File Manager: Controling The Dir

JohnN4

ok, i have this script that i use for viewing all the files in a directory. The thing is, i want to have it so that a variable regulates the starting directory and allows to surf the subdirectories too. Here is my code:

		// Start At Document Root If Not Specified
	if(isset($_GET['dir'])) {
		$dir	= $_GET['dir'];
	} else {
		$dir	= '';
	}

// Locate $dir In The Filesystem
$real_dir	= realpath($_SERVER['DOCUMENT_ROOT'].$dir);

// Make Sure $real_dir Is Inside The Document Root
if(!preg_match('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/',$real_dir)) {
	$error_handling->minor_error("$dir is not inside the document root");
}

// Canonicalize $dir By Romoving The Document Root Form It's Beginning
$dir	= substr_replace($real_dir,'',0,strlen($_SERVER['DOCUMENT_ROOT']));

// Are We Opening A Directory?
if(!is_dir($real_dir)) {
	$error_handling->minor_error("$real_dir is not a directory");
}

// Open The Specified Directory
$d	= dir($real_dir) or $error_handling->minor_error("can't open $real_dir: $php_errormsg");

// Read Each Entry In The Directory
while(false!=($f = $d->read())){

	// Get File Count
	$num_files++;

	// Get Information About The File
	$s	= lstat($d->path.'/'.$f);

	// Format The <a href=""> Around The Filename
	// No Link For Current Directory
	if('.'==$f) {
		$href	= $f;
	} else {

		// Don't Include The ".." In The Parent Directory Link
		if('..'==$f) {
			$href	= urlencode(dirname($dir));
		} else {
			$href	= urlencode($dir).'/'.urlencode($f);
		}

		// Everything But "/" Should Be Urlencoded
		$href	= str_replace('%2F','/',$href);

		// Browse Other Directories With File Manager
		if(is_dir(realpath($d->path.'/'.$f))) {
			$href	= sprintf('<a href="%s?dir=%s">%s</a>',$_SERVER['PHP_SELF'],$href,$f);
		} else {
			$href	= sprintf('<a href="%s">%s</a>',$href,$f);
		}

	}

	printf('<b>-> </b>%s<br/>',$href);
}

Thanks in Advance

JohnN4

Anyone? How can i control the dir in the script above? 🙁 Help

JohnN4

? How?????

sholodak

Hi,

I wrote something just like this a few days ago. Feel free to play around with it, though it will need some work to get this working on another machine. A lot of functions and variables are defined externally.

I had to split this:

FUNCTIONS:

$title = "Offline Storage";
require_once("_config.php");
require_once($ROOT_DIRECTORY."_header.php");

function RecurseFolder($folder = "", $depth = 1, $partial = "", $count_below = FALSE) {	
	global $OFFLINE_STORAGE_ROOT;
	global $total_size;
	global $current_size;

if ($dir = @opendir($OFFLINE_STORAGE_ROOT.$folder)) {
	while ($file = readdir($dir)) {
		$partialpath = $folder.$file;
		$fullpath    = $OFFLINE_STORAGE_ROOT.$partialpath;
		if (is_dir($fullpath) && ($file != ".") && ($file != "..")) {
			echo "<div style=\"font-family: courier; padding-left: ".($depth * 15)."px;\">";
			echo "<a style=\"font-family: courier;\" href=\"".$ADMIN_URL."offline_storage.php?folder=".str_replace("/", ";", $partialpath)."\">";
			// echo "PARTIAL[$partial] - GET[{$_GET['folder']}] - FILE[$file]<br>";				
			if (str_replace($partial, "", str_replace(";", "/", $_GET['folder'])) == $file) {					
				echo "<strong>".$file."</strong>";
				$count_below = TRUE;
			} else {
				echo $file;				
				// echo $partial."<br>";
				// echo $_GET['folder']."<br>";
				// echo "POS:".strpos($partial, $_GET['folder'])."<br>";
				$pos = strpos($partial, $_GET['folder']);
				if (($pos || (string) $pos == "0") && $pos >= 0) {
					// echo "YES<br>";
					$count_below = TRUE;					
				} else {
					// echo "NO<br>";
					$count_below = FALSE;					
				}
			}
			echo "</a></div>\r\n";
			RecurseFolder($partialpath."/", $depth + 1, $file."/", $count_below);
		}	else if (is_file($fullpath)) {
			$fs = filesize($fullpath);
			$total_size += $fs;
			if ($count_below) {
				// echo $fullpath."<br>";
				$current_size += $fs;
			}
		}
	}
	$count_below = FALSE;
} else {
	AddError("Unable to read offline storage directory.");
}
}

//
// [url]http://www.devshed.com/c/a/PHP/File-And-Directory-Manipulation-In-PHP-part-2/9/[/url]
// recurses into a directory and empties it
// call it like this: purge("/dir/")
// remember the trailing slash!
//
function KillFolder($dir) {
	if (substr($dir, strlen($dir)-1, 1) != "/") $dir .= "/";
	$handle = opendir($dir);
	while (false !== ($file = readdir($handle))) {
		if ($file != "." && $file != "..") {
			if (is_dir($dir.$file))	{
				purge ($dir.$file."/");
				if (file_exists($dir.$file))
					rmdir($dir.$file);
			} else {
				unlink($dir.$file);
			}
		}
	}
	closedir($handle); 
	return rmdir($dir);
}

