Jump to content

Delete files with same prefix name but different extensions-php


sagar_24

Recommended Posts

I want to delete files(Image File) with different extensions(like jpg,png) having same name.
I don't know what's wrong My code seems alright.
Here I'm taking the file name from HTML
    HTML:
    
    <a href="123.php?file=2"><button class="btn2">Delete File:2</button></a>
    
    PHP:
    
    <?php
    
    $base_directory = 'uploads/';
    if(unlink($base_directory.$_GET['file*.*']))
        echo "File Deleted.";
    ?>

And I've even tried passing the extensions through HTML as well, which felt quite alright too. But didn't work at all Please shed some light on what seems to be the problem would appreciate it.

 HTML:
    <a href="123.php?file=2.jpg && file=2.png"><button class="btn2">Delete 
    File:2</button></a>


    PHP:

    <?php

    $base_directory = 'uploads/';
    if(unlink($base_directory.$_GET['file']))
    echo "File Deleted.";
    ?>

 

Link to comment
Share on other sites

I don't believe unlink() works with patterns, so glob + loop + unlink.

My first try was with glob but in my case glob wasn't able to locate the directory so i went ahead with this 

could you give me a link or example or glob similar to my case

appreciate the reply

Link to comment
Share on other sites

This script will delete anything the user asks for as long as the webserver has permissions to do so. Since a lot of web applications are both running under and owned by the same webserver account, this means a user can probably wipe your entire document root – and maybe more.

 

Do – not – trust – user – input. Do not let it anywhere near a file path, unless you've extensively validated the input and made sure it's harmless. Using GET requests to delete data is also a very bad idea, because this violates the HTTP protocol. GET is strictly for getting data (hence the name) and mustn't have any side effects. If you break that assumption, you quickly end up with accidental deletions due to page reloads, bookmarks etc. On top of that, your code is wide open to CSRF attacks, which means that more or less everybody can freely delete files on your server.

 

Learn the basics of HTTP, especially the meaning of GET and POST. Understand that the WWW is a public infrastructure with a lot of hostile activity. Even if you think your website is restricted to a handful of users, that's not actually the case. The script you've shown can be attacked by anybody who has read a few Wikipedia articles.

Link to comment
Share on other sites

This script will delete anything the user asks for as long as the webserver has permissions to do so. Since a lot of web applications are both running under and owned by the same webserver account, this means a user can probably wipe your entire document root – and maybe more.

 

Do – not – trust – user – input. Do not let it anywhere near a file path, unless you've extensively validated the input and made sure it's harmless. Using GET requests to delete data is also a very bad idea, because this violates the HTTP protocol. GET is strictly for getting data (hence the name) and mustn't have any side effects. If you break that assumption, you quickly end up with accidental deletions due to page reloads, bookmarks etc. On top of that, your code is wide open to CSRF attacks, which means that more or less everybody can freely delete files on your server.

 

Learn the basics of HTTP, especially the meaning of GET and POST. Understand that the WWW is a public infrastructure with a lot of hostile activity. Even if you think your website is restricted to a handful of users, that's not actually the case. The script you've shown can be attacked by anybody who has read a few Wikipedia articles.

Thanks You so much for the info sir

and as i'm a noob i'll surely understand security norms of http as time goes

But for now this is just a college project that i'm working on and the real life implementation only requires  the admin to make all changes 

that's the reason i'm not concerned with my script security here 

But i do appreciate the knowledge

Link to comment
Share on other sites

But for now this is just a college project [...]

 

If I got a dollar every time somebody says this, I would be a rich man.

 

I don't know what kind of college is this, but my professors actually checked my work and would have immediately rejected a submission which doesn't even survive the most basic tests. This is not just wrong. It shows a fundamental misunderstand of programming basics.

Link to comment
Share on other sites

If I got a dollar every time somebody says this, I would be a rich man.

 

I don't know what kind of college is this, but my professors actually checked my work and would have immediately rejected a submission which doesn't even survive the most basic tests. This is not just wrong. It shows a fundamental misunderstand of programming basics.

Haha You'll be rich anyways.

I know the college is too bad to care

But this project is like a notice board to keep students updated so only the admin will have the ip or access to do it 

and so not to misunderstand any basics i'm using glob instead of get now

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.