OmarSaab Posted August 13, 2016 Share Posted August 13, 2016 (edited) So I am creating a small file manager to manage uploaded files into a certain directory on my sever. I have created the attached code, but the issue is that when I click the download button, the webpage (html file) itself gets downloaded instead of the file in the directory that is supposed to be downloaded. Please note that there is no upload file type restrictions, so there are any file type you can imagine in this directory. I can't recognize the error in my code. Any help will be highly appreciated and that you in advance <html> <head> <title>My first PHP Page</title> </head> <body> <table border="1"> <?php $dir = 'uploads'; $files = scandir($dir); sort($files); $count = -1 ; foreach ($files as $file) { $v_download = "download_".$count; $v_delete = "delete_".$count; $v_rename = "rename_".$count; $fileName = $file; if ($file != '.' && $file != '..') { echo "<tr>"; echo "<td>"; echo $count; echo "</td>"; echo "<td>"; echo $file; echo "</td>"; echo "<td>"; echo "<form action='' method='post'><input type='submit' value='Download' name='".$v_download."'/></form>"; if(isset($_POST[$v_download])) { $filename = $_POST[$file]; header('Content-type: '.filetype($filename).'/'.pathinfo($filename, PATHINFO_EXTENSION)); header('Content-Disposition: attachment; filename="'.$filename.'"'); readfile('uploads/'.$filename); exit(); } echo "</td>"; echo "<td>"; echo "<form action='' method='post'><input type='submit' value='Delete' name='".$v_delete."'/></form>"; if(isset($_POST[$v_delete])) { // Your php delete code here echo "delete file : ".$file; } echo "</td>"; echo "<td>"; echo "<form action='' method='post'><input type='submit' value='Rename' name='".$v_rename."'/></form>"; if(isset($_POST[$v_rename])) { // Your php rename code here echo "rename file : ".$file; } echo "</td>"; echo "</tr>"; } $count++; } ?> </table> </body> </html> list.html Edited August 14, 2016 by requinix adding code inline Quote Link to comment Share on other sites More sharing options...
ginerjm Posted August 14, 2016 Share Posted August 14, 2016 I'm confused by your mix of "upload" and "download". Please clarify - are you moving files from your client (PC) to the server for storage or are you bringing files FROM your server to your client PC? Personally, I would call the former an upload the latter a download. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 14, 2016 Share Posted August 14, 2016 First off, letting users upload arbitrary files is suicidal. It's an open invitation to attack your server and other visitors. You can also get into legal trouble when your server starts spreading malware, copyrighted material or other illegal files. Don't do this, not even for testing, not even for a short amount of time. The “file manager” also cannot be taken seriously. It isn't even able to reliably distinguish between the different files, because the numbering scheme changes whenever the directory content changes. If I delete the “second file”, I have no idea if that's still the same file I saw when the page was initially loaded. It could be anything now. If you just want direct access to your filesystem, use SCP/SFTP. Otherwise you need to know what you're doing. A file upload must involve strict validation and a database for properly managing files. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.