Shared hostling - error when trying insert something to database

Published 1 month ago by paklic9

Hi, I have problem with setting correctly my website on shared hosting (forpsi). On local host is all working fine. I did all what I found on internet. And all is working except one thing. The problem is, when I am trying to write/insert something to databse (login, register, insert a form).

It always do/say: The page has expired due to inactivity. Please refresh and try again. (image: https://ctrlv.cz/shots/2018/01/15/OHQX.png )

I also tried to set access rights 777 to storage and bootstrap/cache recursively, but it didnt helped. PS: Reading and getting data from database is working and showing the data from database on page is also working.

Does somebody know, how to fix it? I would be happy.

jlrdw
jlrdw
1 month ago (204,090 XP)
Snapey
Snapey
1 month ago (842,895 XP)

Seems like you have issues with storing session data.

Make sure the web server account owns all the folders and there are not files in there owned by another user.

When testing the site, look in storage/framework/sessions and make sure files are being created.

Make sure that config/session.php has this line;

'domain' => env('SESSION_DOMAIN', null),

and that there is no entry in .env for SESSION_DOMAIN

paklic9

jlrdw: I did these basics and pages that just show information are working. Probably something wrong with my config files? Like the sessions as Snapey said.

Snapey: I cannot use env file on this shared hostling, so I had to set all settings inside config files and I did set all setting like in .env file or default, if it wasnt in .env. And SESSION_DOMAIN wasnt in .env, so I left it on default (null). So it looks like this:

'domain' => null,

I tried to change it to:

'domain' => '.domain.cz',

But its also not working.

So what to do? Is it possible to change some parametrs in config to make it work?

Edit: maybe is problem, that I storing sessions in file (SESSION_DRIVER = file)? Should i try store it in database?

I am newbie in this, sorry.

mdecooman

@paklic9

Make sure you address all the needed config that were in the .env file. I.e.: your database, see if you put all the correct info in config/database.php

Snapey
Snapey
1 month ago (842,895 XP)

I cannot use env file on this shared hostling,

Thats a big red flag for me...

paklic9

Okey, I got it. The problem was in session.php and exactly in secure. I had it on true, so I set it to false and its working.

I have last two questions. Snapey why is that problem? To use it without .env file? Do I break some security thing, when i am not using .env, but filling it hardcore in config files? For example: It is safe to use it without .env in comercial use?

And do I need to set access rights 777 to storage and bootstrap/cache recursively? I found that on internet, but it looks like everything is also working without it. I am scared about setting things to 777, because it usualy break some security or am I wrong?

P.S.: All biggest shared hostlings in our country (Czech republic) do not allow to use .env file. At least, what I checked. And things like VPS are much more more expensive.

EDIT: The domain should get SSL(HTTPS) while creating, but it didnt get it for some reason... I didnt checked it, it was my bad... So I asked the hostling to give me ssl certificate, then I hope it will work with secure. Sorry for it. Anyway thank you for your help. But i am still not sure, about using laravel without .env and the access rights. If somebody can explain me that two things, I would be happy.

shez1983

how much are you paying for shared hosting? i bet something like 60$ (or similar) - for this you can get your own VPS on digitalOcean..

mdecooman

@paklic9

Not having an .env file and putting all settings hardcoded in the code is a security issue since I guess you push your config files in your repo (Git, Bitbucket, etc...). Leaking information where it could be avoided is always a bad idea. Now if you are the only one touching it, I guess you can live with it. Your application is not collecting credit cards right? ;-)

You SHOULD not have to put a chmod 777 on any folder ever. Seems you have a good new resolution for 2018 to improve your skills in that area. If you have precise questions along the way feel free to ask.

Best

paklic9

@mdecooman

Thanks for answer. Yeah, only I have acess to the ftp, where data are stored, so it should be okey, as you say. And no my apllication is not collecting credit cards. It would be different, if the application collects credit cards?

About that chmod, i thought it. Just some guy said it on forum, that you should do it (and here its also written https://github.com/JosefKuchar/Larawed#post-installpatch ).

P.S.: I am just beginner in all of this, still learing a lot. I recently started to interest in Laravel and all these things. And I am just student on high school, so for it I am using shared hostling(it costs less than 30$ per year without domain). VPS would be like 2x more (60$). But in future I will move to VPS. It looks like everything will work now on shared hostling also.

Snapey
Snapey
1 month ago (842,895 XP)

Why would a host tell you you cannot have a particular named file?

Maybe its because they also tell you to copy everything into one folder and if you had a .env file then it would be exposed for the world to see.

Seriously, if someone is saying you cannot have a specific file, then I would question what they know about what they are doing.

mdecooman

Hi @paklic9

The credit card was just a way to say that your application is not required to be that secure (as a guess). If it were, yes that would be a bad idea...

Checkout https://www.vultr.com/pricing/ They have VPS starting at 2,5 USD/month, maybe someone from your family can "sponsor" you.

You can tinker with Laravel Homestead, (Vagrant, VirtualBox and Linux).

Happy learning.

paklic9

@Snapey

They doesnt say, that i cannot have the file. I have it on server, but it not using it for some reason. And i dont know exactly why. On some czech forum, they just said, that I need write all to config files.

I copied whole projekt to www folder(public) and made .htaccess (that redirect to public) and code is:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/ [L]
</IfModule>

and then in public I have main .htaccess:

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

I had to remove this from main .htaccess(because Options -MultiViews isnt allowed):

    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

@mdecooman

Actually its just small project for my friend and he wants to have it hosted in czech (with small budget on the beginning) and he is paying it.

In near future I plan to buy some small cheapest vps (somewhere in EU) for my project, but in this situation I will need to use the shared hostling like that.

And for now I am learing/developing on localhost on windows. And I know, what is and how to use virtualbox (like a home vps).

Please sign in or create an account to participate in this conversation.