Hi guys,
first of all you know...
I really hate it to post questions in public forums but I am so much stuck in something, I actually see no other choice.
Inside a controller I have a 'register' function.
In this function I verify 'sanitized' password and it's hash saved in the database.
In the same function I create a profile.php file under APPPATH.'Views/profiles/', change it's permissions with chmod to 755, create a directory of the same name under FCPATH./profiles/ and change the permissions with chmod to 755.
I put a sticky out there so that both directories have http:http as owner and group as opposed to my 'usual settings' of username:http.
In the latter configuration php isn't able to create files or directories.
So now, when I try to redirect to the created file (the created directory is intended for later user uploads) or load it in a view apache throws out my custom error page saying 'you don't have the privileges to access this file'.
Before I did all this work I created a 'administrator profile.php' (with the purpose to use it as a to load template later)
by hand under the same directory like above and I also created the user credentials in the SQL database
by hand.
The latter php file is rendered.
What could probably be the issue here?
The permissions/access rights are set equally.
Both directories have the web-server as owner and group set so that the auto creation of files is no issue for php.
I'm stuck in this box and need your appreciated advise.
Greets
Gee
CODE:
snip
PHP Code:
if (!$errors)
{
if ($session->logged_in)
{
$session->set('logged_in', FALSE);
}
$sql = $db->query("SELECT * FROM user WHERE username = '$username'");
foreach ($sql->getResult('array') as $row)
{
// Verify password vs. stored hash
if ($row['username'] == $username && password_verify($password, $row['password']))
{
$session->set('logged_in', TRUE);
$session->set('username', $username);
// Pass forward to own Profile
return redirect()->to('/profiles/'.$username);
}
}
snip
PHP Code:
if ( ! is_file(APPPATH.'Views/profiles/'.$username.'.php')) {
throw new \CodeIgniter\Exceptions\PageNotFoundException($username);
}
if ($username && $_SESSION['logged_in'])
{
// Set browser tab name to user/profile name
$this->data['title'] = $username;
echo view('header/logged_in', $this->data);
echo view('profiles/'.$username);
echo view('footer/copyright');
return 0;
}
else
{
//
// <TODO> Redirect if not logged_in
//
echo 'You are not logged in, aborting';
return 0;
}
//
// <TODO> 'Internal error page'
//
return 1;
}
