Welcome Guest, Not a member yet? Register   Sign In
Codeigniter 4 on shared hosting (NOT CPANEL)
#1

(This post was last modified: 08-30-2020, 12:33 PM by jreklund.)

Hi. I finally started my CI4 journey and realised i need to test a simple running site before i rollout updates from CI3 across several domains.

I struggling to publish a Ci4 website to a shared hosting environment.
I read this post https://forum.codeigniter.com/thread-76777.html which it doesnt help me at all.

My directory structure is:
/example.com (home folder)
        /.tmp
        /users
        /public_html
        /www_logs


While i am able to add content to the home folder. Im guessing I dont have executable permission above the public folder and i am unable to change that.

I ran a test by echoing line 16 of public/index.php:

($pathsPath = realpath(FCPATH . '../app/Config/Paths.php');)

realpath returns false as noted here:
https://www.php.net/manual/en/function.realpath.php


Quote:Note:
The running script must have executable permissions on all directories in the hierarchy, otherwise realpath() will return



Furthermore, As someone else suggested in a similar thread.... I cannot change web hosts!

Is there a safe way around this?
Reply
#2

(This post was last modified: 08-30-2020, 12:37 PM by jreklund.)

You can place the content of /public alongside app, system, writable... and modify your index.php into:

PHP Code:
$pathsPath FCPATH '/app/Config/Paths.php'

You now got the same security as your CI3, and need to protect it in other ways, with e.g. htaccess, so people don't have access to the application part of the code.
Reply
#3

Thank you very much. Its works as you suggested.

If you have a moment, can you please explain or suggest a link where I can find the problem with CI3's security that resulted in the change of folder structures. For as long as i have been using Ci3 I have never had a security issue so I am curious.

Also, as it is, without edited the .htaccess files, if you try to access to folders directly its displays the following message "Forbidden
You don't have permission to access this resource."

Is this not enough ?
Reply
#4

(This post was last modified: 08-30-2020, 01:33 PM by jreklund.)

Your welcome, happy coding!

In case your web server gets miss-configured and it dosen't read your .htaccess file or PHP for some reason don't evaluate your files, people can access everything from the url. That's what the extra security provides, you can't access those files under any circumstances from an url (as it's one level up) even if your web-server setting changes.

If everything are configured correctly - your .htaccess will give you the same(-ish) type of protection.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB