8 replies to this topic

[Suspicion]

So I have an indexing program I made to display files on my server but the thing is I can't remove the files using my delete function.

I have the following code, and I appologize if the forum output makes the code look like garbage...

<?PHP
	$filename = $files[$i];
	if (strlen($filename)>43) {
		$filename = substr($files[$i], 0, 40) . '...';
	}
	
	$fileurl = $leadon . $files[$i];
	if ($forcedownloads) {
		$fileurl = $_SESSION['PHP_SELF'] . '?dir=' . urlencode($leadon) . '&download=' . urlencode($files[$i]);
	}
?>
<tr <?PHP echo $hover; ?> onClick="window.location='<?=$fileurl;?>'" class="<?PHP echo $class; ?>">
	<td align="center" valign="top">
		<table cellpadding="0" cellspacing="0" align="center" class="contentlinks">
			<?PHP
				if ($_GET['deletefile']) {
					chmod("$filename", 0777);
					unlink("$filename");
				} else {
			?>
			<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
			<tr <?=$thumb2;?>>
				<td align="left" valign="middle" class="listing-a">
					<div id="listing">
						<div><img src="ssindexing/skins/plasticgreen/icons/<?=$icon;?>" border="0" alt="<?=$files[$i];?>" /><div id="listingtext"><?=$filename;?></div><?=$thumb;?></div>
					</div>		
				</td>
				<td align="center" valign="middle" class="listing-b">
					<?=round(filesize($leadon.$files[$i])/1024);?>KB</td>
				<td align="center" valign="middle" class="listing-c">
					<?=date ("M d Y h:i:s A", filemtime($leadon.$files[$i]));?></td>
				<td align="center" valign="middle" class="listing-d">
					<input type="submit" class="delete" name="deletefile" value="Delete" /></td>
			</tr>
			</form>
			<?PHP
				}
			?>
		</table>
	</td>
</tr>

I have it chmoding the files to 0777 so they can be deleted via the unlink command. But for some reason it wont delete.

Does anyone know why I can't get the files to delete?

[Hayden]

check out http://www.php.net/ftp


that's how i did it on my artwork page http://l33tness.us/artwork.php

so that when the artists want a picture removed it removes it from the sql table AND removes the jpg.


it essentially logs in as a ftp user and you can upload and delete files with it.

works for me, if there's a better way....please somebody speak up.

[Suspicion]

okay I'll check out that link you gave me and see if I can get something working

[rc69]

Are you getting an error or is it just not deleting?

[Suspicion]

It's just not deleting

[N00bie_XL]

Here's my code I use for deleting my images :

<?php
$file = $_REQUEST['selected'];
$do = unlink("$file");

if($do=="1"){
	 echo "Image deleted!";
}
else {
	 echo "Error!";
}
?>

Maybe it helps...

Edited by N00bie_XL, 19 May 2006 - 04:48 AM.

[Jem]

N00bie_XL, on May 19 2006, 10:46 AM, said:

Here's my code I use for deleting my images :

<?php
$file = $_REQUEST['selected'];
$do = unlink("$file");

if($do=="1"){
	 echo "Image deleted!";
}
else {
	 echo "Error!";
}
?>

Maybe it helps...

You do realise that if someone were to use that code on a server with register_globals turned on in the php.ini file, they could simply go to thedomain.com/script_location.php?selected=NAUGHTY-FILE ..where "NAUGHTY-FILE" could be absolutely anything, thus allowing the person to delete possible crutial files?

You really should never allow unrestricted or unvalidated data to be used directly in a script - you should at least in this file check for file existance first, and then as you seem to be using it to delete images, check the file type is gif, jpg or png? That'd at least prevent the deletion of config files/etc.

Just a thought

Edited by Jem, 19 May 2006 - 09:17 AM.

[N00bie_XL]

True, but there is only 1 map on the server where i can upload or delete my images. And I'm not ready with it, I'm now working on a password thingy so you'll have to use a password for using this code.

[AvengeX]

Could always help if you surpressed the unlink error with an @unlink instead.