-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add file upload question, validation, storage, and preview #1074
base: master
Are you sure you want to change the base?
Conversation
Love this! Thank you for your excellent work. It works just as I would expect it to. One thought for a feature improvement would be for when you view the survey answers. If you could click on the file name and view it in a new window or modal would be amazing. |
@storca Just checking - have you run this on a fresh install? I ask as I am getting a sql error when doing a fresh install with this. happy for it to be an error at my end.... SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '1' for key 'PRIMARY' (SQL: insert into |
I think it just needs 'id' => 7, added to the migration file. |
@justynpride Yes the new question id is 7 on a migrated database, if yours differ, you can always change the question id in config/attendize.php line 62. 'id' is a primary key, the SQL error says clearly that you can't insert a new question of id = 1 ; I thought that the PRIMARY KEY was auto-incremented but maybe it's not the case on your side |
Thanks. Without that I'd line I think it defaults to 1 and therefore created a duplicate install error in sql. The view file link is really helpful by the way. |
@storca I realised in testing I only tested orders with the file question on the ticket. I'm finding that if I don't have question on a ticket that when I try to move to the Payment section I get a Whoops Error. The log shows: [2023-01-01 09:44:15] production.ERROR: Undefined index: ticket_holder_files {"userId":1,"exception":"[object] (ErrorException(code: 0): Undefined index: ticket_holder_files at /home/bookinme/web/bookings.book-in.me/public_html/app/Http/Controllers/EventCheckoutController.php:373) I don't know if you are able to replicate on a clean install of 2.6.0? |
@storca Perfect, it works! Related to this with your helpful 'Open file' link on the survey question, do you get to view the uploaded file ok? I've been trying it more (apologies I had just view how it looked previously!), and just this on a Mac: |
@justynpride the preview of the documents relies on browser-based document preview, does it work for you ? What type of documents do you upload ? @johannac yep, in our case we use Attendize for a sports tournament and we need to ask our participants for documents like medical certificates |
@storca The preview works fine for a pdf, but not a jpg or png. It would be likely that images would be uploaded, and not just pdfs. |
@justynpride I'm very surprised that your browser does not allow the preview of images, I can't provide troubleshooting but try to have a look at the code below and fix it yourself. |
@storca It is weird as I run MacOS and Safari and can't view the image previews on either MacOS or iOS. before looking more widely can I just check what devices you know it works with? |
@justynpride I use Chromium or Firefox on Linux, try changing your browser |
I also tend to try out errors on other browsers. The same occurs in Chrome and Firefox for images (fine for pdfs). In Firefox I get this error displayed: The image "https://tickets.book-in.me/docs/d7dd181aba01d76fbba6/z6zTVyU4vDYNz1DYVOp4ok5FR0wXLZ3S0h270Ran.png" cannot be displayed because it contains errors. |
@justynpride yes indeed, it contains errors ; are you sure that your image is not corrupted ? |
@storca Unfortunately the image opens fine in the browser (ie I drop the file onto the app and it opens within the browser window), but not when previewing through Attendize. I need to try on a PC when I have access. |
// Prevent bruteforce | ||
sleep(1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Prevent bruteforce | |
sleep(1); |
https://www.php.net/manual/en/function.sleep.php
Not really - the attacker could do 100 requests. Each request might take 2 seconds but it doesn't stop the number of requests done. You need to stop processing more than one request every 2 seconds rather than delay it by 2 seconds on each execution.
This can be done on the webserver e.g. nginx or using laravel's own Reatelimiting on the route:
https://laravel.com/docs/10.x/routing#rate-limiting
With sleep you also reduce the amount of requests the CPU could be serving at this time.
Hi!
Following issues, I added a file upload question in Attendize surveys (fixes #1041 and fixes #1027).
How does it work ?
answer_text
in thequestion_answers
table like sodocs/<custom_hash>/<laravel_file_hash>.ext
Yes, but the files are hidden via the following path structure
/docs/<custom_hash>/<laravel_file_hash>.ext
The
custom_hash
is made in an effort to make sandwich-proof hashes in case it is possible to get hashes during the order process.The hash is generated using php time and OS-based randomness here.
Files are not accessible or editable by the user.
Files can also stay on the server in case the order is cancelled or abandoned ; this is why I added a
RemoveOldTempFiles
job that removes files that are older than an hour.I'm happy to share this PR with you, feel free to test it and suggest changes!