uploadfile()

[DustyPorViva]

Should also be allowed to work specifically for the directory uploads/*.
This will allow servers to script their own in-game upload system and make everything more streamlined for players AND staff who have to handle uploads.

Can only allow it to support image/gani/levels and the other important extensions, though staff can script this if needed. Also, an upload log wouldn't be that bad of an idea, but again, the staff can script that as well.

[Skyld]

This is already possible for personaluploads folders, do this clientside:

PHP Code:

requesttext("folder", "PERSONAL");
this.filename = selectFileforUpload(); 


Then you can move the file somewhere more useful on the serverside using movefile() since they will not be server-accessible from the personaluploads folder.

[DustyPorViva]

Hmm, didn't think of that. Thanks

[Skyld]

It's also worth noting the onFileUploaded() function which should be called clientside once the upload has completed. At least, I think that's what it's called.

[DustyPorViva]

It's something like that... however the whole thing of uploading is a bit misty for me. I have no idea what I'm doing and I also don't have the rights needed to do something like this on Testbed so it will probably have to wait.

[Skyld]

Basically when you send the requesttext for the PERSONAL folder, you are effectively doing a "change directory" to the player's personaluploads folder. This is the one directory that can be read and written to without being authorised with Client-RC. They are sorted by account name, for example, personaluploads/Sk/Skyld/. You then call the selectfileforupload() function and a dialog box appears asking the user to select a file. The file is automatically dropped into the player's personaluploads folder and the onFileUploaded() event is called. You can then movefile() the file somewhere.

It's pretty straight-forward.

[DustyPorViva]

Ah okay
I was going to make a custom gui with candropfiles(whatever it is...) along with uploadfile() and such.

[fowlplay4]

I thought about making a system like this, and had a working script upload an image from the scriptfiles folder. But instead I took a different route:

Zodiac's system for uploading lets the player upload it to my webserver:

http://uploads.zodiacdev.com

I then have an DB-NPC check every 5 minutes for new graphics, or an Uploader can force a check. You can then use requesturl to get each file, and put it in the proper upload folder. After confirming it's been successfully uploaded on the server, it then deletes it off the webserver.

The benefits of using a webserver allows you to offload some work on the npcserver, provide a neat webform, as well as the ability to have the webserver set transparencies for you.

[Skyld]

The advantages of using uploadfile() is that you don't need to mess about with requesturl() (or an external webserver at all) to check for updates; having a task ran every 5 minutes even when nobody is uploading is more processor-intensive than just handling the uploads when they come. The iPhone games are all using uploadfile() to allow people to upload their in-game display pictures and it works pretty well. I would promote it's use over an external webserver anytime.

[cbk1994]

Quote:

Originally Posted by Skyld

The advantages of using uploadfile() is that you don't need to mess about with requesturl() (or an external webserver at all) to check for updates; having a task ran every 5 minutes even when nobody is uploading is more processor-intensive than just handling the uploads when they come. The iPhone games are all using uploadfile() to allow people to upload their in-game display pictures and it works pretty well. I would promote it's use over an external webserver anytime.

Can you explain how you would limit the files they can upload? I'm not too keen on players uploading .exe files, for example.

[cbk1994]

Quote:

Originally Posted by cbk1994

Can you explain how you would limit the files they can upload? I'm not too keen on players uploading .exe files, for example.

[Skyld]

Quote:

Originally Posted by cbk1994

Can you explain how you would limit the files they can upload? I'm not too keen on players uploading .exe files, for example.

Well you just process the files once they have been uploaded and discard them using some sort of script if they are not suitable.

PHP doesn't do that any differently. It has to receive the entire file before it can determine it's type and discard it.

[fowlplay4]

Don't forget how you would prevent them from uploading ridiculously large files, and other invalid file types.

[LoneAngelIbesu]

onFileUploaded() never seems to get called. I've also tried onFilesUploaded(), which is the event listed in this topic.

[Switch]

Quote:

Originally Posted by cbk1994

Can you explain how you would limit the files they can upload? I'm not too keen on players uploading .exe files, for example.

PHP Code:

temp.allowed = {"graal","nw","gani","png","gif","mng"}; //still don't get mng :\
temp.t = fileName.tokenize(".");
if (!(t[fileName.size()-1] in allowed)) {
  //stuff code stuff
} 


Pretty sure that could be used, just replace fileName with whatever you're using to get the file name. Not 100% on that since I don't know if it's possible to check the name.

[LoneAngelIbesu]

Quote:

Originally Posted by Switch

PHP Code:

temp.allowed = {"graal","nw","gani","png","gif","mng"}; //still don't get mng :\
temp.t = fileName.tokenize(".");
if (!(t[fileName.size()-1] in allowed)) {
  //stuff code stuff
} 


Pretty sure that could be used, just replace fileName with whatever you're using to get the file name. Not 100% on that since I don't know if it's possible to check the name.

Checking file extensions won't prevent malicious users from uploading executable files. You need to check file headers. Essentially, you would use loadlines() to load the first line of the file, and you would check if the file header is located within that. (For instance, GIF files always start with "GIF8").

In the end, though, there's nothing you can do if somebody really wants to upload malicious files. Even checking headers doesn't do much, since the person can simply edit the file header. Hopefully getting an error, even after they've changed extensions, would just make them give up.

[Switch]

Quote:

Originally Posted by LoneAngelIbesu

Checking file extensions won't prevent malicious users from uploading executable files. You need to check file headers. Essentially, you would use loadlines() to load the first line of the file, and you would check if the file header is located within that. (For instance, GIF files always start with "GIF8").

In the end, though, there's nothing you can do if somebody really wants to upload malicious files. Even checking headers doesn't do much, since the person can simply edit the file header. Hopefully getting an error, even after they've changed extensions, would just make them give up.

Oh, well that I didn't know, thanks I'll rep tomorrow.
But honestly, what normal player is smart enough to know that?

[LoneAngelIbesu]

Quote:

Originally Posted by Switch

Oh, well that I didn't know, thanks I'll rep tomorrow.
But honestly, what normal player is smart enough to know that?

True, but what normal player would upload an executable in the first place?

Anyways, has anyone gotten onFilesUploaded() to work? Or am I the exception?

[LoneAngelIbesu]

Quote:

Originally Posted by LoneAngelIbesu

onFileUploaded() never seems to get called. I've also tried onFilesUploaded(), which is the event listed in this topic.

Just bumping this. Skyld tried to give me a work-around using this code --

PHP Code:

function onFolderLog(temp.text)
{
  if (temp.text.starts("Uploaded file ") ||
      temp.text.starts("Uploaded big file "))
  {
    ....
  }
} 


-- but that doesn't work, either. I've tried onFilesUploaded() and onFolderLog() both client-side and server-side.

I'm guessing these events are protected.

[Admins]

it's onFilesUploaded() yes (on clientside).
On serverside then use temp.folder.getfolder(player.getPersonalUploadFold er(), 0) to check what files have been uploaded.
May be we could also add a special event on server-side to directly know which file has been uploaded and from which user.

[LoneAngelIbesu]

Quote:

Originally Posted by Stefan

May be we could also add a special event on server-side to directly know which file has been uploaded and from which user.

That would be incredibly useful.

Another thing I noticed is that deletefile() does not work with the personaluploads folder.

[Admins]

Quote:

Originally Posted by LoneAngelIbesu

That would be incredibly useful.

Another thing I noticed is that deletefile() does not work with the personaluploads folder.

Has the npcserver write rights to the folder?

[LoneAngelIbesu]

Quote:

Originally Posted by Stefan

Has the npcserver write rights to the folder?

That would be the problem. It works fine, now.