Building a PHP file browser

This week’s assignment that I gave to another group member, but the result turned out unsatisfactory. It can’t even delete a folder, move a file or copy them. Yes, it’s pretty easy to build a PHP file browser, it’s just a matter of calling file_* functions, but combining them together can be tricky. For example, this guy used GET to pass data and operation between screens. What happen if a file name contains & or =, the characters that make the GET themselves? It has to be revamped (and I have to do this -__-)

About code style, they claim to have done it in procedural style, but… I don’t know what kind of programming is that to name. Well, it worked on some aspects nevertheless, so I decided to move straight to fix the interface. I just can’t bear to see that pile of mumble-jumble ><; and the result…


Icons are from famfamfam. Thanks James! You may notice that it looks familiar. Yes, it resembles Vista’s explorer. I love Mac in overall but for the interface alone, explorer looks better than finder. I also tested some css pseudo-class: the rows will be highlighted when you move over them. A breadcumb would be trivial to implement too, but that’s something I can work with already 🙂

The code

Basically, this is just a directory list with more function added at the beginning so that it will execute the required operation before listing. The original code used scandir() to get the files in the directory, which is a php5 function (the only thing PHP5 specific in the project); I decided to fall back to its PHP4 equivalent so it can run on older servers (the code is from PHP manual)

$dh  = opendir($newPath);
while (false !== ($filename = readdir($dh))) {
	$files[] = $filename;

I know, most host have upgraded to PHP5 and PHP6 is at the horizon, but when it’s so easy to make it compatible, why not?

For most online file browser I’ve seen, they will only allow clicking on the filenames to open them; while on your familiar explorer, nautilus or finder you can click anywhere on the row, so I decided to move the onclick to the row <tr>.
It worked! But then another problem rises: whenever the checkbox is ticked, the view changes to the corresponding file / directory without waiting for the user to choose what to do with the file!. This is possibly the reason why online file browsers does not allow this 😉 After some research, I found a way to stop the event from bubbling (Internet Explorer terminology) or propagating (W3C terminology) from the checkbox to the row (i.e. after you check the checkbox the browser will stop and forget the fact that you clicked inside the row)

function doSomething(e)
	if (!e) var e = window.event;
	e.cancelBubble = true;
	if (e.stopPropagation) e.stopPropagation();

The code above do fine if you set the event with attachEvent(), but for the code I have the event is attached in the traditional way (onclick=”js”). And trying to put an anonymous function in is no use, “e” would be undefined in all of the browsers 🙁

The secret? In IE the window.event could be accessed but firefox does not seems to have it. Instead, it have “event” (duh) and the following code work (I wrote it together in one line to put to the onclick)

if(!e){var e = window.event;if(!e){e = event;if(e.stopPropagation)e.stopPropagation();}e.cancelBubble = true;}

Coding this, just to know that directory browsing can be tricky. There are functions, like that there’s a rmdir, but It just won’t delete non-empty directories and unlike the command you know from popular OSes, it doesn’t have /s to –-recursive to force delete the directory. That’s when you have to write your own function to get the job done.

function recursiveDel($dir) {
		if ($dir[strlen($dir) - 1] != "/")
			$dir = $dir."/";
		$mydir = opendir($dir);
		while(($file = readdir($mydir)) !== false) {
			if($file != "." && $file != "..") {
				// Unix compat
				chmod($dir.$file, 0777);
				if(is_dir($dir.$file)) {

Now that most directories can be deleted, what about directories that contains special characters mentioned above? Well, you may notice when browsing that sometimes your Address bar contains something like %2f%ac; they are ASCII characters, they can be embedded in an URL and then retrived later thanks to urlencode() and urldecode(). A better solution is instead of using GET, use POST or a hidden field.

About security, the guy didn’t even check what the user put in. The only check there is the firectory name check “Invalid directory name. It can’t contains . .. /”. Anyone could just put in path =/ etc / passwd in the address bar at any time. What a common beginner pitfall! A couple of str_replace() wouldn’t hurt…

Below is the code to this moment. Note that its capability is limited to navigating, creating directories and Upload file, but at least it have done those quite good and if one’s only need is somewhere to occasionally throw one or two file in; or to study how file managers work, this script is a good choice 🙂

Download the source

Gotta OOP-rize it and clean it up…

4 hours later edit: Phew, done! ^^ You can have a peek over here. This is a stripped down version, so you can’t upload and edit / preview the file for obivous reasons 😛 other than that, all functions displayed on screen is working now.


Actually, that should be NewBlog.Start() since this is not my first blog, and definitely not the second nor the third blog :P. This blog was created last week, in the middle of hurried… Ahh… It’s been better since then… And since when I have started loving storms? Possibly when instructors started to let their students take the day off and hold the deadlines for a while. ^^

Things are a little off-track. My first intention months ago when I wanted to escape from the closed space of Yahoo 360 is to move the whole blog out here. I even wrote a converter and publicized it for that sole purpose. But after the fall of my database and the obstacles I encountered setting up this blog (WordPress error, slow queries, faulty FTP etc.), most of which are just common traits for a byet host. I’ve had an unpleasant experiences with them in the past too; but that’s just what you could expect from a free host. You aren’t paying for it, so all complaining is for yourself. Why I’m not affording a decent host you ask? Possibly because of the ever increasing inflation rate here that when someone started to have a decent amount of money, he must then use the extra to pay for the rise of everything. And that’s such a big problem that I can’t solve in a day or two, so its best to cope with it. As a precaution, I’m going to have a plugin synchronize this blog with a backup too.

Back to the storm, it was cold yesterday but today turned out to be a sunny day. Hot weather as usual, dogs barking and running around (not birds singing), people yell at each others (not kids playing), and stuff. I started the day with a big headache. Partly due to the unsatisfied intention of creating the theme I want: A combination of the elegant transparency found in pixeled and the coolness in transparency from vistered little. To my surprise, vistered little still work with the current version of WordPress. I thought there was some good reason for WordPress to remove their #1 theme from the old repository, when that theme contained link to nowhere other than windy road and was released under GPL… Well, that’s some Automattic thing and possibly not a user’s matter ;))

So here it is… I end up creating a new header and adding some feminine to the theme. Nonetheless it’s black and I feel some strength coming from it (Added shadows and some dashes) B-) It should work for the browsers mentioned at the bottom. Should someone be unable to enjoy the beauty (seeing an ugly header or something), they should just scrap that IE6 and use Opera instead. Geez, don’t they have any idea that browser is back from 2002 and even at that time it already lacked behind?

Installed Gears according to the recommendation from WordPress’ admin page. How come the save button is disabled offline? It’s Gears supposed to handle offline transactions? Another percent in Google’s 47% beta. Or is it WordPress didn’t make use of that offline database? Great idea anyways.

Another disappointment: Microsoft Word will not register this blog for some mysterious reason and I won’t be able to enjoy the comfortability of the #1 text processor… Got it working by now. It turned out that I firewalled Word before and didn’t enable XML-RPC for WordPress…

That’s all I remembered to write, half of the free day has passed by. I have to resume doing stuff tomorrow, just hope that my ISP won’t collapse like they did twice last month. Imagine cup coming and I am still have the competition-phobia :-SS,  a SVN repository still thrist for files I can hear it screaming… Argh… At least my head no longer hurts ^^