Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Hi,

I am not sure if this problem is due to JFUploader or to Joomla itself... but I help help to determine if it is JFU causing the issue.

Recently my site was trashed and couldn't be restored properly... my bad I didnt have a good backup of everything.

So, back from scratch I went to new hosting provider and installed new joomla 1.6 installation, and JFUploader extension. Previously I had the professional registered version for Joomla 1.5, but I haven't moved my domain name so I am currently only using unregistered version of JFU.

I created a front end profile, and user groups and a master profile... I created a default folder, and JFU populated each users folders perfectly and was displaying everything perfectly. The only problem was that the directories were set for index accessible so people could browse all our confidential files.

I went to cpanel and using index manager to turn off indexing of the directory where our files are stored.

This is where the problem materialized. Sometimes the menu item and the jfu are visible and sometimes they are not. The menu item is protected to only allow special users, and the menu has the proper group ID and had been working. Now it only works occasionally. Have you any idea what is going on... or is there another better way to protect my upload directory that may not cause this issue. As it stands now I wont be able to continue to use jfu due to the privacy and access issues.

I am running the following:

Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2 SVN/1.5.0 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8

Joomla! 1.6.0 Stable [ Onward ] 10-Jan-2011 23:00 GMT

JFUploader version 2.14.3

.htaccess is set to IndexIgnore

mod_rewrite is off, if i turn this on my site doesnt work becuase previously accessible pages are no longer found

Thanks for any assistance you can provide.

If you don't use direct download you can actually disable the access to the upload folder completely.
Simply put a .htaccess into the upload folder where you deny all.

What I don't understand is the relation to Joomla itself. Because your .htaccess should only be in the upload folder and not somewhere else.

Best, Michael

Hi Michael, I figured out a work around... Bear in mind that I have very little knowledge of computers actually...

Originally I had put the .htaccess file in the directory I created to accept uploads. I put Options -Indexes which caused Joomla not to display the directory when people browsed the folder in their browser... however it also caused Joomla not to display the menu item for jfu when the menu access level was set to anything other than public for some reason.

As I only wanted certain people to be able to upload rather than all registered users I thought I needed to protect the menu item... but i changed the people who were able to access the front end via the users in group1

Then I re-enabled the viewing of the file structure... but prevent viewing of the actual file extensions we use. I don't see a security issue that people know we have directories, as long as they cannot access the files.

Options +Indexes

IndexIgnore *.wmv *.mp4 *.avi *.hse *.tsv *.xls *.pdf *.doc *.jpg *.jpeg *.zip *.HSE *.TSV *.XLS *.PDF *.DOC *.JPG *.JPEG *.ZIP

seems to be working, sorry to have bothered you

does:

deny from all

not work in the upload dir?

- Michael