>From the documentation: http://web2py.com/books/default/chapter/29/7
A SQLFORM object also deals automatically with "upload" fields by saving
uploaded files in the "uploads" folder (after having them renamed safely to
avoid conflicts and prevent directory traversal attacks) and stores their
names (their new names) into the appropriate field in the database. After
the form has been processed, the new filename is available in
form.vars.fieldname (i.e., it replaces the cgi.FieldStorage object in
request.vars.fieldname), so you can easily reference the new name right
after upload.
On Thursday, March 29, 2012 5:20:52 PM UTC-7, Francisco Gama wrote:
>
> I need to create a form that submits files and at the same time, stores
> the user who did it, the name of the file, its hash, the time. Other things
> like his IP address, his web client would be interesting as well.
>
> I see two ways:
> 1) some sort of method tracing (a decorator maybe) that informs me what
> calls have been done to some controller
> 2) include in the uploading form, insertions to the database that also
> keep track of what has been done (the solution I'm trying)
>
>
> While I want to keep files metadata stored on the database, I want them to
> be stored on the file system. So how can I create a form that uploads the
> file and stores all this metadata on the database (including getting the
> filename, its hash,...)?
>
>
>
>
> On Mar 30, 2012, at 12:11 AM, Derek wrote:
>
> Are you getting any error messages? What do you mean by "this is not yet
> working".
>
> On Thursday, March 29, 2012 8:10:38 AM UTC-7, blackthorne wrote:
>>
>> Hello,
>>
>> I am working on a "secure" documentation system that should support file
>> uploads but also to give the ability to trace user actions like
>> download/upload of files. This should be integrated in the portal itself so
>> that the administrator doesn't need to parse web log files and trace users
>> and IP's. Example:
>>
>> user Malkovich submitted a file: report.docx with hash: 102310239123123
>> at 2012.03.27 10:12:45 (GMT)
>> user BigFatCat downloaded the file: report.docx (id: 1201010121)
>> at 2012.03.27 12:11:05 (GMT)
>> ...
>>
>> So, I just said what I have and I want, so now let me tell have I done
>> about this:
>>
>> in the model:
>>
>> ...
>> db.define_table('attachment',
>> Field('name', requires=IS_NOT_EMPTY()),
>> Field('filename'),
>> Field('description'),
>> Field('doc_type',
>> requires=IS_IN_SET(['text','report','image','other']), default='other'),
>> Field('hash', 'string'),
>> Field('file','upload'),
>> format='%(name)s')
>>
>> db.define_table('logs',
>> Field('message','string', requires=IS_NOT_EMPTY()),
>> Field('full_description','text'),
>> Field('action', 'string',
>> requires=IS_IN_SET(['create','remove','download','upload',
>> 'edit','other']),default='download'),
>> Field('attachments', 'list:reference attachment', notnull=False),
>> Field('user', 'list:reference auth_user'),
>> Field('happened_on','datetime', default=datetime.datetime.now()))
>> ...
>>
>> in the controller:
>>
>> def hash(file):
>> return hashlib.md5(open(file).read()).hexdigest()
>>
>> @auth.requires_login()
>> def insert_file():
>> form = SQLFORM(db.attachment, upload=URL('download'), fields=['name',
>> 'description', 'file'])
>> if request.vars.file!=None:
>> form.vars.filename = request.vars.file.filename # not sure about
>> this one...
>> form.vars.hash = hash(file)
>> if form.process().accepted:
>> db.logs.insert(message='file submitted',
>> full_description=forn.vars.hash, action='upload', attachments='', user=
>> auth.user.id, happened_on=request.now)
>> response.flash = 'form accepted'
>> elif form.errors:
>> response.flash = 'something went wrong, try harder'
>> record = db.attachment(request.args(0)) or redirect(URL('index'))
>> return dict(form=form)
>> ...
>>
>> This is not yet working but don't think I am on the right track? Tips?
>>
>> Thank you
>>
>
>
