Location: PHPKode > scripts > The Picturebox > the-picturebox/index.php
<?php
//The Picturebox
//By Joey C. - http://joeyjwc.x3fusion.com/
//Version .5 Beta
//This software is in beta testing; please be careful.

//This program is free for all to use and modify as they see fit.  If you plan to redistribute it, please give me credit.  Thank you.
//This software comes with no warranty of anything whatsoever.

//Things to do:
//FIX ROOT PROBLEM!						Done.
//Add image resizing support.			Done.
//Add support for multiple directories.	Done, I think.
//Colors?								Nah.


//					VARIABLES
//NAME								//DESCRIPTION
$basedir = "../";					//The directory for storing files.
$thisDir = "p";						//The directory that this file is stored in.  No slashes.
$maxFileSize = 10000000;			//The maximum size in bytes that an uploaded file can be.
$ftypes = array("gif","jpg","png","bmp","tiff","tif","jpeg");
									//^ Allowed filetypes.

//YOU DO NOT NEED TO EDIT ANYTHING BEYOND THIS POINT

if (!$_REQUEST["fd"]) $fd = $basedir;	
else $fd = $_REQUEST["fd"];
$ud = $fd;							//Upload Directory.  This should always be the same as $fd.

function isDirOkay($dir, $basedir, $thisDir) {											//Kind of hackish.
	if (substr($dir,0,1)=="/" || substr_count($dir,"../") > substr_count($basedir,"../") || $dir==$basedir.$thisDir)
		die(messageBox("ERROR: Forbidden directory.", "index.php?fd=".$fd, TRUE));
}

isDirOkay($fd, $basedir, $thisDir);

function messageBox($msgtxt, $redir, $errbox=FALSE) {				//Message Box
	if ($errbox==TRUE) $boxtype = "errorbox";
	else $boxtype = "messagebox";
	echo("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
<meta http-equiv=\"refresh\" content=\"10;$redir\" />
<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />
<title>$msgtxt</title>
</head>
<body>
<div class=\"$boxtype\">
<p>$msgtxt</p>
<p><a href=\"$redir\" class=\"actn\">Okay.</a></p>
</div>
</body>
</html>");
}

function getDir($dir) {												//Get contents of directory.  Now supports PHP 4 and 5.
if (version_compare(PHP_VERSION, "5.0.0", ">=")) return scandir($dir);
else {
	$dh  = opendir($dir);
	while (false !== ($filename = readdir($dh))) {
		$files[] = $filename;
	}
	sort($files);
	return $files;
}
}

function updir($curdir) {
	$dir = explode("/", $curdir);
	unset($dir[count($dir)-2]);
	return "index.php?fd=".implode("/",$dir);
}

/**		By stefano at takys dot it (found on www.php.net/rmdir)
 * rm() -- Very Vigorously erase files and directories. Also hidden files !!!!
 *
 * @param $dir string
 *                  be carefull to:
 *                        if($obj=='.' || $obj=='..') continue;
 *                    if not it will erase all the server...it happened to me ;)
 *                    the function is permission dependent.   
 */
function rm($dir) {
   if(!$dh = @opendir($dir)) return;
   while (($obj = readdir($dh))) {
       if($obj=='.' || $obj=='..') continue;
       if (!@unlink($dir.'/'.$obj)) rm($dir.'/'.$obj);
   }
   @rmdir($dir);
}


if (!$_REQUEST["a"]) {						//Index Page
	?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The Picturebox</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Cache-Control" content="no-cache">
<link rel="stylesheet" type="text/css" href="style.css">
<script type="text/javascript">
<!--

function confDelete(filename) {
	var primaryOK = confirm("Are you sure you want to delete "+filename+"?");
	if (primaryOK==true) { 
		var secondaryOK = confirm("Are you REALLY sure?");
		if (secondaryOK==true) { window.location="index.php?a=del&fd=<?php echo($fd); ?>&filename="+filename; }
		else { alert("Phew...  Saved it.  No action was taken."); }
	}
	else { alert("ABORT!  ABORT!  The file was not deleted."); }
}

