tosan45 Posted August 13, 2016 Share Posted August 13, 2016 This are the codes i have worked on am trying to create an E-library <div id="container"> <h1>Philosophy & Psychology</h1> <table class="sortable"> <thead> <tr> <th>Filename</th> <th>Type</th> <th>Size</th> <th>Date Modified</th> </tr> </thead> <tbody><?php // Adds pretty filesizes function pretty_filesize($file) { $size=filesize($file); if($size<1024){$size=$size." Bytes";} elseif(($size<1048576)&&($size>1023)){$size=round($size/1024, 1)." KB";} elseif(($size<1073741824)&&($size>1048575)){$size=round($size/1048576, 1)." MB";} else{$size=round($size/1073741824, 1)." GB";} return $size; } // Checks to see if veiwing hidden files is enabled if($_SERVER['QUERY_STRING']=="hidden") {$hide=""; $ahref="./"; $atext="Hide";} else {$hide="."; $ahref="./?hidden"; $atext="Show";} // Opens directory $myDirectory=opendir("."); // set forbidden files $forbiddenExts = array("php", "ico", "html"); // Gets each entry while($entryName=readdir($myDirectory)) { if (is_file($entryName)) { $exts = explode(".", $entryName); if(!in_array($exts[1],$forbiddenExts)) { $dirArray[]=$entryName; } } } // Closes directory closedir($myDirectory); // Counts elements in array $indexCount=count($dirArray); // Sorts files sort($dirArray); // Loops through the array of files for($index=0; $index < $indexCount; $index++) { // Decides if hidden files should be displayed, based on query above. if(substr("$dirArray[$index]", 0, 1)!=$hide) { // Resets Variables $favicon=""; $class="file"; // Gets File Names $name=$dirArray[$index]; $namehref=$dirArray[$index]; // Gets Date Modified $modtime=date("M j Y g:i A", filemtime($dirArray[$index])); $timekey=date("YmdHis", filemtime($dirArray[$index])); // Separates directories, and performs operations on those directories if(is_dir($dirArray[$index])) { $extn="<Directory>"; $size="<Directory>"; $sizekey="0"; $class="dir"; // Gets favicon.ico, and displays it, only if it exists. if(file_exists("$namehref/favicon.ico")) { $favicon=" style='background-image:url($namehref/favicon.ico);'"; $extn="<Website>"; } // Cleans up . and .. directories if($name=="."){$name=". (Current Directory)"; $extn="<System Dir>"; $favicon=" style='background-image:url($namehref/.favicon.ico);'";} if($name==".."){$name=".. (Parent Directory)"; $extn="<System Dir>";} } // File-only operations else{ // Gets file extension $extn=pathinfo($dirArray[$index], PATHINFO_EXTENSION); // Prettifies file type switch ($extn){ case "png": $extn="PNG Image"; break; case "jpg": $extn="JPEG Image"; break; case "jpeg": $extn="JPEG Image"; break; case "svg": $extn="SVG Image"; break; case "gif": $extn="GIF Image"; break; case "ico": $extn="Windows Icon"; break; case "txt": $extn="Text File"; break; case "log": $extn="Log File"; break; case "htm": $extn="HTML File"; break; case "html": $extn="HTML File"; break; case "xhtml": $extn="HTML File"; break; case "shtml": $extn="HTML File"; break; case "php": $extn="PHP Script"; break; case "js": $extn="Javascript File"; break; case "css": $extn="Stylesheet"; break; case "pdf": $extn="PDF Document"; break; case "xls": $extn="Spreadsheet"; break; case "xlsx": $extn="Spreadsheet"; break; case "doc": $extn="Microsoft Word Document"; break; case "docx": $extn="Microsoft Word Document"; break; case "zip": $extn="ZIP Archive"; break; case "htaccess": $extn="Apache Config File"; break; case "exe": $extn="Windows Executable"; break; default: if($extn!=""){$extn=strtoupper($extn)." File";} else{$extn="Unknown";} break; } // Gets and cleans up file size $size=pretty_filesize($dirArray[$index]); $sizekey=filesize($dirArray[$index]); } // Output echo(" <tr class='$class'> <td><a href='./$namehref'$favicon class='name'>$name</a></td> <td><a href='./$namehref'>$extn</a></td> <td sorttable_customkey='$sizekey'><a href='./$namehref'>$size</a></td> <td sorttable_customkey='$timekey'><a href='./$namehref'>$modtime</a></td> </tr>"); } } ?> </tbody> </table> </div> Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 13, 2016 Share Posted August 13, 2016 (edited) So what is your question? And what on earth are you doing there? Why would you show all files of the internal application directory (minus a few blacklisted extensions) for everybody to see? Do you not understand how risky this is? If you want to serve a collection of files, you put them into a separate directory, not right between your PHP scripts. Edited August 13, 2016 by Jacques1 Quote Link to comment Share on other sites More sharing options...
tosan45 Posted August 13, 2016 Author Share Posted August 13, 2016 i am two months old with php, i already have a directory and inside he directory are folders in the directory, i want to access the documents in the folders of the directory individually Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 13, 2016 Share Posted August 13, 2016 My point is that you must not store your documents in the same directory which contains your PHP scripts, .htaccess files and other internal data, because those are none of the user's business. You have to create an extra folder (let's call it “documents”) and display the content of that folder: <?php const DOCUMENT_DIRECTORY = __DIR__.'/documents'; // __DIR__ is the path of the current directory // iterate over documents in the document directory foreach (glob(DOCUMENT_DIRECTORY.'/*') as $document) { var_dump($document); } This is a lot safer, because the document directory by definition only contains public files (and hidden files like .htaccess are automatically skipped). This also means you can get rid of the blacklisting stuff. Besides that, I'm not sure what you're asking. Do you want to be able to click on a subdirectory and get its content? This is slightly more difficult. You have to make the webserver rewrite all URLs pointing to directories (but not files) within the document directory so that the requests are instead sent to your script (together with the original URL). Within the script, you verify the received path and then display the content. Which webserver are you using? Apache? A word of advice: Since you're new to PHP and have chosen a fairly critical project, I strongly recommend you don't put this online yet. Run it on your PC, use it for learning, but don't expose it to the Internet. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.