TAR File Management With PHP Archive_Tar - X-Ray Vision

(Page 7 of 8 )

So that's the theory - now for a couple of examples that illustrate it in practice. This first example application accepts a TAR file for upload and prints its contents using the Archive_Tar object's listContents() method:

<html>

<head>

</head>

<body bgcolor="white">

<?

if (!$_POST['submit'])

{

?>

<form action="<?=$_SERVER['PHP_SELF']; ?>" method="POST" 
enctype="multipart/form-data">

Select a file:

<input type="file" name="file">

<p>

<input type="Submit" name="submit" value="Send File">

</form>

<?

}

else

{

// check to make sure this is a tar file

if ($_FILES['file']['type'] != "application/x-gzip-compressed")

{

die("Unsupported file type!");

}

?>

<table border="1" cellspacing="5" cellpadding="5">

<tr>

<td><b>Filename</b></td>

<td><b>Size</b></td>

<td><b>UID</b></td>

<td><b>GID</b></td>

<td><b>Mode</b></td>

<td><b>Last Modified</b></td>

<td><b>Type</b></td>

</tr> 

<?

// include class

require("Tar.php");



// set up object

$tar = new Archive_Tar($_FILES['file']['tmp_name']);



// read and print tar file contents

if (($arr = $tar->listContent()) != 0)

{

foreach ($arr as $a)

{

echo "<tr>";

echo "<td>" . $a['filename'] . "</td>";

echo "<td>" . $a['size'] . "</td>";

echo "<td>" . $a['uid'] . "</td>";

echo "<td>" . $a['gid'] . "</td>";

echo "<td>" . $a['mode'] . "</td>";

echo "<td>" . $a['mtime'] . "</td>";

if ($a['typeflag'] == 5) { $type = "directory"; } else { $type = "file"; 
}

echo "<td>" . $type . "</td>";

echo "</tr>";

}

}

?>

</table>

<?

}

?>
</body>

</html>

Most of this should be familiar to you if you've ever dealt with HTTP file uploads in PHP. The script above is divided into two main parts, separated from each other by an "if" loop.

The first part of the script checks if the form has been submitted and, if not, displays a file selection box which the user can use to select a TAR file for upload. Note that since this POST transaction involves a file transfer, the encoding type of the form field must be set to "multipart/form-data".

Once a file has been selected and the form submitted, the second half of the script comes into play. This code first examines the $_FILES array to check if the uploaded file is of the correct type and - if it is - instantiates an object of the Archive_Tar class to read it. The Archive_Tar object's listContents() method is then used to obtain a list of the files within the archive, and display this information in a neatly-formatted HTML table. The columns in the table correspond to the keys of the array returned by listContents() - file name, size, ownership and permissions, and a flag indicating whether the item is a file or directory.

Here's an example of what the output looks like:

Note that the script above is illustrative only - allowing users to upload files to your Web application is an inherently dangerous process and one which opens up multiple security holes. The example is included here to demonstrate a possible application of the Archive_Tar class; if you plan to use it in a live environment, you should beef up the security checks within the code to ensure that nothing malicious can be uploaded by a user.

{mospagebreak title=Backing Up...}

Another very common application of Archive_Tar would be to package a set of files on a host into an archive (say, for backup purposes) and make it available for download through a Web browser. Possible users of such an application might be Web hosting services which want to allow customers to download backups of their data via their Web browsers, or intranet applications which allow administrators to download daily, weekly or monthly backups of the data and/or log files created during the intervening period.

Consider the following script, which asks the user to input a file path on the server, and then creates an compressed archive of the contents of that directory (and its subdirectories) for the user to download

<html>

<head>

</head>

<body bgcolor="white">

<?

// if form not submitted, display input field

if (!$_POST['submit'])

{

?>

<form action="<?=$_SERVER['PHP_SELF']; ?>" method="POST">

Select a directory to backup:

<input type="text" name="path">

<p>

<input type="Submit" name="submit" value="Start 
Backup">

</form>

<?

}

else

{

// check to make sure a valid file path has been provided

if (!file_exists($_POST['path']))

{

die("Invalid file path!");

}
 // include class

require("Tar.php");



// set filename

$filename = "backup-" . date("Ymd", mktime()) . ".tgz"; 

 // instantiate object

$tar = new Archive_Tar($filename, "gz");



// build archive

$tar->create($_POST['path']) or die("Could not create archive!");
 // provide download link

echo "Click <a href=" . $filename . ">here</a> to 
download backup"; } ?>
</body>

</html>

Again, this is fairly simple - the file path provided by the user is first checked for validity by the latter half of the script, and an Archive_Tar object is created to hold the compressed contents of the specified directory. The create() method is then called to actually perform the archive creation and compression, and the user is then provided with a link to download the compressed archive. Primitive, yes, but it works.

As before, the standard warning applies - if you plan to use this kind of tool in a live environment, you must put in lots of security checks to avoid malicious usage. At the very least, you should restrict access to the directories that can be backed up; failure to do so would allow a hacker to download important files (such as the system password file) and thereby gain access to sensitive user or system information.

Next: ... And Packing Up >>
 

More PHP Articles
More By The Disenchanted Developer, (c) Melonfire

Comments On: TAR File Management With PHP Archive_Tar

>>> Be the FIRST to comment on this article!