Thanks for the video. Those who don't have SSH access can create a route to generate symlink. Route::get( 'symlink', fn () => Artisan::call( 'storage:link' ) ); will generate the link.
@@bulent2435 its a link command that can soft or hard link files and folders similiar to what artisan storage:link does. When they disable the command doing it via web route will give an error that ln is disabled if i remember right
"ln" is a linux command to create symlinks, I am not sure laravel is using this - I guess it's using PHPs symlink() function which is safe when using different operating systems don't forget to delete the route after creating the symlink :D
Very well explained, at 12:09, you missed to explain how to download private files when using Spatie Media library, It works for public but 404 for private files while downloading.
Thank you.I just got a deep understanding of the disks.But I have a different method of having a class ie ImageProcessor which I use for all my image processing.
Just btw, the s3 filesystem does also support `root`, so you can do the same "make a new disk per thing to store" and use a single s3 bucket for public and a single buckeet for private
I don't use file as an extra field in the db table, instead have a separate controller and model for cv, and avatar, that is an Avatar controller and a CV controller. I then use the post controller to handle both file inputs. I take the post ID after the post has been updated and save it if ($file = $request->file('CVfile')) {
At 9:40, when you added a new disk to store avatars and changed the putFileAs() parameter to '/', shouldn't you have changed also Storage::disk('public') into Storage::disk('avatars') to make it work?
Hi, Awesoem tutorial as always. I have a question, in the case of private file, you told the method to allow "Download" the file, what if we want to show the image (to only authorized users)?
Thank you for this video. I want to store some user files in private disk but i want to let only user view their own files in browser because if i put them in public and any user gets the name they can view it. can you help this?
Thank you! Please tell me how you can set up folders for the Spatie media library so that if there are a large number of files, they can be sorted into subfolders? and is it possible not to do a subscription for one file?
Nvm, apparently I had to do some readjusting in the custom disk from this. 'categories' => [ 'driver' => 'local', 'root' => storage_path('app/public/IMG/category-img'), 'url' => env('APP_URL').'/storage/IMG/category-img', 'visibility' => 'public', 'throw' => false, ], to this. 'categories' => [ 'driver' => 'local', 'root' => storage_path('app/public/IMG/category-img'), 'url' => '/IMG/category-img', 'visibility' => 'public', 'throw' => false, ], And then, in the HTML, I can access the images as follows: Storage::disk('categories')->url($category->image)
Terrific tutorial --- thanks! Why are the methods getClientOriginalName and getClientOriginalExtension "considered unsafe"? The Laravel docs says it's because "the file name and extension may be tampered with by a malicious user". What kind of "tampering" is possible and what could the effect of such tampering be? Is it unsafe even to get that information and store it in the database as a field (without using it as the name of the file)?
file name and extension is considered unsafe because it is a form of user input and should not be trusted. What could be possible attack vectors? 1. file with the same name overwritten. 2. extension jpg doesn't mean it is image, it can easily be php file. (by default laravel prevents execution by accessing such files directly) 3. mime type can also be spoofed by first bytes of the file if you do check only mime/type. 4. fill up your disk space This is what you can do to avoid that: 1. does your user really needs to know the actual file name? most often the $file->hashName() is enough. optionally save filename as db entry, make sure it is not parsed as a code. 2. validate extension, mime/type and contents of the file. for images process them after upload by removing EXIF and other metadata. 3. validate the file size. 4. use CDN for file storage, so you remove the possibility to executing them on your server.
Hello sir, How to upload a zip file which contains some xls files inside. So basically upload zip file then extract it somewhere and start inserting all rows of each xls files into database.
hello friend, I have a website. users can send images from the dashboard of the laravel application(Breeze), then the admin (Filament) can edit them. but the image only appears in the table, when I edit the image it does not appear. does anyone have a solution here? thanks, god bless🙏
Look at what image URL you have on the edit page in the Browser Console. Double-check your .env file for correct APP_URL. These are two suggestions which, in my experience, usually solve the problem.
