Thanks for the video. Those who don't have SSH access can create a route to generate symlink. Route::get( 'symlink', fn () => Artisan::call( 'storage:link' ) ); will generate the link.
@@bulent2435 its a link command that can soft or hard link files and folders similiar to what artisan storage:link does. When they disable the command doing it via web route will give an error that ln is disabled if i remember right
"ln" is a linux command to create symlinks, I am not sure laravel is using this - I guess it's using PHPs symlink() function which is safe when using different operating systems don't forget to delete the route after creating the symlink :D
Very well explained, at 12:09, you missed to explain how to download private files when using Spatie Media library, It works for public but 404 for private files while downloading.
Thank you.I just got a deep understanding of the disks.But I have a different method of having a class ie ImageProcessor which I use for all my image processing.
Just btw, the s3 filesystem does also support `root`, so you can do the same "make a new disk per thing to store" and use a single s3 bucket for public and a single buckeet for private
Hi, Awesoem tutorial as always. I have a question, in the case of private file, you told the method to allow "Download" the file, what if we want to show the image (to only authorized users)?
I don't use file as an extra field in the db table, instead have a separate controller and model for cv, and avatar, that is an Avatar controller and a CV controller. I then use the post controller to handle both file inputs. I take the post ID after the post has been updated and save it if ($file = $request->file('CVfile')) {
Thank you! Please tell me how you can set up folders for the Spatie media library so that if there are a large number of files, they can be sorted into subfolders? and is it possible not to do a subscription for one file?
Terrific tutorial --- thanks! Why are the methods getClientOriginalName and getClientOriginalExtension "considered unsafe"? The Laravel docs says it's because "the file name and extension may be tampered with by a malicious user". What kind of "tampering" is possible and what could the effect of such tampering be? Is it unsafe even to get that information and store it in the database as a field (without using it as the name of the file)?
file name and extension is considered unsafe because it is a form of user input and should not be trusted. What could be possible attack vectors? 1. file with the same name overwritten. 2. extension jpg doesn't mean it is image, it can easily be php file. (by default laravel prevents execution by accessing such files directly) 3. mime type can also be spoofed by first bytes of the file if you do check only mime/type. 4. fill up your disk space This is what you can do to avoid that: 1. does your user really needs to know the actual file name? most often the $file->hashName() is enough. optionally save filename as db entry, make sure it is not parsed as a code. 2. validate extension, mime/type and contents of the file. for images process them after upload by removing EXIF and other metadata. 3. validate the file size. 4. use CDN for file storage, so you remove the possibility to executing them on your server.
Thank you for this video. I want to store some user files in private disk but i want to let only user view their own files in browser because if i put them in public and any user gets the name they can view it. can you help this?
At 9:40, when you added a new disk to store avatars and changed the putFileAs() parameter to '/', shouldn't you have changed also Storage::disk('public') into Storage::disk('avatars') to make it work?
Please @LaravelDaily, can you help us create a video on Localisation. Am trying to build a Laravel Application of English and Arabic, many Laravel developers are having this issue also and also the use of rtl & ltr when chnaging from Arabic to English, can you help with this Sir? For todays tutroial, i really do learn a lot, Thanks 👍
Hello sir, How to upload a zip file which contains some xls files inside. So basically upload zip file then extract it somewhere and start inserting all rows of each xls files into database.
During dev, just use the default (file) (tests mostly use array, which is in-memory cache-ing) During production you have some options - database (poor man's cache) - memcached (good, but probably slower than redis) - redis (needs redis server to run, but good.) - dynamodb (when running on AWS) - octane (speaks for itself, when using octane)
When trying to create a user page in which the posts can only be seen by the followers of the page and the owner themself, where should I store the posts images? If I store it in the public disk anyone that has gotten the image link once can access it forever. Is this a problem? For example what would a platform like instagram do for private pages and the images in those pages?
hello friend, I have a website. users can send images from the dashboard of the laravel application(Breeze), then the admin (Filament) can edit them. but the image only appears in the table, when I edit the image it does not appear. does anyone have a solution here? thanks, god bless🙏
Look at what image URL you have on the edit page in the Browser Console. Double-check your .env file for correct APP_URL. These are two suggestions which, in my experience, usually solve the problem.
Why you save in the variable $avatar the action Storage::disk.... Why you dont simple do Storage::disk... without saving in $avatar that is something that I saw also in real life projects but I never understand why
Setting up Google Drive is pretty complex, actually, you need to register it as a driver in the filesystem. Googled this tutorial: www.luckymedia.dev/blog/google-drive-integration-with-laravel
Not convinced why these files shouldn’t be saved in longblob field in the database. Why clutter the file system of the app along with the possible issues that creates. Database seems to be the perfect spot for saving these files but have not found a single tutorial for doing so. Been doing it that way in several projects withstanding years of use with hundreds of thousands of pdf files without issue. I’d like to see someone create a tutorial using livewire or filament to see how others would approach that solution.
