Page 1 of 1
List files in directory + delete
Posted: Sat Dec 06, 2008 2:58 pm
by xQuasar
I'm trying to make a feature in which users can upload up to 10 files in a certain directory that belongs to them; and when there are 10 files in that directory there is no upload feature anymore. I've got all that working, now the last thing I want is a delete button next to each of the files listed so they can delete & download the file. With delete, this is what I'm trying to do:
Code: Select all
<?php
echo "Current files in your extras' directory: <br /><br />";
if ($handle = opendir("$username_saved/extras")) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
echo "$file <a href=deletefile.php>DELETE</a><br />";
}
}
closedir($handle);
}
?>
And here is my deletefile.php:
Code: Select all
<?php
session_start();
$username_saved = $_SESSION['username_saved'];
unlink("$username_saved/extras/$file");
?>
However, when I try to use the delete button, it gives me the error:
Warning: unlink(watson516/extras/) [function.unlink]: Permission denied in C:\Program Files\AbyssWebServer\htdocs\deletefile.php on line 5
What's wrong? And as with the downloads, I have no idea how to do it. Any help would be appreciated.
Re: List files in directory + delete
Posted: Sat Dec 06, 2008 4:46 pm
by jaoudestudios
Warning: unlink(watson516/extras/)
Are you sure your $file has a value?
Re: List files in directory + delete
Posted: Sat Dec 06, 2008 8:12 pm
by xQuasar
Yes, I tried saving $file in a $_SESSION and it produced the same error.
Re: List files in directory + delete
Posted: Sat Dec 06, 2008 8:30 pm
by requinix
xQuasar wrote:Yes, I tried saving $file in a $_SESSION and it produced the same error.
He's talking about $file inside deletefile.php, not in the first code sample you posted.
Yes, there's a difference.
Re: List files in directory + delete
Posted: Sun Dec 07, 2008 3:22 am
by jaoudestudios
$username_saved = $_SESSION['username_saved'];
unlink("$username_saved/extras/$file");
To it appears that $file is empty. Surely you dont need to send $file in a SESSION, you could use a GET - either way it looks like $file does not have a value. Try sending $file and post your code and errors again.
Re: List files in directory + delete
Posted: Wed Dec 10, 2008 2:35 pm
by xQuasar
But the line
Code: Select all
echo "$file <a href=deletefile.php>DELETE</a><br />";
Is working; it's listing all the files as well as providing a delete button next to them
ooooo.php DELETE
huh.accdb DELETE
huhhuh.zip DELETE
launch_login.bat DELETE
lol.jpg DELETE
lol.pub DELETE
notepad++.JPG DELETE
SQL.txt DELETE
Updates Log.txt DELETE
world.truststore DELETE
it's just when I press delete it screws up.
Re: List files in directory + delete
Posted: Wed Dec 10, 2008 2:40 pm
by requinix
Yeah, it's working in a completely different file. Just because something works in one file does not mean it'll work in another.
In deletefile.php $file does not have a value. That's the problem.
Re: List files in directory + delete
Posted: Thu Dec 11, 2008 2:53 am
by xQuasar
Well for some reason I couldn't even get it to work after trying for ages, so instead I did it in a form and now it works.
And... attempting to limit upload extensions; it's not working.

It's still letting everything through. what's wrong with it? T_T
Code: Select all
<?php
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
echo("Sorry, the following file extensions aren't allowed:<br><br>
<b> .html<br>
.htm<br>
.php<br>
.js<br>
.jse<br>
.exe<br>
.bat<br>
.asp</b><br><br>
You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with
software such as WinZIP or WinRAR.");
} else {
//uploading php code, i've got this working, no help needed
}
?>
Re: List files in directory + delete
Posted: Thu Dec 11, 2008 3:02 am
by Mark Baker
Code: Select all
echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting
Wouldn't
Code: Select all
echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?
Re: List files in directory + delete
Posted: Thu Dec 11, 2008 4:10 am
by xQuasar
Mark Baker wrote:Code: Select all
echo "$file <a href=deletefile.php>DELETE</a><br />";
Seems to me that the link in this line calls deletefile.php without passing any identifier to the file that it should be deleting
Wouldn't
Code: Select all
echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />";
be better?
I'll try that out
but anyone have an answer to my last post up there? extension manager
Re: List files in directory + delete
Posted: Thu Dec 11, 2008 5:03 am
by requinix
1.
Code: Select all
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
That's not the best way to do it:
2. (the actual problem)
Code: Select all
if ($ext == ('.htm' || '.html' || '.php' || '.js' || '.jse' || '.exe' || '.bat' || '.asp')) {
A nice shorthand, except it doesn't work. Can't do it that way. Either you write a bunch of
$ext == ".htm" checks or you be clever about it:
Code: Select all
if (in_array(strtolower($ext), array(".htm", ".html", ".php", ".js", ".jse", ".exe", ".bat", ".asp"))) {
If you noticed the strtolower in there, good for you. Some people are weird and capitalize file names.
3.
Using a list of prohibited extensions is not a smart thing to do. Whitelists (what
is allowed) are much more secure than blacklists (what is
not allowed).
If you only want people uploading images, only allow images. Don't check for files that aren't allowed because you'll never run out of ones to include.