Moodle in English: DMS pre-beta is now LIVE!

Hi Moodlers!

The first pre-beta version of DMS is ready!

If you want to take a look, test the features, or provide comments, you can download and install DMS yourself! To do so:

Get the /contrib/dms/ directory from CVS.
Read README.1ST and INSTALL.txt to get you started.

Installation and operation is pretty simple, I 've made a setup script so you don't have to edit the database or anything, so you really have no excuse to not try! wink

Cheers
Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Art Lader - Saturday, 1 May 2004, 2:18 AM

I will wait until Martin includes this in a standard distribution, but I do want to thank you in advance for all your time and effort. This will be a great addition to Moodle.

Best regards,
Art Lader

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Saturday, 1 May 2004, 2:22 AM

Art, you are in for a very long wait...

This isn't really going anywhere near the Moodle distro for months yet. The point is to get feedback which will help get it there. Anyway, your thanks are very much appreciated.

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Art Lader - Saturday, 1 May 2004, 2:43 AM

True... Now that I think of it, I do have a personal Moodle (lader.org/moodle) that I could help test it on. That would be cool.

So, I would grab all the files from here? --> http://cvs.sourceforge.net/viewcvs.py/moodle/contrib/dms/

-- Art

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Saturday, 1 May 2004, 4:31 AM

Hi Art!

I hope you can help me with this.

When you say you are going to grab a copy from,
http://cvs.sourceforge.net/viewcvs.py/moodle/contrib/dms/

Do you,

Cut and paste each and every folder and file on the page?
Know a way to download the entire "dms" folder/directory to your computer for upload onto your Moodle site?
Know a way to download the entire "dms" folder into your Moodle web site via SSH?

I would like to test the MyDMS for Moodle script but I gather there must be a better way than cutting and pasting all those files associated with it.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Tim Allen - Saturday, 1 May 2004, 4:48 AM

WP,

You don't have to cut and paste individual files, use a CVS client (eg. Tortoise CVS on Windows) or command (Linux) to do it automatically.

Have you read the instructions at the bottom of http://moodle.org/mod/resource/view.php?id=8 ? I think the answers you require may be there...

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Saturday, 1 May 2004, 5:45 AM

Hi Timothy!

I have been reading that page over and over . I understand how to bring down a new copy of Moodle into the website using SSH by following the instructions. No problem there.

I cannot firugre out how to download individual files and folders from the different parts of the CVS by reading that page. Now I may be missing something but I cannot figure out what it is?

If you can give me some clearer instructions I would really appreciate it. I know how to open Putty and get into the site. I know how to get into the moodle directory. What instruction(s) do I give to get the "dms" directory to download by using SSH?

Thanks in advance for your help.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Martin Dougiamas - Saturday, 1 May 2004, 3:27 PM

It might be easiest for you to just grab the latest daily zip from here:

http://moodle.org/download.php/modules/dms.zip

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Saturday, 1 May 2004, 8:42 PM

Thanks Martin!

I will DL it from this address, but, somehow I still have to learn how to use and obtain files easily form CVS into my website using SSH. I am going to look at the web page Jon referred to and see if I can get some help there.

Yes Art, I agree we are saved this time.

WP1

Average of ratings: -

Help with anonymous CVS

by Martin Dougiamas - Saturday, 1 May 2004, 9:34 PM

It is actually explained on the download page. On your server (when you are logged in via ssh) type these lines to get the whole of the contrib folder:

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/moodle login
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/moodle co contrib

If you get asked for a password, just hit RETURN. After all the files are copied from CVS to your own machine, you can then go into the contrib folder and see all the contributed code:

cd contrib
ls -l

You can copy anything there into your main Moodle tree if you like:

cp -pr dms /some/path/to/moodle/tree

To upgrade this folder or any part of it later, use cd to go into the folder, and then issue just this:

cvs update -dP

Average of ratings: -

Re: Help with anonymous CVS

by W Page - Sunday, 2 May 2004, 12:12 AM

Hi Martin!

Thanks for taking the time to explain this to me. I will definately attempt it. I know this will make Moodle life a lot easier with less mistakes.

I am sure some other folks will benefit from it as well.

WP1

Average of ratings: -

Re: Help with anonymous CVS

by W Page - Sunday, 2 May 2004, 8:08 AM

Hello All!

Could someone take a look at this SSH session below and tell me what I am doing wrong. I am trying to follow Martin's directions above.

