Limiting File Tree Access

[defiant1970]

I am new at using php with managing file systems so here goes. I have been tring to create a application that a user logs in and they have access to there files only. Now creating the customer account and asigning a folder is done and working fine. I the problem I am having is using a file management system that will let the user navagate there particular directory. I have set it up that they can create folders in there directory and upload files. The Folder navagation is got me in a bind. I have looked at different folder navagation applictions but nothing realy fits the bill. I have l worked with phpfe and microFileBrowser and just cannot figure out how to limit the access of the file tree to there fileExampleuser file /farm/$userID/ //userID is the folder name for the user which is based on the $_SESSION_ID I need that to be the place where the file exploring stops they cannot have access to /farm or /this is the code the filmanger I have altereed for microFileManager. Like I said I am new with file management in php but the database portion of the application works just like I want it to. This page does open up to theright folder but the users still can navigate up to the /farm/ and / where they cannot <?php//*****************************************************************************//// MICRO FILE BROWSER - Version: 1.0//// You may use this code or any modified version of it on your website.//// NO WARRANTY// This code is provided "as is" without warranty of any kind, either// expressed or implied, including, but not limited to, the implied warranties// of merchantability and fitness for a particular purpose. You expressly// acknowledge and agree that use of this code is at your own risk.////*****************************************************************************//lookup users for the security system and to provide the userIDrequire_once('auth.php');require "Config.php";// like i said, we must never forget to start the sessionsession_start();$userID = $_SESSION['SESS_MEMBER_ID'];$pwdb = mysql_connect($dbhost,$dbuser,$dbpass) or die("Unable to connect to $db"); mysql_select_db($db) or die("Unable to select $db"); $result = mysql_query("select name from acct where id='$userID'"); while($row = mysql_fetch_array($result)) { foreach ($row as $value) { } }function showContent($path){ if ($handle = opendir($path)) { $up = substr($path, 0, (strrpos(dirname($path."/."),"/"))); echo "<tr><td colspan='2'><img src='style/up2.gif' width='16' height='16' alt='up'/> <a href='".$_SERVER['PHP_SELF']."?path=$up'>Up one level</a></td></tr>"; while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { $fName = $file; $file = $path.'/'.$file; if(is_file($file)) { echo "<tr><td><img src='style/file2.gif' width='16' height='16' alt='file'/> <a href='".$file."'>".$fName."</a></td>" ."<td align='right'>".date ('d-m-Y H:i:s', filemtime($file))."</td>" ."<td align='right'>".filesize($file)." bytes</td></tr>"; } elseif (is_dir($file)) { print "<tr><td colspan='2'><img src='style/dir2.gif' width='16' height='16' alt='dir'/> <a href='".$_SERVER['PHP_SELF']."?path=$file'>$fName</a></td></tr>"; } } } closedir($handle); } }$userpath = "./farm/$userID/"; // This is my modificitionif (isset($_POST['submitBtn'])){ $actpath = isset($_POST['path']) ? $_POST['path'] : '.'; } else { $actpath = isset($_GET['path']) ? $_GET['path'] : "$userpath"; //Where $userpath there was a . }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"><html><head> <title>Micro File Browser</title> <link href="style/style.css" rel="stylesheet" type="text/css" /></head><body> <div id="main"> <div class="caption">MICRO FILE BROWSER</div> <div id="icon"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="path"> <table width="100%"> <tr><td>Path: <input class="text" name="path" type="text" size="40" value="<?php echo $actpath; ?>" /></td></tr> <tr><td align="center"><br/><input class="text" type="submit" name="submitBtn" value="List content" /></td></tr> </table> </form><br/> <div class="caption">ACTUAL PATH: <?php echo $actpath ?></div> <div id="icon2"> </div> <div id="result"> <table width="100%"><?php showContent($actpath); ?> </table> </div> <div id="source">Micro File Browser 1.0</div> </div></body>

[Matpatnik]

$up = substr($path, 0, (strrpos(dirname($path."/."),"/")));

Here you can do an if statement to find the current path and if it's longer then their root directory leave it allow them to go up else leave it the way it is.

if (strlen(/farm/$userID/) == $currentPath){	$up = $currentPath;} else {	$up = substr($path, 0, (strrpos(dirname($path."/."),"/")));}

I don't know if it work but you get the idea.

[defiant1970]

Thnak you I tried the if then and it didn't work. I tried to convert the path to make it look like it was the base path to the script but that coused a different problem so I know it would not work.