Virtual Path Problems?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cthom053
Forum Newbie
Posts: 2
Joined: Fri Jun 12, 2009 4:05 pm

Virtual Path Problems?

Post by cthom053 »

Hi all, I'm getting my feet wet with some wondrous .php scripting and I love it. I have hit a snag though and would greatly appreciate any help or suggestions. I have a friend who wants me do design a website with dynamic photo galleries. So there should be no maintenance for him other than adding new directories with photos in them.

So I thought .php and then DynamicDrive and downloaded a free photo gallery script. It is dynamic in the sense that it detects the photos within the directory that the "getpics.php" file is located in. With multiple directories and new ones being added, I didn't like this. So I did a little editing and got it so I can enter in my own directories.

When the page loads up it runs football.php (for the football game photo directories)

Code: Select all

 
<?php
 
// open this directory 
$myDirectory = opendir("./galleries/sportsevents/football");
 
// get each entry
while($entryName = readdir($myDirectory)) {
    $dirArray[] = $entryName;
}
 
// close directory
closedir($myDirectory);
 
//  count elements in array
$indexCount = count($dirArray);
Print ("$indexCount files<br>\n");
 
// sort 'em
sort($dirArray);
 
// print 'em
print("<TABLE border=1 cellpadding=5 cellspacing=0 class=whitelinks>\n");
print("<TR><TH>Filename</TH><th>Filetype</th><th>Filesize</th></TR>\n");
// loop through the array of files and print them all
for($index=0; $index < $indexCount; $index++) {
        if (substr("$dirArray[$index]", 0, 1) != "."){ // don't list hidden files
        
        print("<TR><TD><a href=gen_gal.php?album=$dirArray[$index]>$dirArray[$index]</a></td>");
        print("<td>");
        print(dirname($dirArray[$index]));
        print("</td>");
        print("<td>");
    }
}
 
print("</TABLE>\n");
 
 
?>
[b]
From this a user would click on the link in the folder to "gen_gal.php" and it would put the chosen directory name in the url. 
 
gen_gal.php then runs getpics.php on loadup. Get pics sends an array and file path to the .js script and that is what creates the images:
[/b]
<?
 
Header("content-type: application/x-javascript");
 
function returnimages() {
    
   $dirname=realpath(".");
   
   $pattern="\.(jpg|jpeg|png|gif|bmp)$";
   $files = array();
   $curimage=0;
   if($handle = opendir($dirname)) {
       while(false !== ($file = readdir($handle))){
               if(eregi($pattern, $file)){
         $filedate=date ("M d, Y H:i:s", filemtime($file));
                 echo 'galleryarray[' . $curimage .']=["' . $file . '", "'.$filedate.'"];' . "\n";
                 $curimage++;
               }
       }
 
       closedir($handle);
   }
   return($files);
}
 
$tempDir="/images/";
 
/** This sends over the variable imagepath to the .js and the array**/
echo "var imagepath=";
echo $tempDir;
echo ";";
echo "\n";
 
echo "var galleryarray=new Array();" . "\n";
returnimages();
?> 
 
The problem lies with the $dirname variable at the top. If I change the directory to anything but "." it does not load anything. I have searched a few forums and haven't found anything I'm doing wrong. Again, any help would be greatly appreciated! Thanks!
Last edited by Benjamin on Fri Jun 12, 2009 5:49 pm, edited 1 time in total.
Reason: Added [code=php] tags.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Virtual Path Problems?

Post by requinix »

Follow the file paths from start to end:
- You start with ./galleries/sportsevents/football
- Each $entryName will be a filename without the path
- You pass that lone filename to gen_gal.php
- gen_gal.php uses $_GET["album"] to get the filename

The first problem isn't obvious: $entryName might not be a directory name. It might be "." or ".." too. So

Code: Select all

// get each entry
while($entryName = readdir($myDirectory)) {
    if ($entryName != "." && $entryName != ".." && is_dir($entryName)) {
        $dirArray[] = $entryName;
    }
}
The second problem is that you don't hold on to directory names anywhere. Neither $entryName nor $dirArray have any information about where those files are located but gen_gal.php needs to know. So second revision:

Code: Select all

$dir = "galleries/sportsevents/football";
 
// open this directory
$myDirectory = opendir($dir);
 
// get each entry
while($entryName = readdir($myDirectory)) {
    if ($entryName != "." && $entryName != ".." && is_dir($entryName)) {
        $dirArray[] = $dir . $entryName;
    }
}
In gen_gal.php, $_GET["album"] will be the folder path. Pass that to realpath(). Actually no: use it as a function argument (see below). But how do you know the path is good?

The third problem: what if someone entered in a bad path? Maybe one that doesn't exist, or maybe one that has images you don't want people to see. You need to validate the path.

If you want to restrict it to galleries/ then you can use strncmp to check that two strings begin with the same characters:

Code: Select all

function returnimages($path) {
 
    $dirname=realpath($path);
    // $allowed is the path to galleries/
    // shortcut: if galleries/ and this file are in the same directory then you can do
    $allowed = dirname(__FILE__) . "/galleries/";
    // check for a valid path
    if (strncmp($dirname, $allowed, strlen($allowed)) == 0 && is_dir($dirname)) {
        // okay
    } else {
        // not okay
        // don't process any files - just return an empty array
        return array();
    }
 
    $pattern="\.(jpg|jpeg|png|gif|bmp)$";
    $files = array();
    $curimage=0;
    if($handle = opendir($dirname)) {
        while(false !== ($file = readdir($handle))){
            if(eregi($pattern, $file)){
                $filedate=date ("M d, Y H:i:s", filemtime($file));
                echo 'galleryarray[' . $curimage .']=["' . $file . '", "'.$filedate.'"];' . "\n";
                $curimage++;
            }
        }
 
        closedir($handle);
    }
    return($files);
}
 
if (isset($_GET["album"])) { // we have to know where to look
    // do stuff
    // ...
    returnimages($_GET["album"]);
} else { // no path information
    // ???
}
cthom053
Forum Newbie
Posts: 2
Joined: Fri Jun 12, 2009 4:05 pm

Re: Virtual Path Problems?

Post by cthom053 »

Oh my goodness thank you! :D I have been out all this weekend and was so happy to find your reply this morning. I'll give it a shot. You've helped me learn a lot already. And hopefully, when I'm a .php wizard I can give out some excellent help as well.
Post Reply