This is what is happening.

1. I use Putty and SSH to get to the root of the website. After I place the SSH password in I get something like the following message.

Sent username "b99999999"
b99999999@s12345678.onlinehome.us's password:
Warning!

For security reasons all ssh and telnet sessions are logged, and may
be monitored. By logging in you give consent to these conditions.

Shell access is provided for web development and not for running
irc-bots or cracking toolkits. Disregard leads to suspension of your
contract.

b99999999:/kunden/homepages/22/d12345999/htdocs >

2. I then type in "cd moodle" so I can get inside of the moodle directory. The line looks like,
b99999999:/kunden/homepages/22/d12345999/htdocs >cd moodle

3. I am then brought inside of the moodle directory on the web site. The line looks like,
b99999999:/kunden/homepages/22/d12345999/htdocs/moodle >

4. I then type in
"cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/moodle login"
and get this message back.
Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/moodle
CVS password:

5. I then just hit the "Enter" button. I then get this message,
b99999999:/kunden/homepages/22/d12345999/htdocs/moodle >

6. I then type in
"cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/moodle co contrib"
and get this message back.
cvs server: existing repository /cvsroot/moodle/moodle/contrib does not match /cvsroot/moodle/contrib
cvs server: ignoring module contrib

Somehow I am not getting to the correct location in CVS.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Sunday, 2 May 2004, 3:45 AM

Sorry, I 've been a bit out of touch due to the weekend.

This archive is NOT the current version, and most probably is broken. The README and INSTALL files aren't the latest version I checked in... please use something more recent. Thanks!

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Art Lader - Saturday, 1 May 2004, 7:57 PM

Hi,

CVS is mysterious to me, too.

But I see that Martin has provided a link to a zip archive, so we are saved.

-- Art

Average of ratings: -

CVS examples

by John Papaioannou - Saturday, 1 May 2004, 7:57 AM

Some short CVS examples for those who might find them useful:

1. I don't think it would be difficult to get CVS files from Windows with TortoiseCVS. Although I 've only tried it once and then switched to Linux (I prefer the command line for this kind of work).

2. In Linux, after having set the CVSROOT environment variable so you don't have to use the -d option each time, you just go into a directory and type:

cvs -q checkout contrib/dms

This will create the contrib/dms directory and all its subdirectories and files in your local system. You are then free to copy them wherever you wish. If you wanted to checkout the complete /contrib/ structure, you would just do

cvs -q checkout contrib

And once you 've done that, you can just go into the /contrib directory on your local machine and use

cvs -q update

to stay up to date.

An excellent CVS guide which helped me tremendously when starting out with CVS can be found at http://www.loria.fr/~molli/cvs/doc/cvs_toc.html.

Hope this helps!

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Sunday, 2 May 2004, 12:28 AM

Hi Jon!

Just a few problems/questions,

Problem/Question 1

The "install.txt" indicates the following,

"3. Edit the 'inc/inc.Settings.php' and replace the appropriate directory path
settings with your installation's. These settings are near the bottom of the
file; look for "BEGIN MOODLE ADDITIONS"."

The phrase "BEGIN MOODLE ADDITIONS" is not in the present version of the "inc.Settings.php" file in the .ZIP package so it is difficult to know the proper location to make changes.

Problem/Question 2

I created a directory "mydms" inside of "moodledata" for file storage.

Is this how I would indicate its location in the script?
With no backslash?

$this->_contentDir = $CFG->dataroot.'/dms';

In the following location?

function Settings() {

if($this->_moodleInterface == DMS_INTERNAL) {
// DO NOT CHANGE THESE!!!
global $CFG;
$this->_rootDir = $CFG->dirroot.'/files/';
$this->_httpRoot = $CFG->wwwroot.'/files/';
$this->_contentDir = $CFG->dataroot.'/';
$this->_ADOdbPath = $CFG->dirroot.'/lib/adodb/';
}
So it would look like this,
function Settings() {

if($this->_moodleInterface == DMS_INTERNAL) {
// DO NOT CHANGE THESE!!!
global $CFG;
$this->_rootDir = $CFG->dirroot.'/files/';
$this->_httpRoot = $CFG->wwwroot.'/files/';
$this->_contentDir = $CFG->dataroot.'/dms';
$this->_ADOdbPath = $CFG->dirroot.'/lib/adodb/';
}

Problem/Question 3

I followed your suggestion about making the following directory name changes,
renamed the Moodle 'files' subdirectory to 'files-moodle',
renamed the 'files-dms' directory to 'files'. (This contains all the files which where previously in the "mydms" folder when the "dms.zip" file was unzipped.

