jlrdw

Try with a name and destination, i.e.,

$newname = $filename . $lid . "." . $file_ext;
$destinationPath = ASSET . 'upload/imgdogs';  // but use your path
$file->move($destinationPath, $newname);

And do you have:

..enctype="multipart/form-data"..

This question: https://laracasts.com/discuss/channels/vue/how-to-make-menu-active-in-slidebar-menu

Is answered but still shows up in "no replies yet". First time I've seen this happen.

Everyone is different. Me I have contributed to another framework in the past. Therefore I mostly dig into the API,

https://laravel.com/api/5.8/

and see how Taylor is using regular PHP to make things happen in the vendor folder. I've learned a lot from Taylor on things like__callStatic.

Behind the scenes it's PHP and PDO of course that makes the "easy" laravel and eloquent shortcuts happen.

I also use cakephp, yii2, and a custom framework, so I usually do not use "framework" biased code.

Two things:

One - format the code using Github markdown

https://github.github.com/gfm/

Two - it would only help you to view Jeffrey's free videos on laravel, already referenced on page one of docs.

I would highly suggest watching some of Jefferies free videos.

Very terse and epigrammatic .

A helpful hint hopefully, to find more "laracasts discussions".

Google

site:laracasts.com your search term

On mobile now, try I believe:

artisan view:clear

Generally one users table is good enough, a "user is a user".

That's where authentication and authorization come in.

A user is logged in. But with authorization you determine what that "logged in" user can or cannot do.

Even Jeffrey says in a video authorization is tricky at first to setup, but gets easier as you learn it.

Did you clear cache. Sometimes that's the problem after a code change.

Here is an answer I saved from a while back:

https://laracasts.com/discuss/channels/general-discussion/how-to-protect-images-and-files

I think the wrong person got the best answer but that's okay.

@talinon okay

Perhaps my reply was unprofessional, and I apologize for that.

I appreciate you saying that.

And I will admit it got out of hand after my first reply which is correct.

That reply actually is not mine it came from someone else I just use it.

I admit I really get steamed at times.

Thanks for being a good sport about it.

Don't you dare to tell me what I meant in my own answer

That was not my intent. I was reading the question from this post:

Are there significant differences between the two methods?

is all. And I was just attempting to go by what Taylor said in the docs.

But I will try your example.

Ok the question:

• Are there significant differences between the two methods?

Answer yes

Share is if you want to share some data various (times, places, etc)

Compact is one time use for current view being called.

I read the question and answered the question.

So the difference is intended usage.

share is for more than one view, compact is just passing to currently called view,

No. You are wrong

So the following from the documentation

Occasionally, you may need to share a piece of data with all views that are rendered by your application. You may do so using the view facade's share method.

You are saying I am reading that sentence completely wrong.

Share is for more than one but compact it's just for current View you are saying that's completely wrong is that not correct.

There's still an example in the article.

Well this explains:

https://scotch.io/tutorials/sharing-data-between-views-using-laravel-view-composers/amp

You normally set up view share when certain data may be needed at various places.

@cronix I agree with you on that, my only part I was trying to convey for OP is:

The .env can be read in the URL if the folder structure is not set correctly in a shared hosting environment, nothing more nothing less.

Granted this post got a little out of hand oh, maybe we'll all a little guilty on that.

Your above comment is what I meant by it's been expanded in usage.

I know how Taylor uses the .env.

I did not fall off a turnip truck yesterday, it was a manure truck.

See if this article helps:

https://moz.com/blog/how-to-filter-junk-traffic-google-analytics

ideas or solutions to this

Yes, perhaps watch some of Jeffrey's free introductory videos.

Just use the auth id

$whatever = Auth::user()->id;

I am guessing they are properly logged in.

Good information to share, the RFC 2616 and later RFC 7230 contains this. But many new to programming don't realize this, so I will definitely book mark this to refer others to as needed.

Thanks for the share.

