TAR File Management With PHP Archive_Tar - X-Ray Vision (
Page 7 of 8 )
So that's the theory - now for a couple of examples that illustrate it in
practice. This first example application accepts a TAR file for upload and
prints its contents using the Archive_Tar object's listContents()
method:
<html>
<head>
</head>
<body bgcolor="white">
<?
if (!$_POST['submit'])
{
?>
<form action="<?=$_SERVER['PHP_SELF']; ?>" method="POST"
enctype="multipart/form-data">
Select a file:
<input type="file" name="file">
<p>
<input type="Submit" name="submit" value="Send File">
</form>
<?
}
else
{
// check to make sure this is a tar file
if ($_FILES['file']['type'] != "application/x-gzip-compressed")
{
die("Unsupported file type!");
}
?>
<table border="1" cellspacing="5" cellpadding="5">
<tr>
<td><b>Filename</b></td>
<td><b>Size</b></td>
<td><b>UID</b></td>
<td><b>GID</b></td>
<td><b>Mode</b></td>
<td><b>Last Modified</b></td>
<td><b>Type</b></td>
</tr>
<?
// include class
require("Tar.php");
// set up object
$tar = new Archive_Tar($_FILES['file']['tmp_name']);
// read and print tar file contents
if (($arr = $tar->listContent()) != 0)
{
foreach ($arr as $a)
{
echo "<tr>";
echo "<td>" . $a['filename'] . "</td>";
echo "<td>" . $a['size'] . "</td>";
echo "<td>" . $a['uid'] . "</td>";
echo "<td>" . $a['gid'] . "</td>";
echo "<td>" . $a['mode'] . "</td>";
echo "<td>" . $a['mtime'] . "</td>";
if ($a['typeflag'] == 5) { $type = "directory"; } else { $type = "file";
}
echo "<td>" . $type . "</td>";
echo "</tr>";
}
}
?>
</table>
<?
}
?>
</body>
</html>
Most of this should be familiar to you if you've ever dealt with HTTP file
uploads in PHP. The script above is divided into two main parts, separated from
each other by an "if" loop.
The first part of the script checks if the form has been submitted and, if
not, displays a file selection box which the user can use to select a TAR file
for upload. Note that since this POST transaction involves a file transfer, the
encoding type of the form field must be set to "multipart/form-data".
Once a file has been selected and the form submitted, the second half of the
script comes into play. This code first examines the $_FILES array to check if
the uploaded file is of the correct type and - if it is - instantiates an object
of the Archive_Tar class to read it. The Archive_Tar object's listContents()
method is then used to obtain a list of the files within the archive, and
display this information in a neatly-formatted HTML table. The columns in the
table correspond to the keys of the array returned by listContents() - file
name, size, ownership and permissions, and a flag indicating whether the item is
a file or directory.
Here's an example of what the output looks like:
Note that the script above is illustrative only - allowing users to upload
files to your Web application is an inherently dangerous process and one which
opens up multiple security holes. The example is included here to demonstrate a
possible application of the Archive_Tar class; if you plan to use it in a live
environment, you should beef up the security checks within the code to ensure
that nothing malicious can be uploaded by a user.
{mospagebreak title=Backing
Up...}
Another very common application of Archive_Tar would be to package a set of
files on a host into an archive (say, for backup purposes) and make it available
for download through a Web browser. Possible users of such an application might
be Web hosting services which want to allow customers to download backups of
their data via their Web browsers, or intranet applications which allow
administrators to download daily, weekly or monthly backups of the data and/or
log files created during the intervening period.
Consider the following script, which asks the user to input a file path on
the server, and then creates an compressed archive of the contents of that
directory (and its subdirectories) for the user to download
<html>
<head>
</head>
<body bgcolor="white">
<?
// if form not submitted, display input field
if (!$_POST['submit'])
{
?>
<form action="<?=$_SERVER['PHP_SELF']; ?>" method="POST">
Select a directory to backup:
<input type="text" name="path">
<p>
<input type="Submit" name="submit" value="Start
Backup">
</form>
<?
}
else
{
// check to make sure a valid file path has been provided
if (!file_exists($_POST['path']))
{
die("Invalid file path!");
}
// include class
require("Tar.php");
// set filename
$filename = "backup-" . date("Ymd", mktime()) . ".tgz";
// instantiate object
$tar = new Archive_Tar($filename, "gz");
// build archive
$tar->create($_POST['path']) or die("Could not create archive!");
// provide download link
echo "Click <a href=" . $filename . ">here</a> to
download backup"; } ?>
</body>
</html>
Again, this is fairly simple - the file path provided by the user is first
checked for validity by the latter half of the script, and an Archive_Tar object
is created to hold the compressed contents of the specified directory. The
create() method is then called to actually perform the archive creation and
compression, and the user is then provided with a link to download the
compressed archive. Primitive, yes, but it works.
As before, the standard warning applies - if you plan to use this kind of
tool in a live environment, you must put in lots of security checks to avoid
malicious usage. At the very least, you should restrict access to the
directories that can be backed up; failure to do so would allow a hacker to
download important files (such as the system password file) and thereby gain
access to sensitive user or system information.
/ 37 
