So this is my problem. I replace an image with the same name on server (cpanel) and it is still showing the old image, this is happening with other files too, and even if I delete the image it is still there on the site. How do I fix this?
Clear everything.
Even if you think you have, just be safe and clear your cookies and cached images for your site.
The other possibility is that you've named it the same but with a wrong case. Remember HTML and PHP is case sensitive when looking at file names.
Let me know after you've attempted these.
Related
Error
Good
The 'Error' pic is what I get when I go on localhost, browse through pages and end up there.
The 'Good' pic is what I want to achieve, that is what I get when I specifically open the page from the htdocs folder.
The change in the font is well made, saved, as you can see in the second picture. I just cannot seem to understand why it redirects me to the old page ( that's how it used to look).
This is how I made the redirect in the pages : TEXT
Without any more details and code it's a bit hard to say. However, since you said that this is how the page used to look like here are some things I would check first:
Delete browser-cache or hard-reload (Ctrl + F5)
Is the correct HTML and JS-/CSS-files loaded and referenced? This can be easily done in the browser devtools (F12 in most browsers).
If you use a framework, the served files might get aggregated and cached. So maybe also delete your PHP Cache (e.g. ./bin/console cache:clear for Symfony)
Your <a>-tag seems right, but without a clearer overview of your routing-system or folder-structure it is not possible to be 100% sure. Please make sure, that you call the right file here.
I hope that these steps already solve your problem. If not, I need a bit more information to be able to help.
I am trying to deploy my website with laravel on web shared host, not vps.
I have 2 problems here:
When I overwrite picture in public folder, the picture won't changed. But if i checked on file manager on cpanel, it actually changed, and when I copy the image address and paste it on other tabs it doesn't changed until I refresh it, the image changed so do in the web. I'm using Laravel Image Intervention to uploading image, i guess it's don't have problem with library.
For this problem, I just write
Image::make($imgDriver->getRealPath())->save($pathDriver); to upload the images. I've tried to use File::delete before overwriting the image, but it doesn't solve the problem.
The second error is, sometimes i stucked on redirect loop, and I don't know why, all I do was clearing cache to fix it. Do i really need to clean the cache everytime it shows redirect loop. Any other way to solve it?
I'm using Route::controller to route. Is it the problem?
I really appreciate any help. Thank you
Your browser is likely caching the image, rather than your hosting provider. If you use Google Chrome, there is a setting to disable cache, which is handy for development. If you want the image to update in your code, append the timestamp to the end of the image in your HTML, e.g. <img src="my_image.jpg?ts=12345">. If you use the timestamp when the image was uploaded, it will change everything a new image is uploaded, effectively loading the new version without clearing cache.
The redirect look is likely to be a session issue, where you're saving or updating something in the session, causing a redirect loop to occur. This can be painful to debug, but the best thing to do is add debug code to the affected routes / functions to narrow down the cause, e.g. using dd("i'm here") to see which block of code could be responsible.
Issue
In order to connect my PHP code with MySQL database I use PDO way, creating variable, assigning it with new PDO object where arguments contain settings such as server, database, login and password. So in resulting code it could look like this:
$DAcess=new PDO("mysql:host=server;dbname=database","login","password");
I don't feel comfortable having my login data written directly into the code nor do I find it effective in case of possible changes of those data. It was recommended to me to solve this by storing those data in other text file (preferably .INI file) from which it is going to be retrieved anytime I need, for example, having file:
xampp/htdoc/EXERCISE/secret/config.ini
The problem is If any user figures out the location and name of this file, they can easily access it and its content by entering URL/HTTP request into their browser:
server(localhost)/EXERCISE/secret/config.ini
It was adviced to me by the same source the file is supposed to be forbidden from acess by those protocols. So I need to be able to acess the file with my PHP code but disallow any user to acess the directory/file on their own. How to do this?
Possible Solution
I have been roaming these pages and other similar forumses yet all results of my research with keywords such as "forbidden" were about users who lost permission unintentionally. I have also been looking for Google solution, yet Tutorials I have found were referencing to file located somewhere else in my XAMPP version and were about lines of settings not included in this file in my XAMPP version - considering I have downloaded XAMPP from official page, I should be having recent version, thus those tutorials were outdated.
It left me with no other choice but experiment on my own. After a while, I have found directory "forbidden" in directory "htdoc", have played with those files and have ended up with something looking like solution to my issue.
Specifically, I copied .htacess (obviously nameless text file with but extension) and placed its copy into to-be-forbidden directory. I changed nothing in the file but line referencing to login data storing file. I have created my own text file (nameless with but extension .ldatastore) where using copied pattern login:password I have written my own desired login data and made .htacess use this file instead of original htdoc/forbidden/.htpassw.
Since then, it seems it works. Whenever I try to acces those files with my browser on new session (browser closed and opened again, otherwise it doesn't need autentification again), it does not let me browse the directory nor look into its files (neither those which are responsible for those actions such as .htacess or those I created myself such as config.ini) unless I provide valid login data same to those in .ldatastore text file.
So why am I asking this? I feel uncomfortable doing it this way because of several reasons listed below. In case this is the only easy and possible solution, I can live with that, but in case there is much better way you would recommend, I will gladly read that, which is why I am asking for your suggestions. I was also writing this whole text to explain my case fully, provide enough data and express "I have done some research and understanding of the case before asking" so that this would not be by the rules of this page marked as "off-topic".