See https://laracasts.com/discuss/channels/laravel/in-shared-hosting-environment-how-to-hide-env-file-from-public

Make it a law that anyone doing any site that sells, or deals with personal information has to do a 4 year apprenticeship program just like an electrician.

@talinon Perhaps go back to bed, and get up on the correct side.

Thank you for clearing up the thread's topic with that relevant code snippet.

Which had nothing to do with the post, rather a reply to your snide remark only.

Question

Would I have put code snippet if you had not put your remark.

Answer

No.

So you basically caused two or three answers that have nothing to do with the OP trying to secure their site.

My first answer does cover it. To bad you are looking to argue rather than helping the OP.

I respect Taylor and love the framework, but some how managed a java career before laravel was ever thought of.

And I try not to answer the way I did here, but good grief it's like you are wanting to pick a fight for some reason.

I just wanted to help the OP.

And the dot env was originally meant for development only, since it's expanded. However it's usage is not supposed to be under (htdocs, etc).

When generating random numbers there is a chance of a duplicate.

Better to have a table with numbers, and once one is used up delete it from the table. That's just one idea.

One technique I have used is getting the max id, and the new id is max(id) + 1. But also can be a problem if several people are entering data at the same time.

Best to let the auto increment do it's job. The above works great for an intranet, not a site with many adding data at the same time.

@Nakov okay, but a question.

The answer above mine, why wasn't that jumped on by you as well, why just my answer.

And how does your reply to me help the OP?

And referring OP to Jeffrey's videos is wrong, why?

Well a more simple answer is:

Jeffrey in a video says there are several ways of doing it, if I recall, he uses array, I use compact.

Watch some of Jeffrey's free videos.

all I was trying to do was analyze Laravel to know for sure what individual parts of Laravel need to be protected (hidden from public) and what can be visible to the public.

Did you at least look at:

http://novate.co.uk/deploy-laravel-5-on-shared-hosting-from-heart-internet/

That is not from me, but a guide I use for shared hosting. It is the proper technique for shared hosting.

If using D.O., they have tutorials.

I am waiting to see if @talinon offers you some assistance.

Incoming story on a Logistics company or some random pet code.

Funny an answer I gave using (and yes it's test data I use) has helped folks:

$quy = Powner::query()->leftJoin('dc_pets', 'dc_powners.ownerid', '=', 'dc_pets.ownerid')
                ->select('dc_powners.ownerid', 'dc_powners.oname')
                ->selectRaw('count(dc_pets.petid) as countOfPets')
                ->groupby('dc_powners.ownerid')
                ->orderby('dc_powners.oname')
                ->get();

Results basically give:

ownerid, oname, countOfPets

Like:

5|Bob|3
4|Greg|9
2|Rob|1

So I give an example instead of a cut an paste answer, sorry.

millions of sites are insecure because they use .env in production??

If .env is under public_html yes.

@cronix are you saying you do not remove main laravel out of public.

All I know is I use the guide that snapey posted a long time ago, and it works. It makes .env secure.

But OP do you recite any which way you so desire.

I just hope you're not dealing with people's personal information on such a site.

Has then thoroughly covered, Google

site:laracasts.com multi Authentication

I've given a couple of answers on it myself even.

Because people actually use the EnV file in a production environment where it's only meant to be used in development.

Type

Yoursite.com/.env

What is scary is the thought of having to explain such a detail.

Please look up compact in the PHP manual. It is not a laravel helper.

Put everything on the same level as public_html

No, very insecure that way.

Go to the server version you are using check the documentation and format exactly like they say.

I have a case where I import a csv, and what I do is:

$tdate = new \DateTime($array[$i][2]);  // comes in as 2/15/2019
$ndate = $tdate->format('Y-m-d');

And why do you need the time on a date field.