Thanks a lot for this video. However I have a peculiar issue. I uploaded a file but when I try to download it, I get this error Unable to retrieve the file_size for file at location: 2f8e7eb388f214ec84c7ab92a2154670df0abd730a030f864b.pdf. when I check if it exists I get true but when I try to download I get this error
![[안방1열 풀캠4K] 베이비몬스터 'DRIP' (BABYMONSTER FullCam)│@SBS Inkigayo 241110](http://i.ytimg.com/vi/AQ4RIghEvUs/mqdefault.jpg)
Excellent explanation.Spartie media library solves many problems as you mentioned.
I think your explanation way suite just the master developer
I'm so grateful with you!!!
Thanks for the video.
Those who don't have SSH access can create a route to generate symlink.
Route::get(
'symlink',
fn () => Artisan::call(
'storage:link'
)
);
will generate the link.
In some shared hosting services "ln" command is locked so this also wont work
@@amirkouchaki7481 too bad but what is ln command?
@@bulent2435 its a link command that can soft or hard link files and folders similiar to what artisan storage:link does. When they disable the command doing it via web route will give an error that ln is disabled if i remember right
"ln" is a linux command to create symlinks, I am not sure laravel is using this - I guess it's using PHPs symlink() function which is safe when using different operating systems
don't forget to delete the route after creating the symlink :D
Very well explained, at 12:09, you missed to explain how to download private files when using Spatie Media library, It works for public but 404 for private files while downloading.
Thank you.I just got a deep understanding of the disks.But I have a different method of having a class ie ImageProcessor which I use for all my image processing.
Good one! At @9:43 shouldn't you change the public to avatars in the disk method?
Oh yeah, well spotted!
I've been waiting for this amazing video! Thank you Povilas! More one great content, very clear explanation!
best laravel content in youtube 😎😎😎🎉🎉
Thank you sir great mentor, You really kill it for storage tutorial.
Just btw, the s3 filesystem does also support `root`, so you can do the same "make a new disk per thing to store" and use a single s3 bucket for public and a single buckeet for private
Thank you for explain is easy way
Thank you very much for your helpful videos, master. This is one of the treasures.
Hi,
Awesoem tutorial as always.
I have a question, in the case of private file, you told the method to allow "Download" the file, what if we want to show the image (to only authorized users)?
Img src=Laravel-route-that-returns-image
Thank you so much!
I don't use file as an extra field in the db table, instead have a separate controller and model for cv, and avatar, that is an Avatar controller and a CV controller. I then use the post controller to handle both file inputs. I take the post ID after the post has been updated and save it
if ($file = $request->file('CVfile')) {
if (CVFilecontroller::where('post_id', '=', $request->post_id)) {
$jobfiler = JobOpslagFile::all()->where("post_id",$id);
foreach($jobfiles as $CVfile){
$filename = $CVfile->name;
$CVfile->delete();
$CVfile_path = public_path('ansfil/'.$filename);
if(file_exists($CVfile_path)){
unlink($CVfile_path);
}
}
}
$fileName = "CVfile".auth()->id() . '_' . time() . '.'. $request->CVfile->extension();
$type = $request->CVfile->getClientMimeType();
$size = $request->CVfile->getSize();
$request->CVfile->move(public_path('CVfile'), $fileName);
CVFilecontroller::create([
'user_id' => auth()->id(),
'post_id' => $id,
'name' => $fileName,
'type' => $type,
'size' => $size
]);
}
awesome information as always. thanks 👍
Great tips as always! May I ask what app are you using to connect to the database? Thank you
TablePlus
@@LaravelDaily thank you
Thank you!
Please tell me how you can set up folders for the Spatie media library so that if there are a large number of files, they can be sorted into subfolders? and is it possible not to do a subscription for one file?
I haven't done those two things with Spatie, I like its default folder structure and don't see the need to change it.
You rock!!!
How can we crop avatar image to store small and centered images?
That can be easily achieved with SPATIE Media library as mentioned in the video
Good tutorial of file upload
Thanks so helpful video. Thanks
Terrific tutorial --- thanks! Why are the methods getClientOriginalName and getClientOriginalExtension "considered unsafe"? The Laravel docs says it's because "the file name and extension may be tampered with by a malicious user". What kind of "tampering" is possible and what could the effect of such tampering be? Is it unsafe even to get that information and store it in the database as a field (without using it as the name of the file)?
I guess it's worth another separate video some day
file name and extension is considered unsafe because it is a form of user input and should not be trusted.
What could be possible attack vectors?
1. file with the same name overwritten.
2. extension jpg doesn't mean it is image, it can easily be php file. (by default laravel prevents execution by accessing such files directly)
3. mime type can also be spoofed by first bytes of the file if you do check only mime/type.
4. fill up your disk space
This is what you can do to avoid that:
1. does your user really needs to know the actual file name? most often the $file->hashName() is enough. optionally save filename as db entry, make sure it is not parsed as a code.
2. validate extension, mime/type and contents of the file. for images process them after upload by removing EXIF and other metadata.
3. validate the file size.
4. use CDN for file storage, so you remove the possibility to executing them on your server.
