Page 1 of 1
a problem with directory class
Posted: Tue Mar 30, 2004 4:57 pm
by mudkicker
Code: Select all
<?php
class Dizin {
var $dizin;
var $dosya;
function Dizin($dizin) {
//error_reporting(0);
$this->dizin = $dizin;
}
function DizinGoster() {
$handle = opendir($this->dizin);
while ($file = readdir($handle)) {
if(is_dir($file)) {
print $file." [+]<br>";
}
else {
print $file." <br>";
$this->BilgiGoster($file);
}
}
}
function BilgiGoster($dosya) {
print "<blockquote><div style="font-size:9px;font-face=Verdana;">";
print "Son Değiştirilme: ".filemtime($dosya)."<br>";
print "Dosya Boyutu: ".filesize($dosya)."<br>";
print "</div></blockquote>";
}
}
?>
Hi, That is the code i wrote but there's something wrong with it and I couldn't find a way to correct that.
When I want to test it
Code: Select all
<?php
<?
$dizin = new Dizin(".");
$dizin->DizinGoster();
?>
With "." it works great. But if I want to use another directory to explore, it gives me errors and didn't make the things correctly.
Can you help me what I'm doing wrong?
Thanks for replies.

Posted: Tue Mar 30, 2004 5:01 pm
by mudkicker
By the way don't worry about the special characters in print's. My code is Turkish written (variable names for example...)

Posted: Tue Mar 30, 2004 5:06 pm
by kettle_drum
Do you have permission to read that directory? Can you please show us what error messages you are getting so we can help you further. Thanks

Posted: Tue Mar 30, 2004 5:19 pm
by mudkicker
this is the code i test
Code: Select all
<?php
$dizin = new Dizin("/web/att");
$dizin->DizinGoster();
?>
And this is the whole page with errors i got:
Code: Select all
. ї+]
.. ї+]
css
Warning: filemtime(): Stat failed for css (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for css (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
db.php
Warning: filemtime(): Stat failed for db.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for db.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
directions.php
Warning: filemtime(): Stat failed for directions.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for directions.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
email.php
Warning: filemtime(): Stat failed for email.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for email.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
gallery.php
Warning: filemtime(): Stat failed for gallery.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for gallery.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
index.php
Son Değiştirilme: 30.03.2004
Dosya Boyutu: 0.043 kB
interface
Warning: filemtime(): Stat failed for interface (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for interface (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
links.php
Warning: filemtime(): Stat failed for links.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for links.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
managersroom
Warning: filemtime(): Stat failed for managersroom (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for managersroom (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
newspics
Warning: filemtime(): Stat failed for newspics (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for newspics (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
search.php
Warning: filemtime(): Stat failed for search.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for search.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
squad.php
Warning: filemtime(): Stat failed for squad.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for squad.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
training.php
Warning: filemtime(): Stat failed for training.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 27
Son Değiştirilme: 01.01.1970
Warning: filesize(): Stat failed for training.php (errno=2 - No such file or directory) in C:\web\dizin.php on line 33
Dosya Boyutu: 0 kB
Posted: Tue Mar 30, 2004 5:20 pm
by mudkicker
It gives an error "no such file or directory"
i can't understand that it reads the name of this direectory / file but gives an error like this. ...
Posted: Tue Mar 30, 2004 8:09 pm
by Weirdan
'readdir' returns the filename without the path. That's why you're getting that errors. Here is a patch for your 'Goster' func:
Code: Select all
//.......skipped
function BilgiGoster($dosya) {
print '<blockquote><div style="font-size:9px;font-face=Verdana;">';
print 'Son Değiştirilme: ' . filemtime($this->dizin . '/' . $dosya) . '<br>';
print 'Dosya Boyutu: ' . filesize($this->dizin . '/' . $dosya) . '<br>';
print '</div></blockquote>';
}
//.......skipped
It should work as long as $dizin does not contain trailing slash (therefor you need to use './somedir', not './somedir/' )
Posted: Wed Mar 31, 2004 4:42 am
by mudkicker
thanks weirdan it works now but now i have another problem.
it doesn't see the directories correctly.
