Stream Me Up, Scotty! (part 1) - Appendix: Code Listing

(Page 9 of 9 )

<!-- code for index.html begins here -->
<html>
<head>
<basefont face=arial>
</head>
<body>
<table border=0 align=center>
<form action="actions.php4" method=post>
<input type=hidden name=action value=CWD>
<tr>
<td>
Server
</td>
<td>
<input type=text name=server>
</td>
</tr>
<tr>
<td>
User
</td>
<td>
<input type=text name=username>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type=password name=password>
</td>
</tr>
<tr>
<td colspan=2 align=center>
<input type="submit" value="Beam Me Up, Scotty!">
</td>
</tr>
</form>
</table>
</body>
</html>
<!-- code for index.html ends here -->

<!-- code for actions.php4 begins here -->
<html>
<head>
<basefont face=Arial>
</head>
<body>
<?
/*

DISCLAIMER:

This is use-at-your-own-risk code.

It is meant only for illustrative purposes and is not meant for production environments. No warranties of any kind are provided to the user.

You have been warned!

All code copyright Melonfire, 2000. Visit us at http://www.melonfire.com

*/
// function to connect to FTP server
function connect()
{
global $server, $username, $password;
$conn = ftp_connect($server);
ftp_login($conn, $username, $password);
return $conn;
}
// main program begins
// check for valid form entries else print error
if (!$server || !$username || !$password)
{
echo "Form data incomplete!";
}
else
{
// connect
$result = connect();
// action: change directory
if ($action == "CWD")
{
// at initial stage $rdir does not exist
// so assume default directory
if (!$rdir)
{
$path = ".";
}
// get current location $cdir and add it to requested directory $rdir
else
{
$path = $cdir . "/" . $rdir;
}
// change to requested directory
ftp_chdir($result, $path);
}
// action: delete file(s)
else if ($action == "Delete")
{
ftp_chdir($result, $cdir);
// loop through selected files and delete
for ($x=0; $x<sizeof($dfile); $x++)
{
ftp_delete($result, $cdir . "/" . $dfile[$x]);
}
}
// action: download files
else if ($action == "Download")
{
ftp_chdir($result, $cdir);
// download selected files
// IMPORTANT: you should specify a different download location here!!
for ($x=0; $x<sizeof($dfile); $x++)
{
ftp_get($result, $dfile[$x], $dfile[$x], FTP_BINARY);
}
}
// action: upload file
else if ($action == "Upload")
{
ftp_chdir($result, $cdir);
// put file
/*
a better idea would be to use
$res_code = ftp_put($result, $HTTP_POST_FILES["upfile"]["name"],
$HTTP_POST_FILES["upfile"]["tmp_name"], FTP_BINARY);
as it offers greater security
*/
$res_code = ftp_put($result, $upfile_name, $upfile, FTP_BINARY);
// check status and display
if ($res_code == 1)
{
$status = "Upload successful!";
}
else
{
$status = "Upload error!";
}
}
// create file list
$filelist = ftp_nlist($result, ".");
// and display interface
include("include.php4");
// close connection
ftp_quit($result);
}
?>
</body>
</html>
<!-- code for actions.php4 ends here -->

<!-- code for include.php4 begins here -->
<?
// get current location
$here = ftp_pwd($result);
/*
since ftp_size() is quite slow, especially when working
on an array containing all the files in a directory,
this section performs an ftp_size() on all the files in the current
directory and creates three arrays.
*/
// array for files
$files = Array();
// array for directories
$dirs = Array();
// array for file sizes
$file_sizes = Array();
// counters
$file_list_counter = 0;
$dir_list_counter = 0;
// check each element of $filelist
for ($x=0; $x<sizeof($filelist); $x++)
{
if (ftp_size($result, $filelist[$x]) != -1)
{
// create arrays
$files[$file_list_counter] = $filelist[$x];
$file_sizes[$file_list_counter] = ftp_size($result, $filelist[$x]);
$file_list_counter++;
}
else
{
$dir_list[$dir_list_counter] = $filelist[$x];
$dir_list_counter++;
}
}
?>
<!-- header - where am I? -->
<center>
You are currently working in <b><? echo $here; ?></b>
<br>
<!-- status message for upload function -->
<? echo $status; ?>
</center>
<hr>
<p>
<!-- directory listing in drop-down list -->
Available directories:
<form action=actions.php4 method=post>
<!-- these values are passed hidden every time -->
<!-- a more optimal solution might be to place these in session
variables -->
<input type=hidden name=username value=<? echo $username; ?>>
<input type=hidden name=password value=<? echo $password; ?>>
<input type=hidden name=server value=<? echo $server; ?>>
<input type=hidden name=cdir value=<? echo $here; ?>>
<!-- action to take when THIS form is submitted -->
<input type=hidden name=action value=CWD>
<!-- dir listing begins; first item is for parent dir -->
<select name=rdir>
<option value=".."><parent directory></option>
<?
for ($x=0; $x<sizeof($dir_list); $x++)
{
echo "<option value=" . $dir_list[$x] . ">" . $dir_list[$x] . "</option>";
}
?>
</select>
<input type=submit value=Go>
</form>
<hr>
<!-- file listing begins -->
Available files:
<form action=actions.php4 method=post>
<!-- these values are passed hidden every time -->
<input type=hidden name=server value=<? echo $server; ?>>
<input type=hidden name=username value=<? echo $username; ?>>
<input type=hidden name=password value=<? echo $password; ?>>
<input type=hidden name=cdir value=<? echo $here; ?>>
<table border=0 width=100%>
<?
// display file listing with checkboxes and sizes
for ($y=0; $y<sizeof($files); $y++)
{
echo "<tr><td><input type=checkbox name=dfile[] value=" . $files[$y] .
">". $files[$y] . " <i>(" . $file_sizes[$y] . " bytes)</i><td>";
}
?>
</table>
<!-- actions for this form -->
<center>
<input type=submit name=action value=Delete>  
<input type=submit name=action value=Download>
</center>
</form>
<p>
<hr>
<!-- file upload form -->
File upload:
<form enctype="multipart/form-data" action=actions.php4 method=post>
<!-- these values are passed hidden every time -->
<input type=hidden name=username value=<? echo $username; ?>>
<input type=hidden name=password value=<? echo $password; ?>>
<input type=hidden name=server value=<? echo $server; ?>>
<input type=hidden name=cdir value=<? echo $here; ?>>
<table>
<tr>
<td>
<!-- file selection box -->
<input type=file name=upfile>
</td>
</tr>
<tr>
<td>
<!-- action for this form -->
<input type=submit name=action value=Upload>
</td>
</tr>
</table>
</form>
<!-- code for include.php4 ends here -->

This article copyright Melonfire 2000. All rights reserved.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Stream Me Up, Scotty! (part 1)

>>> Be the FIRST to comment on this article!