes - Option Type Feature contribution (drop down menu, text box, radio buttons, check box). One can use the standard HTML FILE input field (the one with the browse button) to upload a file to the server. The contribution will then rename it uniquely and store the original and new names in a database table.

 

The idea is so that you can upload logos, etc. for placement on things like mugs, t-shirts, and so forth. If you want different kinds of files, you might have to modify the code somewhat.

 

Hth,

Matt

Link to comment
Share on other sites

Hi,

 

I just need to clarify, before I go and install this one . . .

 

Is it the customer that can upload the file so it is available to the admin? OR

Is it the admin that uploads the file so that it is available to the customer?

 

Regards,

Jarrod

Link to comment
Share on other sites

i have a problem:

 

if i upload an image it is saved as a file without any extension.

 

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

 

whats the reason? maybe i did a mistake while the installation?

 

hope for fast help!

WAR is not the answer!

Link to comment
Share on other sites

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

whats the reason? maybe i did a mistake while the installation?

No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375):

                 $products_options_file->set_filename("$insert_id");

to (for example)

                  $products_options_file->set_filename("$insert_id" . $products_options_file->filename);

Hth,

Matt

Link to comment
Share on other sites

Is it the customer that can upload the file so it is available to the admin? OR

Is it the admin that uploads the file so that it is available to the customer?

The customer uploads a file.

 

Hth,

Matt

Link to comment
Share on other sites

the files are stored as "1", "2"... instead of "1.jpg" or "2.gif"

whats the reason? maybe i did a mistake while the installation?

No, that's just the way it works. You can change this behavior by changing the following line in application_top.php (around 375):

 ? ? ? ? ? ? ? ? $products_options_file->set_filename("$insert_id");

to (for example)

 ? ? ? ? ? ? ? ? ?$products_options_file->set_filename("$insert_id" . $products_options_file->filename);

Hth,

Matt

thank you. now it works ;)

 

but the next wish i have is to allow only some file extensions like gif or jpg...

 

the user shouldn?t upload zip-files or whatever...

 

i want only graphic and vektor-files..

 

how can i realise this?

 

Ron

WAR is not the answer!

Link to comment
Share on other sites

i have tried to realise the extension-thing by myself...

 

and it works.

 

i?ve changed the classes/upload.php

 

old code:

 

function upload($file = '', $destination = '', $permissions = '777', $extensions = '') {

 

 

new code:

 

function upload($file = '', $destination = '', $permissions = '777', $extensions = array("jpg", "jpeg", "gif", "png", "eps", "cdr", "ai", "pdf")) {

 

i?m happy ;)

 

 

but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?

WAR is not the answer!

Link to comment
Share on other sites

Great contribution !

 

and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !

 

Regards

Link to comment
Share on other sites

and excellent remark about file extension. Think of security issues: imagine someone uploading e.g. a php file (or any serverside executable file) and assuming that execute permission exists on upload target directory: could be harmfull !
Execute permissions on a directory just allow a directory listing (without them, the directory is essentially useless). However, looking at the code, you are correct that there is a danger involved with possible uploading of executable files. To fix this, you can do three things: one, change line 18 of upload.php to say
, $permissions = '666',

two, add the $extensions default as suggested above (same line); three, copy the .htaccess file from the includes directory to the upload directory. Note: each of these is a separate (albeit related) vulnerability, so one should do all three rather than just one. I'll look into adding these in a replacement upload sometime next week, probably with a revised .htaccess file.

 

Hth,

Matt

Edited by iiinetworks
Link to comment
Share on other sites

but, iiinetworks: what do you think when the error-messages like "wrong filetype" are ready for use?
I'll try playing with the error messages next week as well. It might be as simple as moving the messageStack lines (around 523-6 of application_top.php) up above the switch (around line 329) and uncommenting the error lines from upload.php.

 

Hth,

Matt

Link to comment
Share on other sites

The simplest way to implement error messages for older snapshots would be to use a global variable, turn off the redirect at the end of the add_products case (at least on error), and react to the error on the product_info page.

 

Just to let you know, I find it unlikely at the moment that I will undertake a project to backport the messages to older snapshots. In fact, unless it is simple, it may be a while before I get around to making messages work for MS2.

 

Good luck,

Matt

Link to comment
Share on other sites

Just noticed a weird thing in 0.7 version of code that I downloaded from link above:

In application_top.php I see $products_options_file->set_destination(DIR_FS_UPLOAD); ; but in configure.php I see define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);

 

And of course when I add my item (with file input option) to my cart I get: Not writeable! DIR_FS_UPLOAD:

 

Changing to DIR_FR_UPLOAD (with no S at end) in configure.php helps.

 

Besides, In configure.php, code has been changed compared to OSC original file from define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); to define('DIR_FS_CATALOG', $FS_DOCUMENT_ROOT . DIR_WS_HTTP_CATALOG);. I reset this back to original code to have contrib working, ... but I was wondering why these changes... ?

Link to comment
Share on other sites

This is a great contribution and I manged to get everything generally working. It will be nice to generated some error messages on an invalid file type.

 

I have noticed one problem though. In the admin area when I try to change the "Value Price" for the upload (or any option) I get a SQL error:

 

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'products_options where products_options_id = '3'' at line 1

 

select products_options_type fro products_options where products_options_id = '3'

 

Any idea if this is just a problem on my system or how I would go about debugging it?

Link to comment
Share on other sites

Update (v.71) released:

 

New feature: .htaccess for upload directory so that people cannot access those files

 

New feature: error messages enabled through messageStack mechanism

 

Change: file types limited to picture file types by default

 

Change: file permissions changed to 666 by default (formerly 777)

 

Fixed: two spelling mistakes: DIR_FS_UPLOAD in includes/configure.php.default and fro to from in line 134 of admin/products_attributes.php

 

Note: since the contribution renames the files without an extension, it is not possible to upload a server-side executable script to the upload directory. At worst, it would just display the text of the script. However, I included the .htaccess for that directory in case someone is using the original name or something like 1-image.gif for a file named image.gif that was the first uploaded. To access those files, just use a regular FTP program (preferably one that uses a secure/SSH connection).

 

Hth,

Matt

Link to comment
Share on other sites

hi iiinetworks,

 

i think you did a great job on this contrib. but do you think that you can make it compatible with ms1 of osc? the whole message_stack thing doesn?t run under ms1...but i like to have the messages...

 

hope you can help

WAR is not the answer!

Link to comment
Share on other sites

If messageStack is not defined, then it will throw that error when the code tries to call messageStack functions. It's basically saying that there is no such thing as $messageStack

 

For MS2, I modified application_top.php to create the messageStack earlier (prior to the upload code). This allows it to run properly. I'm not sure what keeps messageStack from running in MS1.

 

Hth,

Matt

Link to comment
Share on other sites

i?ve installed the osdox-version of ms2 which includes some nice contribs...

in this version i?ve tried to install your contrib...

 

its a ms2..but anything seems to be wrong...

 

but if i put redirections to the upload-class instead of the messagestack it runs..so if an error occurs i will be redirected to a selfmade error-page...

 

it seems that the message stack will not be initialized correctly...

WAR is not the answer!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...