Uploaded Images Problem

astetner · February 10, 2025, 5:55am

I have used the Backlight>Designer>Upload Images to upload an image. There is no preview of the image. the URL for the image is listed as http://www.antonjstetner.com/backlight/designer/page/image/31.
However, when I search through my website directories I find the images are being uploaded to /var/www/antonjstetner.com/backlight/data/designer/image_uploads.
Is there some path variable that I need to correct or a configuration item I missed?
All other pages/galleries seem to be working correctly.

Ben · February 10, 2025, 7:21am

Hi @astetner, files under backlight/data are for internal use of the application. The URL http://www.antonjstetner.com/backlight/designer/page/image/31 should fetch the file from within backlight/data/designer/image_uploads via PHP.

I can see that your Backlight admin redirects to https://www.antonjstetner.com/backlight/?m=admin&c=admin&a=login instead of to https://www.antonjstetner.com/backlight/admin/login
This indicates that your URL rewriting isn’t working. This is also the reason the URL at http://www.antonjstetner.com/backlight/designer/page/image/31 isn’t working.

Is this your own server or are you on shared hosting? Have the two files been uploaded to your server at public_html/.htaccess and public_html/backlight/.htaccess? (where ‘public_html’ denotes the directory to the top of your website that you can see via FTP)

astetner · February 10, 2025, 2:08pm

Thanks Ben, I will look into this later today.
I am running this on my personal Ubuntu/Apache web server using ddns. I’ll check into the .htaccess files later toda.
Thanks again.

I just did a quick look. There is an .htaccess file in public_html/backlight but not in public_html.

Matthew · February 10, 2025, 6:25pm

Try pulling the .htaccess file from Backlight’s installer, and copy it to public_html.

astetner · February 10, 2025, 8:26pm

I tried that, restarted the server, no joy…here is the site root directory:

astetner@ubuntu:/var/www/antonjstetner.com$ ll
total 40
drwxr-xr-x 5 root root 4096 Feb 10 14:09 ./
drwxr-xr-x 4 root root 4096 Jan 30 2024 …/
drwxrwxrwx 6 root root 4096 Feb 10 14:09 backlight/
drwxr-x— 5 www-data www-data 4096 Dec 3 11:08 blog/
drwxrwxrwx 8 root root 4096 Apr 26 2024 galleries/
-rw-r–r-- 1 root root 1208 Feb 10 14:09 .htaccess
-rwxrwxrwx 1 root root 10671 Jan 23 2024 index.html.orig*
-rwxrwxrwx 1 root root 1415 Jan 23 2024 index.php*

and the backlight directory:

astetner@ubuntu:/var/www/antonjstetner.com/backlight$ ll
total 36
drwxrwxrwx 6 root root 4096 Feb 10 14:09 ./
drwxr-xr-x 5 root root 4096 Feb 10 14:09 …/
drwxrwxrwx 7 root root 4096 Feb 9 23:45 custom/
drwxrwxrwx 6 root root 4096 Feb 9 18:03 data/
-rwxrwxrwx 1 root root 2845 Jan 23 2024 env.php.skel*
-rw-r–r-- 1 root root 1832 Feb 10 14:09 .htaccess
-rwxrwxrwx 1 root root 720 Feb 10 13:50 index.php*
drwxrwxrwx 7 root root 4096 Jan 23 2024 installer/
drwxrwxrwx 24 root root 4096 Feb 9 18:02 modules/

Do the permissions look ok?
BTW I know enough about this to be dangerous

Ben · February 10, 2025, 8:56pm

The permissions are terrible. Everything is owned by the root user. That means that if there’s a security flaw in PHP a bad player can do whatever they like across the server.

Is the mod_rewrite Apache module enabled?
Is the AllowOverride directory set to ‘on’ for public_html?

astetner · February 10, 2025, 9:15pm

mod_rewrite is enabled.
not sure where to check Allow Override.
Found it, it in /etc/apache2/apache2.conf:

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

Change AllowOverride to All?

suggestions for ownership?

Ben · February 10, 2025, 9:45pm

/var/www is too broad for AllowOverride. It should work but leaving it off there and another entry would be safer:

<Directory /var/www/antonjstetner.com/>
    AllowOverride All
</Directory>

What works for me is to:

Set the ownership of the entire directory to the non-root user I log in with.
Set the group for any entire directory or files that need to be writable by the server to www-data. That includes backlight/data and any directories that hold albums such as galleries.
Set permissions to allow the group user (www-data) to write to those files and directories.
That’s easier done on a fresh install, harder now that your file structure has permissions of 777 (read-write-execute granted for the owner, group and world).

astetner · February 10, 2025, 10:05pm

Thank-you Ben!!!
The re-write seems to be working now. The uploaded files can be previewed and used as cover and/or hero images.

I will work on trying to get the permissions set up…

Thanks again for your assistance!

Saludos,
Anton