After an update or a fresh install of vtiger 6.2, it's possible that contact photos don't appear. It looks like a dead link.
Problem
vTiger 6.2 puts all your uploads (incl. user & product pictures) into /storage and denys access to this folder from the web through a htaccess-File (/storage/.htaccess):
deny from all
These files will only be accessible by the webserver/php directly, which is perfect from a security point of view and it should be kept that way (deleting this htaccess-file is a very bad thing, cause then everybody outside will be able to read your files given he has the right path)!!!
The correct way to deal with these files inside the Web-Application would be to never reference the files directly in HTML (<img src="path/to/file">, cause you would not see them due to the htaccess-File) but to always route their data through a gateway-PHP-Script which checks if the requesting user is authenticated (<img src="file.php?filename=path/to/file">). The PHP-Script can (as I said above) bypass the Apache/htaccess-Security cause it directly accesses the filesystem. This is done in the Document-Section where you can see that downloading a file leads to "http://domain/index.php?module=Documents&action=DownloadFile&record=10&fileid=11"
However, unfortunatly vTiger has places in its Web-Application where it still references files in /storage directly in HTML as with User Pictures and Product Pictures therefor they are not shown.
UPDATE: Bugfix
I found that the Apps Contacts, Users and Products have this problem.
I bugfixed them in 2 steps:
Add Actions for each App as Gateway-Scripts
Create the files (vTiger is installed on /opt/vtiger)
/opt/vtiger/modules/Users/actions/DownloadPicture.php
<?php
class Users_DownloadPicture_Action extends Vtiger_Action_Controller {
public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
if(!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $request->get('record'))) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
}
}
public function process(Vtiger_Request $request) {
$userRecordModel = Vtiger_Record_Model::getInstanceById($request->get('record'), $request->getModule());
$userPictureDetails = $userRecordModel->getImageDetails();
$pictureData = file_get_contents($userPictureDetails[0]['path'] . '_' . $userPictureDetails[0]['orgname']);
header("Content-type: image/jpeg");
header("Pragma: public");
header("Cache-Control: private");
echo $pictureData;
}
}
?>
/opt/vtiger/modules/Products/actions/DownloadPicture.php
The same but: class Products_Download...
/opt/vtiger/modules/Contacts/actions/DownloadPicture.php
The same but: class Contacts_Download...
Adapt the Templates to serve Image-Tags with the Gateway-Script
Go in the files, find the <img ... >-Tag and change its src-Attribute:
/opt/vtiger/layouts/vlayout/modules/Users/ListViewContents.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$LISTVIEW_ENTRY->get('id')}
/opt/vtiger/layouts/vlayout/modules/Users/PreferenceDetailViewHeader.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Users/UserViewHeader.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Vtiger/DetailViewBlockView.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Vtiger/uitypes/Image.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD_ID}
/opt/vtiger/layouts/vlayout/modules/Contacts/DetailViewHeaderTitle.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
Now it is for sure you can see your pictures everywhere, but without beeing logged in you cannot access the files!
Possible open problem: I do not know so much about rights management in vTiger to tell you that now only users with access rights on the records have access to the files. It is possible that now every user can access them. If somebody knows how to control this. Please comment!
Hope everything works out, as by me.
Servus
Lukas
To solve that, simply yourself connect to your server through an FTP client. Empty or remove the ".htaccess" file in the "/storage" folder.
That's it!
Or in the .htaccess file change from:
deny from all
to:
Options -Indexes
I rewrote my .htaccess file from "deny from all" to…
# If the URI is an image then we allow accesses
SetEnvIfNoCase Request_URI "\\.(gif|jpe?g|png|bmp)$" let_me_in
Order Deny,Allow
Deny from All
# Allow accesses only if an images was requested
Allow from env=let_me_in
Now my images show up.
Related
this is a little bit strange because most of the questions here wanted to force https.
While learning AWS elastic beanstalk. I am hosting a laravel site there. Everything is fine, except that none of my javascripts and css files are being loaded.
If have referenced them in the blade view as :
<script src="{{asset('assets/backend/plugins/jquery/jquery.min.js')}}"></script>
First thing I tried was looking into the file/folder permissions in the root of my project by SSHing into EC2 instance. Didn't work even when I set the permission to public folder to 777.
Later I found out that, the site's main page url was http while all the assets url were 'https'.
I dont want to get into the SSL certificates things just yet, if it is possible.
Is there anyway I can have my assets url be forced to Http only?
Please forgive my naiveity. Any help would be appreciated.
This usually happens if your site is for example behind an reverse proxy, As the URL helper facade, trusts on your local instance that is beyond the proxy, and might not use SSL. Which can be misleading/wrong.
Which is probaly the case on a EC2 instance... as the SSL termination is beyond load balancers/HA Proxies.
i usually add the following to my AppServiceProvider.php
public function boot()
{
if (Str::startsWith(config('app.url'), 'https')) {
\URL::forceScheme('https');
} else {
\URL::forceScheme('http');
}
}
Of course this needs to ensure you've set app.url / APP_URL, if you are not using that, you can just get rid of the if statement. But is a little less elegant, and disallows you to develop on non https
I have done admin controller and put that in a sub folder named 'Admin'
Controller
Admin
-login.php
Now I want to fetch that by router file where I wrote this
$routes->get('admin', 'Admin/Login::index');
But it is showing me "Not found" error and redirects to "http://localhost/admin".
Could there be some .htaccess issue?
replace this
$routes->get('admin', 'Admin/Login::index');
with
$routes->get('admin', 'Admin\Login::index');
also make sure you add namespace in your login.php
namespace App\Controllers\Admin;
If you keep CI4's directory structure intact you could in fact use sub-folders for Controllers, Models, Views, etc.