When trying to create a user page in which the posts can only be seen by the followers of the page and the owner themself, where should I store the posts images? If I store it in the public disk anyone that has gotten the image link once can access it forever. Is this a problem? For example what would a platform like instagram do for private pages and the images in those pages?
During dev, just use the default (file) (tests mostly use array, which is in-memory cache-ing) During production you have some options - database (poor man's cache) - memcached (good, but probably slower than redis) - redis (needs redis server to run, but good.) - dynamodb (when running on AWS) - octane (speaks for itself, when using octane)
Please @LaravelDaily, can you help us create a video on Localisation. Am trying to build a Laravel Application of English and Arabic, many Laravel developers are having this issue also and also the use of rtl & ltr when chnaging from Arabic to English, can you help with this Sir? For todays tutroial, i really do learn a lot, Thanks 👍
Why you save in the variable $avatar the action Storage::disk.... Why you dont simple do Storage::disk... without saving in $avatar that is something that I saw also in real life projects but I never understand why
Not convinced why these files shouldn’t be saved in longblob field in the database. Why clutter the file system of the app along with the possible issues that creates. Database seems to be the perfect spot for saving these files but have not found a single tutorial for doing so. Been doing it that way in several projects withstanding years of use with hundreds of thousands of pdf files without issue. I’d like to see someone create a tutorial using livewire or filament to see how others would approach that solution.
Setting up Google Drive is pretty complex, actually, you need to register it as a driver in the filesystem. Googled this tutorial: www.luckymedia.dev/blog/google-drive-integration-with-laravel
Thanks a lot for this video. However I have a peculiar issue. I uploaded a file but when I try to download it, I get this error Unable to retrieve the file_size for file at location: 2f8e7eb388f214ec84c7ab92a2154670df0abd730a030f864b.pdf. when I check if it exists I get true but when I try to download I get this error
Excellent explanation.Spartie media library solves many problems as you mentioned.
Thanks for the video.
Those who don't have SSH access can create a route to generate symlink.
Route::get(
'symlink',
fn () => Artisan::call(
'storage:link'
)
);
will generate the link.
In some shared hosting services "ln" command is locked so this also wont work
@@amirkouchaki7481 too bad but what is ln command?
@@bulent2435 its a link command that can soft or hard link files and folders similiar to what artisan storage:link does. When they disable the command doing it via web route will give an error that ln is disabled if i remember right
"ln" is a linux command to create symlinks, I am not sure laravel is using this - I guess it's using PHPs symlink() function which is safe when using different operating systems
don't forget to delete the route after creating the symlink :D
I've been waiting for this amazing video! Thank you Povilas! More one great content, very clear explanation!
I think your explanation way suite just the master developer
I'm so grateful with you!!!
Very well explained, at 12:09, you missed to explain how to download private files when using Spatie Media library, It works for public but 404 for private files while downloading.
Thank you.I just got a deep understanding of the disks.But I have a different method of having a class ie ImageProcessor which I use for all my image processing.
Thank you sir great mentor, You really kill it for storage tutorial.
best laravel content in youtube 😎😎😎🎉🎉
Thank you very much for your helpful videos, master. This is one of the treasures.
Just btw, the s3 filesystem does also support `root`, so you can do the same "make a new disk per thing to store" and use a single s3 bucket for public and a single buckeet for private
Good one! At @9:43 shouldn't you change the public to avatars in the disk method?
Oh yeah, well spotted!
awesome information as always. thanks 👍
Thank you for explain is easy way
13:57
why did not we use asset('storage/'.Auth::user()->avatar) ?
