I'm currently building a simply file hosting script using Slim 3. Currently I have my users folder on the same level as my public directory. Now that I'm attempting to access the files inside the user folder I'm getting errors caused by my document root not being able to access my users folder. Would it be a better idea to put my users folder inside my public folder because technically that would be public info to the logged in user?
It depends on what these files are - If they are only for the specific user or if they are available to all users.
When the files has to be private you can not put them into public, simple because everyone could hack url and get access to them. So you should put them in any data directory and make them available using an endpoint like /file/{username}/{name}.
In such endpoint you can easily append Header about filetype or if it should download or try to show in the browser window.
Whatever you make publicly available to the web server will be handled by default as any other asset:
Its URL is based upon the actual file name
If you know the URL you can download it
If it's a .php file it will be executed
You can certainly address all this concerns (and some of them may not even be concerns for your use case) but I don't think this is the ideal layout for a typical user-managed directory tree. Your current approach makes more sense to me.
To access such files you need to create a proper download script that makes all the appropriate checks (e.g. access checks), matches file system stuff from URLs and serves the assets as static files. In Slim that means creating a route with parameters and writing a handler function that does all this stuff.
Related
I am using spatie library to upload some files which will be saved to the storage folder. What I want to accomplished at the moment, is to view those files or images when I am an authenticated user. I've tried creating a symlink using this command ,
php artisan storage:link
But this makes those file to be seen publicly. What I only want is to view those file, only when the user is an authenticated user. So far this is what I did but it seems like I miss something.
ROUTE :
Route::get('/storage/{filePath}', 'ComplaintsController#fileStorageServe')->where(['filePath' => '.*'])->name('complaints.viewfile');
CONTROLLER :
public function fileStorageServe($file) {
// know you can have a mapping so you dont keep the sme names as in local (you can not precsise the same structor as the storage, you can do anything)
// any permission handling or anything else
// we check for the existing of the file
if (!Storage::disk('local')->exists($filePath)){ // note that disk()->exists() expect a relative path, from your disk root path. so in our example we pass directly the path (/.../laravelProject/storage/app) is the default one (referenced with the helper storage_path('app')
abort('404'); // we redirect to 404 page if it doesn't exist
}
//file exist let serve it
// if there is parameters [you can change the files, depending on them. ex serving different content to different regions, or to mobile and desktop ...etc] // repetitive things can be handled through helpers [make helpers]
return response()->file(storage_path('app'.DIRECTORY_SEPARATOR.($filePath))); // the response()->file() will add the necessary headers in our place (no headers are needed to be provided for images (it's done automatically) expected hearder is of form => ['Content-Type' => 'image/png'];
// big note here don't use Storage::url() // it's not working correctly.
}
VIEW :
#foreach($complaint->attachments as $attachment)
{{ $attachment->file_name }}
#endforeach
When I click the link it will give me something like this.
http://127.0.0.1:8000/complaints.viewfile/http%3A%2F%2F127.0.0.1%3A8000%2Fstorage%2F3%2F60580fdeadc55_worship.jpg
Please help. Thank you...
You need to understand how files are served by a web server and how that interacts with a laravel application.
You likely have nginx or apache set up to serve files from the public folder of your laravel app. ie: /var/www/sites/laravel-site/public.
When an HTTP request is sent to your server, if your nginx or apache is configured to serve files like laravel-site.com/storage/documents/secrets.pdf statically, then your laravel application code will never even be run, and you cannot control access to these files at the application level.
If you want to setup access control to files, you will need to first ensure the requests are not going to be served statically, and second setup a route to serve the files after checking if the user/request has permission to access the file(s) you want to serve.
There are lots of other great answers and resources on how to do this.
Correct me if im wrong but isn't the easiest way to do that via system-settings ? Like you have different Users and you just put them in different groups that have different rights for folders/files.
How do CMS's such as MediaWiki, Drupal, Wordpress etc. display the correct pages when a URL is for a directory/file which doesn't exist.
To clarify, if I go to the url https://en.wikipedia.org/wiki/Example, there is no directory on wikipedia's server /wiki/Example, instead MediaWiki creates the page from templates and information in databases etc. I'm asking how the CMS "Hijacks" the request for that directory/file in order to send it's own page back rather than a 404.
I'm asking with regards to php as that's what I'm using and what most CMS's seem to be primarily based on.
Web server (i.e. Apache, Nginx...) has possibility to catch requested URL and to convert them to something else, some other URL. Most common way is by using .htaccess file placed in site's root directory. In some systems files starting with dot (".") are hidden by default so you must enable somewhere something in order to see them at all.
It contains rules (among other things) how to recognize some routes or set of routes and what to do with them them.
I.e. you have "virtual" path like:
/event/32
You'll create a rule to catch every path that starts with "/event/" and also catch part after that ("32") and instead of opening un-existing directory it will call some script like:
/event.php?event_id=32
So that captured parameter has been sent as get parameter "event_id" to event.php script.
For this search/replace and capturing path part regular expressions are used.
You have many tutorials online how to do that, just google for them:
https://www.addedbytes.com/blog/url-rewriting-for-beginners
https://mediatemple.net/community/products/dv/204643270/using-htaccess-rewrite-rules
https://help.dreamhost.com/hc/en-us/articles/215747748-How-can-I-redirect-and-rewrite-my-URLs-with-an-htaccess-file-
....
Main server configuration is placed in some other server directory, most likely accessible only for server admin. But this .htaccess file a a way to allow "common users" to do some configuration changes, which will apply only for directory where that file is placed and it's children.
