Login   Register  
PHP Classes
elePHPant
Icontem

File: index.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Jaswinder  >  PHP File Management Script  >  index.php  >  Download  
File: index.php
Role: Example script
Content type: text/plain
Description: Sample output
Class: PHP File Management Script
Manager of server side files and directories
Author: By
Last change: Exit script if users try to add ".." in file and directory path to prevent system hacking. Without this code, users can list directories above the configured directory; even system files.
Date: 2013-02-12 06:52
Size: 6,617 bytes
 

Contents

Class file image Download
<?php
require_once('class.phpmyfileeditor.php');

//Base Directory which will be used to scan files/folders to be editable
$config['dir']['base'] = 'test';
$config['access']['user'] = 'admin';//This will be used to create .htpasswd file
$config['access']['pass'] = 'admin';//This will be used to create .htpasswd file


//Get File, Directory to be scanned
$file filter_input(INPUT_GET,'file',FILTER_SANITIZE_STRING);
$dir filter_input(INPUT_GET,'dir',FILTER_SANITIZE_STRING);
$remove filter_input(INPUT_GET,'remove',FILTER_VALIDATE_INT);
$newfile filter_input(INPUT_POST,'newfile',FILTER_SANITIZE_STRING);
$submitfile filter_input(INPUT_POST,'submitfile',FILTER_SANITIZE_STRING);
$submitdir filter_input(INPUT_POST,'submitdir',FILTER_SANITIZE_STRING);

//FileContents is submitted by form which will have contents to update the file
$fileContents filter_input(INPUT_POST,'filecontents',FILTER_UNSAFE_RAW);

$errMsg $errClass '';

//Check for .. in Directory name
//This is to prevent users adding that in directory name and getting list of parent directories above directory listed in config
$listDir explode('/',str_replace('\\','/',$dir));
$listFile explode('/',str_replace('\\','/',$file));

if(
in_array('..',$listDir) || in_array('..',$listFile)){
    exit(
'.. not allowed in the path');
}

try{
    
//Start using My PHP File Editor class
    
$fileEditor = new PhpMyFileEditor($config);
}catch(
DirNotFoundException $e){
    
$errMsg $e->getMessage();
}

if(
$newfile != ''){
    try{
        if(
$submitfile != ''){
            
$fileEditor->createNewFile(($dir=='')?$newfile:$dir.'/'.$newfile);
            
$errMsg 'File was created!';
        }elseif(
$submitdir != ''){
            
$fileEditor->createNewDirectory(($dir=='')?$newfile:$dir.'/'.$newfile);
            
$errMsg 'Directory was created!';
        }
        
$errClass 'success';
        
$file $dir.'/'.$newfile;//Change $file so this file can be edited right away
        //Redirect users while setting new file and directory name set in URL so users can start editing it right away
        //Just setting $file to new value won't work because edit form uses INPUT_GET for $file and with new file submission, that is not set in URL
        
header('Location: '.$fileEditor->getLink($_SERVER['SCRIPT_NAME'],array('file'=>($dir=='')?$newfile:$dir.'/'.$newfile,'dir'=>$dir)));
        exit;
    }catch(
AlreadyExistsException $e){
        
$errMsg $e->getMessage();
        
$errClass 'error';
    }
}

//If File to be edited was set and File contents were submitted via form then update that file
if($fileContents != ''){
    try{
        
$fileEditor->updateFile($file,$fileContents);
        
$errMsg 'File was updated!';
        
$errClass 'success';
    }catch(
FileExistsException $e){
        
$errMsg $e->getMessage();
        
$errClass 'error';
    }
}

//Remove directory/file
if($remove == 1){
    
$toRemove = ($file == '')?$dir:$file;
    if(
$fileEditor->removeDirFile($toRemove)){
        
$errMsg 'Removal Sucessful!';
        
$errClass 'success';
        
header('Location: '.$fileEditor->getLink($_SERVER['SCRIPT_NAME'],array('dir'=>(dirname($toRemove) == '.'?'':dirname($toRemove)))));
        exit;
    }else{
        
$errMsg 'Some error occured!';
        
$errClass 'error';
    }
}

//Get left nav based on directory selected by user
//At first, it will use base directory
$leftNav = (isset($fileEditor) && is_object($fileEditor))?$fileEditor->getLeftNav($dir):'';
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>PHP My File Editor</title>
    <style type="text/css">
        body{
            margin:0;
            padding:0;
            line-height: 1.5em;
        }

        b{font-size: 110%;}
        em{color: red;}

        #maincontainer{
            width: 100%; /*Width of main container*/
            margin: 0 auto; /*Center container on page*/
        }

        #topsection{
            background: #EAEAEA;
            height: 90px; /*Height of top section*/
        }

        #topsection h1{
            margin: 0;
            padding-top: 15px;
        }

        #contentwrapper{
            float: left;
            width: 78%;
        }

        #contentcolumn{
            margin-left: 0%; /*Set left margin to LeftColumnWidth*/
            margin-right: 2%;
        }

        #leftcolumn{
            float: left;
            width: 15%; /*Width of left column*/
            background: #C8FC98;
        }

        #footer{
            clear: left;
            width: 100%;
            background: black;
            color: #FFF;
            text-align: center;
            padding: 4px 0;
        }

        #footer a{
            color: #FFFF80;
        }

        .innertube{
            margin: 10px; /*Margins for inner DIV inside each column (to provide padding)*/
            margin-top: 0;
        }
        .info, .success, .warning, .error, .validation {
            border: 1px solid;
            margin: 10px 0px;
            padding:15px 10px 15px 50px;
            background-repeat: no-repeat;
            background-position: 10px center;
            width:50%;
        }
        .info {
            color: #00529B;
            background-color: #BDE5F8;
            background-image: url('info.png');
        }
        .success {
            color: #4F8A10;
            background-color: #DFF2BF;
            background-image:url('success.png');
        }
        .warning {
            color: #9F6000;
            background-color: #FEEFB3;
            background-image: url('warning.png');
        }
        .error {
            color: #D8000C;
            background-color: #FFBABA;
            background-image: url('error.png');
        }
</style>

</head>
<body>
<div id="maincontainer">
    <div id="topsection"><div class="innertube"><h1>PHP My File Editor</h1></div></div>

    <div id="leftcolumn">
        <div class="innertube"><?php echo $leftNav;?>
            <form name="newfile" method="post">
                <input type="text" name="newfile" value="">
                <input type="submit" name="submitfile" value="Create New File"><br>
                <input type="submit" name="submitdir" value="Create New Directory">
            </form>
        </div>
    </div>
    <div id="contentwrapper">
        <div id="contentcolumn">
            <div class="innertube">
                <?php
                    
if($errMsg != ''){
                        echo 
'<div class="info '.$errClass.'">'.$errMsg.'</div>';
                    }
                
?>
                <?php
                    
if(is_file($config['dir']['base'].'/'.$file)){
                
?>
                    <form name="update" method="post">
                        <input type="hidden" name="file" value="<?php echo $file;?>">
                        <label for="filecontents">File: <strong><a target="_blank" href="<?php echo $config['dir']['base'].'/'.$file;?>"><?php echo $config['dir']['base'].'/'.$file;?></a></strong></label><br>
                        <textarea name="filecontents" rows="20" cols="100"><?php echo file_get_contents($config['dir']['base'].'/'.$file);?></textarea><br>
                        <input type="submit" name="submit" value="Update File">
                    </form>
                <?php
                    
}
                
?>
            </div>
        </div>
    </div>

    <div id="footer"><a href="http://www.rattanpal.com/">Jaswinder Rattanpal</a></div>

</div>
</body>
</html>