HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


[SOLVED!] Users Can't Download Attachments

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#78641 (In Topic #16085)
Avatar

Community saint

Users can't seem to download attached files

Greetings,

I have ran into an interesting issue where members can't seem to download files that I have attached. I have searched permissions, but it is likely something I am still missing. So I am hoping someone can help me figure this out.

His the situation, I run a forum based RPG using a stat system that I developed for my tabletop RPG. While the stat are easy enough to figure out (at least for me lol), some players seem to have some trouble doing so, and for others, the time it takes to determine stats and what not detracts from role playing time. I had been using the catalogue system for character profiles, but as calculating functions needed were not present, I decided to switch to using a spreadsheet.

So, I fired up LibreOffice Calc and made a spreadsheet that does all of the heavy lifting for the players. All they gotta do is put in the info and the stats and such, and through mythus magic, it calculates and fills out the rest for them; derived stats, equipment totals, etc.

Awesome right? So I go and attach the profile to a page as an attachment, asking everyone to switch to using it cause it will make character management easier, and giving a deadline for when I'd be taking down the catalogue profiles and putting this firmly in its place.

Well today, one of my members IM'ed me and informed me that they tried to download the attachment, but got an anti-leaching error. Odd I thought. So I put the file in the downloads section, directed them to that, and then su-ed into as the user to see if I can see th error. I myself can of course download the file fine. And yes, pretending to be that member, I got the error they got…

AttachedFileOnPage said


This request has been blocked because it is a suspected leeching attempt. If you are accessing this entry via the official source (and you haven't bookmarked it, for example), please contact the site staff. 


Well if that isn't bad enough, one of the positive points that I have advertised about doing this is that members would be able to simply attach their profile spreadsheet to their signature, instead of having to fiddle around with url codes or whatever, and users could download from their signatures each other's profiles to know about their character if desired.

I did that as to lead by example and such. But since this user was getting such an error at downloading the file from the page, was the member able to download from my signature? So, still masked as the user, I tried, and got this error…

AttachedFileInSignature said


“membernamehere” does not have access to anywhere this attachment is displayed.


I am hoping to get this problem fixed, otherwise I am not sure what I will need to do as a work around yet…

Here's some more info…

I am running ocPortal 7.1.5

I have recently migrated from opensourcehosting to Brian Hey's awesome and spectacular web hosting (which I have already noticed site speed improvements). So while it is probably possible that it is related to where I am hosted, I think I should first rule out that it is not an ocPortal issue. Furthermore, these two files have been added after the move.

Thanks in advance for any and all help!


Last edit: by mythus

Legends of Nor'Ova: A site powered by ocPortal; home of the Legends of Nor'Ova tabletop RPG wiki and community.

Like ocPortal? Want to thank Chris and gang somehow? Then help out in the chat room! It really needs your help! Just open it in a tab everytime you open your web browser, and when you hear a "ding", check it out!

"Those who want help should first be willing to give help."
Back to the top
 
Posted
Rating:
#78642
Avatar

Hi,

I don't have time to study this in detail but I suspect the errors are accurate.

There's a config option called 'anti_leech' you can disable btw.

Anti-leech works by putting the users session into the attachment URLs, then comparing it. It's a way of assuring the user got to the attachment through ocP. But if the attachment HTML got copied somewhere else as flat HTML, it'd lose the dynamism of having the correct session in the attachment URL.

Also attachment Comcode can't just be cut and paste around freely (although we're improving that a lot in v8). It always needs to exist somewhere where the user has access to, somewhere that has native attachment support, otherwise ocPortal can't check the user isn't a hacker accessing attachments from staff forums etc.

If you're not concerned with these checks, they happen in sources/attachments.php, you could hack them out.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#78643
Avatar

Community saint

Greetings,

Thanks for your response. I know you are awfully busy, and appreciate it!

Also thanks for your recommendations on solutions. However, I think we may be identifying a bug here then.

You state:

Chris Graham said

Anti-leech works by putting the users session into the attachment URLs, then comparing it. It's a way of assuring the user got to the attachment through ocP. But if the attachment HTML got copied somewhere else as flat HTML, it'd lose the dynamism of having the correct session in the attachment URL.

But that is just it. This attachment link isn't copied and pasted somewhere. It is attached directly to the post where the user tried to access it from, in ocPortal, using OCF. By your explanation of the anti-leeching feature, it seems to me that this shouldn't have counted as it is being directly accessed from the post it was attached to, and not hot-linked elsewhere or whatever.