function confDeleteDir(dirname) {
	var primaryOK = confirm("Are you sure you want to delete the directory "+dirname+" and ALL of its contents?");
	if (primaryOK==true) { 
		var secondaryOK = confirm("Are you REALLY sure?");
		if (secondaryOK==true) { window.location="index.php?a=dld&fd=<?php echo($fd); ?>&dirname="+dirname; }
		else { alert("Phew...  Saved it.  No action was taken."); }
	}
	else { alert("ABORT!  ABORT!  The directory was not deleted."); }
}
-->
</script>
</head>
<body>

<div class="fldiv"> <p class="dtitle">Files</p>
		<table>
<?php
$curdir = $fd;
$curdir = ereg_replace(addcslashes($basedir, "."),"Home &raquo; ",$curdir);
$curdir = ereg_replace("/"," &raquo; ",$curdir);
echo "<p class=\"curdir\">Current Directory: $curdir";
if ($fd!=$basedir) echo "&nbsp;&nbsp;&nbsp;<a class=\"actn\" href=\"".updir($fd)."\">Up</a>";
echo "</p>";
clearstatcache();
$flist = getDir($fd);
$nsofar = 0;
echo "<tr>";
for ($i=2; $i<count($flist); $i++) {
	$fnf = explode(".", $flist[$i]);
	$fext = strtolower($fnf[count($fnf)-1]);
	if ((in_array($fext, $ftypes) || is_dir($fd.$flist[$i])) && $flist[$i]!=$thisDir) {
		$f2 = "";
		if ($nsofar==5) {
			echo "</tr><tr>";
			$nsofar = 0;
		}
		$nsofar++;
		if ($i%2==0) $f2 = "2";
		
/*dir*/		if (is_dir($fd.$flist[$i])) echo "<td class=\"pic".$f2."\"><a href=\"index.php?fd=".$fd.$flist[$i]."/\"><img border=\"0\" src=\"f.png\" width=\"128\" height=\"128\" alt=\"".$flist[$i]."\"/></a><br /><a class=\"pname\" href=\"".$fd.$flist[$i]."\">".$flist[$i]."</a>&nbsp;&nbsp;&nbsp;<a class=\"actn\" href=\"#\" onClick=\"confDeleteDir('".$flist[$i]."')\">Delete</a></td>";

/*pic*/		else {
				$imgprop = getimagesize($fd.$flist[$i]);
				$width = $imgprop[0];
				$height = $imgprop[1];
				if ($width<=128 && height<=128) {
					$picWidth = $width;
					$picHeight = $height;
				}
				elseif ($width>$height) {
					$picWidth = 128;
					$picHeight = 128 * $height / $width;
				}
				else {
					$picHeight = 128;
					$picWidth = 128 * $width / $height;
				}
				echo "<td class=\"pic".$f2."\"><a href=\"".$fd.$flist[$i]."\"><img border=\"0\" src=\"".$fd.$flist[$i]."\" width=\"".round($picWidth,0)."\" height=\"".round($picHeight, 0)."\" alt=\"".$flist[$i]."\"/></a><br /><a class=\"pname\" href=\"".$fd.$flist[$i]."\">".$flist[$i]."</a>&nbsp;&nbsp;&nbsp;<a class=\"actn\" href=\"#\" onClick=\"confDelete('".$flist[$i]."')\">Delete</a></td>";
			}
	}
}
?>
		</table>
</div>

<div class="fnc"> <p class="dtitle">Upload File</p>
	<div class="fnctn" id="uploadfile" style="margin-bottom:30px">
		<form action="index.php" method="post" name="upl" enctype="multipart/form-data">
			<input type="hidden" name="a" value="upl" />
			<input type="hidden" name="fd" value="<?php echo($fd) ?>" />
			<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo($maxFileSize); ?>" />
			Upload file <input type="file" name="upFile" />
			<input type="submit" name="go" value="Go >" />
		</form>
	</div>
	
