The EuroCMS Files Module
A File manager module for EuroCMS.
-
Read the metadata of 200+- supported file types(exiftool)
-
Edit images(not yet implemented)
-
On upload, if possible, the metadata of every file stripped.
Contemplate
- File Names
The file names are uploaded to a dir: Files/image/png/file.png. If a file of the same name is uploaded, it will overwrite the other one.
Rename the file from file.png to {hash}.png? or just {hash}?
- default group?
Create some groups during install? Themes group? Like themes?
Every component can have their own group and upload files/images in the group, so that the rest can't see them and also won't clutter their view with ALL of the files?
Yes. excellent idea!
Storage handlers
The aim for now is to add Local and WebDAV support for uploading files.
-
Local
-
WebDAV
In the future, I'll look into making more Storage Handlers.
Or let the community decide which one they want to build.
Ajax upload steps to check the files uploaded
-
Check the file type(
'\.[a-zA-Z]*$') -
Start validation method depending on the file extension.
-
If validation failed, reply with the reason of failure
-
If succeed, the png file is actually a PNG file.
-
See if the mime type is allowed to be uploaded
-
...
-
Check the file size
-
Upload the file.
-
...
Security
Execute permissions
When uploading a file with special rights and or permission, make sure they are not implemented on the server. Set the rights to 600! or 000?
Viruses
You don't want users to upload Viruses to your ECMS. That's why I am thinking to implement VirusTotal and or other services.
What it will do, when uploading the file, a hash of the file will be generated, and that hash will be sent to VirusTotal and or others, via API. And if VirusTotal says it is a virus, the file will not be uploaded.
And there will be a notification sent to the domain administrator.
If the file is not known to viruses, and or the file is clean, it will be allowed to upload to ECMS.
Permissions
The list of available permissions this installs.
| name | description | ... | ... | ... |
|---|---|---|---|---|
| files_add | The ability to upload files | |||
| files_delete | The ability to delete files | |||
| files_modify | The ability to modify files | |||
| files_metadata | The ability to read metadata from files | |||
| files_usage | The ability to view where the file is used. | |||
Check if the role is of a higher role? Can a regular users with the users_history, permission view the history of the Owner/admin user? |
Structure
Just a snippet of the rows it supports.
| file_id | domain_id | user_id | group_id | path | name | group | title | description | local_path | upload_date | type | mimetype | metadata | hash | thumbnail | user_lock | status |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 1 | 1 | null | /image/png/file.png | file.png | PNGs | File | The file.png | /engine/Files/Uploads/image/png/file.png | {date} | png | image/png | {exiftool json output} | {md5 hash} | /engine/Files/thumbnails/image/160-File.png | null | enabled |
| 1 | 1 | 1 | null | /image/jpg/file.jpg | file.jpg | JPGs | JFILE | The JFILE | /engine/Files/Uploads/image/jpg/file.jpg | {date} | jpg | image/jpg | {exiftool json output} | {md5 hash} | /engine/Files/thumbnails/jpeg/160-File.jpg | null | enabled |
| 1 | 1 | 1 | null | /image/jpg/file.pdf | file.pdf | PDFs | The pdf | /engine/Files/Uploads/application/pdf/file.pdf | {date} | application/pdf | {exiftool json output} | {md5 hash} | /engine/Files/thumbnails/pdf/160-pdf.jpg | null | enabled | ||
| 1 | 1 | 1 | null | /image/jpg/file.jpg | file.jpg | JPGs | JFILE | The JFILE | /engine/Files/Uploads/image/jpg/file.jpg | {date} | jpg | image/jpg | {exiftool json output} | {md5 hash} | /engine/Files/thumbnails/jpeg/160-File.jpg | null | enabled |