// Taken from PHP manual entry contribution for fileperms() - original fn was get_perms()
function GetPermissions($file) {
	$p_bin = substr(decbin(fileperms($file)), -9) ;
	$p_arr = explode(".", substr(chunk_split($p_bin, 1, "."), 0, 17)) ;
	$perms = ""; $i = 0;
	foreach ($p_arr as $this) { 
		$p_char = ( $i%3==0 ? "r" : ( $i%3==1 ? "w" : "x" ) ); 
		$perms .= ( $this=="1" ? $p_char : "-" ) . ( $i%3==2 ? "" : "" );
		$i++;
	}
	$flag = "";
	if (is_dir($file)) {
		$flag = "d";
	} else if (is_file($file)) {
		$flag = "-";
	} else {
		$flag = "?";
	} 

return $flag.$perms;
}

sholodak

LOGIC:

OpenForm("offline_storage");
echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td width=\"185\" style=\"padding-right: 10px;\" valign=\"top\">";
OpenTable("Folders");
echo "<table width=\"100%\" style=\"border: 1px solid black; border-collapse: collapse; background-color: white;\"><tr><td>";
echo "<div><a style=\"font-family: courier;\" href=\"".$ADMIN_URL."offline_storage.php\">";
if (!isset($_GET['folder'])) echo "<strong>";
echo "offline storage";
if (!isset($_GET['folder'])) echo "</strong>";
echo "</a></div>";

$total_size = 0;
$current_size = 0;

RecurseFolder();
echo "</td></tr></table>";
CloseTable();
echo "</td><td valign=\"top\">";
if (HasErrors() || HasNotices()) {
	WriteErrors();
	WriteNotices();
}
OpenTable("Files");

$navigator = "";
$folder = "";
$navigator .= "<a href=\"".$ADMIN_URL."offline_storage.php\"><strong>offline storage</strong></a>";
$get_folder = str_replace(";", "/", $_GET['folder']);

if (isset($_GET['folder'])) {
	$parts = explode(";", $_GET['folder']);
	$fld = "";	
	$parent = "";
	$part_ct = count($parts);
	for ($i = 0; $i < $part_ct; $i++) {
		if ($i == $part_ct - 1) {
			$parent = substr($fld, 0, strlen($fld) - 1);
		}
 		$fld .= $parts[$i].";";
		$navigator .= "&nbsp;/&nbsp;<a href=\"".$ADMIN_URL."offline_storage.php?folder=".substr($fld, 0, strlen($fld) - 1)."\"><strong>".$parts[$i]."</strong></a>";
	}
	$folder = $OFFLINE_STORAGE_ROOT.$get_folder;
} else {
	$folder = $OFFLINE_STORAGE_ROOT;
}

if ($get_folder == SanitizePath($get_folder) && file_exists($folder) && is_dir($folder)) {
	$dir = opendir($folder);
	echo $navigator."<br>&nbsp;";
	$ct = 0;
	$foldersize = 0;
	while ($file = readdir($dir)) {
		if ($ct == 0) {
			echo "<table width=\"100%\" style=\"background-color: white; color: #333344; border: 1px solid black; border-collapse: collapse\">";
		}
		$fullpath = $folder."/".$file;
		if (1 != 2) {
			$usr_info    = posix_getpwuid(fileowner($fullpath));
			$grp_info    = posix_getgrgid(filegroup($fullpath));
			$filesize    = filesize($fullpath);
			$permissions = GetPermissions($fullpath);
			$filedate    = date("M d H:i", filemtime($fullpath));
			$is_file     = is_file($fullpath);
			$is_dir      = is_dir($fullpath);
			$deleted     = FALSE;
			$style       = "";
			$disk_free   = disk_free_space($fullpath);

		// Fix the filenames so that they are valid HTTP Post variable NAMES (not values).
		// i.e., filenames can have spaces, but $_POST['file name.ext'] is invalid.  PHP would interpret
		// the posted variable as 'file_name_ext'.  We'll just replace the bad characters with something
		// else just for the purposes of comparison.
		$fixfile = str_replace(".", "_DOT_", $file);
		$fixfile = str_replace(" ", "_SPC_", $fixfile);