Thank you for this video. I want to store some user files in private disk but i want to let only user view their own files in browser because if i put them in public and any user gets the name they can view it. can you help this?
Thank you very much
Thanks
13:57
why did not we use asset('storage/'.Auth::user()->avatar) ?
Ho about file size configurations? For both the Laravel Application and the web server you are using.
Read about validations.
Here's our tutorial about it: laraveldaily.com/post/validate-max-file-size-in-laravel-php-and-web-server
@@LaravelDaily Thank you let me check it out
Is it possible get a url for a private (just authenticated) file? For example, for load image in some
Yes, then your "src" should be a URL to Laravel route which should return image after the middleware.
So we can use spatie/media-library for any file type? 🤔
Yes
can i use policies to prevent unauthorized download instead of middleware
Yes
This is ressourceful
At 9:40, when you added a new disk to store avatars and changed the putFileAs() parameter to '/', shouldn't you have changed also Storage::disk('public') into Storage::disk('avatars') to make it work?
Yes you're probably right, well spotted!
Thank you very much for the answer! I just noticed that someone else made the same question some weeks ago.
Please @LaravelDaily, can you help us create a video on Localisation. Am trying to build a Laravel Application of English and Arabic, many Laravel developers are having this issue also and also the use of rtl & ltr when chnaging from Arabic to English, can you help with this Sir?
For todays tutroial, i really do learn a lot, Thanks 👍
Our team doesn't work with RTL so I can't really help, sorry
Thanks Sir@@LaravelDaily
If Spatie Media Library can move files from storage to public folder, does that mean that you don't need the sym link?
It moves to storage/app/public. But you can configure it to move to /public. Then yes, you don't need a symlink in that case.
@@LaravelDaily thank you!!
Hello sir,
How to upload a zip file which contains some xls files inside.
So basically upload zip file then extract it somewhere and start inserting all rows of each xls files into database.
You need ZipArchive in PHP. Googled old tutorial: code.tutsplus.com/file-compression-and-extraction-in-php--cms-31977t
Sir which cache driver should I use in Laravel? Please tell me sir.
During dev, just use the default (file) (tests mostly use array, which is in-memory cache-ing)
During production you have some options
- database (poor man's cache)
- memcached (good, but probably slower than redis)
- redis (needs redis server to run, but good.)
- dynamodb (when running on AWS)
- octane (speaks for itself, when using octane)
When trying to create a user page in which the posts can only be seen by the followers of the page and the owner themself, where should I store the posts images? If I store it in the public disk anyone that has gotten the image link once can access it forever. Is this a problem? For example what would a platform like instagram do for private pages and the images in those pages?
Good question. I guess they store them as private and then do img src=Laravel-route-that-returns-image
❤
i have last_login_at column in table users. how update this column when user logs in? event listener doesnt work...
Not sure why event listener doesn't work. It should work, can't debug that for you.
In your auth controller? Update it after the successful login attempt
What about file visibility?
Here's the link to the docs: laravel.com/docs/10.x/filesystem#file-visibility
"??=" What does that syntax mean? It's not Null coalescing
Googled for you: stackoverflow.com/questions/59102708/what-is-null-coalescing-assignment-operator-in-php-7-4
Thanks @@LaravelDaily
I don't really know how laravel handles caches
Start from the docs? laravel.com/docs/10.x/cache
I personally use redis in production.
That's nice I gotta learn how to set up my project to production. Pls any recommendations?
hello friend, I have a website.
users can send images from the dashboard of the laravel application(Breeze), then the admin (Filament) can edit them.
but the image only appears in the table, when I edit the image it does not appear. does anyone have a solution here? thanks, god bless🙏
Look at what image URL you have on the edit page in the Browser Console.
Double-check your .env file for correct APP_URL.
These are two suggestions which, in my experience, usually solve the problem.
@@LaravelDaily thank you for the advice, God bless you🙏
Why you save in the variable $avatar the action Storage::disk.... Why you dont simple do Storage::disk... without saving in $avatar that is something that I saw also in real life projects but I never understand why
Because I need $avatar later to be stored in the DB as filename.
What ??= operator does?
This video will answer: th-cam.com/video/e_kf5s9aG-k/w-d-xo.htmlsi=chPfXGl7zwL3j8as
What about Google drive??
Setting up Google Drive is pretty complex, actually, you need to register it as a driver in the filesystem. Googled this tutorial: www.luckymedia.dev/blog/google-drive-integration-with-laravel
Thank you very much
Not convinced why these files shouldn’t be saved in longblob field in the database. Why clutter the file system of the app along with the possible issues that creates. Database seems to be the perfect spot for saving these files but have not found a single tutorial for doing so. Been doing it that way in several projects withstanding years of use with hundreds of thousands of pdf files without issue. I’d like to see someone create a tutorial using livewire or filament to see how others would approach that solution.
Thanks a lot for this video. However I have a peculiar issue. I uploaded a file but when I try to download it, I get this error
Unable to retrieve the file_size for file at location: 2f8e7eb388f214ec84c7ab92a2154670df0abd730a030f864b.pdf. when I check if it exists I get true but when I try to download I get this error