Let me put it this way: Can I determine the hash of an uploaded file during the upload process (when the form is submitted) and before it is actually stored on the filesystem?
I believe that all my questions collapse to that. Thank you. On Mar 30, 2012, at 1:43 AM, Derek wrote: > From the documentation: http://web2py.com/books/default/chapter/29/7 > A SQLFORM object also deals automatically with "upload" fields by saving > uploaded files in the "uploads" folder (after having them renamed safely to > avoid conflicts and prevent directory traversal attacks) and stores their > names (their new names) into the appropriate field in the database. After the > form has been processed, the new filename is available in form.vars.fieldname > (i.e., it replaces the cgi.FieldStorage object inrequest.vars.fieldname), so > you can easily reference the new name right after upload. > > On Thursday, March 29, 2012 5:20:52 PM UTC-7, Francisco Gama wrote: > I need to create a form that submits files and at the same time, stores the > user who did it, the name of the file, its hash, the time. Other things like > his IP address, his web client would be interesting as well. > > I see two ways: > 1) some sort of method tracing (a decorator maybe) that informs me what calls > have been done to some controller > 2) include in the uploading form, insertions to the database that also keep > track of what has been done (the solution I'm trying) > > > While I want to keep files metadata stored on the database, I want them to be > stored on the file system. So how can I create a form that uploads the file > and stores all this metadata on the database (including getting the filename, > its hash,...)? > > > > > On Mar 30, 2012, at 12:11 AM, Derek wrote: > >> Are you getting any error messages? What do you mean by "this is not yet >> working". >> >> On Thursday, March 29, 2012 8:10:38 AM UTC-7, blackthorne wrote: >> Hello, >> >> I am working on a "secure" documentation system that should support file >> uploads but also to give the ability to trace user actions like >> download/upload of files. This should be integrated in the portal itself so >> that the administrator doesn't need to parse web log files and trace users >> and IP's. Example: >> >> user Malkovich submitted a file: report.docx with hash: 102310239123123 at >> 2012.03.27 10:12:45 (GMT) >> user BigFatCat downloaded the file: report.docx (id: 1201010121) at >> 2012.03.27 12:11:05 (GMT) >> ... >> >> So, I just said what I have and I want, so now let me tell have I done about >> this: >> >> in the model: >> >> ... >> db.define_table('attachment', >> Field('name', requires=IS_NOT_EMPTY()), >> Field('filename'), >> Field('description'), >> Field('doc_type', requires=IS_IN_SET(['text','report','image','other']), >> default='other'), >> Field('hash', 'string'), >> Field('file','upload'), >> format='%(name)s') >> >> db.define_table('logs', >> Field('message','string', requires=IS_NOT_EMPTY()), >> Field('full_description','text'), >> Field('action', 'string', >> requires=IS_IN_SET(['create','remove','download','upload', >> 'edit','other']),default='download'), >> Field('attachments', 'list:reference attachment', notnull=False), >> Field('user', 'list:reference auth_user'), >> Field('happened_on','datetime', default=datetime.datetime.now())) >> ... >> >> in the controller: >> >> def hash(file): >> return hashlib.md5(open(file).read()).hexdigest() >> >> @auth.requires_login() >> def insert_file(): >> form = SQLFORM(db.attachment, upload=URL('download'), fields=['name', >> 'description', 'file']) >> if request.vars.file!=None: >> form.vars.filename = request.vars.file.filename # not sure about >> this one... >> form.vars.hash = hash(file) >> if form.process().accepted: >> db.logs.insert(message='file submitted', >> full_description=forn.vars.hash, action='upload', attachments='', >> user=auth.user.id, happened_on=request.now) >> response.flash = 'form accepted' >> elif form.errors: >> response.flash = 'something went wrong, try harder' >> record = db.attachment(request.args(0)) or redirect(URL('index')) >> return dict(form=form) >> ... >> >> This is not yet working but don't think I am on the right track? Tips? >> >> Thank you >
signature.asc
Description: Message signed with OpenPGP using GPGMail