Good tutorial of file upload
I don't use file as an extra field in the db table, instead have a separate controller and model for cv, and avatar, that is an Avatar controller and a CV controller. I then use the post controller to handle both file inputs. I take the post ID after the post has been updated and save it
if ($file = $request->file('CVfile')) {
if (CVFilecontroller::where('post_id', '=', $request->post_id)) {
$jobfiler = JobOpslagFile::all()->where("post_id",$id);
foreach($jobfiles as $CVfile){
$filename = $CVfile->name;
$CVfile->delete();
$CVfile_path = public_path('ansfil/'.$filename);
if(file_exists($CVfile_path)){
unlink($CVfile_path);
}
}
}
$fileName = "CVfile".auth()->id() . '_' . time() . '.'. $request->CVfile->extension();
$type = $request->CVfile->getClientMimeType();
$size = $request->CVfile->getSize();
$request->CVfile->move(public_path('CVfile'), $fileName);
CVFilecontroller::create([
'user_id' => auth()->id(),
'post_id' => $id,
'name' => $fileName,
'type' => $type,
'size' => $size
]);
}
Thanks so helpful video. Thanks
Thank you so much!
At 9:40, when you added a new disk to store avatars and changed the putFileAs() parameter to '/', shouldn't you have changed also Storage::disk('public') into Storage::disk('avatars') to make it work?
Yes you're probably right, well spotted!
Thank you very much for the answer! I just noticed that someone else made the same question some weeks ago.
Hi,
Awesoem tutorial as always.
I have a question, in the case of private file, you told the method to allow "Download" the file, what if we want to show the image (to only authorized users)?
Img src=Laravel-route-that-returns-image
Thank you very much
Thank you for this video. I want to store some user files in private disk but i want to let only user view their own files in browser because if i put them in public and any user gets the name they can view it. can you help this?
Thank you!
Please tell me how you can set up folders for the Spatie media library so that if there are a large number of files, they can be sorted into subfolders? and is it possible not to do a subscription for one file?
I haven't done those two things with Spatie, I like its default folder structure and don't see the need to change it.
This is ressourceful
Is it possible get a url for a private (just authenticated) file? For example, for load image in some
Yes, then your "src" should be a URL to Laravel route which should return image after the middleware.
If I use a custom disk driver to store images, how can I access those images in the image HTML tag?
Nvm, apparently I had to do some readjusting in the custom disk from this.
'categories' => [
'driver' => 'local',
'root' => storage_path('app/public/IMG/category-img'),
'url' => env('APP_URL').'/storage/IMG/category-img',
'visibility' => 'public',
'throw' => false,
],
to this.
'categories' => [
'driver' => 'local',
'root' => storage_path('app/public/IMG/category-img'),
'url' => '/IMG/category-img',
'visibility' => 'public',
'throw' => false,
],
And then, in the HTML, I can access the images as follows:
Storage::disk('categories')->url($category->image)
Thanks
can i use policies to prevent unauthorized download instead of middleware
Yes
Great tips as always! May I ask what app are you using to connect to the database? Thank you
TablePlus
@@LaravelDaily thank you
Terrific tutorial --- thanks! Why are the methods getClientOriginalName and getClientOriginalExtension "considered unsafe"? The Laravel docs says it's because "the file name and extension may be tampered with by a malicious user". What kind of "tampering" is possible and what could the effect of such tampering be? Is it unsafe even to get that information and store it in the database as a field (without using it as the name of the file)?
I guess it's worth another separate video some day
file name and extension is considered unsafe because it is a form of user input and should not be trusted.
What could be possible attack vectors?
1. file with the same name overwritten.
2. extension jpg doesn't mean it is image, it can easily be php file. (by default laravel prevents execution by accessing such files directly)
3. mime type can also be spoofed by first bytes of the file if you do check only mime/type.
4. fill up your disk space
This is what you can do to avoid that:
1. does your user really needs to know the actual file name? most often the $file->hashName() is enough. optionally save filename as db entry, make sure it is not parsed as a code.
2. validate extension, mime/type and contents of the file. for images process them after upload by removing EXIF and other metadata.
3. validate the file size.
4. use CDN for file storage, so you remove the possibility to executing them on your server.
So we can use spatie/media-library for any file type? 🤔
Yes
You rock!!!
How can we crop avatar image to store small and centered images?
That can be easily achieved with SPATIE Media library as mentioned in the video
If Spatie Media Library can move files from storage to public folder, does that mean that you don't need the sym link?
It moves to storage/app/public. But you can configure it to move to /public. Then yes, you don't need a symlink in that case.
@@LaravelDaily thank you!!
