Home arrow PHP arrow Page 3 - Setting Up a Web-Based File Manager: bfExplorer

Configuring and Using bfExplorer - PHP

Everybody knows how to use a conventional desktop application that acts as a file manager. And we all know how useful these manipulation utilities really are. They give us a hierarchical view of the content of our folders. They also have dozens of extra functions. In this series, we’re going to see how we can do this on a web server. We will present two freeware PHP-based file managers. You’ll find out how to install and configure them.

TABLE OF CONTENTS:
  1. Setting Up a Web-Based File Manager: bfExplorer
  2. Installing bfExplorer
  3. Configuring and Using bfExplorer
  4. Taking a Break
By: Barzan "Tony" Antal
Rating: starstarstarstarstar / 9
April 15, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Each time you log in, the file manager opens the "root" path of that current user. First, you need to delete or change the "admin" default user and set your own settings. We do this at the Control Panel. You can see it is the last icon on the upper toolbar. You click on it and then select "User Administration."

Starting from that panel, you can add "New User" as well as edit the settings of existing user accounts. When you create a new user, you need to specify its username, password, group (Administrators, Users, Guests, etc.), Name (anything), E-mail (anything), and Home Directory. The home directory starts from the "/public_html" in the case of paid hosts on shared servers, so you shouldn't include that one already!

If you're going to have multiple/varied types of users, then I'd suggest modifying the existing user groups. Who knows? You may need a group called "Guests," "Power Users," or "Limited Users," along with the "Administrators." You can enter into the Group Administration menu from the Control Panel. Also, this is the place where you set the permissions. Remember, we didn't specify the kinds of access levels for the users we've created. We have done this by "enrolling" them in specific groups.

Now let's see bfExplorer in action, while viewing/editing source code. Notice the way its syntax is highlighted thanks to GeSHi. The attached screen shot is resized to 400 pixels on its width to preserve the aesthetic aspects of this page. For higher quality screen shots of bfExplorer, visit the screen shot section of the official website (here).

Let's attach another screen shot. You need to see how it handles images too. Keep in mind that it also supports the "search" feature, which is especially handy when your web space is cluttered and disorganized. In a nutshell, bfExplorer does everything you should ever need from a file manager. If you can get it online and working, then you won't ever struggle to access your files all over the world.

Last, but definitely not least, bfExplorer supports uploading files to your server. This is also done with its PHP-based HTML POST engine. Here, I'll give you a tip on how you should use this feature without compromising the security of your server. First, to have write access to a folder, it needs to have full permissions (777). You shouldn't have this all the time, since it can easily turn into a security hole.

Here's what I'd recommend: Leave the security permissions (file attributes) on the rest of your folders intact, meaning don't "chmod 777" all of them. This way, the rest of your folder cannot be compromised. Then create a new directory, something along the lines of /upload or /files or /data. Who knows what you need? This is going to be the folder you will eventually "chmod 777" (rwxrwxrwx).

Now you should be able to upload files, create folders, and have full control over that folder you've just created via bfExplorer (once you are logged into your profile!). On the rest of your folders, you should just have read access. You can "organize" your files later on when you're at home in a "safe" environment with the help of a stand-alone FTP client application. Right now, what's important is the ability to host something as soon as possible without fiddling with FTP clients and whatnot.

If you have created the /files folder on your hostname.com website, then users could access your files if they type "hostname.com/files" into their browsers. You may or may not like that this is possible. Here's what to do. Create a new text file in that folder and call it ".htaccess" (pay attention to that little dot at the beginning). Add the following to its content:

Options -Indexes

The above line prohibits Apache from listing the contents of the directory to the public. As a result, your visitors (including you) will receive a 403 error message when they visit "hostname.com/files" via an Internet browser. But when you log in to your trusty bfExplorer, you will have full access. The same applies to an FTP client.

If you want to allow certain guests to upload scripts into that folder, then be cautious, because 777 also gives "execution" permissions. This can also be compromised. I'd also add the following three lines in your .htaccess file. Keep in mind that each folder should contain a .htaccess file with its very own directives.

RewriteEngine on

RewriteCond %{REQUEST_URI} .php [NC]

RewriteRule .* / [L,R]

The above code snippet disables the "automatic" execution of PHP scripts in that folder. This is useful when somebody uploads a PHP shell script that ends up exploiting the security of the server and giving unauthorized access. However, none of the previous techniques are one-hundred percent secure, so use it just for educational purposes. You shouldn't rely on these when storing millionaire innovations.



 
 
>>> More PHP Articles          >>> More By Barzan "Tony" Antal
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: