|Download phpfm_v.1.0.5.zip 118.49 Kb||updated: 08/01/2009||Screenshot|
PHP File Manager is a complete file management system in a single file for use on Windows or Linux web servers. This release is an extensive reworking of the script by Fabricio Seger Kolling at http://phpfm.sourceforge.net/ . To the best of my knowledge, all of the bugs reported to date in the forums at Sourceforge.net have been addressed and solutions found. Some sections of code have been rewritten and two new classes have been added but for the most part I have retained the appearance and features of the old phpfm.
This is an ongoing project and there is some way to go yet but I have decided to make the latest version available here for the purposes of peer review, beta testing etc.
This version has been tested on NT4 and a standard Linux/Apache host both with PHP 4.4.8 . Also on a Windows server running NT4 and PHP 5.2.6 .
The following features should be noted:
- The source code has been upgraded to utf-8. I believe this represents a more universal standard and should make it easier to extend the languages section with multi-byte fonts. In order to suppress any possible issues with unusual locale settings 'setlocale ( LC_CTYPE, 'C' )' has been implemented.
- The directory navigation tree has been enhanced with some more graphical elements. It is now much easier to navigate complex directory structures.
- The generated pages are now better formed html with 'HTML 4.01 Transitional' doc type declarations. It should be possible to make the pages valid XHTML but to achieve this the scripts will have to be linked which means a much more extensive amount of re-organization.
- The bug causing incorrectly formatted html entities in the 'Edit File' window has been fixed. Also, it is now possible to select an editing charset in the config dialog from a fairly extensive list. Because this setting affects the whole editing window any relevant none-ASCII characters used in 'Internationalization' should be encoded as entities.
The file editing interface has been adapted to use syntax highlighted editing courtesy of Codepress.
This feature can be disabled in the config dialog.
The permissions bug causing destroyed directories has been fixed. The code for the permissions dialog has been rewritten and extended
to SUID and SGID.
On a Windows platform File Manager uses PHP's COM extension to create an ASP style, file system object. Through this the following file attributes can be set: 'Read only', 'Hidden', 'System' and 'Changed since last backup'. For informative purposes the following read only attributes are displayed: 'Directory', 'Link' and 'Compressed'. I have not yet figured out how to get file owner in windows -still working on that one!
- The 'Shell' window has been enhanced so that it more resembles a real console
- The bug which caused bad paths to be generated in the 'View' window has been fixed. The problem there lay in converting a server path to a URL; not as easy as it sounds.
A new class 'ftpEngine' has been added.
One of the problems with this sort of script is that PHP runs as user 'nobody', 'httpd' or 'www'. This has some serious security implications particularly on a shared Linux server. Also any files uploaded with ftp will be inaccesible to you unless you chmod them 666 which you can't do anyway since the server does not recognise you as the owner! One solution is to run the script in a CGI wrapper and then login as as 'username' with a sudo session. This is technically difficult and on some shared servers may not be an option. The other option is to use ftp. The ftpEngine logs on to the ftp server as 'localhost' enabling you to work with the privileges of your ftp id.
The ftpEngine has five running modes which can be set in the config dialog:
'level 0' ftp functionality is disabled, file manager works as a standard PHP file manager.
'level 1' ftp functionality is enabled only for changing perms.
'level 2' this is the default mode and probably the only one you will want to use. Ftp functionality is enabled for all functions. This gives you
a unique working environment since you simultaneously have the privileges of your user id and those of PHP.
'level 3' This is the same as 'level 2' except that file perms are overridden for all functions with the exception of 'delete'.
- 'level 4' Ditto except that perms are overridden for 'delete'. This is a particularly dangerous mode to work in since you could potentially trash your whole domain with a single erroneous mouse click.
The ftp utilities used in combination with PHP’s file management utilities make a very powerful tool.
In order for ftpEngine to work it needs to be able to find ftp root. It searches up though the directory hierarchy, so for ftp to work you need to install PHP File Manager somewhere in this directory structure. If ftp root is not found then the script fails gracefully and file manager reverts to a standard PHP file manager. FTP root is the directory you get when you first login with an ftp client.
Another feature which is enabled by the ftpEngine is the 'Convert' button. This effectively converts the ownership of the selected files and directories to owner = 'ftp user id'. This does not use CHOWN since this requires root privileges but copies the contents of the file to memory, deletes the old file, creates a new file as owner = 'ftp user id' then writes the data back into the new file. Numerous failsafes have been built into this piece of code but you should always keep backups of your data!
FtpEngine does not convert PHP File Manager into an ftp client. This was never the intention in writing this script. Also, ftpEngine is disabled on Windows platforms.
- 'level 0' ftp functionality is disabled, file manager works as a standard PHP file manager.
A new class 'shellArchive' has been added.
I had some big problems with the archive utility bundled with the old phpfm- so I was inspired to write a new class. ShellArchive bypasses PHP and calls the shell utilities to create and manage zip, tar, tgz, tbz2, bzip and gzip files. Because the shell programmes are forked from PHP they work with the same user privileges and therefore suffer from the same limitations. For this reason I've had to jump through a few hoops to achieve the degree of functionality I wanted. ShellArchive is an extension of ftpEngine and as such works closely with ftp so that all files are created with the privileges of 'ftp user id'. If ftpEngine is disabled the scripts run as straight shell applications.
There are some disadvantages to using shell scripts in this way: the chances that they will work on a Windows platform are remote in the extreme, even on Linux, if the shell utilities are absent or incompatible fink happens!
I have tested this class on a linux server with GNU Tar and Infozip, which I believe are standard issue. Furthermore for the tar scripts I have used the so called 'old style' notation which the developers at GNU reckon is supported by all other versions of tar.
For the future I entend to add two more archive classes: one which scavenges the server for PEAR libraries and another which uses the PHP ZipArchive class. It should be possible to make all of these work through the same GUI.
The languages section needs to be updated with the new additions. This is a farly high priority since others are keen to contribute to an extended languages library.
There are still some wrinkles to iron out here and there- it's just a matter of finding the time....
David Salkeld 14 Aug 2008
GNU GENERAL PUBLIC LICENSE
Codepress is distributed under the LGPL
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.