Suppose I have directories on my server, each directory representing a week of the year, and in each directory of a number of files. I want site visitors to be able to view the files. If I just provide from the web page a link into the parent directory containing all the weekly directories, what risks are involved? What is a more suitable way to provide the access? Is there anywhere that someone describes appproaches to this?

G

Giving a direct link to the parent directory gives the user full access of that directory and what's inside it. If you want to regulate that you can use PHP to help you. By using PHP's function readdir() you can make your own page and have the directory there for display and you have full control over what is viewed and accessed. An example is


<?php
if ($handle = opendir('/path/to/files')) {
echo "Directory handle: $handle\n";
echo "Files:\n";

/* This is the correct way to loop over the directory. */
while (false !== ($file = readdir($handle))) {
echo "$file\n";
}

/* This is the WRONG way to loop over the directory. */
while ($file = readdir($handle)) {
echo "$file\n";
}

closedir($handle);
}
?>

Thanks, Brian, that helps.

G

Yeah, no problem. :)

I've read your answer and i agree with you, but what i don't understand is the diference between the two ways of reading the content of the directory.
I think the way you say it's wrong is right as well, because it returns false when there are no more files in the directory.

usban,

That same code that Brian showed, with the same comments, is available at the PHP manual site:
http://www.php.net/manual/en/function.readdir.php

G

That's where I copied and pasted it :D