Page 1 of 1

List files in directory + delete

Posted: Sat Dec 06, 2008 2:58 pm
by xQuasar
I'm trying to make a feature in which users can upload up to 10 files in a certain directory that belongs to them; and when there are 10 files in that directory there is no upload feature anymore. I've got all that working, now the last thing I want is a delete button next to each of the files listed so they can delete & download the file. With delete, this is what I'm trying to do:

Code: Select all

<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
    while (false !== ($file = readdir($handle))) {
        if ($file != "." && $file != "..") {
            echo "$file <a href=deletefile.php>DELETE</a><br />";
        }
    }
    closedir($handle);
}
?>
And here is my deletefile.php:

Code: Select all

 
<?php
session_start();
$username_saved = $_SESSION['username_saved'];
 
unlink("$username_saved/extras/$file");
 
?>
 
However, when I try to use the delete button, it gives me the error:

Warning: unlink(watson516/extras/) [function.unlink]: Permission denied in C:\Program Files\AbyssWebServer\htdocs\deletefile.php on line 5

What's wrong? And as with the downloads, I have no idea how to do it. Any help would be appreciated.

Re: List files in directory + delete

Posted: Sat Dec 06, 2008 4:46 pm
by jaoudestudios
Warning: unlink(watson516/extras/)
Are you sure your $file has a value?

Re: List files in directory + delete

Posted: Sat Dec 06, 2008 8:12 pm
by xQuasar
Yes, I tried saving $file in a $_SESSION and it produced the same error.

Re: List files in directory + delete

Posted: Sat Dec 06, 2008 8:30 pm
by requinix
xQuasar wrote:Yes, I tried saving $file in a $_SESSION and it produced the same error.
He's talking about $file inside deletefile.php, not in the first code sample you posted.

Yes, there's a difference.

Re: List files in directory + delete

Posted: Sun Dec 07, 2008 3:22 am
by jaoudestudios
$username_saved = $_SESSION['username_saved'];

unlink("$username_saved/extras/$file");
To it appears that $file is empty. Surely you dont need to send $file in a SESSION, you could use a GET - either way it looks like $file does not have a value. Try sending $file and post your code and errors again.

Re: List files in directory + delete

Posted: Wed Dec 10, 2008 2:35 pm
by xQuasar
But the line

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Is working; it's listing all the files as well as providing a delete button next to them

ooooo.php DELETE
huh.accdb DELETE
huhhuh.zip DELETE
launch_login.bat DELETE
lol.jpg DELETE
lol.pub DELETE
notepad++.JPG DELETE
SQL.txt DELETE
Updates Log.txt DELETE
world.truststore DELETE

it's just when I press delete it screws up.

Re: List files in directory + delete

Posted: Wed Dec 10, 2008 2:40 pm
by requinix
Yeah, it's working in a completely different file. Just because something works in one file does not mean it'll work in another.

In deletefile.php $file does not have a value. That's the problem.

Re: List files in directory + delete

Posted: Thu Dec 11, 2008 2:53 am
by xQuasar
Well for some reason I couldn't even get it to work after trying for ages, so instead I did it in a form and now it works.

And... attempting to limit upload extensions; it's not working. :( It's still letting everything through. what's wrong with it? T_T

Code: Select all

<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
 
if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
    echo("Sorry, the following file extensions aren't allowed:<br><br>
    <b> .html<br>
        .htm<br>
        .php<br>
        .js<br>
        .jse<br>
        .exe<br>
        .bat<br>
        .asp</b><br><br>
        You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
        software such as WinZIP or WinRAR.");
} else {
//uploading php code, i've got this working, no help needed
}
?>

Re: List files in directory + delete

Posted: Thu Dec 11, 2008 3:02 am
by Mark Baker

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting

Wouldn't

Code: Select all

echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?

Re: List files in directory + delete

Posted: Thu Dec 11, 2008 4:10 am
by xQuasar
Mark Baker wrote:

Code: Select all

echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting

Wouldn't

Code: Select all

echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?
I'll try that out :)

but anyone have an answer to my last post up there? extension manager

Re: List files in directory + delete

Posted: Thu Dec 11, 2008 5:03 am
by requinix
1.

Code: Select all

$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
That's not the best way to do it:

Code: Select all

$ext = strrchr($filename, ".");
2. (the actual problem)

Code: Select all

if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
A nice shorthand, except it doesn't work. Can't do it that way. Either you write a bunch of $ext == ".htm" checks or you be clever about it:

Code: Select all

if (in_array(strtolower($ext), array(".htm", ".html", ".php", ".js", ".jse", ".exe", ".bat", ".asp"))) {
If you noticed the strtolower in there, good for you. Some people are weird and capitalize file names.

3.
Using a list of prohibited extensions is not a smart thing to do. Whitelists (what is allowed) are much more secure than blacklists (what is not allowed).
If you only want people uploading images, only allow images. Don't check for files that aren't allowed because you'll never run out of ones to include.