List files in directory + delete

xQuasar · December 6, 2008

I'm trying to make a feature in which users can upload up to 10 files in a certain directory that belongs to them; and when there are 10 files in that directory there is no upload feature anymore. I've got all that working, now the last thing I want is a delete button next to each of the files listed so they can delete & download the file. With delete, this is what I'm trying to do:

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php>DELETE</a><br />";
        }
    }
    closedir($handle);
}
?>

And here is my deletefile.php:

<?php
session_start();
$username_saved = $_SESSION['username_saved'];

unlink("$username_saved/extras/$file");

?>

However, when I try to use the delete button, it gives me the error:

Warning: unlink(watson516/extras/) [function.unlink]: Permission denied in C:\Program Files\AbyssWebServer\htdocs\deletefile.php on line 5

What's wrong? And as with the downloads, I have no idea how to do it. Any help would be appreciated.

waynew · December 6, 2008

You should keep track of files by storing their paths inside a database along with the user id of the user that uploaded them.

xQuasar · December 7, 2008

Anyone have a good guide for that?

JasonLewis · December 7, 2008

I prefer to use glob these days, for retrieving lists of files and folders.

MadTechie · December 7, 2008

opendir is faster than glob()

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
   while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />"; //updated
        }
    }
    closedir($handle);
}
?>

<?php
session_start();
$username_saved = $_SESSION['username_saved'];
$file= basename($_GET['file']);//added
unlink("$username_saved/extras/$file");

?>

JasonLewis · December 7, 2008

By heaps?

MadTechie · December 7, 2008

its not a heap faster but on some servers you also get

"glob() has been disabled for security reasons "

also it someomes give incorrect file sizes (only a few bytes out) all that and it being a little slower makes me use opendir instead..

webmaster1 · December 7, 2008

I wrote the following recently to delete a records and image files:

This page listed the records:

<?php
session_start();

if (!$_SESSION['logged'])
{
    header("location: loginfl.php");
}
else
{
?>

<html>
<body>

<table border="1" cellspacing="2" cellpadding="2">
<tr>
<th><font face="Arial, Helvetica, sans-serif">Delete</font></th>
<th><font face="Arial, Helvetica, sans-serif">URN</font></th>
<th><font face="Arial, Helvetica, sans-serif">Make</font></th>
<th><font face="Arial, Helvetica, sans-serif">Model</font></th>
<th><font face="Arial, Helvetica, sans-serif">Price</font></th>
<th><font face="Arial, Helvetica, sans-serif">Engine</font></th>
<th><font face="Arial, Helvetica, sans-serif">Year</font></th>
<th><font face="Arial, Helvetica, sans-serif">Colour</font></th>
<th><font face="Arial, Helvetica, sans-serif">Miles</font></th>
<th><font face="Arial, Helvetica, sans-serif">Kilometres</font></th>
<th><font face="Arial, Helvetica, sans-serif">Owners</font></th>
<th><font face="Arial, Helvetica, sans-serif">Doors</font></th>
<th><font face="Arial, Helvetica, sans-serif">Location</font></th>
<th><font face="Arial, Helvetica, sans-serif">Date</font></th>
</tr>

<?
include("dbinfo.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM addnewtbl ORDER BY date";
$result=mysql_query($query);
$num=mysql_num_rows($result);
mysql_close();

$i=0;
while ($i < $num) {

$urn=mysql_result($result,$i,"urn");
$make=mysql_result($result,$i,"make");
$model=mysql_result($result,$i,"model");
$price=mysql_result($result,$i,"price");
$engine=mysql_result($result,$i,"engine");
$transmission=mysql_result($result,$i,"transmission");
$year=mysql_result($result,$i,"year");
$colour=mysql_result($result,$i,"colour");
$mileagem=mysql_result($result,$i,"mileagem");
$mileagekm=mysql_result($result,$i,"mileagekm");
$owners=mysql_result($result,$i,"owners");
$doors=mysql_result($result,$i,"doors");
$location=mysql_result($result,$i,"location");
$info=mysql_result($result,$i,"info");
$date=mysql_result($result,$i,"date");
$ipaddress=mysql_result($result,$i,"ipaddress");
$imageurl1=mysql_result($result,$i,"imageurl1");
$imageurl2=mysql_result($result,$i,"imageurl2");
$imageurl3=mysql_result($result,$i,"imageurl3");

?>

<tr>
<td><font face="Arial, Helvetica, sans-serif">
        <? echo "<a href='deldnew.php?geturn=$urn&getpath1=$imageurl1&getpath2=$imageurl2&getpath3=$imageurl3'>DELETE</a>"; ?>
    </font>
</td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $urn; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $make; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $model; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $price; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $engine; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $year; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $colour; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $mileagem; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $mileagekm; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $owners; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $doors; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $location; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $date; ?></font></td>


</tr>

<?
$i++;
}

echo "</table>";

}

?>

And this page picked up the values and deleted the record / image:


<?php

session_start();

if (!$_SESSION['logged'])
{
    header("location: loginfl.php");
}
else
{


   //echo $_GET['geturn']; // output: bar
   $geturn=$_GET['geturn'];
   //echo "$geturn"; 

   $imageurl1=$_GET['getpath1'];
   $imageurl2=$_GET['getpath2'];
   $imageurl3=$_GET['getpath3'];

echo "$imageurl1</br>";
echo "$imageurl2</br>";
echo "$imageurl3</br>";


   unlink($imageurl1);
   unlink($imageurl2);
   unlink($imageurl3);



include("dbinfo.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="DELETE FROM addnewtbl WHERE urn = '$geturn'";
$result=mysql_query($query);
//$num=mysql_num_rows($result);
mysql_close();



echo "URN ";
echo "$geturn";
echo " has been deleted.";
echo "
</br>
</br><a href='adminhm.php'>Return to Admin Home</a>
</br><a href='index_actual.php'>Return to Home Page</a>


";

}
?>

JasonLewis · December 7, 2008

its not a heap faster but on some servers you also get

"glob() has been disabled for security reasons "

also it someomes give incorrect file sizes (only a few bytes out) all that and it being a little slower makes me use opendir instead..

Well I might have to go back to opendir() then.

xQuasar · December 11, 2008

Well for some reason I couldn't even get it to work after trying for ages, so instead I did it in a form and now it works.

And... attempting to limit upload extensions; it's not working. It's still letting everything through. what's wrong with it? T_T

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
    echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
} else {
//uploading php code, i've got this working, no help needed
}
?>

xQuasar · December 11, 2008

*bump*

MadTechie · December 12, 2008

try this *untested*

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$invalid = array('.htm','.html','.php','.js','.jse' ,'.exe','.bat','.asp');
if(in_array($ext, $invalid))
{
echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
}

Sign In

List files in directory + delete

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information