List files in directory + delete

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
xQuasar
Forum Newbie
Posts: 19
Joined: Tue Dec 02, 2008 5:53 pm

List files in directory + delete

Post by xQuasar »

I'm trying to make a feature in which users can upload up to 10 files in a certain directory that belongs to them; and when there are 10 files in that directory there is no upload feature anymore. I've got all that working, now the last thing I want is a delete button next to each of the files listed so they can delete & download the file. With delete, this is what I'm trying to do:

Code: Select all

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
    while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php>DELETE</a><br />";
        }
    }
    closedir($handle);
}
?>
And here is my deletefile.php:

Code: Select all

 
<?php
session_start();
$username_saved = $_SESSION['username_saved'];
 
unlink("$username_saved/extras/$file");
 
?>
 
However, when I try to use the delete button, it gives me the error:

Warning: unlink(watson516/extras/) [function.unlink]: Permission denied in C:\Program Files\AbyssWebServer\htdocs\deletefile.php on line 5

What's wrong? And as with the downloads, I have no idea how to do it. Any help would be appreciated.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: List files in directory + delete

Post by jaoudestudios »

Warning: unlink(watson516/extras/)
Are you sure your $file has a value?
xQuasar
Forum Newbie
Posts: 19
Joined: Tue Dec 02, 2008 5:53 pm

Re: List files in directory + delete

Post by xQuasar »

Yes, I tried saving $file in a $_SESSION and it produced the same error.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: List files in directory + delete

Post by requinix »

xQuasar wrote:Yes, I tried saving $file in a $_SESSION and it produced the same error.
He's talking about $file inside deletefile.php, not in the first code sample you posted.

Yes, there's a difference.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: List files in directory + delete

Post by jaoudestudios »

$username_saved = $_SESSION['username_saved'];

unlink("$username_saved/extras/$file");
To it appears that $file is empty. Surely you dont need to send $file in a SESSION, you could use a GET - either way it looks like $file does not have a value. Try sending $file and post your code and errors again.
xQuasar
Forum Newbie
Posts: 19
Joined: Tue Dec 02, 2008 5:53 pm

Re: List files in directory + delete

Post by xQuasar »

But the line

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Is working; it's listing all the files as well as providing a delete button next to them

ooooo.php DELETE
huh.accdb DELETE
huhhuh.zip DELETE
launch_login.bat DELETE
lol.jpg DELETE
lol.pub DELETE
notepad++.JPG DELETE
SQL.txt DELETE
Updates Log.txt DELETE
world.truststore DELETE

it's just when I press delete it screws up.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: List files in directory + delete

Post by requinix »

Yeah, it's working in a completely different file. Just because something works in one file does not mean it'll work in another.

In deletefile.php $file does not have a value. That's the problem.
xQuasar
Forum Newbie
Posts: 19
Joined: Tue Dec 02, 2008 5:53 pm

Re: List files in directory + delete

Post by xQuasar »

Well for some reason I couldn't even get it to work after trying for ages, so instead I did it in a form and now it works.

And... attempting to limit upload extensions; it's not working. :( It's still letting everything through. what's wrong with it? T_T

Code: Select all

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
 
if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
    echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
} else {
//uploading php code, i've got this working, no help needed
}
?>
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: List files in directory + delete

Post by Mark Baker »

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting

Wouldn't

Code: Select all

echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?
xQuasar
Forum Newbie
Posts: 19
Joined: Tue Dec 02, 2008 5:53 pm

Re: List files in directory + delete

Post by xQuasar »

Mark Baker wrote:

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting

Wouldn't

Code: Select all

echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?
I'll try that out :)

but anyone have an answer to my last post up there? extension manager
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: List files in directory + delete

Post by requinix »

1.

Code: Select all

$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
That's not the best way to do it:

Code: Select all

$ext = strrchr($filename, ".");
2. (the actual problem)

Code: Select all

if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
A nice shorthand, except it doesn't work. Can't do it that way. Either you write a bunch of $ext == ".htm" checks or you be clever about it:

Code: Select all

if (in_array(strtolower($ext), array(".htm", ".html", ".php", ".js", ".jse", ".exe", ".bat", ".asp"))) {
If you noticed the strtolower in there, good for you. Some people are weird and capitalize file names.

3.
Using a list of prohibited extensions is not a smart thing to do. Whitelists (what is allowed) are much more secure than blacklists (what is not allowed).
If you only want people uploading images, only allow images. Don't check for files that aren't allowed because you'll never run out of ones to include.
Post Reply