Does this affect how the paths mentioned in - Problem/Question 2 - above should be configured?

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Herbert Keijers - Sunday, 2 May 2004, 2:44 AM

Hi WP1,
The dms.zip file in the link Martin posted above is old, you better use the files in CVS.
You will see another config file (inc.Settings.php ) in CVS (here you see BEGIN MOODLE ADDITIONS) where you don't have to change a thing (perhaps the change of comments if you are on a Unix system) since you want to run myDMS inside Moodle.

If possible I advice you to use CVS. Martin explained it a few posts above. It isn't really so hard and you have the latest development code with the minimum of labor ...

Wish you luck with dms

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Martin Dougiamas - Sunday, 2 May 2004, 10:40 AM

The zips on moodle.org get rebuilt once a day at about 0700GMT.

(Martin looks ....) What the ...! That recent CVS problem at Sourceforge meant my zip process wasn't updating properly ... I've fixed it now.

We now return you to your regularly scheduled zips.

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Bryan Williams - Sunday, 2 May 2004, 12:19 PM

Martin,

Would you know whether the Moodle nightly build link is also having a problem. I have spent the last few hours going nuts with build 2004042703, which I downloaded to test out. I cannot stay logged in for more than a few clicks. I noticed Moodle.org has been running 2004043001 since Friday. Is this just not available yet, or is the link not working?

Average of ratings: -

CVS issues have been affecting nightly too - fixed now

by Martin Dougiamas - Sunday, 2 May 2004, 12:56 PM

Yes, same CVS problem would have affected the nightly archives, but this is fixed now - try getting it again.

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by W Page - Monday, 3 May 2004, 10:19 PM

Hi Jon,

Really neat script. Just one problem.

After I uploaded a "PDF" file (which occured smoothly) and I attempted to open the file, I was immediately taken back to the "login" page. I could not login again. I had previously uploaded a DOC file and opened it with OO (Open Office) with no problem. I ended up removing the site and database and then reinstalling the site with a new database. I have not attempted to upload anything else since then.

BTW, how come the ZIP file (which I have learned is updated daily) is not on the Modules page as a development mod??

Thanks for all your hard work on this script Jon.

WP1

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by Martin Dougiamas - Monday, 3 May 2004, 10:49 PM

It's not up there because I'm not sure how many people Jon wants downloading it and trying it out (even though they nothing about it!). Give me the word, Jon, whenever you think it should be there. I can mark it deadly dangerous (just kidding

)

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by Bryan Williams - Monday, 3 May 2004, 11:36 PM

WP,

I am begining to wonder if the problem being kicked over to the login screen isn't related to something buggy in 1.3 at this time, and not actually to testing the DMS as you are doing. I cannot isolate why this is happening, but it does happen to me with some consistency when the HTML editor is called. Perhaps the DMS is making a similar call to file storage that Moodle does not like right now. Before hastily rebuilding your site, try flushing browser cache and seeing if you can't login again. We need to document what exactly is going on as Martin may not be aware of this and able to duplicate it. I can duplicate this problem using both IE and Mozilla on my XP machine, with my test server running 2004043001.

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by John Papaioannou - Monday, 3 May 2004, 11:42 PM

Bryan, open a bug in the tracker and report it. We 've got to find out what this is, WP scared me to death with his report... why would something like that be happening?

Also, while I 'm doing development on the bleeding edge of releases (must be updating something like 5-6 times a day), this problem hasn't occured to me. Strange.

Jon

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by Bryan Williams - Tuesday, 4 May 2004, 1:14 AM

Jon,

First, I don't have DMS on my test server yet so that can be ruled out I think as a problem, re: login bounce. I am seeing sporadic posts that suggest something is happening. Gustav reported earlier, but didn't say what version of Moodle he is running. I personally found 2004042703 so unstable in this area that I had to abandon beta testing. I cannot isolate what's going on other than it is happening, so don't know what to say in a bug report. I do experience it frequently when HTML editor is called, although not all the time. I thought I had also pinned it to when "Turn editing on" control was activated, but now I'm not so sure. I'll keep testing and see if I can't find a pattern I can report.