I wish I had a dollar for every time proper folder structure was answered. But here we go again:

First use this as a guide:

http://novate.co.uk/deploy-laravel-5-on-shared-hosting-from-heart-internet/

Second your folder structure would be like this:

https://i.imgur.com/Oo6k4Fp.jpg

Third your htaccess add the line:

    RewriteEngine On
    RewriteBase /laravel54/   //Change this line to your use case

A similar guide:

https://laravel-news.com/subfolder-install

Note in the guide:

FTP everything except your public folder into the back-end folder that you created (dj3core in my example)

FTP the contents of your public folder into the subdomain folder (dj3 in my example)

and

// require __DIR__.'/../bootstrap/autoload.php';
require __DIR__.'/../../dj3core/bootstrap/autoload.php';

and

// $app = require_once __DIR__.'/../bootstrap/app.php';
$app = require_once __DIR__.'/../../dj3core/bootstrap/app.php';

Use your names, and adjust as needed for laravel 5.8

If the guide is followed, this whole process only takes a few minutes.

=====================

Display an image use asset helper:

<img src="{{ asset('assets/upload/imgdogs') . '/' . $row->dogpic }}" alt="" class="image"></a>

Load basic resource:

<link href="{{ asset('assets/css/dog/style.css') }}" rel="stylesheet">

Load js

<script type="text/javascript" src="{{ asset('assets/js/jquery.js') }}"></script>

But use your folder names.

If using mix, follow documentation.

Have you cleared composer cache and updated composer.

In the users table, you can retrieve other fields just like id:

Auth::user()->id
//
Auth::user()->somefield

First I DO NOT recommend using custom auth until you know PHP and laravel and RBAC and security very well.

But folks with years of programming experience often implement custom RBAC.

I myself use laravel authentication but use it in conjunction with custom RBAC.

In user table I have a role field comma separated.

   roles 
-------------
admin
bkeep     // for bookkeeper
admin,bkeep   // both roles
user

I have a "required roled and make sure it's one of the logged in users roles via:

    public static function chkRole($role = null)
    {
        $userrole = Auth::user()->role;
        $checkrole = explode(',', $userrole);
        if (in_array($role, $checkrole)) {
            return true;
        }
        return false;
    }

More to it than that, but basically if a role doesn't match then you handle it similar to spatie.

see also

https://laracasts.com/discuss/channels/general-discussion/authorization-policies-and-reducing-the-repitition

and

https://laracasts.com/discuss/channels/laravel/security-in-controller

But until you are very experienced and can do custom RBAC, follow Taylor's and Jeffrey's instructions.

RBAC can be very tricky to set up, but becomes easier as you go. But it's easy to leave a hole if not careful.

Myself, I have auth routes, but implement authorization at the controller's method level.

I like it because it's not "framework" agnostic. Rather I can implement the same or very similar RBAC in cakephp, yii2, or a custom framework I still use.

I am not about to write different RBAC's for each framework. In fact my RBAC system also works in Java.

But you learn more first before wanting to "customize" things.

Ask Google.

Use built in. You can add other fields in the user table as needed.

Yes OP

Pretty simple

There are so many ways of doing it, and one of my cases I need to position it at a certain place also.

So Bottom Line This is simple stuff please, no pretty please, take some tutorials.

@snapey do they have a

Javascript for d.....

I would Google that myself but maybe the OP can Google something.

See https://laracasts.com/discuss/channels/javascript/javascript-d-block-not-working

<div id="cedit" style="display: none; .....

when clicked

$("#cedit").css({"position": "absolute", "display": "block", "width": "30%", "background-color": "#D3D3D3", "border-radius": "6px", top: event.pageY - 16, left: 200});

edit is finished or cancelled:

$("#cedit").css("display", "none");

Or use toggle as needed.

Point is, as suggested above take some tutorials.

Once again you are asking for copy and paste code, we have asked you to stop doing it, to learn this stuff.

Follow the documentation examples.

Use the asset helper.

Taking some lessons on relations would be a good start:

https://laravel.com/docs/5.8/eloquent

https://laravel.com/docs/5.8/eloquent-relationships