Listing and Deleting Files in a directory

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Listing and Deleting Files in a directory

Post by Sindarin »

I succeeded in creating a simple posting system. Data is stored in seperate text files in a directory called "posts".
Now the listing and deleting system works as well BUT I HAVE to put the list.php and the delete.php in the posts folder, otherwise the unlink command throws out an error:
Warning: unlink(434567568745457436as.txt) [function.unlink]: No such file or directory in /data/10/1/71/162/1071325/user/24/htdocs/storage/cms/delete.php on line 3
The list.php is this:

Code: Select all

<?
echo "<form id='form1' name='form1' method='post' action='delete.php'>";
//Looks into the directory and returns the files, no subdirectories
echo "<select name='yourfiles'>";
$dirpath = "/data/10/1/71/162/1071325/user/24/htdocs/storage/cms/posts";
$dh = opendir($dirpath);
while (false !== ($file = readdir($dh))) {
//Don't list subdirectories
if (!is_dir("$dirpath/$file")) {
echo "<option value='$file'>$file</option>";
}
}
closedir($dh);
//Close Select
echo "</select>";
echo "<input type='submit' name='Submit' value='Delete' /></form>";
?>
and the delete.php:

Code: Select all

<?
$myFile = $_POST['yourfiles'];
unlink($myFile);
echo "<center>file: $myFile was deleted";
echo "<br><br><a href='list.php'>Go back to list</a></center>";
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$file in the deletion script lacks directory information.

This is REALLY dangerous code. Someone could easily tell your deletion script to delete nearly any file unless permissions are set very well, which I honestly doubt.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Post by Sindarin »

Ah, I knew something was missing. Fixed it. But is there a way to make a e.g. vars.php and store all my global variables in there, so when I need them to call the vars.php file?

This is REALLY dangerous code. Someone could easily tell your deletion script to delete nearly any file unless permissions are set very well, which I honestly doubt.
So, how can I avoid that?

I've thought to put the deletion code in the list.php along with an md5 password check, but I don't know how to make the delete button proceed to the deletion without calling another php script.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If possible, store the information in a database. If not, store the files is a locked down directory structure. A basic password likely isn't enough protection.
Post Reply