Average of ratings: -

Re: "login bounce"

by Martin Dougiamas - Tuesday, 4 May 2004, 1:24 AM

I'm not seeing anything like this, and I can't think of any changes recently in that area, so yes, some steps that can be duplicated would be very useful.

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by W Page - Monday, 3 May 2004, 11:53 PM

Hi Bryan,

I cleaned out the cache, removed cookies and the automatic password in Firefox .8 , MyIE2 and IE Explorer and could not login again. That is when I just did an uninstall and fresh reinstall of the site and database.

WP1

Average of ratings: -

Re: CVS issues have been affecting nightly too - fixed now

by John Papaioannou - Monday, 3 May 2004, 11:37 PM

You mean you couldn't login to your SITE?!??! At ALL????

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Sunday, 2 May 2004, 9:52 AM

As Herbert says, you have an old version which probably will not work whatever you try. Grab a new one from CVS, or wait a few days and I 'll release a .zip myself. Sorry for the confusion... mixed

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Jean-Pierre Pawlak - Sunday, 2 May 2004, 7:21 AM

Ok,

I did install the pre-beta-DMS...everything went smoothly.Very nice job!

Creating new folder and uploading files works fine.

When I tried to change the access rights (others: no read/no write/no administration) I got the following errors:

"Warning: array_sum(): The argument should be an array in /home/pierke/public_html/moodle3/dms/document.php on line 92"

and

"Warning: array_sum(): The argument should be an array in /home/pierke/public_html/moodle3/dms/folder.php on line 85"

Do I have to report it as a bug?

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Sunday, 2 May 2004, 9:50 AM

Well, speaking about bugs at this point is a bit... premature

, but of course you did right to report it. I noticed this myself after releasing the pre-beta, and will fix it when I work on it again. Until then, this is simply an extra warning message and doesn't affect the operation of DMS in any way. Thanks for the feedback though!

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Monday, 3 May 2004, 9:36 PM

The DMS code has been updated. Updates include:

Ability to put quotas on each folder (user quotas will also be possible later). This feature has the capability to distinguish between files stored on the local filesystem and files stored elsewhere, something that may be useful later when non-local files are supported.
Nice and clean error handling, which unfortunately doesn't include all possible errors yet. For example, try to "cheat" by typing a URL you aren't supposed to see and look at the "access denied" page.
Timestamps are now converted to nice dates before being displayed.
Automated upgrade system for those who want to keep following the new releases. Instructions in README.TXT.
Details like sorting user folders by the user's name and lots of small UI changes.
Bugfixes.
There has also been some internal restructuring so as to be ready for the future...

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Herbert Keijers - Tuesday, 4 May 2004, 1:26 AM

Jon, the search function gives a nice "Unknown operation" in the latest.
Don't know if it was there already before ...

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Tuesday, 4 May 2004, 2:53 PM

It was. Unfortunately, the search operation is still in the wish list. Although it shouldn't be much of a challenge, right now I 'm too swamped to work on it. Next week maybe.

Average of ratings: -

Re: search functions

by Marcel Berteler - Wednesday, 19 May 2004, 8:33 PM

Maybe you can have alook at this project:

KnowledgeTree, an Open Source doucment management system. The projects is OSS and has nice search functionalities.

http://www.jamwarehouse.co.za/ktdownload_new/kthome.htm

The sourcecode can be downloaded from:
http://www.jamwarehouse.com/ktdownload_new/ktdownload.htm

Maybe you can use their search engine and build it into your DMS.

Marcel

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Steve Sorden - Wednesday, 5 May 2004, 8:46 AM

Not sure if this is a bug, or just a head-space error on my part, but I downloaded DMS this morning from CVS and set it up. I get the following error after launching it:

Fatal error: Call to a member function on a non-object in ./inc/inc.ClassFolder.php on line 66.

The Root folder is shown, and the error message follows. I dug around a while, but I'm still learning PHP and couldn't identify what was causing the error. I understand it's pre-beta and am not really looking for a solution, just thought I'd report it.

Thanks.

Line 66: "$this->_name = $user->getFullName();

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Jacob Romeyn - Wednesday, 5 May 2004, 10:32 AM

I think you did not do the following step in the Install file:

Create a /moodle/dmsfiles/ directory, and make it world writable with

chmod 777 /moodle/dmsfiles/

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by David Lamotte - Wednesday, 5 May 2004, 3:53 PM

Hi,

Please excuse me jumping in here when I haven't been really paying attention, but the following caught my eye:

"chmod 777 /moodle/dmsfiles/"

Isn't this a really bad idea to give everyone full access to these files ?

Surely 744 would be sufficient ?

Many hosts would not even run scripts that are group or others writable.

Thanks,
David

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Wednesday, 5 May 2004, 4:52 PM

If you chmod 744, then the directory would have to be owned by the user that runs the web server process (i.e., apache) to work. Since it's unlikely that you can either 1) have the web server run as "you" (your user account) or 2) chown the directory and make it owned by the web server user, it follows that this isn't going to work. And finally, the "chmod 777" is given as the "one-line no-brainer" solution, purely to minimize setup difficulty.

In fact the "most secure" way to do it would be chown the directory and give ownership to the web server user and then chmod 700. You cannot do better with an "upload" directory.

And also, it isn't the script that is group/others writable. It's just the upload directory.

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by David Lamotte - Wednesday, 5 May 2004, 6:43 PM

Jon,

Thanks for your reply.

What you say is absolutely true for the standard Apache install, but is not the case in all situations.

>>
If you chmod 744, then the directory would have to be owned by the user that runs the web server process (i.e., apache) to work. Since it's unlikely that you can either 1) have the web server run as "you" (your user account)
>>

This is exactly the situation with my hosting company (dreamhost.com), and many others. Their knowledge base states:

"On DreamHost servers, we have a special feature called suexec (which stands for "switch user execution") turned on that makes your CGI scripts on your web site run as though they were run by your user and group!

As a security precaution, suexec REQUIRES that all cgi scripts AND THE DIRECTORIES IN WHICH THEY RESIDE *NOT* be writable by anyone but the owner user. Otherwise, another user on your machine could go into the directory, edit your script to do something, then visit it from the web and they would then have access as though they were you! Then, they would essentially have full access to your user account, and that's bad!

SO, suexec requires that you change the owner (chown) and change the group (chgrp) to be your user and group (don't worry, these are the defaults when you upload or create a file), AND that you chmod (change permissions) that file AND THE DIRECTORY it resides in to be not-writable by the world. You can do this with the

chmod 755 filename.pl

command. You do NOT want to do chmod 777 filename.pl, even if your scripts' installation instructions tell you to do that. They don't know that you're installing your script on a server with suexec installed."

Now, most of my experience has been with Perl scripts, but I would imagine that PHP behaves the same way.

>> And finally, the "chmod 777" is given as the "one-line no-brainer" solution, purely to minimize setup difficulty.
>>

I can understand this for development/debugging but for a production server it is exposing your moodle/fileupload directory to anybody. It seems that you are saying that it is too difficult to work out what door key to use to gain access, so you are going to throw all the locks away. Sure, it fixes the problem, but creates a gaping security hole.

>>
And also, it isn't the script that is group/others writable. It's just the upload directory.
>>

But this is still a problem - chmod 777 allows anyone to upload any malicious script to the upload directory, and run it with the same permissions as the normal Moodle scripts. Even if it would be difficult to execute scripts, it still allows anybody with some moodle knowledge to browse the upload directory and download or delete anything that they find there.

The only way to prevent this would be to place the upload directory outside the moodle directory tree. The web server could still access it, but it would be inaccessiblke to normal web clients.

David

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Wednesday, 5 May 2004, 7:29 PM

David,

There are some points in your arguments where our risk assessment differs. Specifically:

"As a security precaution, suexec REQUIRES that all cgi scripts AND THE DIRECTORIES IN WHICH THEY RESIDE *NOT* be writable by anyone but the owner user."

However, there is no script installed in the /dmsfiles/ directory (it starts out empty), so even in your case, the DMS installation instructions don't violate these requirements. I don't see what the problem is, in this regard.
"I can understand this for development/debugging but for a production server..."

Well, this is not production software, and the instructions were hastily put together to let people try this out, so they are definitely not production level. Since these points are clearly stated in the README, the whole production argument doesn't apply here. You would be right to complain if this were about the normal Moodle distribution, but it isn't.
"Sure, it fixes the problem, but creates a gaping security hole."