Also the file attached to my signature that I could not access when su'ed as that member, was a different file, with a different name, attached directly to my signature. Shouldn't this work as well, without removing safety features intended to prevent leeching?

Legends of Nor'Ova: A site powered by ocPortal; home of the Legends of Nor'Ova tabletop RPG wiki and community.

Like ocPortal? Want to thank Chris and gang somehow? Then help out in the chat room! It really needs your help! Just open it in a tab everytime you open your web browser, and when you hear a "ding", check it out!

"Those who want help should first be willing to give help."
Back to the top
 
Posted
Rating:
#78644
Avatar

What Comcode do you have exactly? Test when you edit that it is still intact, and hasn't been converted to HTML.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#78646
Avatar

Community saint

I simply used the attachment function, no real comcode. You know, where you make a post, and you can add an attachment. I did the same for the signature as the signature edit screen uses the same type of screen as the post screen.

The post in question with the attached file is:
View topic: Saga of Ablution Character Profiles Complete! - Legends of NorOva
But I am not certain it is viewable by guests…

You can see my signature in any posts or even my member profile there.

But just to check, I am checking the edit post screen…

The attachment looks ok to me lol. Here's what it looks like…

Code

The Saga of Ablution Character Profile
[attachment type="island" description=""]35[/attachment]

Hope this info helps…

Legends of Nor'Ova: A site powered by ocPortal; home of the Legends of Nor'Ova tabletop RPG wiki and community.

Like ocPortal? Want to thank Chris and gang somehow? Then help out in the chat room! It really needs your help! Just open it in a tab everytime you open your web browser, and when you hear a "ding", check it out!

"Those who want help should first be willing to give help."
Back to the top
 
Posted
Rating:
#78648
Avatar

Do we have the "Set to \'1\' if Guests are cached with the spider cache time too." option on in the installation options config editor? I see that could cause it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#78649
Avatar

Could you activate my 'Chris Graham' account please and let me know the password. Just pass it through an edit and change password when you do.
Then I can test as a user.

I notice you said it's happening to users not guests so the minor issue I just found above is probably not it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#78664
Avatar

Community saint

I shall pt the info to you.

Legends of Nor'Ova: A site powered by ocPortal; home of the Legends of Nor'Ova tabletop RPG wiki and community.

Like ocPortal? Want to thank Chris and gang somehow? Then help out in the chat room! It really needs your help! Just open it in a tab everytime you open your web browser, and when you hear a "ding", check it out!

"Those who want help should first be willing to give help."
Back to the top
 
Posted
Rating:
#78676
Avatar

Ok thx for pushing me.

Apparently 2 issues.

1- was only letting admins download from sigs, or the sign owner. Clearly a bug, fixed.

2- I don't know how, but I passed your post through an edit then it all worked. Something had flatten the post such that it was being saved as pure HTML. If you have any insights into how that post might have had some special processing applied to it please let me know.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#78688
Avatar

Community saint

Thanks for fixing this!

I thought long and hard on what could have caused that, and I think it has to do with when I made the post. You see, I originally made the post in Opera, but for one reason or another I couldn't make use of all of the functions of the WYSIWYG editor, likely an opera issue…

Basically I had the WYSIWYG editior, but doing something like bolding text produced no effect in the posting screen, and viewing the submitted post showed no bolding effect, etc.

So, I tried to edit the post to fix, and it got all jumbled up in a mess. I closed out the browser and cursed it to the abyss. Afterwards, I opened up the post in Chromium, edited and fixed the formatting as desired.

The attachment comcode stayed, and having passed through editing the post in Chromium I would have expected to have the same result that you had… I'm not sure why it didn't fix itself… unless I had to edit certain opera-effects out via the html editor button… I've had to do that before on other things, it is possible I did that here and maybe that flattened the post… but as my memory is being mean to me I just can't be certain lol.

Anyways, thanks for the fix!

Legends of Nor'Ova: A site powered by ocPortal; home of the Legends of Nor'Ova tabletop RPG wiki and community.

Like ocPortal? Want to thank Chris and gang somehow? Then help out in the chat room! It really needs your help! Just open it in a tab everytime you open your web browser, and when you hear a "ding", check it out!

"Those who want help should first be willing to give help."
Back to the top
 
Posted
Rating:
#79038
Avatar

Community saint

mythus said

I have recently migrated from opensourcehosting to Brian Hey's awesome and spectacular web hosting (which I have already noticed site speed improvements).

Thanks for that mythus, much appreciated! Glad to hear you are happy with it.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: