I am protecting a website with php sign-in form created with Laravel framework. When I type in the URL to get there (192.168.2.140/demosite/index.php) I get a blank page, no error. When I look at the Apache2 error.log it says the following:
[Fri Dec 07 12:23:24.379754 2018] [php7:notice] [pid 992] [client 192.168.2.138:52745] PHP Fatal error: require_once(): Failed opening required '/var/www/html/phplogin/public/demosite/../extra/auth.php' (include_path='.:/usr/share/php') in /var/www/html/phplogin/public/phplogin/index.php on line 4
I don't know how to get rid of the "demosite" embedded in the above DocumentRoot path so that I can get the real URL path as: /var/www/html/phplogin/extra/auth.php
Details of My set-up: I'm using Ubuntu LAMP Server 18.04.1 with Laravel Framework 5.7. I created a Laravel Project to the /var/www/html/ directory named phplogin. I can see my php login page just fine from the Laravel public directory from within the phplogin directory. Now I want to protect an already made and ready to go website. I created a directory name demosite inside the Laravel public folder and moved my ready to go website over to it.
To protect the ready made website, I add php code to the html code and change the extension from .html to .php. The PHP code needs to authenticate the user first, so it goes and looks for the Laravel root path which is the phplogin directory.
I disabled the defailt 000-default.conf file and created the laravel.conf file and inserted the following:
<VirtualHost *:80>
ServerName skydonuts.tld
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/phplogin/public
<Directory /var/www/html/phplogin>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The .htaccess in the Laravel public directory has the following contents:
<IfModule mod_rewrite.c>
#
<IfModule mod_negotiation.c>
# Options -MultiViews -Indexes
#</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
The PHP code that I add to protect the website is this:
<?php
// should be equal to: PATH_TO_PHPLOGIN_FOLDER/extra/auth.php
require_once __DIR__ . '/../extra/auth.php';
// reloads the page after authenticating
$currentUrl = (empty($_SERVER["HTTPS"]) ? "http://" : "https://") . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
// actual authentication process
if (! Auth::check()) {
redirectTo('login?to=' . $currentUrl);
}
?>
copy your laravel project to the server and configure apache to serve public as the document root. Don't put code in child folders of public.
There are plenty of tutorials out there for setting apache document root, however the answer depends if you want to use virtual hosts
Special Note:
If I were to move everything out of the /demosite directory and move them to the /public directory of my Laravel project /phplogin then the authentication will work and I get the correct DocumentRoot path of /var/www/html/php/extra/auth.php. I need help to find out how to keep the /demosite directory as a child or sub-directory of the Laravel project /public directory. In the future, I plan to have three other demos pre-made for me and all four sub-directories will have to pass through the same DocumentRoot path of /var/ww/html/extra/auth.php. So my structure will look like this:
var/www/html/phplogin (Laravel project)
var/www/html/phplogin/public/ (processes the login)
var/www/html/phplogin/public/demositeOne/index.php (premade website #1)
var/www/html/phplogin/public/demositeTwo/index.php (premade website #2)
var/www/html/phplogin/public/demositeThree/index.php (premade website #3)
var/www/html/phplogin/public/demositeFour/index.php (premade website #4)
@snapey Thank you for replying. I am a novice Ubuntu Server and Laravel Framework user. I'm not yet savvy enough to make the adjustments you recommended. In this case, I disabled the 000-default.conf and created the virtual hosting file, laravel.conf, which made sense to me, but I made a leap of faith on the tutorials I used. This is my fifth attempt to get the Ubuntu-Laravel-LAMP-server running with the phplogin Laravel project and it's currently working after using over 85 tutorials, until it was time to protect the pre-made website and that's when I'm getting the blank pages. I'm not sure how to make the adjustment to remove the "demosite" out of the DocumentRoot path of /var/www/html/phplogin/public/demosite/../extra/auth.php and turn it into /var/www/html/phplogin/extra/auth.php
One tutorial explained that if I was hosting my application on some shared hosting and I was not able to change my document root, it was recommended from a security standpoint that I should keep the Laravel project one level above the /html directory, so my Laravel project would look like this:
var/www/html (All of the Laravel project's /public directory contents would be moved here)
var/www/phplogin (Laravel project)
I don't plan to upload this project/application to a shared hosting service, it will live on a dedicated server.
The following tutorials showed me how to set-up everything inside the /html directory:
https://www.howtoforge.com/tutorial/install-laravel-on-ubuntu-for-apache/
https://hackernoon.com/a-step-by-step-guide-to-setup-php-laravel-environment-linux-50b55a4fd15e
The end result from following the tutorials structure was to leave everything inside the /html directory:
var/www/html/phplogin (Laravel project)
var/www/html/phplogin/public (index.php lives in here)
var/www/html/phplogin/public/demosite/index.php (premade website)
Once I'm given the answer to remove "demosite" from the DocumentRoot path and it works to protect the premade website, then I'll be able to back-up the working server and start moving directories and readjusting links and .conf files based on your @snapey recommendations.
Laravel uses index.php as its front end route. All traffic needs to pass through this.
index.php resides in public folder
Your document root needs to be the public folder.. not a specific php file. I dont get what you are doing trying to publish auth.php
I think you are missing a key concept somewhere, and if I were you I would start with a basic framework ( no changes on your part), and get that working on your apache server
@snapey By you writing that "Laravel uses index.php as its front end route. All traffic needs to pass through this." It's beginning to make more sense to me, there can only be one index.php and everything must go through it.
If I move my demosites one level back, I may be able to use the DocumentRoot path correctly, I'd have to make structural rearrangements because I haven't learned the Laravel framework structure or syntax. Our conversation is like that at a coffee shop where saying certain things stirs-up other points-of-views and new trials. I'm afraid I'm going to have to back up my server as it is now because it sort of works and start moving things around.
This is why you were writing that "Don't put code in the child folder of public." Because Laravel doesn't work backwards it moves forward through one index.php.
Please or to participate in this conversation.