Although it is good practice to follow rules of thumb, and not creating world-writable directories is a good rule of thumb, in practice there are cases where these rules can, or even must, be ignored. In this case, a hole does not exist if no way to exploit it exists. Assuming that DMS itself has no such exploits (and please report them if you find any), then the fault lies in the software which has an exploit that allows someone to execute code from the local filesystem. Conversely, if one of your students in a Moodle course uploads something "bad", say in an assignment, and exploits some third-party software to execute it, can that be considered Moodle's fault?
"But this is still a problem - chmod 777 allows anyone to upload any malicious script to the upload directory, and run it with the same permissions as the normal Moodle scripts."

Sure, it does allow uploading from inside the DMS. But perhaps you missed the feature that renames files to "random" md5 hashes to prevent people from guessing filenames, and also to prevent script execution even if they somehow happen to guess correctly (any book on cryptography will tell you what the odds of doing that are).
"Even if it would be difficult to execute scripts, it still allows anybody with some moodle knowledge to browse the upload directory and download or delete anything that they find there."

Surely you won't place important documents in your pre-beta DMS upload directory?
"The only way to prevent this would be to place the upload directory outside the moodle directory tree. The web server could still access it, but it would be inaccessible to normal web clients."

Which is why I mention exactly that in the installation instructions, so that people who a) understand the difference and b) have the knowledge of how to setup something more secure can do so. I 'll say again that this is not to say "hey, we think this is secure enough for you, but if you 're really picky you can also do that", but rather to make the point that security concerns are always under consideration and DMS will be secure when it reaches release.

Anyway, I think we have gone way off-topic here. If you feel the need to continue this discussion, please start a new thread.

Regards,
Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by David Lamotte - Wednesday, 5 May 2004, 9:02 PM

Hi Jon,

I guess that I should have read the 'pre-beta' title a bit more carefully

You do seem to have the security bull by the horns.

I was mainly voicing my concerns in case there were some decisions being made early in the design phase that could build in security holes which are very hard to fill later. In my line of work I see broken and compromised systems every day. Their owners are usually oblivious to the security holes that leave their valuable data visible for all to see.

Thanks for taking the time to set me (and possibly others) straight.

David

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Mark Burnet - Wednesday, 5 May 2004, 7:37 PM

Sorry, for my ignorance on this point, but isn't the moodledata directory outside the moodle directory tree? I assumed this blocked access except through the Moodle derived security.

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Wednesday, 5 May 2004, 3:44 PM

Hi Steve,

It should probably be called a bug, at least in the sense that it shouldn't be fatal.

My guess on what happened is this:

1. You installed DMS.
2. Afterwards, you deleted at least one user from Moodle's db.
3. You get this error when trying to view the user folders, not when viewing the root folder itself (in which case the user folders are too deep inside to get displayed).

Is this correct? Anyway, I 'll be checking in a fix for this behavior sometime today.

Thanks,
Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Thursday, 6 May 2004, 11:32 PM

Hi Jon,

I missed Steve's post and your response when I posted yesterday. Updated DMS today. Looks fine.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Steve Sorden - Saturday, 8 May 2004, 7:42 AM

Hi Jon,

Thanks for the follow up. I downloaded the latest files this morning and your changes appear to have fixed the problem. I had to delete a few "dummy" folders and we were in business.

One strange thing I'm seeing now is a permissions issue (appeared after I uploaded two documents). I suspect it's a server problem between Apache's "nobody" and the project group owner, though, and will tackle that on Monday. I've also noticed that I can't view or download the uploaded files, but I suspect it's part of the same problem. The dmsfiles folder is set at 777 and the rest are set to 775.

Thanks for all your work on this module, Jon, and to Martin for his vision and efforts. Moodle is a great project and I'm looking forward to becoming more involved.

Steve

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Wednesday, 5 May 2004, 4:56 PM

OK, I 've fixed this. Now you will see these kinds of folders and documents as owned by the "dummy user". Also, while debugging I came upon some "unexpected" behavior (the DMS crashed even when such orphan folders were NOT supposed to be displayed on screen) that led me to locate a severe performance issue, which too has been taken care of.

In other words, thank you twice!

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Thursday, 6 May 2004, 12:50 AM

Hi Jon,

Installed DMS the other day and all was fine.

Today I updated and although the page displayed, I go a message like this,
Fatal error: Call to a member function on a non-object in /homepages/22/d12345999/htdocs/moodle/dms/inc/inc.ClassFolder.php on line 66

Is this a significant problem or something I did wrong when updating?