Code: Select all
index.php
Son Değiştirilme: 1076358819
Dosya Boyutu: 13.091 kB
interface
Son Değiştirilme: 1078964701
Dosya Boyutu: 0 kB
links.php
Son Değiştirilme: 1076088481
Dosya Boyutu: 11.949 kB
managersroom
Son Değiştirilme: 1078883168
Dosya Boyutu: 0 kB
as you see,
managersroom amd
interface are directories and it doesn't see them as a directory.
the last version of my code is so:
Code: Select all
<?php
class Dizin {
var $dizin;
var $dosya;
function Dizin($dizin) {
//error_reporting(0);
$this->dizin = $dizin;
}
function DizinGoster() {
$handle = opendir($this->dizin);
while ($file = readdir($handle)) {
if(is_dir($file)) {
print "<span style="font-size:11px;font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;font-weight=bold;color=maroon;">".$file."</span> <font color=green>[+]</font><br>";
}
else {
print "<span style="font-size:11px;font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;font-weight=bold;color=red;">".$file."</span>";
$this->BilgiGoster($file);
}
}
}
function BilgiGoster($dosya) {
print '<blockquote><div style="font-size:9px;font-face=Verdana;">';
print 'Son Değiştirilme: ' . filemtime($this->dizin . '/' . $dosya) . '<br>';
print 'Dosya Boyutu: ' . $this->FSize($this->dizin . '/' . $dosya) . '<br>';
print '</div></blockquote>';
}
function FSize($f) {
$fl = filesize($f) / 1000;
$f1 = number_format($fl,2,'.',' ');
$fl .= " kB";
return $fl;
}
}
?>
Posted: Wed Mar 31, 2004 4:44 am
by twigletmac
When you use is_dir() you have to use the full path to the file otherwise it won't play.
Mac
Posted: Wed Mar 31, 2004 5:15 am
by mudkicker
thanks mac, now it's done.
i replaced it so
Code: Select all
<?php
if(is_dir($this->dizin.'/'.$file)) { // kalsormu değılmı check et.
?>
Posted: Wed Mar 31, 2004 11:47 am
by mudkicker
Hi, I just wanted to let you see the last version of my class.
I want to put this here, because I want to get some thought and reviews about it. Recommendations, Advantages,Disadvantages of using this, Bugs, etc..
Your replies will be very appreciated. Thank you!
Code: Select all
<?php
////////// MUDIZIN //////////////
// Copyright Arif Ender //
// http://www.mudkicker.com //
// version 1.1 //
/////////////////////////////////
class Dizin {
var $dizin = '.';
var $dosya;
var $handle;
var $dirs = array(); // set to an array.
var $fils = array(); // set to an array.
// Constructor
function Dizin() {
if(!$_GET['dizin_goster']){
$dizin_goster = '.';
} else {
$dizin_goster = $_GET['dizin_goster'];
}
$this->ScriptBasi();
$this->dizin = $dizin_goster;
$this->DizinGoster();
$this->ScriptSonu();
}
// Prepend File
function ScriptBasi() {
echo "<table width='100%' align='center'>";
echo "<tr class='fh' align='center'>\n<td>\nMUDIZIN v1.1 Dizin Gösterme Scripti</td>\n</tr>\n";
echo "<tr><td>";
}
// Append File
function ScriptSonu() {
echo "</td>\n</tr>\n";
echo "<tr class='fh' align='center'>\n<td>\n© mudkicker.com</td>\n</tr>\n";
echo "</table>\n";
}
// Show Directory
function DizinGoster() {
$this->handle = opendir($this->dizin);
clearstatcache(); // clearing cache for stats.
