This forum is no longer open and is for reading/searching only.
Please use our new MachForm Community Forum instead.
MachForm Community Forums » MachForm 3
Is it possible to password uploaded files
Started 10 years ago by ROYW1000 | 10 posts |
-
Hi
Is it possible that once we used the upload function and send the email with a link that to actually download it you would need to enter a username and password.
We would need this to be able to be changed from time to time
I did try adding something to .htaccess but then the forms needed a a username/password to even enter the data.
Roy
Posted 10 years ago # -
The auto-reply providing the link already password protects the uploaded file but only accessible by the Admin user, not the general user, unless you set the option to send the file as attachment.
I assume what you are wanting is another file to be available for download i.e. link through the auto-responder - the htaccess idea is good, but I think you probably protected the Machform folder by mistake (or a sub-folder within it)....probably what you want is the files to be linked to be outside the machform application folder, therefore using htaccess to link to the external (to machform) folder.
Posted 10 years ago # -
Hi
We are sending the upload link in the autoresponder emails and the customer is worried that someone maybe able to see the emails and access the files.
Therefore they want an additional layer of protection where when they click the link the it asks for a username/password before allowing the download.
Machform is currently setup like this www.website.com/form
Can you suggest a method to still send the autoresponder with the link but with the added protection. For example what would I need to do in .htacess and where would this need to sit on the site.
We have several forms for many customers running on the domain and only 1 customer requires this.
Thanks
RoyPosted 10 years ago # -
Hi
Sorry to bump this but does anyone have a solution for this.
Thanks
RoyPosted 10 years ago # -
As far as I'm aware, the system already has the functionality you're asking about (prompting for password before allowing user to read the file).
The only user that is authorised to view the file would the one set up as a Machform admin with access to view a particular form's records.
If you go to the file upload field properties, and uncheck " Send File as Email Attachment" then when the auto responder is sent, it will only provide a link to the file, not as an attachment to the email. This link when clicked will prompt for the Machform admin's password.
Is this not what is occurring?
As mentioned earlier, you could probably set up htaccess, but you need to know which folder you are protecting. Within the folder structure in Machform there is a "data" folder in which resides a folder named for each form created. Within each of these there is a "files" and "css" folder. It is the "files" folder for the particular form that you want to be applying the htaccess and htpasswd files inside.
You can put the "data" folder anywhere outside the main "machform" folder, and then apply the htaccess to the correct folder within it. You also then need to update the location of the "data" folder within the Machform Settings, the red panel "Miscellaneous Settings" and click the "more settings" link to reveal the rest of the options.
It may sound a little complicated so maybe Appnitro can help, but be aware they provide support only during their local business hours (Mon to Fri 9am to 5pm) and don't always monitor this forum. Probably it is best to send them a support request. http://www.appnitro.com/contact
The reason no-one has responded probably means they haven't seen your question or simply don't have a solution.
As far as protecting from people seeing the email, that is not something Machform can do. It's up to the user to use sufficiently strong passwords in their email program and use their PC in a way that others can't access e.g. lock the computer out when away from the desk, etc. As to "intercepting" email, that may well be something that can happen, but I believe these days even email can be encrypted similarly to https: (SSL) type connections. Also,if you have machform installed using SSL, then the password transmitted will also be encrypted and not plain text.
Posted 10 years ago # -
Hi
I already don't send the file as an attachment but the link is available to everyone included in the email and does not prompt for a username and password.
Therefore I might need to go down the .htacess route. However not sure if it will work as the link calls for a download.php and that then calls for the file.
Therefore will need to do some testing.
Roy
Posted 10 years ago # -
Maybe it's an old Machform version that did what I described; I distinctly remember, that when I received an email with the link to an uploaded file, it used to redirect to the Machform control panel log-on screen
Posted 10 years ago # -
Hi
Ok thanks for the update.
I need to find a quick solution as its for one of the biggest known retailers in the uk.
Roy
Posted 10 years ago # -
yuniar
Roy -- actually there is a simple fix for this.
You can edit the "download.php" file. Around line 12 you should see this block of code:
require('config.php'); require('includes/db-core.php'); require('includes/helper-functions.php');exactly below that block of code, add this code:
require('includes/check-session.php');that would prompt people to login when downloading the file.
MachForm Founder
Posted 10 years ago # -
Hi Yuniar
We are using the same forms on one site to run it for may people however only 1 customer wants a login username/password to download content to make it more secure.
Is it possible to use .htaccess to control the downloads or does download.php override this.
As we dont really want customers logging into the forms, we would prefer them to enter a username/password and then the download begins.
Thanks
RoyPosted 10 years ago #
Reply
You must log in to post.