<!--
File Sharing Script (Jon Rifkin - 2005)
2011-06-03 Added ability to upload and download from non-secure directory,
although the script itself must reside in a secure directory.
This script allows users to upload/download files into one directory on your
site.
The script will refuse to run unless it is placed in a secure directory.
The directory where files are written and read is set in the variable ROOT_DIR
below (in the 'Configuration' section). If for example, you want to upload and
download files from the directory 'my_dir' on your web site 'my_site', then set
ROOT_DIR to '/export/www/sites/my_site/my_dir'.
NOTE: The script checks whether it is running from a secure directory directory
by testing for existance of a non-blank user name in the Apache's environmental
variable REMOTE_USER.
-->
<!--
------------------------------------------------------------------------
Configuration
------------------------------------------------------------------------
Set value of ROOT_DIR if you want this script to operate in a different
directory from the one it is placed in. If left blank, i.e. if
$ROOTODIR = "";
then the ROOT_DIR is set to the directory where this script is.
-->
<?php
$ROOT_DIR = "/export/www/sites/MY_SITE/MY_DIR";
?>
<!--
------------------------------------------------------------------------
PHP Functions
------------------------------------------------------------------------
-->
<?php
function get_relative_path($src,$dst) {
$srcs = explode("/",$src);
$dsts = explode("/",$dst);
# Remove common top directories from both paths.
while (count($srcs) && count($dsts) && $srcs[0]==$dsts[0]) {
array_shift($srcs);
array_shift($dsts);
}
$relpath = "";
# Go up directory tree (omit the filename part of the path)
for ($i=1;$i<count($srcs);$i++) {
$relpath .= "../";
}
# Go back down to new destination
$relpath .= implode("/",$dsts);
return $relpath;
}
?>
<!--
------------------------------------------------------------------------
Initialization
------------------------------------------------------------------------
-->
<?php
# Make sure this script has been placed in a secured directory
# by checking for existence of a logon name.
if (getenv("REMOTE_USER")=="") {
print "<br><b>Webmaster ERROR: This script must be placed in a secure directory.</b>";
exit;
}
# If ROOT_DIR is not set, set it to the current directory.
if (! $ROOT_DIR) {
$ROOT_DIR = getcwd();
}
# Get name of this script so we can ignore it when reading
# list of files.
$THIS_SCRIPT_URL = getenv("SCRIPT_NAME");
$THIS_SCRIPT_NAME = getenv("SCRIPT_FILENAME");
# Web page title
$TITLE = "File Sharing Web Application";
# Maximum filesize. Note that the setting upload_max_filesize in the
# /etc/php.ini file has the final say on the maximum file size. This setting
# affects the message shown to the user and the MAX_FILE_SIZE parameter to the
# upload form which is a *suggestion* to browser and to php, but which a savvy
# user can easily work around.
$MAX_FILE_SIZE=4000000;
$MAX_FILE_SIZE_LABEL = "4 megabytes";
?>
<!--
------------------------------------------------------------------------
Main
------------------------------------------------------------------------
-->
<!-- Start html page -->
<html>
<head>
<title>
<?php print "$TITLE\n"; ?>
</title>
<style type="text/css">
body { font-family: Arial, Helvetica, sans-serif; }
img { border: 0; padding: 0 2px; vertical-align: text-bottom;
margin-bottom: 2px;}
a { font-family: monospace; text-decoration: none;
margin-bottom: 2px;}
a:link { color: blue; }
a:visited { color: blue; }
a:hover { background-color: #dddddd; }
.indent { margin-left: 3em; margin-right: 6em; background-color: #dddddd; padding: 1em; }
td { padding: 1em; }
</style>
</head>
<body>
<h2>
<?php print "$TITLE\n"; ?>
</h2>
<hr noshade>
<!-- Draw upload form -->
<h3>
To upload a file
</h3>
<form action="" method="post" enctype="multipart/form-data" name="uploadForm">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php print $MAX_FILE_SIZE ?>" >
<div class="indent">
<table>
<tr>
<td>
<b>Step 1: Enter a filename</b>.
</td>
<td>
<input type="file" name="userfile" size="32">
</td>
</tr>
<tr>
<td>
<b>Step 2: Push the button</b>.
</td>
<td>
<input type="submit" name="Submit" value="Upload File">
</td>
</tr>
</table>
</form>
<br>
<i>
Note that the <b>maximum allowed file size</b> for uploading is
<?php print $MAX_FILE_SIZE_LABEL ?>.
</i>
</div>
<!-- Upload file if present -->
<?php
if ($_FILES['userfile']['name']) {
$fileName = $_FILES['userfile']['name'];
$uploadPath = "$ROOT_DIR/$fileName";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadPath)) {
print "<p>Your file <b>$fileName</b> uploaded successfully.</p><br/>\n";
} else {
print "<p>There was a problem uploading your file <b>$fileName</b>.</p><br/>\n";
}
}
?>
<!-- List files available for download -->
<hr noshade>
<?php
# Refresh PHP's (OS's ?) file and directory list cache
clearstatcache();
# Read directories and files in current directory
$handle = opendir($ROOT_DIR);
while (false !== ($filename = readdir($handle))) {
# Add file to list (omit this script)
$filepath = "$ROOT_DIR/$filename";
if (is_dir($filepath)==false && $filepath!=$THIS_SCRIPT_NAME) {
$files[] = $filename;
}
}
# List files if present
if ($files) {
# Print download message
print '<h3>To download a file, right-click on the name.</h3>';
print '<div class="indent">';
# Sort file list
if ($files) { sort($files); }
# List files if present
foreach($files as $name) {
# Get relative path from this script's directory to files directory.
$path = get_relative_path($THIS_SCRIPT_NAME,"$ROOT_DIR/$name");
# Display link
print "<a href='$path'>";
print "<img src='http://web.uconn.edu/file.gif'>$name</a><br/>\n";
}
print '</div>';
# No files to list
} else {
print "<h3> No files are available for download. </h3><br>\n";
}
?>
<!-- End html page -->
</body>
</html>