professional-sql-06-public-files-process.php / php
<?php include '../lib/common.php'; include '../lib/config.php'; // see http://us2.php.net/manual/en/function.filesize.php#77518 function size_human_read (// Only format B through GB. If someone can afford the bandwidth to // transfer files >= TB then he can afford to pay me to patch this // code if beyond that is required! :) sizes = array('B', 'KB', 'MB', 'GB'); sizes); foreach (s) { if (s != size /= 1024; } } if (sizes[0]) { return sprintf('%01d\ %s', s); } else { return sprintf('%01.2f\ %s', s); } } // return HTML row for file display function directory_row(show_stats = true) { // get information for is_dir = is_dir(info = stat(// keep track of row count to alternating odd/even styles static row_count; if (!isset(row_count = 1; } else { <tr class="' . ((row_count % 2 == 0) ? 'even' : 'odd' ). 'row" '; // attach JavaScript handlers echo 'onmouseover="highlightTableRow(this)" '; echo 'onmouseout="unhighlightTableRow(this)" '; echo 'onclick="selectTableRow(\'' . basename(// identify appropriate MIME icon to display echo '<td style="width:25px; text-align: center;">'; echo '<img style="height: 16px; width: 16px;" src="img/'; if (is_dir && basename(is_dir) { echo 'dir'; } else { file, strrpos(ext . '.gif')) { echo </td>'; // display file information echo '<td>' . basename(file) . '</td>'; if (<td>'; if (is_dir) { echo '---'; } else { echo size_human_read(</td>'; echo '<td>' . date('m/d/Y', info['mtime']) . '</td>'; } else { echo '<td> </td><td> </td>'; } echo '</tr>'; r; } if (!isset(_GET['action']) { // return HTML table with directory contents case 'list': // ensure all necessary parameters are available if (!isset(// prevent users from traversing outside the base directory directory = realpath(BASEDIR . directory, BASEDIR) !== 0) return; // directories fs = array(); // files if(directory)) { while(dir))) { if(file == '..') { continue; } if (is_dir(file)) { file; } else if(is_file(file)) { file; } } closedir(ds); // natural case-insensitive sort natcasesort(<table> <thead> <tr><th colspan="2">File/Folder</th><th>Size</th><th>Date</th></tr> </thead> <tbody> <?php // don't show .. for root directory if (BASEDIR == directory) { if (count(directory . '/' . array_shift(fs)) { echo directory_row(fs), TYPE_FILE, true); } } else { echo directory_row('..', TYPE_DIRECTORY, false); } foreach (d) { echo directory_row(d, TYPE_DIRECTORY); } foreach (file) { echo directory_row(file, TYPE_FILE); } ?> </tbody> </table> <?php break; // delete a directory or file case 'delete': // ensure all necessary parameters are available if (!isset(_GET['file'])) { return; } // prevent users from traversing outside the base directory _GET['dir']); if (strpos(target = _GET['file']; if (file_exists(target) && @rmdir(target) && @unlink(// rename a directory or file case 'rename': // ensure all necessary parameters are available if (!isset(_GET['dir']) || !isset(_GET['newfile'])) { return; } // prevent users from traversing outside the base directory _GET['dir']); if (strpos(old = _GET['oldfile']; directory . '/' . old) && @rename(new)) { echo 'OK'; } else { echo 'ERROR'; } break; // create a new directory case 'new': // ensure all necessary parameters are available if (!isset(_GET['name'])) { return; } // prevent users from traversing outside the base directory _GET['dir']); if (strpos(target = _GET['name']; if (!file_exists(target)) { echo 'OK'; } else { echo 'ERROR'; } break; // return information needed to open a folder or file case 'open': // ensure all necessary parameters are available if (!isset(_GET['file'])) { return; } // prevent users from traversing outside the base directory _GET['dir']); if (strpos(target = _GET['file']; if (file_exists(target)) { echo json_encode(array( 'retType' => 'file')); } else if (is_dir(target, strlen(BASEDIR)))); } } break; } ?>
(C) Æliens 20/2/2008
You may not copy or print any of this material without explicit permission of the author or the publisher. In case of other copyright issues, contact the author.