PHP files directly accessable to web in laravel 5.2

Your webroot should be pointing to the public folder so the only publicly accessible php file should be the index.php file.

I'm not sure exactly what you mean about the images. Can you elaborate?

@spekkionu My images urls are like

src"example.com/uploads/images/123abc.jpg"

How i can avoid showing whole path?

Also how i can stop access to all other folders and files and only point to index.php?

The best way is pointing the root directory of your webserver to the public folder of Laravel. That way only the index.php file is accessible from outside (and in your "public" folder there should be only files that SHOULD be accessible from outside, like JS, CSS, images and stuff like that). If you don't have control over your webserver you should ask your hoster / sysadmin (if you're in a company) to help you with that.

The images depend on what you are doing with it. You need to display the whole path since the browser needs it to display the image. Other possibility would be to show the images as a base64 encoded string but that might make your website quite slow. Have you saved the images in a database? How about giving each image a random unique identifier that you can use as a name so they are not sequential anymore?

besides the assets there are'nt more files in the public folder

if you wanna catch the assets outside this folder make a route

Route::get('image/{imagename}', '...');

and handle it the laravel way. Within Laravel you are able to access other directories (e.g. /storage/uploaded_images/ or sth).

Pretty easy and well documented

The best way is pointing the root directory of your webserver to the public folder of Laravel.

Thats not the "best way" this should be the only way.

@ftiersch : I have uploaded images to a folder on server. I have saved their names in database.each image has random unique identifier.

For example my images are in uploads folder with name unique.jpg so i am showing like

I want to do it like src="path to a route or function"

how about this?

public function getFile($filename)
  {
    return response()->download($path.$filename, null, [], null);
   }

  Route::get('file/{filename}', 'FileController@getFile')->where('filename', '^[^/]+$');

What files and folders are you trying to stop access to? The only things that should be in your public directory should be things you want to be publicly accessible (which is why it is named public). If you have things in there that shouldn't be web accessible you should move them outside the public folder.

Do you require a login in order for your uploaded images to be viewable or are they viewable for everyone?

you can do it like this

Route::get('images/{unique_file_identifier}', function ($unique_file_identifier)
{
    $file = UploadedFiles::whereIdentifier($unique_file_identifier)->first();
    $path = storage_path() . '/' . $file->path;

    if(!File::exists($path)) abort(404);

    $file = File::get($path);
    $type = File::mimeType($path);

    $response = Response::make($file, 200);
    $response->header("Content-Type", $type);

    return $response;
});

and use it in html

<img src="/images/ajdhs77262sha2hssjajhs" alt=".." >

you also could use the Intervention Image Library

@spekkionu : I have remove public from url. i can access from url without public now.

for images i want to do something like this

public function getFile($filename)

{ return response()->download($path.$filename, null, [], null); }

Route::get('file/{filename}', 'FileController@getFile')->where('filename', '^[^/]+$');

That approach does not in itself protect your images, plus every image request has to be streamed through php rather than just served up by apache/nginx (= slow). It might work out if there is only one such image per page. Certainly not for a gallery.

Give each file a random UUID filename and then store the filename in the database. You can then just supply the link in an image tag and the visitor is unable to find any other content because the images names are un-guessable.

Don't even bother trying to protect that, it's not possible. This can be bypassed really easy. Instead, if you just want to protect your images from being copied, just watermark them. Look at http://www.shutterstock.com , they live off selling images

@sunergetic Yes but that's an image sales site. I expect all the images to be watermarked until I buy them. Randomising the URL is a watertight protection from someone iterating over the complete set.

I recommend this article to all - Phil Sturgeon: https://philsturgeon.uk/http/2015/09/03/auto-incrementing-to-destruction/

@Snapey Right, i see. I misunderstood the question, because of my language barier.

As @Snapey Suggests you could simply hash the name, which would solve the problem, like so:

$filename = md5( date('u') ); //Hash the current UNIX-Timestamp, may not be always unique

You can deal with this in multiple ways: 1 Put every file in an incremental folder name:

images/
    1/
        lkj3432l4kjlkjhwdflk.jpg
    2/
        3lk24j435lkjnKJHkdjfh094234.jpg
    3/
        lMMN32i12k3jlkjsdasdasd.jpg

    etc..

2 Check if hash is unique, if not rehash

    $filenameUnique = false;

    do {
        $filename = md5( mt_random(1,99999999999)  );

        if( file_exists('/path/to/images/'.$filename) == false ){
            //name is unique
            $filenameUnique = true;
        }
    
    }

    while($filenameUnique == false);

But ofcourse, it depends heavily on your use case, both are equally valid. Each approach have their advantages and disadvantages. If this a core feature of your app (Like in Instagram or Imgur) than, i would do some more reasearch on what would be best long-term. If not, just pick one you find more readable and maintainable.