Is it possible to list all the files from a remote server.I am running this code in serverOne.com , its a php server .I want to access serverTwo.com/dirOne its aTomcat server.
$path = "http://www.serverTwo.com/dirOne";
if ($handle = opendir($widget_path)) {
while (false !== ($widgetfile = readdir($handle)))
{
if ($widgetfile != "." && $widgetfile != "..")
{
echo $widgetfile;
}
}
closedir($handle);
}
The short answer is No. Definitely not like that because that would be a serious security problem, don't you think?!
There are ways you could establish a link between two servers but just allowing pretty much anyone to list files and read files off of one server from another would be quite bad.
If the other server has directory browsing enabled and there's no default document in the directory, then generally you get an HTML page containing a file listing. But if it's disabled and/or default-documented, then no, you can't. Not directly.
You can probably connect to your second server using FTP
Related
This question already has an answer here:
Security vulnerabilities with file_get_contents() using variable location
(1 answer)
Closed 3 years ago.
Is it possible to read any file (not only those with the extension .html) from the server in the following script?
<?php
echo file_get_contents($_GET['display'].'.html');
?>
I know about wrappers (php://, file://, etc.) but achieved not too much.
I'm eager to hear all the possible vectors of attack.
The PHP configuration is default:
allow_url_fopen On, and let's assume the version is >= 7.0, so null character %00 doesn't work.
No, that will only ever read files ending in '.html', but that doesn't necessarily mean that it's secure! Generally, the more that you can sanitise and restrict the input, the better.
Also, for anyone planning to use file_get_contents like this, it's always good to remember that when serving from file_get_contents, you can serve files that are not normally accessible - either due to server configuration, e.g. .htaccess, or file permissions.
As #David said, this will only get files ending in '.html', but its not a good practice, if you have html folder and you want the user to get only files from that folder , you shouldn't do that, by using this method a hacker can access any .html file in your server, not just the ones you want him to see.
My suggestion is that if you have a specific folder that you want user to be able to get files from, scan the directory and check for the file name.
Here's an example:
<?php
$paths = scandir('/html');
$file = isset($_GET['display']) : $_GET['display'] ? null;
if(!$file)
{
die('no display provided');
}
$html = '';
foreach($paths as $path) {
if($path !== '.' && $path !== '..' && $path === $file.'.html') {
$html = file_get_contents($path);
}
}
echo $html;
?>
Exploidale as proxy:
http://example.com/script.php?display=https://hackme.com/passwords%3Extension%3D
echo file_get_contents("https://hackme.com/passwords?Extension=.html")
Your IP will be logged on hackme.com machine and return some passwords (when lucky).
I am trying to transfer an entire folder to FTP server using PHP.
Right now I am using this code:
function ftp_copyAll($conn_id, $src_dir, $dst_dir) {
if (is_dir($dst_dir)) {
return "<br> Dir <b> $dst_dir </b> Already exists <br> ";
} else {
$d = dir($src_dir);
ftp_mkdir($conn_id, $dst_dir);
echo "create dir <b><u> $dst_dir </u></b><br>";
while($file = $d->read()) { // do this for each file in the directory
if ($file != "." && $file != "..") { // to prevent an infinite loop
if (is_dir($src_dir."/".$file)) { // do the following if it is a directory
ftp_copyAll($conn_id, $src_dir."/".$file, $dst_dir."/".$file); // recursive part
} else {
$upload = ftp_put($conn_id, $dst_dir."/".$file, $src_dir."/".$file, FTP_BINARY); // put the files
echo "creat files::: <b><u>".$dst_dir."/".$file ." </u></b><br>";
}
}
ob_flush() ;
sleep(1);
}
$d->close();
}
return "<br><br><font size=3><b>All Copied ok </b></font>";
}
But is it possible to transfer the entire folder without iterating through the files? Because I have about 100+ files and PHP is taking lot of time for the transfer.
Is there any way to increase the speed of transfer?
No there's no other generic way supported by a common FTP server.
Except that you pack the files (zip, gzip, etc) locally, upload them and unpack remotely.
