Give yourself a web file server
If you've a ton of files on your computer at home, this script is a secure way of allowing them to be shared. Drilling down through directories, you can download any file you like.
The files don't need to be under the root of the webserver - or even on the same physical computer, so long as the file system sees it - and there is no need to fiddle about with .htaccess files or equivalent - security is a simple password, which is cleared when you close your browser.
This code is a bit thrown together, and may well contain bugs - that's why it's currently v0.1. But it seems to work okay for me.
<?
// Web fileserver
//What bit of disc do we wish to share?
$base_folder="C:/My Music/";
//What is the user password?
$user_password='password';
//end
if (!isset($_REQUEST['d'])) {
$disc_start=$base_folder;
} else {
$disc_start=$_REQUEST['d'];
}
DEFINE("IMAGEROOT", "images/");
//Internal configuration
$software_version='0.1';
//end
error_reporting (E_ALL);
if (!isset($_REQUEST['a'])) {
//There is no action set, which is nice.
//We'd better display a log in screen.
echo_header("Welcome to ".getenv('HTTP_HOST'));
$g = (((disk_free_space($disc_start)/1024)/1024)/1024);
$r = (((disk_free_space($disc_start)/1024)/1024)/4.5);
echo "<P><B>Disc stats:</b><BR>Free disc space: ".number_format($g)." Gig - that's space for approximately ".number_format($r)." songs</p>";
echo "<form action=".getenv("SCRIPT_NAME")." action=post>
<P><input type=hidden name='a' value='l'>
<input type=password name=p> <input type=submit value='Log in'></p>
</form>";
} else if ($_REQUEST['a']=="l") {
if (!isset($_REQUEST['p'])) {
error("Whoops","You've not put any password in at all.");
exit;
}
if ($_REQUEST['p']!="bigd") {
error("Whoops","You've not put the right password in.");
exit;
} else {
//the password is correct. Do some cookie fun.
setcookie('wfs',$user_password);
$_REQUEST['a']="d";
$_COOKIE['wfs']=$user_password;
header("Location: ".getenv("SCRIPT_NAME")."?a=d");
}
} else if ($_REQUEST['a']=="d" and !isset($_COOKIE["wfs"])) {
error("Whoops","You're not logged in.");
exit;
} else if ($_REQUEST['a']=="d" and $_COOKIE["wfs"]!=$user_password) {
error("Whoops","You're not logged in properly.");
exit;
} else if ($_REQUEST['a']=="d") {
//Display a directory
echo_header($disc_start);
display_folder($disc_start);
} else if ($_REQUEST['a']=="g") {
$file=stripslashes($_REQUEST['f']);
if (substr($file,0,strlen($base_folder))!=$base_folder) {
error ("Permission denied","You can't download that.");
die;
}
header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header('Accept-Ranges: bytes');
header('Content-Length: '.filesize($file));
header('Content-Disposition: attachment; filename='.basename(stripslashes($_REQUEST['f'])));
@readfile($file);
die;
}
echo_footer();
function display_folder($folder) {
GLOBAL $PHP_SELF;
$textcolor = "#000000"; #TEXT COLOUR
$bgcolor = "#535353"; #PAGE BACKGROUND COLOUR
$normalcolor = "#FFFFFF"; #TABLE ROW BACKGROUND COLOUR
$highlightcolor = "yellow"; #TABLE ROW BACKGROUND COLOUR WHEN HIGHLIGHTED
$headercolor = "#003366"; #TABLE HEADER BACKGROUND COLOUR
$bordercolor = "#202750"; #TABLE BORDER COLOUR
clearstatcache();
if ($handle = opendir("$folder")) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && $file != substr($PHP_SELF, -(strlen($PHP_SELF) - strrpos($PHP_SELF, "/") - 1))) {
if (filetype($folder.'/'.$file) == "dir") {
#add directory array
$dirs[] = $file . "/";
}
else {
$files[] = $file;
}
}
}
closedir($handle);
}
@natcasesort($dirs); @natcasesort($files);
$dirs = @array_values($dirs); $files = @array_values($files);
echo "<P><table border=\"0\" cellspacing=\"0\"><tr><th colspan=\"2\" >File</th><th width=\"50\">Size</th><th>Date Modified</th></tr>";
$arsize = sizeof($dirs);
for($i=0;$i<$arsize;$i++) {
echo "\t<tr onMouseOver=\"this.style.backgroundColor='$highlightcolor'; this.style.cursor='hand';\" onMouseOut=\"this.style.backgroundColor='$normalcolor';\" onClick=\"window.location.href='$PHP_SELF?a=d&d=$folder" . $dirs[$i] . "';\">";
