I have a server with a lot of files inside various folders, sub-folders, and sub-sub-folders. I want to make a search.php page that would be used to search the whole server for a specific file. If the file is found, then return the location path of the file to display a download link.
If two files with the exact same name is found in 2 different folders, return only 1 download link.
I've found various functions on google but no one did exactly what i want 
Any help ?
anarchoi;11029943 wrote:I have a server with a lot of files inside various folders, sub-folders, and sub-sub-folders. I want to make a search.php page that would be used to search the whole server for a specific file.
That's a horrible idea. What if someone asked to download a file with sensitive info? I would, at the very minimum, restrict this to a single "starting" folder and its children.
anarchoi;11029943 wrote:If the file is found, then return the location path of the file to display a download link.
If two files with the exact same name is found in 2 different folders, return only 1 download link.
You might start with [man]glob/man - e.g.,
$found_files = glob( "/path/to/downloadable/files/*/$user_submitted_filename" );Make sure [font=monospace]$user_submitted_filename[/font] doesn't contain any directory separators.
That's a horrible idea. What if someone asked to download .ssh? I would, at the very minimum, restrict this to a single "starting" folder and its children.
The server is only used to host files for downloads. Anyway the script would just return the download link that the user must click to download the files.
You might start with glob().
Does it scan the whole server (sub-folders and sub-sub folders) ?
anarchoi;11029947 wrote:The server is only used to host files for downloads.
...no
Computers have many files, not "only" the ones being hosted.
Even assuming that you'll only be able to produce functional links for files under your document root, you're still offering files for download that probably shouldn't be. The download script, for starters.
anarchoi;11029947 wrote:Does it scan the whole server (sub-folders and sub-sub folders) ?
See the link in my post above.
Computers have many files, not "only" the ones being hosted. See my example in my post above.
Ok but correct me if i am wrong but even if a malicious user use the function to search for a ssh file, the script will only return the path of the file... He won't be able to download it.
See my link in my post above.
The post and the link doesn't say if it will scan the sub-folders and sub-subfolders...
traq wrote:Make sure $user_submitted_filename doesn't contain any directory separators.
If the search string is truly supposed to be a file name only, not a file path, then [man]basename/man could be appropriate.
anarchoi wrote:The post and the link doesn't say if it will scan the sub-folders and sub-subfolders...
The description of the function says "find pathnames matching a pattern" (emphasis mine), so that does like it does say that "it will scan the sub-folders and sub-subfolders". But, what's stopping you from experimenting to confirm or deny this yourself?
anarchoi;11029953 wrote:Ok but correct me if i am wrong but even if a malicious user use the function to search for a ssh file, the script will only return the path of the file... He won't be able to download it.
(sorry, I edited my original post before I saw your reply and this question.)
even if the link is malformed, you're still revealing info about your system that you shouldn't be.
anarchoi;11029953 wrote:The post and the link doesn't say if it will scan the sub-folders and sub-subfolders...
php.net wrote:The glob() function searches for all the pathnames matching $pattern [emphasis added] according to the rules used by the libc glob() function, which is similar to the rules used by common shells.
So, if you start with [font=monospace] //filename.ext [/font] (the matches all characters), then yes, you'll search the entire system. Kinda wasteful to search your entire HD when you know that most paths won't be usable, even if they do match the filename. It makes much more sense to limit your search to the path(s) that hold your downloadable files.
Ok got it, i thought the function started searching only from the current directory and not the ones before it.
So far here's what i got:
$root = $_SERVER['DOCUMENT_ROOT'];
$search = "test.zip";
$found_files = glob("$root/test.zip");
$downloadlink = str_replace("$root/", "", $found_files[0]);
if (!empty($downloadlink)) {
echo "<a href=\"http://www.mydomain.com/$downloadlink\">$search</a>";
}
It will work perfectly if "test.zip" is in the root directory of my domain name and the script will return the download link.
But if the file is in "mydomain.com/subfolder/" or "mydomain.com/subfolder/subsubfolder/" it won't return anything... What did i do wrong ?
Notice that traq's example uses * as a wildcard, whereas your attempt searches for an exact path name.
Well i also tried this:
$root = $_SERVER['DOCUMENT_ROOT'];
$search = "test.zip";
$found_files = glob("$root/*/test.zip");
$downloadlink = str_replace("$root/", "", $found_files[0]);
if (!empty($downloadlink)) {
echo "<a href=\"http://www.mydomain.com/$downloadlink\">$search</a>";
}
but it still doesn't work if the file is in a sub-folder or sub-sub-folder
And if the file is in the root of my domain, then it will return "http://www.mydomain.com/*/test.zip" as the download link
i'm confused...
