views:

1398

answers:

4

What would be the easiest way to have a page where it will display a list of directories that the user can click on to open, where there will be more directories or eventually files to download and have it all happen on the same page?

+6  A: 

To remove index.php from the folder and allow directory browsing for that folder and subfolders in htacceess.

Dev er dev
probably the easiest.
Allain Lalonde
+1  A: 

Put this in the .htaccess file:

Options +Indexes
A: 

This is how to do it natively in PHP.

The following will create a series of links which will allow you to effectively browse a directory, its parent directories, and its sub-directories.

/**
* Function echos all files in a $directory.
**/
function dirList ($directory) {

    $dir = opendir($directory);
    while ($file = readdir($dir )) {
        echo "<div><a href='?targ=" . $directory . DIRECTORY_SEPARATOR . "$file'>$file</a></div>";
    }
    closedir($dir);
    return $results;
}

// If the targ variable in the query string is a directory, list its contents.
if( is_dir( $_REQUEST[ "targ" ] ) )dirList($_REQUEST[ "targ" ]);

// If the targ variable in the query string is a file, show its values.
elseif ( is_file( $_REQUEST[ "targ" ] ) ) echo file_get_contents( $_REQUEST[ "targ" ] );

// Othewise, use the current file's directory as a seed.
else dirList( dirname( __FILE__ ) );
Christopher W. Allen-Poole
Careful on this -- screams security hole. ;-)
Till
+2  A: 

For something basic you are probably better off just adding 'Options +Indexes' to an .htaccess for that folder. However if you want something more complicated and are running on PHP5 you can use the Directory Iterator to accomplish this. The most important thing to consider is security.

You do not want to just dump the directory path into $_REQUEST and then blindly let the user load that directory. You need to ensure you have some security in place to prevent, for example, some one from just changing the request and asking to see the entire /var directory. The best way to do this is to only pass the current file/folder relative to the docroot and make sure to strip out any .. so some one can't just say ../../var or something similar.

Steven Surowiec