phpPathFinder

phpPathFinder is a multiuser php filemanager, with configurable autorization level in one text file (no db required).

Demo

You can view an online demo here: online demo

Download

last stable version: 0.1.0, 10 Jan 2010

phpPathFinder comes as part of utillyt.php (still under development).
You can get it from http://sourceforge.net/projects/phppathfinder

Download and extract the latest utillyty.php release archive from sourceforge.
Enter the pathfinder folder and edit config.php and .pfaccess for your requirements (see Configuration below).
FTP to your site.

PHP 5.3.1 or later required

phpPathFinder comes as part of utillyty.php.
You need the entire utillyty.php folder to get it working.

Configuration

Before running phpPathFinder you must configure it. Enter the ..utillyty.php/pathfinder folder. There are two file you must edit to set configuration:

config.php
.pfaccess (path-finder access)

Optionally you can change the styling editing the pathfinder.css file.

config.php

There are 5 configurable global variables in the config.php file:

PFACCESS

Relative path and file name of the .pfaccess auth file.
e.g.:

$PFACCESS = ".pfaccess";

TITLE

Title of the html page, also displayed in the top of the html document.
e.g.:

$TITLE = "UTillyty $APPNAME";

DESCRIPTION

Page description (below the login form, left to the list).
Can be any html.
e.g.:

$DESCRIPTION = 
"
$APPNAME <br/> v$APPVERSION <br/> demo version 
";

SIDENOTE

sidenote (right side)

$SIDENOTE = 
"
put any html inside
"

the $APPNAME and $APPVERSION are predefined global vars in the phpPathFinder.php file

.pfaccess

There are 8 configurable permission parameters:

root: the absolute or relative (to phpPathFinder.php) path of the top folder the user can work on (mandatory);
whitelist: a dot ('.') separated list of file extension the user can work on (default = empty);
blacklist: a dot ('.') separated list of file extension the user is forbidden to work on (default = empty);
browse: 0 or 1. if 1 the user can browse files/folders (default = 0)
download: 0 or 1. if 1 the user can download (default = 0)
edit: 0 or 1. if 1 the user can copy/move/rename files/folders (default = 0);
remove: 0 or 1. if 1 the user can delete files/folders (default = 0);
upload: 0 or 1. if 1 the user can upload files (default = 0);

Only the root parameter is mandatory, all others have defaults. Each permission is independent from the others

The .pfaccess file store information in records grouped in 4 sections.
A section is started with the '@' token. Each record is a text line with a comma separated name/value list of parameters.
Each parameter is in the form: 'name:value'.
You can put line comments anywhere in the file, except the @passwords section, using the '#' token.

Sections

@default

This section contains one record with the default user permissions parameters either for anonymous user, or if a parameter is not explicitly declared neither in the group nor in the user record of a logged user.
Syntax:
username:@anonymous, group:@anonymous, root: [, browse: , download: , edit: , remove: , upload: , whitelist: , blacklist]

'@anonymous' is a RESERVED key value for the @default user username, and group name and will be set automatically by the system. You cannot use this values for users records.

@groups

This section contains group permissions parameters for logged users.
Syntax:
username:, group: [, root: , browse: , download: , edit: , remove: , upload: , whitelist: , blacklist]

@users

Each line on this section contains the user's user name and group name. Optionally authorization parameter in the group section can be overridden here.
Syntax:
name: [, root: , browse: , download: , edit: , remove: , upload: , whitelist: , blacklist]

@passwords

Each line contain a record with username and MD5 encryped password.
Syntax:
username:MD5password

Precedence

When a user log in to phpPathFinder, the system first check the username and password, than set each the permission parameters with this precedence:

the user record in the @users section
the group record (where group.name = user.gruopname) in the @groups section
the @default record

If no login is provided the @default section parameters are used.

If you don't want anonymous user not even browse list, remove the browse permission from the @default section (or set it to 0).

Remember to instruct your web server not to allow direct access to the root folder, i.e. by means of an .htaccess file (view .htacees_sample file).

The full content of a .pfaccess sample file follows:

# default ====================

@default
root: ../test/playground, browse:1, blacklist:.php.asp.perl

# groups =====================

@groups

name: admins, root: ../test/playground, download: 1, edit: 1, remove: 1, upload: 1
name: users, root: ../test/playground, download: 1, upload:1
name: guests, root: ../test/playground, download: 1

# users ======================
 
@users

username: admin, group: admins
username: user, group: users
username: guest, group: guests


# passwords ==================
#
# <username>:password
# NB: you can't put any comment below this section!

@passwords

admin:21232f297a57a5a743894a0e4a801fc3
user:ee11cbb19052e40b07aac0ca060c23ee
guest:084e0343a0486ff05530df6c705c8bb4

Licence

Copyright (C) 2010 Attilio Pavone <tilly@utillyty.eu>

phpPathFinder is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

phpPathFinder is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You can find a copy of the GNU General Public License in the file
LICENSE, or can see <http://www.gnu.org/licenses/>.

This program use the following open source software: