1 (edited by Dr.Jeckyl 2005-11-16 18:33)

Topic: an extremely useful script

while browsing some of my old hangouts i came across a script i just had to test out. it's called Autoindex. it's a, for lack of better terms, file manager. you'll just have to install it and give it a try.

http://autoindex.sourceforge.net/

Legend:
(+) Added feature
(!) Security bug fixed
(-) Bug fixed
(*) Improved/changed feature
( ) Non-code change



Version 2.1.2 (2005-Aug-11)
(-) Fixed bug when editing descriptions of filenames that have special characters
( ) Added Czech and Slovak translations

Version 2.1.1 (2005-Jul-06)
(!) Fixed bug with search box
( ) Added Swedish translation

Version 2.1.0 (2005-Feb-14)
(+) Added a .htaccess parser
(+) Added an FTP browser
(+) Added moderator and banned account levels
(+) Added a feature to let moderators/admins change their own password

Version 2.0.7 (2005-Jan-14)
(-) Fixed file_description feature

Version 2.0.6 (2005-Jan-04)
(+) Admins are able to copy files from other servers (similar to "wget")
( ) Added Thai and Arabic translations

Version 2.0.5 (2004-Sep-02)
(+) When force_download is on, the MIME-type sent depends on the file extension
(*) Using hidden_files to only show certain files no longer restricts directories

Version 2.0.4 (2004-Aug-17)
(*) When reconfiguring the script, the current settings are selected instead of the defaults
( ) Added Polish translation

Version 2.0.3 (2004-Jul-26)
(*) Nested if-statements can be used in the template files
(*) Folders do not have to be empty to be deleted

Version 2.0.2 (2004-Jul-13)
(*) All output is XHTML 1.1 compliant
(*) The do_every template command now does not include the last file listed

Version 2.0.1 (2004-Jul-05)
(+) Added directory cache feature
(*) Added include command to the template system
(-) Fixed search page bug when download_count was on

Version 2.0.0 (2004-Jun-24)

Complete rewrite from version 1.0:

    * Now uses PHP 5. PHP version 5.0 or higher is required.
    * All the features of version 1, plus:
      (+) Has a template system for all HTML output
      (+) Tar archives of directories can be downloaded
      (+) Each user account can have its own home directory
      (*) Passwords are stored as a sha-1 hash rather than md5 (this is slightly more secure)

~James
FluxBB - Less is more

2

Re: an extremely useful script

I use something similar called snif for my downloads: http://www.bitfolge.de/snif-en.html

3 (edited by Dr.Jeckyl 2005-11-16 19:45)

Re: an extremely useful script

i use snif also, just in dirs i don't need to control leeching more. both are great scripts.

~James
FluxBB - Less is more

4

Re: an extremely useful script

Thanks to both of you for the info; just what I was looking for.

Re: an extremely useful script

But why not use the web server's built-in indexer? Like this.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

6 (edited by phil 2005-12-03 12:32)

Re: an extremely useful script

I/m trying to do somehing similar, but much more limited: I want to limit downloads from a particular directory to logged-iin users. (The users log-in using PHP/MySQL and if authenitcated they have access to PunBB and the sites other features).

My naive thinking was that I would be able to protect the directory with  a .htaccess file, and then use PHP to send an authentication header to allow lgged-in users to download particular files (so that the users wouldn't have to see the challenge from the htaccess). Htaccess file is working properly, but I cna't seem to get the authentication header working - any ideas, or is this just the wrong way of going about it!  Thanks!

<?php
session_start();
if (!session_is_registered('first_name'))
{header("Location: ../members_area/member_login.php");
exit;}

//get the filename from the referring page
$file=$_GET['file'];

//get the browser settings from the header
$accept=$_SERVER['HTTP_ACCEPT'];
$accept_charset=$_SERVER['HTTP_ACCEPT_CHARSET'];
$accept_encoding=$_SERVER['HTTP_ACCEPT_ENCODING'];
$accept_language=$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$connection=$_SERVER['HTTP_CONNECTION'];
$host=$_SERVER['HTTP_HOST'];
$browser=$_SERVER['HTTP_USER_AGENT'];

//get ready to generate the authorisation code
$all="testuser:password";

//encode the username and password
$encoded=base64_encode($all);

//send the header
header('GET /downloads/$file HTTP/1.0');
header('Connection: $connection');
header('User-Agent: $browser');
header('Accept: $accept');
header('Accept-Encoding: $accept_encoding');
header('Accept-Language: $accept_language');
header('Accept-Charset: $accept_charset');
header('Authorization: Basic $encoded');
?>

Re: an extremely useful script

Authorizqtion is usually spelled without the q.

8

Re: an extremely useful script

Ahem, yes I did notice that -still doesn't work! Thanks anyway...

9

Re: an extremely useful script

This part:

header('GET /downloads/$file HTTP/1.0');
header('Connection: $connection');
header('User-Agent: $browser');
header('Accept: $accept');
header('Accept-Encoding: $accept_encoding');
header('Accept-Language: $accept_language');
header('Accept-Charset: $accept_charset');
header('Authorization: Basic $encoded');

THe script will send the text as such to the browsers, e.g. Authorization: Basic $encoded. In PHP, when using a single quote (' ) the text is not parsed for variables, when using a double quote (") it is. Using single quotes around text is faster if you know there are no variables in it. I should change your script to:

header('Authorization: Basic '.$encoded); // text in single quotes, variables outside the text
-- or --
header("Authorization: Basic $encoded"); // using doubles quotes, variables will be parsed

10

Re: an extremely useful script

Jeez you're right! What a noobie mistake (sigh...).

Unfortunately it stil doesn't work - any more ideas anyone?

Thx.

11

Re: an extremely useful script

Rickard wrote:

But why not use the web server's built-in indexer? Like this.

I didn't know you could do that!  Thanks!  Any resources on how to implement this?

If its cheaper to run Windows than it is to run Linux, how come Microsoft has all the money?