Jump to content

Recommended Posts

I'm trying to make a feature in which users can upload up to 10 files in a certain directory that belongs to them; and when there are 10 files in that directory there is no upload feature anymore. I've got all that working, now the last thing I want is a delete button next to each of the files listed so they can delete & download the file. With delete, this is what I'm trying to do:

 

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php>DELETE</a><br />";
        }
    }
    closedir($handle);
}
?>

 

And here is my deletefile.php:

<?php
session_start();
$username_saved = $_SESSION['username_saved'];

unlink("$username_saved/extras/$file");

?>

 

However, when I try to use the delete button, it gives me the error:

 

Warning: unlink(watson516/extras/) [function.unlink]: Permission denied in C:\Program Files\AbyssWebServer\htdocs\deletefile.php on line 5

 

What's wrong? And as with the downloads, I have no idea how to do it. Any help would be appreciated.

Link to comment
https://forums.phpfreaks.com/topic/135834-list-files-in-directory-delete/
Share on other sites

opendir  is faster  than glob()

 

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
   while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />"; //updated
        }
    }
    closedir($handle);
}
?>

 

<?php
session_start();
$username_saved = $_SESSION['username_saved'];
$file= basename($_GET['file']);//added
unlink("$username_saved/extras/$file");

?>

its not a heap faster but on some servers you also get

"glob() has been disabled for security reasons "

also it someomes give incorrect file sizes (only a few bytes out) all that and it being a little slower makes me use opendir instead..

 

I wrote the following recently to delete a records and image files:

 

This page listed the records:

 

<?php
session_start();

if (!$_SESSION['logged'])
{
    header("location: loginfl.php");
}
else
{
?>

<html>
<body>

<table border="1" cellspacing="2" cellpadding="2">
<tr>
<th><font face="Arial, Helvetica, sans-serif">Delete</font></th>
<th><font face="Arial, Helvetica, sans-serif">URN</font></th>
<th><font face="Arial, Helvetica, sans-serif">Make</font></th>
<th><font face="Arial, Helvetica, sans-serif">Model</font></th>
<th><font face="Arial, Helvetica, sans-serif">Price</font></th>
<th><font face="Arial, Helvetica, sans-serif">Engine</font></th>
<th><font face="Arial, Helvetica, sans-serif">Year</font></th>
<th><font face="Arial, Helvetica, sans-serif">Colour</font></th>
<th><font face="Arial, Helvetica, sans-serif">Miles</font></th>
<th><font face="Arial, Helvetica, sans-serif">Kilometres</font></th>
<th><font face="Arial, Helvetica, sans-serif">Owners</font></th>
<th><font face="Arial, Helvetica, sans-serif">Doors</font></th>
<th><font face="Arial, Helvetica, sans-serif">Location</font></th>
<th><font face="Arial, Helvetica, sans-serif">Date</font></th>
</tr>

<?
include("dbinfo.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM addnewtbl ORDER BY date";
$result=mysql_query($query);
$num=mysql_num_rows($result);
mysql_close();

$i=0;
while ($i < $num) {

$urn=mysql_result($result,$i,"urn");
$make=mysql_result($result,$i,"make");
$model=mysql_result($result,$i,"model");
$price=mysql_result($result,$i,"price");
$engine=mysql_result($result,$i,"engine");
$transmission=mysql_result($result,$i,"transmission");
$year=mysql_result($result,$i,"year");
$colour=mysql_result($result,$i,"colour");
$mileagem=mysql_result($result,$i,"mileagem");
$mileagekm=mysql_result($result,$i,"mileagekm");
$owners=mysql_result($result,$i,"owners");
$doors=mysql_result($result,$i,"doors");
$location=mysql_result($result,$i,"location");
$info=mysql_result($result,$i,"info");
$date=mysql_result($result,$i,"date");
$ipaddress=mysql_result($result,$i,"ipaddress");
$imageurl1=mysql_result($result,$i,"imageurl1");
$imageurl2=mysql_result($result,$i,"imageurl2");
$imageurl3=mysql_result($result,$i,"imageurl3");

?>

<tr>
<td><font face="Arial, Helvetica, sans-serif">
        <? echo "<a href='deldnew.php?geturn=$urn&getpath1=$imageurl1&getpath2=$imageurl2&getpath3=$imageurl3'>DELETE</a>"; ?>
    </font>
</td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $urn; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $make; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $model; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $price; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $engine; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $year; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $colour; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $mileagem; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $mileagekm; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $owners; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $doors; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $location; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><? echo $date; ?></font></td>


</tr>

<?
$i++;
}

echo "</table>";

}

?>

 

And this page picked up the values and deleted the record / image:

 


<?php

session_start();

if (!$_SESSION['logged'])
{
    header("location: loginfl.php");
}
else
{


   //echo $_GET['geturn']; // output: bar
   $geturn=$_GET['geturn'];
   //echo "$geturn"; 

   $imageurl1=$_GET['getpath1'];
   $imageurl2=$_GET['getpath2'];
   $imageurl3=$_GET['getpath3'];

echo "$imageurl1</br>";
echo "$imageurl2</br>";
echo "$imageurl3</br>";


   unlink($imageurl1);
   unlink($imageurl2);
   unlink($imageurl3);



include("dbinfo.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="DELETE FROM addnewtbl WHERE urn = '$geturn'";
$result=mysql_query($query);
//$num=mysql_num_rows($result);
mysql_close();



echo "URN ";
echo "$geturn";
echo " has been deleted.";
echo "
</br>
</br><a href='adminhm.php'>Return to Admin Home</a>
</br><a href='index_actual.php'>Return to Home Page</a>


";

}
?>



its not a heap faster but on some servers you also get

"glob() has been disabled for security reasons "

also it someomes give incorrect file sizes (only a few bytes out) all that and it being a little slower makes me use opendir instead..

 

 

Well I might have to go back to opendir() then.

Well for some reason I couldn't even get it to work after trying for ages, so instead I did it in a form and now it works.

 

And... attempting to limit upload extensions; it's not working. :( It's still letting everything through. what's wrong with it? T_T

 

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);

if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
    echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
} else {
//uploading php code, i've got this working, no help needed
}
?>

try this *untested*

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$invalid = array('.htm','.html','.php','.js','.jse' ,'.exe','.bat','.asp');
if(in_array($ext, $invalid))
{
echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.