In Service Cloud (FKA RightNow) Customer Portal, isn't the "assets" folder writable?
I'm trying to upload a file to a subfolder inside the "assets" folder but I seem to be running into permission issues. The code I'm using is:
$file_name = "File_".time().".txt";
if(move_uploaded_file($_FILES['upload']['tmp_name'], HTMLROOT . '/euf/assets/uploads/text/'.$file_name))
{
header("Location: /app/read_file/file_name/".$file_name);
exit;
}
This is throwing an error which states:
Access to move_uploaded_file is denied because its trying to access restricted folders in ......
Is there no way to save the uploaded file into the "assets" subfolder via PHP?
EDIT:
The destination seems to be correct as if I use:
echo HTMLROOT . '/euf/assets/uploads/text/'.$file_name
it prints:
/vhosts/sitename/euf/assets/upload/text/File_1480674311.txt
So the correct filepath is being referenced but somehow the framework is not allowing me to save it in there.
Update
The use case is such that via the CP, a person will upload a CSV/TXT file. This file would contain contact info (name, email etc) which will then be read (at a later stage) to create contacts in OSvC. This would be a recurring process, perhaps twice or thrice a month.
Since the reading of the file will not happen at the time of upload, storing the file someplace is the ideal solution.
Correct, the folders are protected by user permissions that are enforced by WebDAV and the file system. And, the assets folder is not intended to be a file storage mechanism for uploads as you are using in this capacity.
Is there a reason that you are placing files in assets as opposed to attaching them to incident or contact objects that would be within the context of someone operating within Customer Portal?
If you're looking to build some sort of content management into Customer Portal, then I'd suggest using a separate product for file storage that provides an API where you can manage files with more granularity, like Oracle Cloud Data Storage, where you can then serve these files from in CP.
Storing contact records or any other sensitive data in assets folder is VERY BAD PRACTICE. These files are open to public as any other files stored in assets folder - css, js, images...
There are other folders in the file structure that are much better for this purpose. They are only accessible from the code level.
Are you by any chance on v16.8?
Related
I have a web application and I want to save data in a file instead of in the database.
My doubt is, where I should save the file? If I save it under the public directory, I could refer them with the assets to make the correct URL, but in the public directory, any person could see the file writing the complete URL. This shouldn't be because de data is reserved.
I think about the var directory, but I couldn't use the assets to make the correct URL to get or manage the files.
Where I should save the files and how I get/manage them?
If the data-file is local and hosted on the server's file system, the most logical place to store something like that would be the var directory. Although nothing stops you from creating your own "var-like" directory and naming any way you like it. E.g. data. But I would follow the conventions and create var/data, easier for everyone.
That you can't use the asset() function is irrelevant, because a data-file is not a web asset, but an infrastructure concern.
A file like this should not have a URL at all, but you would only access it through it's file system path.
I have a laravel project that i hosted on a shared host. using the system i saw on Laravel Deploy Instruction
So am suppose to upload image, -- user's image. To the public_html folder but since am not in the public_html so the users can't upload their image. since my code lie out side the public_html folder and it doesn't allow write permission for general users. so i tried uploading it to 'storage folder' (ie the my laravel project folder, that is in the sane level as the www 'public_html' folder.) it works i can see the image in the storage folder but i cant access because it is behind the public_html folder. and whatever can't be point to. Example project/storage/app/public is the folder that has the user image if i point to it in <img src="project/storage/app/public/user.png" > it wont display because the browser looks for project/storage/app/public inside the public_html folder whereas it is outside the public_html. So can someone touch on this. Thanks guys. Or is htaccess use in this case?
you need to create symlink to Your storage folder .
please see this answer:
Laravel 5 - How to access image uploaded in storage within View?
the above method given by the link works for offline however not all shared hosting site support artisan Laravel sysmlink. so the absolute and best way to do this is with php symlink() function From PHP MANUAL
so just add this code to your web.php ie project\route\web.php
Route::get('/symlink', function()
{
if(symlink('/home/username/projectfolder/storage/app/public', '/home/username/public_html/storage')){
echo "We rock yea stackoverflow!!!! best programming software";}
});
so the username is the name of your home dir
I installed two codeigniter for desktop and mobile version. My directory structure is as follows:
www/projectfordesktop/application
www/projectfordesktop/uploads
www/projectfordesktop/projectformobile/application
My problem is that when I upload files from mobile site I want my file to be uploaded in main codeigniter application www/projectfordesktop/uploads. So, I want to access main codeigniter application base_url to www/projectfordesktop/projectformobile/. How is it possible.
I made two project because it redirect to m.project.com when accessed from mobile. And when access from desktop project.com. Is it good idea. If not, then is there any way I can use seperate view for mobile and desktop. Please help.
Thank you.
For security and a bunch of other reasons you absolutely do not want the upload folder in your application folder. And if at all possible you want your application folder and system folder above the public root. The other consideration - its possible and in some ways desirable to rename your application and system folder. So if your public folder is www
desktopapplication/www/
mobileappliction/www/
system306/www/
Now they are all safely above the public www, and they are labeled for what they are. Next you can have folders in the public folder, that contain the main index.php file for the specific application.
www/projectfordesktop/index.php
www/projectformobile/index.php
Open up the index.php file and redo the file paths to the application and system folder. Like
$system_path = '../../system306';
$application_folder = '../../desktopapplication';
The upload folder will now be either in www or one of the folders like projectfordesktop. Typically you would also put your css, js, etc files in there as well.
www/projectfordesktop/upload/
www/projectfordesktop/css/
www/projectfordesktop/js/
www/projectfordesktop/img/
Now - all the files which are public - are in a public folder. All the files which should be kept private - your application and system folder - are not public. And because you have labeled your application and system folder it makes it much easier to switch to different versions or revert back if needed.
I have a website hosted on ASP.NET server and using wordpress to build my site. I've extended its functionalities using PHP code. At which directory do I store secure files such as (passwords and certificate.pem)?
My server has the following structure:
-/
-/mywebsite.com
-/data
-/logs
-/wwwroot
-/wp-admin
-/wp-content
-/wp-includes
I understand that ASP.NET has a file called web.config file that is secure and stored at wwwroot. What's something equivalent using PHP?
Thanks.
Is -/website.com/data and -/website.com/logs publicly accessible? If not, you could create a new folder in -website.com/ to house the files.
/etc/ is a popular place for these types of files.
I have a folder (folder_1) that is protected by htaccess/htpasswd files. Inside that folder is another folder (folder_2) that is protected by another couple of htaccess/htpasswd files.
When a php-script in folder_1 or folder_2 is called, the user has to authenticate herself using the correct username and password as specified in the respective htaccess/htpasswd files. This works as intended.
However, as soon as the php-script in folder_2 tries to refer to another script or a css-file that is located in folder_1, the user must enter username and password for folder_1 as well.
Is there a way to avoid this that does not involve copying scripts and css-files from folder_1 to folder_2?
Regards,
Ralf
Unfortunately not; as simply enough, any requests from a particular directory use the rules defined in its own htaccess/htpasswd files. However, I can recommend that you put support files in a tertiary folder, so that you don't have to have a copy in each folder (put css and js in a "folder 3" of sorts).
You can achieve this using access rights, see here under "Checking access rights" about half way down the page. The results is only one login required by a user.
http://www.htpasswdgenerator.com/apache/htaccess.html
I've spent a half day looking into this as it would be an ideal solution for my staging server.