CKEditor 4
Thu, 02/26/2009 - 22:15
#1
tbugler
tbugler's picture
Joined: 26/02/2009
Posts: 7

Secure Folder Outside Web Root

If I have read everything correctly to use a folder outside the root to protect documents from download I need to set:

config.baseDir = 'C:/files/';

or whatever directory I choose to use and then I can set:

config.baseUrl = '/myfiles/'

or whatever alias I choose and everything should be fine.

This isn't working for me unleass I create a mapping within the webserver which basically defeats the purpose.

Any insight would be helpful or am I totally off base?

I can upload and the files go where I want them, but the embedded the link to the image or file it breaks referring to a location within the root and not the directory outside the web root.

Thanks,

T.
Top
Fri, 02/27/2009 - 15:27
wiktor
wiktor's picture
Joined: 16/07/2007
Posts: 1641

Re: Secure Folder Outside Web Root

Actually, whatever config.baseUrl you set, you should be able to download the file using "Download" item from the context menu and manage all file.
I suppose you're confused because of the "View" item.

Forget for a while about the "View" item and set the config.baseUrl to anything you like. Use the "Download" item to see if it works as expected.

Assuming that you're now able to upload and download/rename/delete a file, you have two options:
- remove the "View" item permanently (see viewtopic.php?f=10&t=9815&p=25611)
- set config.baseUrl to some script, for example 

config.baseUrl = '/view.cfm?url=';'

Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Top
Fri, 02/27/2009 - 16:12
tbugler
tbugler's picture
Joined: 26/02/2009
Posts: 7

Re: Secure Folder Outside Web Root

Thanks for the response,

CKFinder works perfectly - I can do everything I need from within the interface (view, download, upload, etc.). I'm using CKfinder as the filemanager for FCKeditor and I want to store the files outside the webroot so for certain files people can't just grab them if they have the URL. So when I select the file and it creates the link in fckEditor, the link doesn't work because it is looking in the wrong place (unless I create a mapping, which defeats the purpose).

Thanks for the info - I think I know what I need to do... I'll post back with my solution - if I get it to work.

T.
Top
Mon, 05/09/2011 - 19:34
cmgui
cmgui's picture
Joined: 04/10/2008
Posts: 11

Re: Secure Folder Outside Web Root

hi tbugler

have you figured out how to store the user files outside the webroot folder?
if so, can u post your solution here?

thank you
cmgui

tbugler wrote:Thanks for the response,

CKFinder works perfectly - I can do everything I need from within the interface (view, download, upload, etc.). I'm using CKfinder as the filemanager for FCKeditor and I want to store the files outside the webroot so for certain files people can't just grab them if they have the URL. So when I select the file and it creates the link in fckEditor, the link doesn't work because it is looking in the wrong place (unless I create a mapping, which defeats the purpose).

Thanks for the info - I think I know what I need to do... I'll post back with my solution - if I get it to work.

T.
Top
Mon, 05/09/2011 - 22:12
tbugler
tbugler's picture
Joined: 26/02/2009
Posts: 7

Re: Secure Folder Outside Web Root

What I ended up doing was essentially what was stated above. I also wanted to limit which users could view which folders, so in my log in process, I created some session variables and passed them to CKFinder:

config.baseUrl = '#session.baseURL#';
userFolder = '#session.BaseFile#';
config.baseDir = '#session.baseDir#';

###########################################################################################
files.cfm
###########################################################################################
<cfparam
name="file_path"
type="string"
default="#url.url#" (***get file path from url***)
/>
<cfscript>
// get a file with path
myFile = "#file_path#";
// find the mime type (string)
mimetype = getPageContext().getServletContext().getMimeType(myFile);
</cfscript>

<CFPARAM NAME="session.pagePermissions" DEFAULT="0">
****get page access permissions from CMS and check if user has access****
<cfobject name="RoleService" component="#application.CFCPath#path.to.component">
<cfif GetAuthUser() is not "" and RoleService.CheckUserInRole(#Session.pagePermissions#)>
***if yes - server up the file***
<cfheader name="Content-Disposition" value="inline; filename=#file_path#">
<cfcontent type="#mimetype#"
file="C:\path to folder\#file_path#"
deletefile="No">

<cfelse>
Access to this document is restricted...
</cfif>
######################################################################################
Top
Tue, 05/10/2011 - 19:16
cmgui
cmgui's picture
Joined: 04/10/2008
Posts: 11

Re: Secure Folder Outside Web Root

hi tbugler

so you didn't put the userfiles folder outside of the Web Root folder?

what you did is just to limit what folders each user can access.

viewtopic.php?t=22310

thank you

cmgui.

Top
Tue, 05/10/2011 - 19:19
tbugler
tbugler's picture
Joined: 26/02/2009
Posts: 7

Re: Secure Folder Outside Web Root

the files were stored in a file above the web root.

C:\path to folder\
Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check