activity_eight_part_b by ashrafp

VIEWS: 12 PAGES: 3

									Web Server Applications




Activity 8b: Web based file manager using php

By the end of this activity, you will have
   Downloaded a php page that can be used to manage files on a Web site through
    the Web browser
   Read the configuration instructions (minimal) provided with the php page
   Created a directory in your world accessible Web folder in your server space
    and set the pe rmissions of this directory to 777
   Uploaded the php page to the directory and run the page
   Set a user name and password as directed
   Used the file manager script to add a page to your Web site
   Atte mpted to delete the new page using your FTP client and noticed the resulting
    error message

Note on file ownership and permissions
About the most useful thing you can do with php pages that do not involve using a
relational database is to manage files on your Web server space without having to
load up an FTP program. You can list, upload, delete and edit htm files through the
Web server using a password protected administration account. This can be handy if
you want to alter pages on the move or want to allow other people to add bits to your
Web site but do not want to give them your FTP details.
There are quite a lot of php based file manager scripts around - I have picked Nexus
Quick Edit as it is a simple single page program which needs very little in the way of
configuration.
All php file management programs share two features (as a result of the fact they use
php)
   The php pages will 'own' the files they create. You will NOT be able to delete
    these files using WS_FTP! This behaviour can be somewhat discombobulating
    when first encountered.
    You must delete files made using the php file manager script with a php based file
    manager script!
    Only when any directories are empty will you be able to use WS-FTP to delete
    any directories you created with the script.
   The directory you upload the php page to must be CHMODed to 777 to allow
    this particular file manager script to write some files.

Nexus Quick Edit
The script we are using in this activity can be downloaded from
http://scripts.escee.com/qe/?76                  (linked in Week 5 web page)




Activity 8b - file manager script: Page 1 of 3                          kpb 2003 issue 1
Web Server Applications


as a ZIP file containing the script and a few other files. Simply unzip the files and we
are ready to upload. There is no configuration needed!

Creating the directory, uploading and using nexusqe.php

Now load WS-FTP and
   log in to your bodmas.org server space
   enter the directory called web which is where public Web pages are kept
   use the MKDIR command to make a new directory (I called it 'edit') under
    the web directory
   CHMOD this new folder to 777
   now upload the file nexusqe.php to this new folder in ascii mode


That is all you need to do. To start using the file manager, just load up MS Internet
Explorer and type in the address of your copy of nexusqe.php. On my
demonstration account, the address is
http://www.bodmas.org/~astudent/edit/nexusqe.php
   You should see a page asking you to supply a user name, and a password (two
    boxes for the password so they know you typed it correctly).
   Pick a suitable user name and password (not the same as your FTP upload!)
   Enter these and click Submit.
   You will then be asked to log in again using your new user name and password
   Then you will see a page that looks a little like this (yours won't have a file called
    index.htm yet - I took this screen shot after creating the file)




   Note how the script starts in the directory to which it is uploaded
   Try creating a new HTML page called index.htm....


Activity 8b - file manager script: Page 2 of 3                              kpb 2003 issue 1
Web Server Applications



Extensions

   Can you work out how to reach the web directory?
   Can you edit files above the web directory? What does the error message look
    like :-)
   Can you work out how to create a new directory called (say) notes in the web
    directory and add an index.htm page to this new directory using
    nexusqe.php?
   Try to delete the new page you create using WS_FTP, the FTP program. What
    error message do you get?
   Then delete the page using nexusqe.php and then use WS_FTP to delete the
    directory.



Security

   I have no idea how secure the script is in practice.
   The password details are held in encrypted format in files that are not world
    readable (they have the php extension and therefore will execute rather than allow
    their contents to be read) so I don't think this script is a push-over, however...
   I would not risk anything very important with a script of this nature!

Other scripts

There is quite a variety of file management scripts available using php scripting.
Some will only edit pages with the php extension and these seem slightly more
secure.




Activity 8b - file manager script: Page 3 of 3                               kpb 2003 issue 1

								
To top