		echo "<tr>";
		if ($is_file) {
			if (isset($_POST["delete_$fixfile"]) && !empty($_POST["delete_$fixfile"]) && $_POST["delete_$fixfile"] == "1") {
				echo "	<td align=\"center\" width=\"25\">-</td>";					
				if (unlink($fullpath)) {
					$style = " text-decoration: line-through; color: #aaaaaa;";
					$deleted = TRUE;
				} else {
					$style = " font-weight: bold; color: red;";						
				}
			} else {
				echo "	<td align=\"center\" width=\"25\"><input type=\"checkbox\" name=\"delete_$fixfile\" value=\"1\" /></td>";		
			}
		} else if ($is_dir) {
			if ($file != "." && $file != "..") {
				if (isset($_POST["delete_$fixfile"]) && !empty($_POST["delete_$fixfile"]) && $_POST["delete_$fixfile"] == "1") {
					echo "	<td align=\"center\" width=\"25\">-</td>";					
					if (KillFolder($fullpath)) {
						$style = " text-decoration: line-through; color: #aaaaaa;";
						$deleted = TRUE;
					} else {
						$style = " font-weight: bold; color: red;";						
					}
				} else {
					echo "	<td align=\"center\" width=\"25\"><input type=\"checkbox\" name=\"delete_$fixfile\" value=\"1\" /></td>";		
				}
			} else {
				echo "	<td align=\"center\" width=\"25\">-</td>";		
			}
		}
		echo "  <td width=\"100\" style=\"font-family: courier;".$style."\">".$permissions."</td>";
		echo "  <td width=\"75\" style=\"font-family: courier;".$style."\">".$usr_info['name']."</td>";
		echo "  <td width=\"75\" style=\"font-family: courier;".$style."\">".$usr_info['name']."</td>";
		echo "  <td width=\"50\" style=\"font-family: courier;".$style."\" align=\"right\">".number_format($filesize, 0)."</td>";
		echo "  <td width=\"125\" style=\"font-family: courier;".$style."\" align=\"center\">".$filedate."</td>";
		if ($is_file) {
			echo "  <td style=\"font-family: courier;".$style."\">";
			if (!$deleted) echo "<a style=\"font-family: courier;\" href=\"".$BASE_URL."download.php?offline=".urlencode($file).(isset($_GET['folder']) ? "&folder=".$_GET['folder'] : "")."\">";
			echo $file;
			if (!$deleted) echo "</a>";
			echo "</td>";
			if (!$deleted) $foldersize += $filesize;
		} else if ($is_dir) {
			if ($file == ".") {
				echo "  <td style=\"font-family: courier;\"><a href=\"".$ADMIN_URL."offline_storage.php".((isset($_GET['folder']) && !empty($_GET['folder'])) ? "?folder=".$_GET['folder'] : "")."\" style=\"font-family: courier; color: #5555EE;\">.</a></td>";
			} else if ($file == "..") {
				echo "  <td style=\"font-family: courier;\"><a href=\"".$ADMIN_URL."offline_storage.php".(!empty($parent) ? "?folder=".$parent : "")."\" style=\"font-family: courier; color: #5555EE;\">..</a></td>";
			} else {
				$prepend = "";
				if (isset($_GET['folder']) && !empty($_GET['folder'])) {
					$prepend = $_GET['folder'].";";
				}
				echo "  <td style=\"font-family: courier;\"><a href=\"".$ADMIN_URL."offline_storage.php?folder=".$prepend.$file."\" style=\"font-family: courier; color: #5555EE;\">$file</a></td>";
			}
		}
		echo "</tr>";
		$ct++;
	}
}
if ($ct == 0) {
	echo "<div>No files.</div>";
} else {		
	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "&nbsp;";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "Files Size&nbsp;&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format($foldersize, 0), 15, " ", "begin"))." bytes&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format(($foldersize / 1048576), 2), 10, " ", "begin"))." MB";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "Folder Size&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format($current_size, 0), 15, " ", "begin"))." bytes&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format(($current_size / 1048576), 2), 10, " ", "begin"))." MB";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "Total Size&nbsp;&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format($total_size, 0), 15, " ", "begin"))." bytes&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format(($total_size / 1048576), 2), 10, " ", "begin"))." MB";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "Disk Free&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format($disk_free, 0), 15, " ", "begin"))." bytes&nbsp;&nbsp;&nbsp;".str_replace(" ", "&nbsp;", Pad(number_format(($disk_free / 1048576), 2), 10, " ", "begin"))." MB";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px; font-family: courier;\" colspan=\"6\">";
	echo "&nbsp;";
	echo "</td></tr>";

	echo "<tr><td>&nbsp;</td><td style=\"padding: 3px 3px 3px 3px;\" colspan=\"6\"><input type=\"submit\" name=\"action\" value=\"Delete Selected Files\"></td></tr>";
	echo "</table>";
}
} else {
	echo "Invalid Path : ".$folder;
}

CloseTable();
echo "</td></tr></table>\r\n";
CloseForm();

require_once($ROOT_DIRECTORY."_footer.php");

sholodak

It looks like this:

There is one big limitation. The size calculations break if the current spot in the directory tree contains the same directory name twice.

In other words

fld/other/fld/test/ will screw up the calculations because fld is in there twice. I got too lazy to do this right, so I just worried about getting it working for my particular project. If you didn't care about the current folder being bold on the left side, or the calculations appearing under the directory listing, you could just remove that code and I think it would work for everything.

Oh. You'll need to find the SanitizePath function. here

Come to think of it, that introduces another possible constraint. I dont think it will work on directories that start with . or contain . or .. but you can fool around with it. If you remove sanitize path, you run the risk of directory traversals by users who tamper with the $_GET variable.

Hope this helps.

Scott