concrete5 Environment Information
# concrete5 Version
5.6.3.2
# concrete5 Packages
eCommerce (2.8.12), Front End File Uploader (2.2.2), Gallery (1.8.1), Slate Theme (1.5.3.1), Xclydes OAuth (1.0.1).
# concrete5 Overrides
blocks/dr_login_indicator, blocks/dr_object_uploader, controllers/api, controllers/archive, controllers/logs, controllers/install.tar, controllers/register.php, elements/product, helpers/x_o_auth_consumer.php, helpers/x_o_auth_provider.php, jobs/clear_tokens.php, js/controls, js/loaders, js/three.js, js/three.min.js, css/avatar_viewer.css, models/object_files, single_pages/api, single_pages/privacy_policy.php, single_pages/register.php, single_pages/terms.php, single_pages/obj_viewer.php, single_pages/ad-tester.php, single_pages/obj_uploader.php, themes/apitheme, themes/core, tools/attributestest.php, tools/authrequest.php, tools/aws.zip, tools/Aws, tools/aws-autoloader.php, tools/CHANGELOG.md, tools/GuzzleHttp, tools/JmesPath, tools/LICENSE.md, tools/NOTICE.md, tools/Psr, tools/README.md
# concrete5 Cache Settings
Block Cache - Off
Overrides Cache - Off
Full Page Caching - Off
# Server Software
Apache
# Server API
cgi-fcgi
# PHP Version
5.6.24
# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dom, ereg, exif, filter, ftp, gd, gettext, hash, iconv, imagick, imap, json, libxml, mbstring, mcrypt, memcached, mhash, mysql, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_sqlite, posix, pspell, Reflection, session, SimpleXML, soap, sockets, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib.
# PHP Settings
max_execution_time - 30
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - -1
max_input_vars - 1000
memory_limit - 90M
post_max_size - 65M
sql.safe_mode - Off
upload_max_filesize - 64M
memcached.sess_lock_max_wait - 0
mysql.max_links - Unlimited
mysql.max_persistent - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - nocache
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5
Hide Post Content
This will replace the post content with the message: "Content has been removed by an Administrator"
Hide Content
So, to get you started, there are 3 functional areas to circumvent.
1. Who can see and click the FEFU icon
2. Access to the FEFU popup
3. Saving the uploaded file.
1. The library JlFrontendAccess function confirm_access. You can short circuit this to return true so anyone has access.
2. Without digging in deeper, I think (not sure) this is covered by (1), so again by short-circuiting the check in library JlFrontendAccess.
3. This is the difficult part. when a file is uploaded, it needs user to own it. In FEFU as it stands, that is already take care of because a user is already logged in and validated by 1 and 2. You will need to modify either the tool do_the_upload or the library JlUplaodAndImport to make the concrete5 request think a user is logged in and can be the owner of the file. Its not something I have ever done, but if you search back through the forums ( a few years ago) @mkly posted some notes on how to run a job while pretending a user was logged in. Perhaps a similar trick could be used here to provide a user to own the file. If you do that, I suggest creating a user with minimal access just for this purpose. Don't pretend to be an admin or super admin!
Good luck and pleas post back how you get on. I am curious. But obviously I cant get involved any further than I have already done.
John