[ZendTo] Re: Library function

Brian Ott Brian.Ott at oicr.on.ca
Tue Jan 24 21:31:15 GMT 2012 

On Tue, Jan 24, 2012 at 09:18:47PM +0000, Jules wrote:
> 
> 
> On 24/01/2012 17:48, Brian Ott wrote:
> > Thanks Jules,
> >
> > That worked. I've noticed now another issue.
> >
> > If someone sends me a file and I get the link in the email and go to
> > it if I am not currently logged in I cannot download the file. I get
> > an error message.
> What error message?

Please see the image: http://imgur.com/6jssN


> >   This reason is because I'm in the network that is
> > forced to login.
> There isn't any "network that is forced to login" in ZendTo. In the 
> network prefixes listed in the preferences.php file, a little login box 
> is presented on the home page to make it easier for them to login if 
> they want to. But they are not "forced to login" at all.
> >
> > This causes confusion to all our internal users as they receive the
> > email, click the link and the file is not accessible.
> It should be accessible to anyone! The most recent versions support 
> another "captcha" at the file download point so that you cannot be 
> DDOS-ed by millions of botnet machines all trying to download the same 
> file at the same time. (I've had this done to my own ZendTo site 
> already, so I guess I'm making an impression on the rip-off market held 
> by yousendit and the like. :-)

We disabled captchas, I agree with the purpose but we had complaints
that it was just too hard to read. 

> 
> >   It would be nice
> > that before they can go to the page with the file listed they are
> > forced to login or ask them to login before the download if they are
> > in that network.
> No-one ever has to login to download a file, when they get the download 
> link in an email generated by ZendTo.

Ok. I was under the wrong impression because if I login and then click
on the link from the email I can download it just fine. 


> >   This would remove that confusion to 'typical' users.
> The whole point is that they can send files to anyone, inside or outside 
> your organisation. ZendTo download links work without you having to 
> login, that's the point. Otherwise people outside your organisation 
> wouldn't be able to download files, as they have no login details for 
> your organisation.
> 
Agreed, its just that some organizations like ours take security and
privacy to certain level. We want everyone within our organization to
be logged in and tracked. It may sound weird but for auditing purposes
its needed. 

> Jules.
> 
> >
> > On Mon, Jan 23, 2012 at 10:16:09AM +0000, Jules wrote:
> >> Oops! Sorry about that.
> >>
> >> Go through that file and change every occurrence of
> >>       sqlite_escape_string
> >> to
> >>       $this->database->real_escape_string
> >> There should be 5 of them.
> >>
> >> Then you should find it works rather better! :-)
> >>
> >> This will of course be fixed in the next release.
> >>
> >> Jules.
> >>
> >> On 18/01/2012 21:09, Brian Ott wrote:
> >>> Hey Jules,
> >>>
> >>> I did notice this: [Wed Jan 18 16:07:03 2012] [error] [client
> >>> 10.10.10.72] PHP Fatal error:  Call to undefined function
> >>> sqlite_escape_string() in /nfs/zendto/zendto_application/lib/MySQL.php
> >>> on line 801, referer: https://URL/dropoff.php
> >>>
> >>>
> >>> In the logs when this happens (I replaced our URL)
> >>>
> >>> On Wed, Jan 18, 2012 at 03:37:23PM -0500, Brian Ott wrote:
> >>>> Hello,
> >>>>
> >>>> Is anyone using the 'Library' function? I've been having some issues
> >>>> with it where as when I user selects to send a file in the library
> >>>> after the click 'dropoff' they get a Error 500 page. I'm not sure why
> >>>> this is happening. Zendto sees the file just fine and in the database
> >>>> its been added as a send but the page errors.
> >>>>
> >>>> -- 
> >>>> Brian Ott
> >>>> Unix System Administrator
> >>>>
> >>>> Ontario Institute for Cancer Research
> >>>> MaRS Centre, South Tower
> >>>> 101 College Street, Suite 800
> >>>> Toronto, Ontario, Canada M5G 0A3
> >>>>
> >>>> Telephone:	647-260-7977
> >>>> Email:		brian.ott at oicr.on.ca
> >>>> www.oicr.on.ca
> >>>>
> >>>>
> >>>>
> >>>> This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.
> >>>> _______________________________________________
> >>>> ZendTo mailing list
> >>>> ZendTo at zend.to
> >>>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
> >> Jules
> >>
> >> -- 
> >> Julian Field MEng CITP CEng
> >> www.Zend.To
> >>
> >> Follow me at twitter.com/JulesFM
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >> 'It's okay to live without all the answers' - Charlie Eppes, 2011
> >> 'All programs have a desire to be useful' - Tron, 1982
> >> 'That is the land of lost content,
> >>    I see it shining plain,
> >>    The happy highways where I went,
> >>    And cannot come again.' - A.E. Houseman
> >>
> >> _______________________________________________
> >> ZendTo mailing list
> >> ZendTo at zend.to
> >> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.Zend.To
> 
> Follow me at twitter.com/JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
> 'All programs have a desire to be useful' - Tron, 1982
> 
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

-- 
Brian Ott
Unix System Administrator

Ontario Institute for Cancer Research
MaRS Centre, South Tower
101 College Street, Suite 800
Toronto, Ontario, Canada M5G 0A3

Telephone:	647-260-7977
Email:		brian.ott at oicr.on.ca
www.oicr.on.ca



This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.

More information about the ZendTo mailing list