	<p class="dtitle">New Directory</p>
	<div class="fnctn" id="mkdir">
		<form action="index.php" method="post" name="mkd">
			<input type="hidden" name="a" value="mkd" />
			<input type="hidden" name="fd" value="<?php echo($fd) ?>" />
			Directory Name: <input type="text" name="dirname" value="" />
			<input type="submit" name="go" value="Go >" />
		</form>
	</div>
</div>

</body>
</html>
<?php }


elseif ($_REQUEST["a"] == "upl") {			//Upload File
	$ufname = stripslashes(basename($_FILES['upFile']['name']));
	$fnf = explode(".", $ufname);
	$fext = strtolower($fnf[count($fnf)-1]);
	if (in_array($fext, $ftypes)) {
		$uf = $ud.$ufname;
		if (move_uploaded_file(stripslashes($_FILES['upFile']['tmp_name']), $uf)!=1) die(messageBox("ERROR: File upload failed.", "index.php?fd=".$fd, TRUE));
		chmod($uf, 0755);
		messageBox("The file ".$ufname." was uploaded.", "index.php?fd=".$fd);
	}
	else die(messageBox("ERROR: That file type is not permitted.", "index.php?fd=".$fd, TRUE));
}


elseif ($_REQUEST["a"] == "mkd") { 			//Make Directory
	if (ereg('\/', $_REQUEST["dirname"])==1) die(messageBox("ERROR: Working out of directory is forbidden.  Do not add any trailing slashes at the end of the directory name.", "index.php?fd=".$fd, TRUE));
	if (file_exists($fd.$_REQUEST["dirname"])) die(messageBox("ERROR: The file ".$_REQUEST["dirname"]." already exists!", "index.php?fd=".$fd, TRUE));
	
	///////////////////////////	
	if (mkdir($fd.$_REQUEST["dirname"], 0755)==1) messageBox("The directory ".$_REQUEST["dirname"]." was created.", "index.php?fd=".$fd.$_REQUEST["dirname"]."/");
	else messageBox("ERROR: Something went wrong when trying to create the directory.", "index.php?fd=".$fd, TRUE);
}


elseif ($_REQUEST["a"] == "del") { 			//Delete File
	if (ereg('\/', $_REQUEST["filename"])==1) die(messageBox("ERROR: Working out of directory is forbidden.", "index.php?fd=".$fd, TRUE));
	if (file_exists($fd.$_REQUEST["filename"])!=1 || $fd==$thisDir) die(messageBox("ERROR: The file ".$_REQUEST["filename"]." does not exist!", "index.php?fd=".$fd, TRUE));
	
	///////////////////////////	
	if (unlink($fd.$_REQUEST["filename"])==1) messageBox("The file ".$_REQUEST["filename"]." was deleted.", "index.php?fd=".$fd);
	else messageBox("ERROR: Something went wrong when trying to delete that file.", "index.php?fd=".$fd, TRUE);
}


elseif ($_REQUEST["a"] == "dld") { 			//Delete Directory
	if (ereg('\/', $_REQUEST["dirname"])==1) die(messageBox("ERROR: Working out of directory is forbidden.", "index.php?fd=".$fd, TRUE));
	if (file_exists($fd.$_REQUEST["dirname"])!=1 || $_REQUEST["dirname"]==$thisDir) die(messageBox("ERROR: The directory ".$_REQUEST["dirname"]." does not exist!", "index.php?fd=".$fd, TRUE));
	
	///////////////////////////	
	rm($fd.$_REQUEST["dirname"]);
	messageBox("The directory ".$_REQUEST["dirname"]." was deleted.", "index.php?fd=".$fd);
}


?>
Return current item: The Picturebox