PHP Classes

File: index.php

Recommend this page to a friend!
  Classes of Jaswinder   PHP File Management Script   index.php   Download  
File: index.php
Role: Example script
Content type: text/plain
Description: Sample output
Class: PHP File Management Script
Manager of server side files and directories
Author: By
Last change: Exit script if users try to add ".." in file and directory path to prevent system hacking. Without this code, users can list directories above the configured directory; even system files.
Date: 9 years ago
Size: 6,617 bytes


Class file image Download

//Base Directory which will be used to scan files/folders to be editable
$config['dir']['base'] = 'test';
$config['access']['user'] = 'admin';//This will be used to create .htpasswd file
$config['access']['pass'] = 'admin';//This will be used to create .htpasswd file

//Get File, Directory to be scanned
$file = filter_input(INPUT_GET,'file',FILTER_SANITIZE_STRING);
$dir = filter_input(INPUT_GET,'dir',FILTER_SANITIZE_STRING);
$remove = filter_input(INPUT_GET,'remove',FILTER_VALIDATE_INT);
$newfile = filter_input(INPUT_POST,'newfile',FILTER_SANITIZE_STRING);
$submitfile = filter_input(INPUT_POST,'submitfile',FILTER_SANITIZE_STRING);
$submitdir = filter_input(INPUT_POST,'submitdir',FILTER_SANITIZE_STRING);

//FileContents is submitted by form which will have contents to update the file
$fileContents = filter_input(INPUT_POST,'filecontents',FILTER_UNSAFE_RAW);

$errMsg = $errClass = '';

//Check for .. in Directory name
//This is to prevent users adding that in directory name and getting list of parent directories above directory listed in config
$listDir = explode('/',str_replace('\\','/',$dir));
$listFile = explode('/',str_replace('\\','/',$file));

in_array('..',$listDir) || in_array('..',$listFile)){
'.. not allowed in the path');

//Start using My PHP File Editor class
$fileEditor = new PhpMyFileEditor($config);
DirNotFoundException $e){
$errMsg = $e->getMessage();

$newfile != ''){
$submitfile != ''){
$errMsg = 'File was created!';
$submitdir != ''){
$errMsg = 'Directory was created!';
$errClass = 'success';
$file = $dir.'/'.$newfile;//Change $file so this file can be edited right away
        //Redirect users while setting new file and directory name set in URL so users can start editing it right away
        //Just setting $file to new value won't work because edit form uses INPUT_GET for $file and with new file submission, that is not set in URL
header('Location: '.$fileEditor->getLink($_SERVER['SCRIPT_NAME'],array('file'=>($dir=='')?$newfile:$dir.'/'.$newfile,'dir'=>$dir)));
AlreadyExistsException $e){
$errMsg = $e->getMessage();
$errClass = 'error';

//If File to be edited was set and File contents were submitted via form then update that file
if($fileContents != ''){
$errMsg = 'File was updated!';
$errClass = 'success';
FileExistsException $e){
$errMsg = $e->getMessage();
$errClass = 'error';

//Remove directory/file
if($remove == 1){
$toRemove = ($file == '')?$dir:$file;
$errMsg = 'Removal Sucessful!';
$errClass = 'success';
header('Location: '.$fileEditor->getLink($_SERVER['SCRIPT_NAME'],array('dir'=>(dirname($toRemove) == '.'?'':dirname($toRemove)))));
$errMsg = 'Some error occured!';
$errClass = 'error';

//Get left nav based on directory selected by user
//At first, it will use base directory
$leftNav = (isset($fileEditor) && is_object($fileEditor))?$fileEditor->getLeftNav($dir):'';
<!DOCTYPE html>
<html lang="en">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>PHP My File Editor</title>
    <style type="text/css">
            line-height: 1.5em;

        b{font-size: 110%;}
        em{color: red;}

            width: 100%; /*Width of main container*/
            margin: 0 auto; /*Center container on page*/

            background: #EAEAEA;
            height: 90px; /*Height of top section*/

        #topsection h1{
            margin: 0;
            padding-top: 15px;

            float: left;
            width: 78%;

            margin-left: 0%; /*Set left margin to LeftColumnWidth*/
            margin-right: 2%;

            float: left;
            width: 15%; /*Width of left column*/
            background: #C8FC98;

            clear: left;
            width: 100%;
            background: black;
            color: #FFF;
            text-align: center;
            padding: 4px 0;

        #footer a{
            color: #FFFF80;

            margin: 10px; /*Margins for inner DIV inside each column (to provide padding)*/
            margin-top: 0;
        .info, .success, .warning, .error, .validation {
            border: 1px solid;
            margin: 10px 0px;
            padding:15px 10px 15px 50px;
            background-repeat: no-repeat;
            background-position: 10px center;
        .info {
            color: #00529B;
            background-color: #BDE5F8;
            background-image: url('info.png');
        .success {
            color: #4F8A10;
            background-color: #DFF2BF;
        .warning {
            color: #9F6000;
            background-color: #FEEFB3;
            background-image: url('warning.png');
        .error {
            color: #D8000C;
            background-color: #FFBABA;
            background-image: url('error.png');

<div id="maincontainer">
    <div id="topsection"><div class="innertube"><h1>PHP My File Editor</h1></div></div>

    <div id="leftcolumn">
        <div class="innertube"><?php echo $leftNav;?>
<form name="newfile" method="post">
                <input type="text" name="newfile" value="">
                <input type="submit" name="submitfile" value="Create New File"><br>
                <input type="submit" name="submitdir" value="Create New Directory">
    <div id="contentwrapper">
        <div id="contentcolumn">
            <div class="innertube">
if($errMsg != ''){
'<div class="info '.$errClass.'">'.$errMsg.'</div>';
<form name="update" method="post">
                        <input type="hidden" name="file" value="<?php echo $file;?>">
                        <label for="filecontents">File: <strong><a target="_blank" href="<?php echo $config['dir']['base'].'/'.$file;?>"><?php echo $config['dir']['base'].'/'.$file;?></a></strong></label><br>
                        <textarea name="filecontents" rows="20" cols="100"><?php echo file_get_contents($config['dir']['base'].'/'.$file);?></textarea><br>
                        <input type="submit" name="submit" value="Update File">

    <div id="footer"><a href="">Jaswinder Rattanpal</a></div>