Reasons Why I Would Prefer Alternative Solution
I feel like it is XAMPP framework dependant. That the whole module making this work is part of the framework's code while .htacess just marks the directories that should be forbidden by this module. That means I am afraid If I would release my project on proper paid server hosting with their own PHP executing software, it wouldn't work everywhere and that this is just XAMPP way to do it. Correct me If I am wrong and this is solution used widely on any PHP executioner.
I was trying to understand the module's documentation located as text file in the "forbidden" directory yet it seems from the documentation this module was developed mainly to make one safe and forbidden server storing secret data accessible then by various different application on different servers rather than just forbidding secret directory (I would leave this directory to be part of my application which is major difference between my usage and by author assumed usage). Correct me If I am wrong and I misunderstood the usage.
Despite the fact I cannot acces the files via browser without login data, my PHP code seems to have no problem acessing the files - I used PHP code to retrieve text from text file that should be forbidden this way and it worked (it echoed the text) with no sign of problems. Well, in the end, I certainly would like to make it work this way yet I expected even PHP code that retrieves the text would need to somehow contain login data to have access. This way it feels like anyone instead of entering the reference into browser would make their own PHP code that would acces those files from my server (which would make this act to increase security useless little bit). Correct me If I am wrong and it is not this easy.
I feel paranoid that it is not safe enough solution. Correct me If I am wrong and it is totally safe and preffered solution.
Too Long, Didn't Read
Is copying and pasting and customizing .htacess file safe enough to make directory forbidden only acessible by my PHP code to retrieve data from there and is it useable on most platforms?
I have recently found in right bar of similar questions this one (How to secure database configuration file in project?), yet I am not sure whether it can be used in my case, too, and how to do so.
As #Darkbee stated, the simplest way is to have the file outside your website root. This would be accessible on the server, but not to the public under any circumstances.
The alternative is to set the permissions to 400 on the file.
.htaccess could block access, but not blocking access to the server (which needs access) is just a long way of doing what would be simpler just using permissions.
Just 30 mins ago I ran into a really unexpected problem (which as a matter of fact happened to me for the 1st time in my life, and in the 10 years of coding websites).
On a particular page from my admin module, few images reverted to their old state, the exact way they were few days ago. Which means I changed them yesterday, and now they all look like they were before.
It gets more weird. I logged in with Filezilla, and deleted the images. They still appear, with the way they looked 3 days ago, before I changed them.
If I go to the URL of the image it still displays the old images. If I look locally in my Windows folder they are the new version, upload them again, still the browser displays the old version.
I erased the cache in Chrome, even restarted the computer thinking there is something to do with Chrome or something, i really ran out of options. Firefox displays the same, the old images (even if i uploaded the new version of images).
I tried with CPanel FTP manager and...surprise...if i look at an image, it's the good version of images (the new one!). But all browsers fail to see the image.
Also as a keypoint, if I erase the image with ftp, the browser still sees it (SHIFT + f5, still it sees it, so it's not from cache). ?!?!
ANy pointing to the problem is really appreciate. Cheers
Sounds like your hosting provider has a reverse proxy that caches requests for images. One way to overcome the problem is to add something to the URL, perhaps a request parameter, that makes the proxy think that the request is not for the same image.
For example, http://www.example.com/yourimage.png?date=2012-10-25
Sounds like the hosting provider is screwing you over, so I'd say step one is to dump them and move elsewhere...
But if Joni's suggestion doesn't work, you can build your image dynamically on the server, like:
<img src="imageHandler.php?image=myimage.png" />
Your imageHandler.php code would need to read the bytes of the image, and build the HTTP response manually and pass the image bytes back. Not sure what that would look like in PHP, but it shouldn't be more than a few lines of code.
This is a terrible solution, since it would require a ton of processing and disk access for a trivial task like pulling images, but I'd expect that it would at least work.
it's the first time i answer my own question cause it was related to external factors.
yes, problem was fixed, it was actually the guys at tech. dept. at the ISP i have the files hosted, the virtual hosts config file for my domain xxx.net was ..misconfigured.
cheers all, problem is fixed
Today I got an issue, which says I should hide some files from the public. Actually these are some "user specific" files so others than the owner should not be able to see them.
I didn't want to read the files with fread or something like that if there are other options so I did some research about the problem and found X-Sendfile mod for apache on an other thread here on SO.
It works almost as I need it. Except one thing.
The files are hidden with htaccess, they aren't visible for the "world" and I can serve them with X-Sendfile header after authentication.
BUT what if someone create a php script what does the same thing as mine? Users may remember the urls for the files. The files will be available for them. That's bad...
Do you have any idea what can I do to prevent others than the owners to access their files without permissions? I need a solution for nginx at first.
The files are on a server without PHP, it's only a static file server.
Moving files to an other directory won't work, it would make much more pain.
Thank you
UPDATE
It seems like I missed that the downloaded file was 0Kb or something like that, because I wasn't able to do the trick again.
BUT what if someone create a php script what does the same thing as mine?
Why are you letting users upload arbitrary code?
Users may remember the urls for the files.
Users will never see the URLs except for the script that uses X-Sendfile.
Do you have any idea what can I do to prevent others than the owners to access their files without permissions?
Verify their auth in the script that uses X-Sendfile.