Hello sir,
How to upload a zip file which contains some xls files inside.
So basically upload zip file then extract it somewhere and start inserting all rows of each xls files into database.
You need ZipArchive in PHP. Googled old tutorial: code.tutsplus.com/file-compression-and-extraction-in-php--cms-31977t
hello friend, I have a website.
users can send images from the dashboard of the laravel application(Breeze), then the admin (Filament) can edit them.
but the image only appears in the table, when I edit the image it does not appear. does anyone have a solution here? thanks, god bless🙏
Look at what image URL you have on the edit page in the Browser Console.
Double-check your .env file for correct APP_URL.
These are two suggestions which, in my experience, usually solve the problem.
@@LaravelDaily thank you for the advice, God bless you🙏
Ho about file size configurations? For both the Laravel Application and the web server you are using.
Read about validations.
Here's our tutorial about it: laraveldaily.com/post/validate-max-file-size-in-laravel-php-and-web-server
@@LaravelDaily Thank you let me check it out
When trying to create a user page in which the posts can only be seen by the followers of the page and the owner themself, where should I store the posts images? If I store it in the public disk anyone that has gotten the image link once can access it forever. Is this a problem? For example what would a platform like instagram do for private pages and the images in those pages?
Good question. I guess they store them as private and then do img src=Laravel-route-that-returns-image
i have last_login_at column in table users. how update this column when user logs in? event listener doesnt work...
Not sure why event listener doesn't work. It should work, can't debug that for you.
In your auth controller? Update it after the successful login attempt
Sir which cache driver should I use in Laravel? Please tell me sir.
During dev, just use the default (file) (tests mostly use array, which is in-memory cache-ing)
During production you have some options
- database (poor man's cache)
- memcached (good, but probably slower than redis)
- redis (needs redis server to run, but good.)
- dynamodb (when running on AWS)
- octane (speaks for itself, when using octane)
Please @LaravelDaily, can you help us create a video on Localisation. Am trying to build a Laravel Application of English and Arabic, many Laravel developers are having this issue also and also the use of rtl & ltr when chnaging from Arabic to English, can you help with this Sir?
For todays tutroial, i really do learn a lot, Thanks 👍
Our team doesn't work with RTL so I can't really help, sorry
Thanks Sir@@LaravelDaily
❤
Why you save in the variable $avatar the action Storage::disk.... Why you dont simple do Storage::disk... without saving in $avatar that is something that I saw also in real life projects but I never understand why
Because I need $avatar later to be stored in the DB as filename.
"??=" What does that syntax mean? It's not Null coalescing
Googled for you: stackoverflow.com/questions/59102708/what-is-null-coalescing-assignment-operator-in-php-7-4
Thanks @@LaravelDaily
Not convinced why these files shouldn’t be saved in longblob field in the database. Why clutter the file system of the app along with the possible issues that creates. Database seems to be the perfect spot for saving these files but have not found a single tutorial for doing so. Been doing it that way in several projects withstanding years of use with hundreds of thousands of pdf files without issue. I’d like to see someone create a tutorial using livewire or filament to see how others would approach that solution.
What about file visibility?
Here's the link to the docs: laravel.com/docs/10.x/filesystem#file-visibility
I don't really know how laravel handles caches
Start from the docs? laravel.com/docs/10.x/cache
I personally use redis in production.
That's nice I gotta learn how to set up my project to production. Pls any recommendations?
What ??= operator does?
This video will answer: th-cam.com/video/e_kf5s9aG-k/w-d-xo.htmlsi=chPfXGl7zwL3j8as
What about Google drive??
Setting up Google Drive is pretty complex, actually, you need to register it as a driver in the filesystem. Googled this tutorial: www.luckymedia.dev/blog/google-drive-integration-with-laravel
Thank you very much
Thanks a lot for this video. However I have a peculiar issue. I uploaded a file but when I try to download it, I get this error
Unable to retrieve the file_size for file at location: 2f8e7eb388f214ec84c7ab92a2154670df0abd730a030f864b.pdf. when I check if it exists I get true but when I try to download I get this error