For example app/Controllers/Admin/Login.php is a valid place to put a Controller class. Make sure to add the appropriate namespace in Login.php - namespace App\Controllers\Admin; Also in routes - $routes->get('admin', 'App\Controllers\Admin\Login::index'); It is quite possible to work without the prefix of App\Controllers, but I never extensively tested it and I think there was a problem in some versions of CI4 before.
Another issue could be your app/Config/App.php class. If you did not change anything in your .htaccess file (the one in public directory!), $baseURL should be set to your public directory address - http://localhost/myproject/public/ . Or if you wish to make it easier - set up virtual hosts.
Just a thing to add - get() method in $routes allow only GET requests, meaning if you are trying to POST something (or use any other HTTP request method) it will fail and redirect.
I have a Larevel-app in a shared hosting. For the setup, I had to create a new folder in the main carpet of the hosting and copy the content of my public folder to public_html. I made changes in index.php and all working fine and nice. However, when a user upload a file that needs to be public, this file it saved in the myproject/storage/app/public path but not reflected in the public_html/storage so I can't access to it.
Reading the documentation, I know it is a problem with the symbolic link.
how can I change it?
Note: I can't access to the cdm because it is a shared hosting without access. It is window hosting.
make this route in web.php then hit this
Route::get('/artisan/storage', function() {
$command = 'storage:link';
$result = Artisan::call($command);
return Artisan::output();
})
I keep having this problem:
Customers can not register, login and logout without an fatal error (enabled debugging).
Fatal error: Call to a member function setCustomerId() on a non-object in ../public_html/app/code/core/Mage/Reports/Model/Product/Index/Abstract.php on line 169
Here is the code snippet from lines 161 - 180:
/**
* Calculate count of product index items cache
*
* #return Mage_Reports_Model_Product_Index_Abstract
*/
public function calculate()
{
$collection = $this->getCollection()
->setCustomerId($this->getCustomerId())
->addIndexFilter();
Mage::getSingleton('catalog/product_visibility')
->addVisibleInSiteFilterToCollection($collection);
$count = $collection->getSize();
$this->_getSession()->setData($this->_countCacheKey, $count);
return $this;
}
What i've done, thanks to answers on similar questions:
Cookie settings.
Disabled (all) modules, one by one. By xml, admin backend and deleting. Also checked if there were any updates (there were not).
Refreshed cache, deleted cache, disabled cache (same for sessions)
Set Var directory, media, downloader and eventually all folders and files to 777.
Set all the correct permissions back again, thanks to magento-cleanup.php.
Checked the database on wrong base url's, secured and unsecured.
Did a complete app directory rewrite, uploaded from a clean magento installation.
Checked the server settings with , no safe modus (do got a basedir open directory)
Also i'm being redirected tot a 404 page within the backend. With a NoRoute URL, after a correct login. I do see and can use everything in the backend, including the navigation menu.
I do use a template and some customisation with plugins / modules. No coding in core files. Not sure what information is needed, so do ask if i have to mention something.
I'm completely lost after 8 hours of struggling. Hope it is something you can help me with.
Judging by the debug of calling the collection, you have either:
a) the issue with factory and xml (most likely, it the config.xml of some extension). In this case, you should debug the method _getResourceModelFactoryClassName of the core/config model.
https://www.gyazo.com/e7c8ebb26326ce2f1a3c7c26b43812ea
OR
b) the following class is absent: Mage_Reports_Model_Resource_Product_Index_Compared_Collection
https://www.gyazo.com/9c59119fe4b97889cb81d2e8980b55fa
You may check that in the getModelInstance method of the model. Please take into account the fact that while debuging via echo/var_dump you won't be able to good results, since these methods are generally called everywhere by different models.
I'd rather recommend you to start from checking the presence of the following class:
Mage_Reports_Model_Resource_Product_Index_Compared_Collection (app/code/core/mage/reports/model/resource/product/index/compared/collection.php).
Next, I'd check the presence of model rewrites in the (Mage_Reports) extension + check all recently installed extensions/ implemented changes in config.xml files of these modules.
Hope it helps.
Just debug and check what is returned in this method:
1) get_class($this)
2) get_class($this->getCollection())
In your case the error means the following: there's no a set resource model for the current model. The code is trying to access the collection, but can't do that, as there's no the required resource model, or the name of the resource model, or the class that corresponds to this name.
I have a website which direct the users to a Joomla 2.5 page, but I would like to keep my content (just an article) private and to be accessed just by authorized users (by IP) without their log in.
I have already searched a plugin, but I just found solutions with log in.
Can you suggest me a solution?
I haven't seen any plugins that support such a feature but one method (not the most efficient one) would be to edit the template index.php file like so:
<?php
$allow = array("IP 1", "IP 2", "IP 3"); //allowed IPs
if(in_array($_SERVER['REMOTE_ADDR'], $allow) && in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
// all your template code in here
}
else {
//redirect if IP isn't allowed
header("Location: http://google.co.uk");
exit();
}
?>
I haven't tested the code above so please bare in mind it may not be 100%
You may actually be interested in this Joomla Plugin.
http://www.yireo.com/software/joomla-extensions/auto-login-ip/packages
Just saw it whilst writing this answer. It automatically logs a user in from a specific or range of IP addresses. There is a free version, however it doesn't come with onsite or email support which shouldn't be a problem. Once installed, simply restrict your articles/content to registered users only.
Hope this helps