print "<table border=0 width='60%' align='center'>\n";
print "<tr class='baslik'>\n<td>Dosya / Klasör Adı</td>\n<td>Son Değiştirilme</td>\n<td>Boyut</td>\n</tr>\n";
while ($file = readdir($this->handle)) {
$path = $this->dizin.'/'.$file;
// take 'em to file and directory arrays for sorting.
if($file !== '.') { // '.' isn't necessary... or?
if(is_dir($path)) {
$dirs[] = $file;
}
else {
$fils[] = $file;
}
}
}
foreach ($dirs as $dir) {
if($dir == '..') {
$dir = 'Üst Dizin'; // Replace with it to show more stylish
}
print "<tr><td colspan='3' class='klasor'><a href='";
print $this->YeniDizin($dir);
print "' class='klasor'><img src='folder.gif' border='0'> ".$dir."</a></td>\n</tr>";
}
if (count($fils) > 0) {
foreach ($fils as $fl) {
print "<tr><td class='dosya'><img src='file.gif' border='0'> ".$fl."</td>\n";
$this->BilgiGoster($fl);
print "</tr>\n";
}
}
else {
print "<tr><td colspan='3' class='dosya' style='color=maroon;font-style=italic;'>Bu klasörde dosya bulunamadı...</td>\n</tr>";
}
print "</table>\n";
closedir($this->handle);
}
// Show Stats
function BilgiGoster($dosya) {
print '<td class="bilgiler" width="150">';
print $this->MDate($dosya)."</td>\n";
print '<td class="bilgiler" width="150">';
print $this->FSize($this->dizin . '/' . $dosya)."</td>\n";
}
// Filesize Format
function FSize($f) {
$fl = filesize($f) / 1000;
$f1 = number_format($fl,2,'.',' ');
$fl .= " kB";
return $fl;
}
// Modified Date Format
function MDate($d) {
return date("d.m.Y",filemtime($this->dizin . '/' . $d));
}
// Set New Directory
function YeniDizin($dosya) {
if($dosya == "Üst Dizin") {
$dizinexploded = explode("/",$this->dizin);
$sonklasor = array_pop($dizinexploded);
$yenidizin = substr($yenidizin,0,-1);
} else {
$yenidizin = $this->dizin."/".$dosya;
}
return $_SERVER['PHP_SELF'].'?dizin_goster='.$yenidizin;
}
}
?>
<html>
<head>
<title>MUDIZIN v1.1</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-9">
<link href="dizin.css" rel="stylesheet" type="text/css">
</head>
<body>
<?
$dizin = new Dizin(); // Klasörü buraya yaz. Sonunda '/' işareti olmamalı!
?>
</body>
</html>
Posted: Wed Mar 31, 2004 2:41 pm
by Weirdan
Ok, now the final question =) Do you really want to show your users all the dirs your webservers has access to? =)
Approx a week ago I've seen a similar script in the thread about directory size calculation. Finally the topic starter invited everyone to see that script 'in action' and posted demo login and password. Guess what =) It took me about the 15 minutes to gain the full access to his site.
Such a scripts as directory browsers, online editors etc often create a hole in site security and should be developed with security in mind (or not developed at all).
Make sure that it's impossible to pass the relative path (with .. in it) to your class. Always prepend the path with './' (or some other path prefix) to make it impossible to user to pass the, say, '/home/your/personal/hidden/dir/' in dizin_goster GET variable...
Posted: Wed Mar 31, 2004 2:46 pm
by mudkicker
well, thank you for your reply.
i am thinking abut this security thing now.
well i can do this to customize users which folders are not authorized to be seen. and if $dizin_goster points these folders -> shows error...
what do you think? or do you have any suggestrions for more security?
Posted: Wed Mar 31, 2004 3:10 pm
by Weirdan
mudkicker wrote:...which folders are not authorized to be seen...
I'd rather suggest to make the list of folders which user is authorized to see. Or you're putting yourself in danger to forget someday to restrict access to newly created folder.
Posted: Wed Mar 31, 2004 3:16 pm
by mudkicker
thank you i will try to set this property.