Jump to content

Making a file manager

burtybob

By burtybob
in PHP Coding Help

 Share

Recommended Posts

burtybob Member

burtybob

Posted
Posted

Hello PHPfreaks again :)

 

So glad to be back in another great community :)

Here is my question does anyone know how I would go about making a file manager in php?

I just need basics like how to open the file in an editable way?

Also i know this is possible as webftp does it and so does awardspace and infact most web hosts have some sort of PHP file manager that they use for their users.

 

I use things like Dreamweaver and COULD use the webftp however this would mean that should i wish to have more coders from the game i would have to give them the password to the WHOLE of my web site business.

This proves a problem as it gives access to the database and scripts for every site i run and this causes a serious security problem and also  this way i can add and remove users to this list and they use their allready existing password and user account and i need to edit just the "access" file to the file manager I'd like to set up.

 

Thanks for your help,

 

Burtybob.

Link to comment
Share on other sites
burtybob Member

burtybob

Posted
  • Author
Posted

You are right it is more complicated and also it needs to be installed on the host server which would mean i would either:

 

A) Find a host which had a subversion or similar system installed

 

OR

 

B) Host from my computer which means haveing the system on all the time,

neither of these really appeal to me also I was thinking that if i can make a File Manager that i would be able incorperate it in my site much easier....

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

All your really need do is read a file into a textarea usinf fopen, make the edits, and rewrite the file using fwrite.

 

However creating a textarea capable of editing / adding / deleting files directly on the server opens a whole world of security issues. You would really won't to lock this thing down substantially. I put it to you that if you are here asking how to do this, your probably don't yet have the skills required to pull this off securely.

Link to comment
Share on other sites
burtybob Member

burtybob

Posted
  • Author
Posted

All your really need do is read a file into a textarea usinf fopen, make the edits, and rewrite the file using fwrite.

 

However creating a textarea capable of editing / adding / deleting files directly on the server opens a whole world of security issues. You would really won't to lock this thing down substantially. I put it to you that if you are here asking how to do this, your probably don't yet have the skills required to pull this off securely.

 

Hmm this is very true i dont know how to do this securely however this is something i will have to learn and considering looking at a fair few of the users of this forum i see that i may have a couple of years in which to catch up there expertise in this area, however going back to the point i AM willing to put in the time to both learn HOW to do this and how to do this SECURELY.

 

Whichever way around i need to learn these two items i will and please if you know of tutorial(s) that will help in either or both of these please post a link.

 

Thanks again in advance,

 

Burtybob

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

If you have a secure admin panel and you keep backups the method I came up with is to use the glob function

 

1) Start at the root current context of your choice and glob it for "*"

2) Use a while loop on the array of results and differentiate between files and folders.

3a) If they click a file open it in a new window in a textarea with file_get_contents replace with file_put_contents

3b) If its a folder reload the current page changing the current context.

 

 

Step 3 can be redone with ajax, but its a bit complicated.  I started doing one ajax + JS for sliding folders and it slightly worked, but wasn't great.

 

The key is just lockin this script to an area that is secure, and verifying that the moving context in step 3b is not in a "secure" area. 

 

Also step 2 could be a limiter and say if its not a folder and not a  .htm, .js, .html, .php, .asp, .aspx, etc. then don't let the person have access to it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.