Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mvpop's avatar
mvpop
OP
7 years ago
Level 9

edit() and destroy() functions not working on shared hosting

Hello folks,

My problem is as follows:

I have redesigning my personal website so now it's laravel based. On my machine it's all fine but once deployed to a shared hosting, on the blog ("/articles") I can only add new posts. I can't edit or delete existing posts.

These are my edit and destroy functions in PostsController.php

public function edit($id)
        {
            $post = Post::find($id);
        
            if(auth()->user()->id !== $post->user_id) {
                return redirect('/articles')->with('error', 'Unauthorized Page');
            }
            
            return view('articles.edit')->with('post', $post);
        }

public function destroy($id)
            {
                $post = Post::find($id);
                
                if(auth()->user()->id !== $post->user_id) {
                    return redirect('/articles')->with('error', 'Unauthorized Page');
                }
                
                if($post->featured_image != 'noimage.png') {
                    // Delete Image
                    Storage::delete('public/featured_images/'.$post->featured_image);
                }
                
                $post->delete();
                return redirect('/articles')->with('success', 'Article Removed');
            }
        }

Hopefully it's just something related to the server and not an error in my code since it's working just fine on localhost.

If you want to have a play here are the credentials to my website:

http://mvpop.co.uk/login email: [email protected] pass: 123456abc

Thanks in advance.

0 likes
23 replies
bobbybouwmann's avatar

Well this happens because of your redirect

if (auth()->user()->id !== $post->user_id) {
    return redirect('/articles')->with('error', 'Unauthorized Page');
}

It seems that the edit page is redirecting you to /articles in my browser. I can also see that in the developers console

Request URL: http://mvpop.co.uk/articles/41/edit
Request Method: GET
Status Code: 302 Found
Location: http://mvpop.co.uk/articles

So I think the user is not the created of that post. Maybe something goes wrong there?

Also it seems that you do send a session value in the form of error to the view, but you never display anything!

Let me know if this helps you out!

1 like
mvpop's avatar
mvpop
OP
7 years ago
Level 9

@BOBBYBOUWMANN - Thanks for your reply. Yes that's the line that is blocking everything but for some reason works on my localhost. And then as you said no error message displayd.

I create a fresh new user and same thing happens. At first I tought was because I imported that SQL database and the user. But I have created a new user. (once you are logged in with the test user you have access to /register so you can create a new user).

I really think this should be some sort of server configuration error since on my localhost is working... I haven't found anything similar on stackoverflow or googleing.

HUGE_DICK_10_INCHES's avatar

It may be that your hosting doesnt provide put, patch and other methods besides post and get. If that is the case you could either change all methods to post or contact your hosting provider and ask them to change their setting. I had same problem.

1 like
mvpop's avatar
mvpop
OP
7 years ago
Level 9

@SKYCODER - I have spoken with them already. They said they aren't blocking anything on their side and I can check and uncheck PHP extension in my cPanel.

Here's a print-screen with the extensions I can check or uncheck: http://prntscr.com/mn5t3v

Over the PHP Options tab I found these functions being disabled:

exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, symlink, syslog, escapeshellcmd, escapeshellarg, `, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, pcntl_alarm, pcntl_exec, pcntl_fork, pcntl_setpriority, apache_child_terminate, link, readlink, dl

To be honest with you I'm not 100% sure wich one do I have to unblock.

arthvrian's avatar

1, check if not true

dump(auth()->user()->id);  
dump($post->user_id);
dd(auth()->user()->id !== $post->user_id);

if(auth()->user()->id !== $post->user_id) {

or you can

if(auth()->user()->id !== $post->user_id) {
    dd('Unauthorized');
}

if you see a true from the dd() and your id's is not equals or you see Unauthorized something is happening with one of your id's

mvpop's avatar
mvpop
OP
7 years ago
Level 9

Ok so I just removed this code from my destroy() function and now it's working.

if (auth()->user()->id !== $post->user_id) {
    return redirect('/articles')->with('error', 'Unauthorized Page');
}

I still can't understand the following:

1 - on localhost it's working just fine with this if statement inside.

2 - why is not working because at least syntax wise I can't spot any errors.

mvpop's avatar
mvpop
OP
7 years ago
Level 9

@ARTHVRIAN - I've tried the second version and is returning "Unauthorised" every time even tho it should be authorised. So perhaps not getting the user id's as it should...

HUGE_DICK_10_INCHES's avatar

@MVPOP - Try cleaning cache, config, views, routes etc... You can call helpers for that on get route. Also auth()->user() may be not logged, you would need to check if auth() and then if id is not equal because you would get error if auth is null, trying to get id of null and if you turn of errors it would not work as you expected

arthvrian's avatar

make a dump of the data

dump(auth()->user()->id);  
dump($post->user_id);

dump(Auth:user()); // get all the user data

you can try Auth:id() instead of auth()->user()->id

arthvrian's avatar

correct how?

you have a !== means the type is important (1 !== '1' is true) did you try with != and pass (not redirected)?

1 like
mvpop's avatar
mvpop
OP
7 years ago
Level 9

@ARTHVRIAN - Yes it looks like that was the problem. But then why it worked on my localhost ?

arthvrian's avatar

I don't know, maybe:

  • different versions of php/mysql
  • different column types in tables (localhost vs production)

in fact, this is not a solution, you must check the datatype of your User and Post, !== must work

mvpop's avatar
mvpop
OP
7 years ago
Level 9

@ARTHVRIAN - The only difference I can spot between localhost and shared hosting in the database is the cardinality... localhost is having "1" and on the server is "2".

arthvrian's avatar

2?

  • in both (users and posts tables) is 2? // !== must work
  • id on user table is 2? // selected posts record must have user_id = 2
  • user_id on posts table is 2? // logged user must have id = 2
bobbybouwmann's avatar

@arthvrian @mvpop Both Auth::user()->id and $post->user_id should by default return an integer so the !== shouldn't be a problem as well!

This is really weird behaviour...

mvpop's avatar
mvpop
OP
7 years ago
Level 9

It's working if I specify the expected data types...

 if( (int)auth()->user()->id !== (int) $post->user_id) {
                   return redirect('/articles')->with('error', 'Unauthorized Page');
            }
mvpop's avatar
mvpop
OP
7 years ago
Level 9

On my machine "user_id" is an integer as expected but in production "user_id" returns a string... any thoughts why is this happening to me ? Or should I just cast data types "just in case" ?

bobbybouwmann's avatar

Do you use the same database? The same database engine? You should probably looking into that direction!

Please or to participate in this conversation.