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Mike Churchward - Friday, 7 May 2004, 4:08 AM

Hi Jon -

I just installed a fresh install (downloaded from CVS just minutes ago). When I ran the setup.php. the DMS create hundreds of 'User Folders' called 'Dumy User'. That's not what it was supposed to do, was it?

mike

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Friday, 7 May 2004, 11:23 AM

Hi Mike!

I only got 2 dummy folders..I thought Jon scripted for that to address the error Steve and I got.
"...hundreds of 'User Folders' called 'Dumy User'...." hmmmmmmmmm.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Friday, 7 May 2004, 4:58 PM

That was a stupid mistake of me in the installation routine. I changed the name of a variable in one place instead of two, so it created lots of records owned by userid "0". blush

It's now evident that this is why the problem with the crashes happened in the first place.

Anyway, I just fixed this in CVS. You should follow the instructions for resetting the database after getting the latest version. Thanks for the report, and sorry!

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Mike Churchward - Friday, 7 May 2004, 8:34 PM

That looks better!

Thanks Jon.

The one oddity I do have is that it also created new folders for any deleted users. In my case, where a bunch were deleted and then re-added, I have duplicate folders. I guess that would be the case if such things actually happened, although it makes it difficult to determine who's is who's.

not sure how to handle this...

mike

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Friday, 7 May 2004, 9:22 PM

Well, normally this sequence of events would result in the user's folder being deleted along with his account (or not?!?! is the record kept but marked deleted so as not to disrupt the modules etc etc that depend on finding a user with a specific userid?), so that wouldn't be a problem.

Or maybe these folders could be marked as "belonging to deleted users". I 'm not sure what would be correct.

Anyway, these issues (along with some configuration) will be addressed when I have time to integrate DMS a little tighter into Moodle (auto-creation of new user folders with the user, link for your personal folder somewhere, ability to globally set quotas, etc etc). Basically I assume that noone would be interested in using this in a production site, so I don't feel any great pressure to do this integration stuff right now, and prefer to work on new features.

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Mike Churchward - Thursday, 13 May 2004, 10:47 PM

For now, how about we don't create a user folder for a deleted user? Since they are deleted, it won't matter.

It'll help my debugging. wink

Its an easy change in 'setup.php' - one line. I've set it up that way here; I can check it back in to CVS if there's no issues with doing it that way.

mike

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Thursday, 13 May 2004, 11:25 PM

No problem, Mike. Whatever works! wink

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by David Le Blanc - Thursday, 13 May 2004, 1:06 PM

Jon,

What a wonderful module the DMS will be. I have been combining a number of different tools to incorporate the DMS functionality into my existing moodle courses. Indeed, one tool is the http://dms.markuswestphal.de/about.html project. approve

What would make the integrated dms tool most effective for things like a student ePortfolio is if learners had the ability to make a public (read-only) folder where they could upload documents that they could share with others. Perhaps they could send the URL to this public space to employers, parents, etc. Also some kind of annotation capability that the student could elicit feedback from others but could delete comments when needed. Do you or anyone else know if such features are planned?

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Thursday, 13 May 2004, 2:47 PM

Hi David,

I think (my knowledge is limited) that is what happens in WebDav with http:// links to documents. I do know know if Jon is considering this feature in myDMS.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Thursday, 13 May 2004, 3:49 PM

Hi David,

Creating such a folder is technically possible right now: you just make a new folder and change the permissions to give read access to everyone. Of course, all of that folder's parent need to have read access too, which doesn't hold true for user folders, and simple users do not have admin access to their user folders so they cannot change their permissions. But you can try it as admin. Is this the functionality you are describing?

From another perspective, one can argue that portfolios are very important and so every user should have a portfolio by default. Creating specialized "portfolio" folders would also allow fine-tuning of whatever features we need, but are portfolios so important? I honestly don't know, I 'd be glad to get some feedback on this.

As for the comments feature you are describing, I 've noted it but there are many things that have priority over that in the roadmap. Unless the portfolios get promoted to the front of the queue.