But you can also do a lot of other thins with .htaccess file, i.e. send some header parameters, allow/forbid access to some files/directories, set some simple login mechanism (password protection) and much more...
The basic concept is very simple:
Use a custom 404 instead of the default
Dynamically generate content based on the entered url
(updated file structure)
I've got this situation:
a general database with several users (unique_name, database_name, user, password, version)
a release folder with different versions of the app. (releases/version/...)
each user has his own database, from which the info is found in the general database.
if a user navigates to "http://www.app.com/unique_name/", I want the server to:
load the correct user info from the general database
load the correct version of the app (and the correct assets)
use the correct user database in the app.
The users can only see "http://www.app.com/unique_name/" in it's browser, and there will be API calls to "http://www.app.com/unique_name/api/...".
file structure:
/
data/
unique_name/ (files for unique_name)
unique_name2/ (files for unique_name2)
...
releases/
v1.5/
index.php
api/
v2.0/
index.php
api/
What would be a correct way to approach this using apache and php?
Your question need more details from your side but what i could understand, In this case you have to be very decisive on project structure,
Make url looks like -> www.app.com/index.php?/unique_name
Create a bootstrap file which handle all request(landing) and pass unique_name as a parameter, you can use .htaccess file for this
Parse the url and get the first segment, Gets the Database and version details from general database based on argument and cache or store it in session(user data + version folder mapping) it.
Loads the correct version of file-system using php(may be need to write a router class)
www.app.com/api/index.php?/unique_name
src\
api\
index.php
releases\
xxx.xxx\
xxx.xxx\
index.php
As far as api code, i would advise to place all api related code at top level.
You need to write some router(mapper) which will make the absolute path of assets or files, can be used for loading.
I am attempting to create a website utilizing PHP as the driving power behind the gears. The idea behind the site (generally) requires that each user be presented with the option of creating their own profile (currently considering creating a directory for each user).
I have been doing considerable research in order to set this application up in the best means possible. But I am suffering from extreme confusion when it comes to creating the directory structure. I am considering downloading a framework assistant (CodeIgniter) which might assist me in the venture, but I'd rather get the opinions of others first.
Currently I have all of my files and content within my public_html folder, and I am aware that this is not the ideal set-up. But I'm not sure how to go about creating an alternative structure. I do not know where to store the various templates (header.php, footer.php, etc) and how/where to call them.
I want to create pages to list the "About", "Contact Page", and other content, but do not know where these pages should be located? Do I save the content of these pages within the public_html directory and simply include the templates from the various subfolders?
Concerning a config.php file: I am attempting to have all of the necessary information pertaining to MySQL connections within a single file, as well as other necessary information to be included at the beginning of EACH page within the site.
Thoughts? I'm fairly new to the cloud, and so simple and basic responses would be greatly appreciated!
You're thinking of this wrong. You don't need a directory for each user. You can use GET params to have one script (profile.php, for example) pull the appropriate profile for a user dependent on data passed to it. For example, profile.php?userid=5212 would pull the profile for user 5212 ($_GET['userid'] would contain the user's id in this case). Passing nothing could easily default to pulling the profile for the currently logged in user.
You could also use mod_rewrite so that http://www.yoursitehere.com/profile/5212/ could do the same thing (look into routes in most PHP frameworks)
Your directory structure should suit you. If the site is simple enough you could get away with something simple like just
public_html/
css/
includes/
images/
js/
Your database configuration could live in public_html/includes/ and you could include it on any page requiring a database connection. Your about and contact pages can be actual files located in public_html/ to keep things simple. Again, these are just suggestions. Your directory structure should be whatever you need it to be.
Store everything in a structure that makes sense to you. Something like this should work:
public_html
-Includes
-images
-css
-blog
And so on...
regarding the config file, you can store in in the public_html directory, or in the includes directory
You might consider using a PHP Web Framework like Symfony. It will help with a lot of the basics so that you can concentrate on the Product features.
For the user profile, Store all there information in a database with user id as a field.
When the user logs on, run a query to select all the information by querying against there user id.
As for file structure, you could use:
public html
includes
header.html
footer.html
config.php
classes
pages (stores other pages besides index.php here, contact, about etc.)
css
JS
index.php/html
and outside of the public_html folder I have my mysqli.php file.
To include these header files in your index.php file you would simply create (in your includes folder or wherever you choose) a config.php file with something like the following :
require_once($server['document_root']."/classes/filename.php"); // include needed files and mysqli connection here as well
You could also set a custom error handler in the config file as well if required.
In your index.php file you would then call the config file (which would automatically include any files you specified in the config file as well) and your header and footer i.e
include('/includes/header.html');
include('/includes/config.php');
<!--ENTER PAGE CONTENT HERE-->
include('/includes/footer.html');
I have a quick question about how to serve data from a repository in a application that I am writing using the Zend Framework.
My current structure is:
/application
/filespool
/library
/public
In the filespool are a number of user identifiable folders that contain user content that is uploaded via forms, mainly jpg/png and pdf. This causes issues when trying to display an image back to the user as the path in my db to reference the file is:
../filespool/0/0/1/image.jpg
which I can't display in the view script as it can't reference the image.
What would be the best way of adding the image to the view script when trying to display it back to the user? I thought about adding the filespool folder to under public but would rather leave it where it is, as that move would require a lot of work to refactor the changes.
Thanks in advance...
i guess you could try 2 diferent things ( actually just one )...
use htacces to make a virtual directory for the file pool using rewrite ( not working )
make a php file in the public directorry that takes a parameter with the path and serves the files
EDIT
Spoke to soon ... you cant use htaccess ... and that is because its outside your document root so the server cant serve files from there.