api/file usage

sticcino · Post by **sticcino** » Sat Sep 14, 2024 12:17 am

Hi,

I need to add an image to the email messages being sent. i'm able to retrieve all the information correctly but it appears the encrypted file/filepath are incorrect vs when i inspect the image in the table, not sure if i missed something in order to grab the photo.

Code to get the photo associated with the user:

$currentUser = 12345;

        $MyPhotoKey = _getUserInfo("User_Photo", $currentUser);       
        $MyPhoto = ClientUrl("CurrentHost()./dams/api/file/tbl_sys_membership/User_Photo/".$currentUser);
        $MyPhoto = json_decode($MyPhoto, true);
        $MyPhoto = $MyPhoto['User_Photo'][$MyPhotoKey];

This translates to:

http://localhost/dams/api/file/tbl_sys_membership/eyJpdiI6Ink...

vs this when i inspect the image, on the app form where this image is, this is the href:

http://localhost/dams/api/file/tbl_sys_membership/eyJpdiI6Ijk...?session=eyJpdiI6IlZ...=&csrf_name=csrf66e45f327e4a6&csrf_value=QCVF...

notice the encrypted path is different.

also noticed that in Fileviewer.php when when $fn is decrypted, in my function $fn is still some encrypted data, but when i run the inspected url, the $fn displays the readable correct path of the image

looks like my code is missingthe session object, is there a method to obtain this?
to test, i tried this, but it returns nothing: (sessionid is empty as well)

        $sessionId = session_id();
        $sessionQry = "session=" . Encrypt($sessionId) . "&" . $GLOBALS["TokenNameKey"] . "=" . $GLOBALS["TokenName"] . "&" . $GLOBALS["TokenValueKey"] . "=" . $GLOBALS["TokenValue"];

this is a custom file, with following items added:

<?php
namespace PHPMaker2024\dams;

use PHPMaker2024\dams\{UserProfile, Language, AdvancedSecurity, Timer, HttpErrorHandler, RouteAttributes, SessionHandler};
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Container\ContainerInterface;
use DI\Container as Container;
use DI\ContainerBuilder;
use Slim\Factory\AppFactory;
use Slim\Factory\ServerRequestCreatorFactory;
use Slim\Exception\HttpInternalServerErrorException;
use Middlewares\Whoops;
use Dflydev\DotAccessData\Data;

use Doctrine\DBAL\DriverManager;
use Doctrine\DBAL\ParameterType;
use Doctrine\DBAL\Connection;

require_once "../vendor/autoload.php";

// Require files
require_once "../src/constants.php";
require_once "../src/config.php";
require_once "../src/phpfn.php";
$ConfigData = new Data($CONFIG); // Ensure that $ConfigData is accessible by Global Codes
require_once "../src/userfn.php";
?>

as an additional note, this script will be run outside the scope of the application via command line and cron, so not sure how session id's or lack of will impact the use of the file api

thanks

arbei · Post by **arbei** » Sat Sep 14, 2024 11:26 am

You may refer to the source code of the function GetImageUrl() in phpfn.php.

sticcino · Post by **sticcino** » Sun Sep 15, 2024 5:42 am

thanks,

i was able to get images setup with that code, but when i attempt to create a file type link (pdf file) an error occurs from the [network] headers

Status Code: 401 Unauthorized
Remote Address: [::1]:80
Referrer Policy: strict-origin-when-cross-origin

i don't have any security requirements on that documents-library folder, and the file does exist.

i believe the parameters passed to the code is correct, if you use the unencrypted values the document appears. ($path.$key)
its the same user and instance as the images being grabbed

only difference between the image code and the pdf files, is the location of the files..

Test Environment, resultant values:
documents_library = table
documents-library = folder

$fileUrl = dams/api/file/documents_library
$filepath = dams/dams/documents-library/
$path = C:/xampp/htdocs/dams/uploads/dams/dams/documents-library/
$fileKey = testdoc.pdf

    //-----------------------
        $fileUrl = "dams".PATH_DELIMITER."api".PATH_DELIMITER.(Config("API_FILE_ACTION")) .PATH_DELIMITER."documents_library";     
        $filepath = "dams/dams/documents-library".PATH_DELIMITER;
        $path = $_SERVER['CONTEXT_DOCUMENT_ROOT'].PATH_DELIMITER."dams" .PATH_DELIMITER.Config("UPLOAD_DEST_PATH").$filepath;

        $fileKey = _getDocumentsInfo("DocumentAttachments", $campaignRow['campaign_program']);
        $doc2view = CurrentHost().PATH_DELIMITER. $fileUrl . PATH_DELIMITER . Encrypt($path . "$fileKey", $key) . "?" . $sessionQry;                
        $email->ReplaceContent("#DocumentToView", $doc2view);
    //------------------------

is there anywhere else to view a more detail error content?

arbei · Post by **arbei** » Sun Sep 15, 2024 10:13 am

In your code you sometimes use "documents-library", and sometimes use "documents_library", are they correct?

sticcino · Post by **sticcino** » Mon Sep 16, 2024 12:57 am

they are tablename is documenst_library, then for some reason we named the folder documents-library

tou think this may be causing an issue?

arbei · Post by **arbei** » Mon Sep 16, 2024 8:50 am

I thought you might have typo. It is not related to your question.

You got 401 probably because the CSRF token is not valid anymore in another request (from the email content).

You may refer to Export API on how to save the exported file on server and create a link for that.