Any php gurus here?
- Thread starter Ping898
- Start date
Not sure I understand what you mean?
Downloads once and then deletes itself?
Downloads once and then deletes itself?
OP
- Thread Starter
- #3
No, they are doing a demo and uploading a file, but at the end of the demo they want to go and delete that file so they can upload it next time they demo, but I can't just erase all the files from the directory cause there are some dummy files in it to populate the webpage so they need to be able to choose the specific file to delete and I can't hard code the file to delete cause I was told it needed to be flexible. So my thought is, shhow them all the files in the directory, have them click a button and that button deletes whatever files it is associated with.
I assume this isn't a public website then? Letting people delete files as they please would be messy...
I'm just seeing security holes... What type of file? How is it being uploaded? Who is doing the demo? Public or just internal?
I'm just seeing security holes... What type of file? How is it being uploaded? Who is doing the demo? Public or just internal?
uploaded by php or ftp?
Dave Leverich
Black Belt
I haven't written one, but look up the unlink function at php.net, that should be the one you're looking for. Then I'd bring in the entire directory as an array, explode them on the '.' so that you can check the end .3 (aka .doc, .txt etc). Then do a for loop on the array to see how many things are in the directory, copy only the .pdf and .doc ones to a new array (so you don't have them deleting like the page they're working on etc).
Then, do the unlink part on those.
I won't belittle it, it's a good bit of programming and i haven't seen one out there as open source. (Or even seen one) but it can be done.
Then, do the unlink part on those.
I won't belittle it, it's a good bit of programming and i haven't seen one out there as open source. (Or even seen one) but it can be done.
not hard at all if it doesn't need to be secure:
PHP:
<?php
if($_GET['del'])
{
$del = $_GET['del'];
unlink($del);
}
$thisfile = $_SERVER['PHP_SELF'];
$d = dir(".");
while ($f = $d->read()) {
$l = $thisfile . "?del=" . $f;
$page .= "<a href='$l'>$f</a> <br/>\n";
}
$d->close();
echo $page;
?>
OP
- Thread Starter
- #9
I've seen the unlink function, problem is I haven't been able to figure out how to make it dynamic to delete the specific file someone chooses.
Andrew I don't understand what your function is doing or how.....
Andrew I don't understand what your function is doing or how.....
Dave Leverich
Black Belt
Ping, it would be used with fopen, you'd fopen the file based off of which they chose, then unlink that file (vape).
I think I would definitely incorporate a 'Are you certain you wish to permanently delete this file?' warning too hehe.
Best of luck.
I think I would definitely incorporate a 'Are you certain you wish to permanently delete this file?' warning too hehe.
Best of luck.
PHP:
<?php
if($_GET['del']) //if 'del' is passed with a file name, we want to delete that file. ex. ____.php?del=test.txt -> delete test.txt
{
$del = $_GET['del']; // Grab it from the GET pass
unlink($del); // Delete the file
}
$thisfile = $_SERVER['PHP_SELF']; // grabs the name of this file
$d = dir("."); // $d is a class for extracting the contents of a directory (see below)
while ($f = $d->read()) { // While there is another file to read, read it
$l = $thisfile . "?del=" . $f; // creates a link to this file + ?del= the file being listed
$page .= "<a href='$l'>$f</a> <br/>\n"; // list the file as a link to delete itself. clicking on the file deletes it
}
$d->close(); // when the loop is done, close the dir class off
echo $page; // print the page
?>The dir class is here: http://ca.php.net/manual/en/class.dir.php
Does that help?
Somewhat related question... I've been working with a tutorial for uploading files using html/php. could you possibly spot the error? I've got these two codes... I'm trying to upload a file. The file is small (less than 100 bytes), I think its confused on where to put it. The tutorial I'm using says
upload.html
uploader.php
I've tried giving just the directory as well as an explicit full path. Both are bombing on me... any idea what might be wrong?
upload.html
Code:
<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
Code:
<?php
$target_path = "uploads/";
/*$target_path = "/var/www/html/uploads/";*/
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
}
else
{
echo "There was an error uploading the file, please try again!";
echo $target_path;
}
?>Worked fine as is for me
The way this is setup you need both those files in the same folder.
In that folder you also need another folder names "uploads" and that folder needs to be chmoded to 777.
Is that what you have? Are you getting any error messages?
Dude, you are the bombWorked fine as is for me
The way this is setup you need both those files in the same folder.
In that folder you also need another folder names "uploads" and that folder needs to be chmoded to 777.
Is that what you have?
I assume it would be ok to have chmod 722/766? I just hate giving X authority to anyone, or R if they don't need it. I tried 766 and 722 and it worked. Is there any legitimate reason to give the directory 777? I assume you only need 766 if they are uploading?Depends on what else you plan on happening. But the folder definately needs to be writeable
And you are write, allowing uploads and read/execute without any other testing of the file would be a rather large security hole
You'll probably want to add some mime type tests in there as well, restrict this to only specific file types.
And you are write, allowing uploads and read/execute without any other testing of the file would be a rather large security hole
You'll probably want to add some mime type tests in there as well, restrict this to only specific file types.