Jon

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Hans de Zwart - Thursday, 13 May 2004, 6:04 PM

Portfolio functionality is a very hot item in the Dutch educational system (Ger calls it a hype, and I have to admit that I haven't seen a decent implementation (with motivated students) yet).
What is probably needed is giving the student their own file area + giving the students the ability to share these files (and actually anything they make) in an order that they define to three groups: themselves, their friends (anyone that has a key), the public (no need for a key). It would probably be best if they can give access to all files (or other things than files) individually for each file.
I think this type of functionality would be well appreciated, but might be more of a special module plugging into the DMS. thoughtful

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by W Page - Thursday, 13 May 2004, 8:41 PM

Hello Hans!

I cannot remember if Jon has a feature that limits space for each users folder? I think he has done that. I guess the ability to do what you indicate (ability for each user to ceaate different folders - private, share, public) is on the "to do" list.

WP1

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Mike Churchward - Thursday, 13 May 2004, 11:42 PM

Hey Jon -

Where is your 'roadmap'? Sorry, I've lost track of this project somewhere, and would like to get back up to speed.

mike

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by John Papaioannou - Friday, 14 May 2004, 3:52 PM

Since this thread is far too long already, and also I 'm not prepared to post a roadmap today, I owe you a new thread in this forum Mike. wink

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by David Le Blanc - Friday, 14 May 2004, 2:48 AM

Jon (and others),

I know that portfolios are gaining increasing importance for secondary and post secondary education. As Hans de Zwart mentioned, ePortfolios and portfolio assessment and learning are gaining increasing importance in the Netherlands. In England and France they are often mandated as part of curricula. Several US states now require that every student complete a portfolio and this has been directly tied to the funding of some programs. Here in British Columbia, beginining in September, every learner in grade 10 will be required to start a portfolio to be continued through their grade 11 and graduation year (http://www.bced.gov.bc.ca/graduation/portfolio/).

Likely, a student managed, read-only sharable files space in moodle would fill only the minimum requirements to support learner portfolios and reflection. However, some sort of presentation tools such as moodle's integrated HTML editor might be used for learners to display their work as an overall product. Moodle course developers and educators may have to rely on incorporating extrernal software through the resource module in moodle courses.

I should probably move this discussion elsewhere but your DMS project seems the best set of tools to support ePortfolio development within moodle at the moment.

For others who are curious what might constitue an ePortfolio at differnt levels here's an excellent link: http://www.asdk12.org/staff/lloyd_pam/pages/Electronic_Portfolio/index.html

One of the more popular open source ePortfolio projects for higher education is: https://www.theospi.org/ They have a demo functioning at: https://www.theospi.org/portfolio/index.jsp

For elementary and middle school, Concordia University in Québec is working on an open source solution: http://grover.concordia.ca/eportfolio/promo/

As I stated, this discussion may belong in another area. I just wanted to give you and others an idea of what I mean by a learner's ePortfolio and its constraints.

Average of ratings: -

(OT) simple ePortfolio

by Ger Tielemans - Friday, 14 May 2004, 2:48 AM

ePortfolio? My most simple solution for this is:

Students personal page has a view and an edit mode:

create an option to attach files to the edit page which get after upload a hyperlink .
put a checkbox after every uploaded file on this same edit page
only files that are checked by the student are visible in the view mode of that personal page

version 2:

The institute can create a personal page with section headers for the deliverables
When a student uploads a file, he also has to fill-in a motivation/explanationbox
put help-buttons in the headers for the how-to help..
again he can choose to show that box next to the file with the same mechanism
in view mode the section headers are also visible.

(Attaching the eWiki tothat page can do this and more....)

Version 3: attached files are like pages in book:

Institute creates a TOC
student can fill the pages
visitor can turn the pages in that book or jump from TOC
userinterface like http://craftysyntax.com/myscrapbook/ (Open Source, PHP)

Average of ratings: -

Re: (OT) simple ePortfolio

by David Le Blanc - Friday, 14 May 2004, 3:00 AM

These are good suggetions Ger.

I've also considered modifying one of the moodle course formats with links to the learners' DMS filespace. Learners could exploit the journal, forum and workshop modules for reflection and feedback. This new DMS feature would be used as a repostiory for their primary documents (evidence). If a subfolder of the learners filespace could be made viewable to others then I can see some great potential for collaborative interchanges as learners construct their portfolios.

Average of ratings: -

Re: DMS pre-beta is now LIVE!

by Eduardo Del Valle - Wednesday, 19 May 2004, 9:32 PM

Hi, this is something we are using that hope can help with some ideas; is neat, small, nice, fast DMS application .

http://owl.sourceforge.net/

Average of ratings: -