echo "\t\t<td width=\"16\"><img style='vertical-align:-2px;' src=\"images/folder.gif\" width=\"16\" height=\"16\" alt=\"Directory\"></td>";
echo "\t\t<td><a title='Open this directory' href=\"$PHP_SELF?a=d&d=$folder" . $dirs[$i] . "\">" . $dirs[$i] . "</a></td>";
echo "\t\t<td align=\"left\">-</td>";
echo "\t\t<td align=\"left\">" . date ("D M d y H.i", filemtime($folder.'/'.$dirs[$i])) . "</td>";
echo "\t</tr>";
}
$arsize = sizeof($files);
for($i=0;$i<$arsize;$i++) {
switch (substr($files[$i], -3)) {
case "jpg":
$img = "jpg.gif";
break;
case "gif":
$img = "gif.gif";
break;
case "zip":
$img = "zip.gif";
break;
case "png":
$img = "png.gif";
break;
case "avi":
$img = "move.gif";
break;
case "mpg":
$img = "move.gif";
break;
default:
$img = "what.gif";
break;
}
echo "\t<tr class=\"row\" onMouseOver=\"this.style.backgroundColor='$highlightcolor'; this.style.cursor='hand';\" onMouseOut=\"this.style.backgroundColor='$normalcolor';\">\r\n";
//<img src=\"" . IMAGEROOT . "$img\" width=\"16\" height=\"16\" alt=\"Directory\">
echo "<td width=\"16\"></td>";
echo "\t\t<td><a href=\"" . getenv("SCRIPT_NAME").'?a=g&f='.$folder.$files[$i] . "\">" . $files[$i] . "</a></td>\r\n";
echo "\t\t<td align=\"left\">" . round(filesize($folder.'/'.$files[$i])/1024) . "K</td>\r\n";
echo "\t\t<td align=\"left\" nowrap>" . date ("D M d y H.i", filemtime($folder.'/'.$files[$i])) . "</td>\r\n";
echo "\t</tr>\r\n";
}
echo "</table></p>";
}
function echo_header($title="") {
global $software_version;
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\"><HTML lang=\"en\"><HEAD><meta name=\"Title\" content=\"WFS for ".getenv("SERVER_NAME").substr(getenv("SCRIPT_NAME"),0,strrpos(getenv("SCRIPT_NAME"),"/"))."\"><TITLE>WFS for ".getenv("SERVER_NAME").substr(getenv("SCRIPT_NAME"),0,strrpos(getenv("SCRIPT_NAME"),"/"))."</TITLE><STYLE TYPE='text/css'>
a:link {color: #246A6C; text-decoration: none;}
a:visited {color: #246A6C; text-decoration: none; }
a:active {color: #246A6C; text-decoration: underline; }
a:hover {color: #246A6C; text-decoration: underline;}
#menutext {position:absolute;left:0px;top:0px;height:15px;width:100%;font-family:Verdana,Arial,Helvetica,sans-serif;font-size:75%;text-align:left;border-bottom: 1px solid #CCEDEE;background-color:#DDFEFF;padding-left:10px;}
#menutext a:link {color:#246A6C;background-color:#DDFEFF;}
#menutext a:visited {color:#246A6C;}
#menutext a:active {color:#246A6C;}
#menutext a:hover {color:#246A6C;}
#footer {clear:both;font-family:Verdana,Arial,Helvetica,sans-serif;font-size:70%;border-top: 1px solid #CCEDEE;margin: 30px 30px;text-align:right;letter-spacing:-1px;}
BODY {margin:30px 0px 30px 0px;background-color:white;font-family:Verdana,Arial,Helvetica,sans-serif;font-size:90%;width:100%;}
H1 {font-family:Verdana,Arial,Helvetica,sans-serif;font-size:150%;font-weight:bold;border-bottom: 1px solid #CCEDEE;margin: 0px 30px 15px 30px;}
H2 {font-family:Verdana,Arial,Helvetica,sans-serif;font-size:110%;font-weight:bold;margin-left: 30px;margin-bottom:0px;}
H3 {font-family:Verdana,Arial,Helvetica,sans-serif;font-size:110%;font-weight:bold;margin-left: 30px;margin-bottom:0px;}
P,UL,LI,.help {margin-left: 30px;margin-right: 30px;margin-top:0px;}
LI {list-style: square inside;}
TH {text-align:left;}
.help {font-family:Times New Roman, Serif;font-size:70%;}
</style>
</HEAD><BODY><div id=menutext><B>WFS (v$software_version)</b></div><h1>";
if (strlen($title)>1) {echo "WFS - $title";} else {echo "<a href='".getenv("SCRIPT_NAME")."'>WFS</a> - ".getenv("SERVER_NAME").substr(getenv("SCRIPT_NAME"),0,strrpos(getenv("SCRIPT_NAME"),"/"));}
echo "</h1>";
}
function echo_footer() {
//The footer for the admin pages.
echo "<div id=footer><a href='http://james.cridland.net/code'>james.cridland.net/code</a></div></BODY></HTML>";
}
function echo_open_form() {
//This opens a form in the admin section.
echo "<form action='".getenv("SCRIPT_NAME")."' method=post>";
}
function error($title,$text) {
//Displays an error
echo_header("Error: $title");
echo "<P>$text</p>";
echo_footer();
}
?>
These are my personal views and not those of the BBC | Full disclosure | FAQ | Contact me | More Cridland stuff at www.cridland.net