But if you have an FTP access only, you do not have a way to unpack them remotely anyway. Unless the FTP server explicitly allows that. Either by allowing you to execute an arbitrary remote shell command (typically not allowed) or using a proprietary "unpack" extension (very few servers do support that).
The FTP protocol is generally very inefficient for transferring a large amount of small files, because each file transfer has quite an overhead for opening a separate data transfer connection.
My problem is that I am wanting a personal file storage website to use between different computers, I have little PHP knowledge, yet more in HTML+CSS. I have found how to list files in a directory on a server, that appear to have a link to download. However, if you proceed to click on this list, it loads a 404 error page. Should it not download? How could I make it to force download the file? Also, all files should be able to be downloaded, not just a certain type (e.g .pdf or .jpg). I have looked extensively on this website and others, but haven't found a working solution.
<body>
<?php
if ($handle = opendir('./uploads/')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
$thelist .= '<li>'.$file.'</li>';
}
}
closedir($handle);
}
?>
<h1>List of files:</h1>
<ul><?php echo $thelist; ?></ul>
</body>
Thanks,
Much better solution is create FTP server. It is easier managing, faster dw/up
I'm looking for a solution to detect changes in folder(s) using php. The application may run on both platforms(linux and windows). I may use different methods for each platform as long as results are the same.
What I desire is :
If a file/folder is added to a directory, I want my app to detect this new file and read its attributes (size,filetime etc)
If a existing file/folder is saved/contents changed/deleted, I need to detect this file is changed
It would be better if I can monitor a base folder outside webroot of apache (such as c:\tmp, or d:\music on windows or /home/ertunc on linux)
I read something on inotify but I'm not sure it meets my needs.
Monitoring the filesystem for changes is a task that should be solved outside PHP. It's not really built to do stuff like this.
There are ready-made tools on both platforms that can monitor file changes that could call a PHP file to do the further processing.
For Linux:
How to efficiently monitor a directory for changes on linux? (looks best at a quick glance)
Monitor Directory for Changes
For Windows:
How to monitor a folder for changes, and execute a command if it does, on Windows?
The second answer in How can I monitor a Windows directory for changes?
So if you are checking compared to the last time you checked rather than just being updated as soon as it changes you could do the following.
You could create an MD5 of a directory, storew this MD5 then compare the new MD5 with the old to see if things have changed.
The function below taken from http://php.net/manual/en/function.md5-file.php would do this for you.
function MD5_DIR($dir)
{
if (!is_dir($dir))
{
return false;
}
$filemd5s = array();
$d = dir($dir);
while (false !== ($entry = $d->read()))
{
if ($entry != '.' && $entry != '..')
{
if (is_dir($dir.'/'.$entry))
{
$filemd5s[] = MD5_DIR($dir.'/'.$entry);
}
else
{
$filemd5s[] = md5_file($dir.'/'.$entry);
}
}
}
$d->close();
return md5(implode('', $filemd5s));
}
This is rather inefficient though, since as you probably know, there is no point checking the entire contents of a directory if the first bit is different.
I would
scan all folders/files and create an array of them,
save this somewhere
run this scan again later [to check if the array still looks the same].
As you have the entire data structure from "time 1" and "now", you can clearly see what has changed. To crawl through the directories, check this: http://www.evoluted.net/thinktank/web-development/php-directory-listing-script and this http://phpmaster.com/list-files-and-directories-with-php/
My php file is here:
D:/Appserv/www/x/y/file.php
I want to load stuff from this folder:
E:/foldie
I don't know what path will lead me there.
$somePath="HELP ME HERE!!!!"
$dir=opendir($somePath);
//looping through filenames
while (false !== ($file = readdir($dir))) {
echo "$file\n";
}
Use full Windows path to the file it should be working: "E:\folder\file.txt"
or just copy the file in the local/project directory for testing purpose.
Set $somePath = "e:\\foldie". If that doesn't work, please indicate to us how it fails.
[Edit:: make sure you escape your backslashes in strings]