Problem in reading files with php fopen and in making file manager

Question

I am trying to make a file manager with php , so when I open it in browser it would give a list of the current directory and the file would be clickable using the anchor tag in html (which I have done so far) , and when the file is clicked , it would open it in the text mode and shows whatever the source code inside the file is.

I am facing two problems which I couldn't figure out

Problem #1:

The first problem is that I want my file manager to read any source code weather its an image or pdf , just like the tinyfilemanager that I found here this master piece can read any file, even if you open an image with a notepad and insert some php code at the very end of the file it will read render that too, so here's my source code:

<?php
function list_all_files($directory){
//opening the dir
    if($handle=opendir($directory.'/')){
        echo "looking inside '$directory'"."<br>";
    }

    while($file=readdir($handle)){
        //listing all the directories without ".." (dots)
        if($file!='.'&&$file!='..') {

            echo '<a href="Read.php?dir='.$directory.'&read='.$directory.'/'.$file.'">'.$file.'</a><br>';
        } //if ends here
    } //while loop endds here
} //list_all_files ends here


function read_file($file)
{
    $handle = fopen($file, "r");
    if ($handle) {
        while (($line = fgets($handle)) !== false) {
            echo($line);
        }
        fclose($handle);
    } else {
        echo "error opening the file";
    }
}


//main function
if(!isset($_GET['dir'])) {
    $dir='images';
}else{
    $dir=$_GET['dir'];
}

list_all_files($dir);

if(isset($_GET['read'])){
    $file1 = $_GET['read'];
    read_file($file1);
}

?>

the above program I made can also read files code but when I click on any PHP file that contains an html code, it just displays it rather than giving its source code in text mode, image below:

and not only this, if I put some php code at the very end of the image file using a notepad it wouldn't display it. check this:

I did a lot of research on why my code isn't working while the tinyFilemanager is perfect with any of the above mention cases , and I found that the whenever I execute the page file via browser it by default uses this

header("Content-Type: text/html");

so If I wanted to do what I wanted , then I would have to use this:

header("Content-Type: text/x-php");

which covers both of the above cases, but leads to the 2nd problem.

Problem #2:

<?php
function list_all_files($directory){
//opening the dir
if($handle=opendir($directory.'/')){
echo "looking inside '$directory'"."<br>";
}

while($file=readdir($handle)){
    //listing all the directories without ".." (dots)
    if($file!='.'&&$file!='..') {

    echo '<a href="Read.php?dir='.$directory.'&read='.$directory.'/'.$file.'">'.$file.'</a><br>';
            } //if ends here
        } //while loop endds here
} //list_all_files ends here


function read_file($file)
{
    $handle = fopen($file, "r");
    if ($handle) {
        while (($line = fgets($handle)) !== false) {
            echo($line);
        }
        fclose($handle);
    } else {
       echo "error opening the file";
    }
}


//main function
if(!isset($_GET['dir'])) {
    $dir=getcwd();
}else{
    $dir=$_GET['dir'];
}

//listing all the directories and files in text/html format so that our anchor tag would be available.
ob_start();
header('Content-Type: text/html; charset=UTF-8');
list_all_files($dir);
ob_end_flush();



if(isset($_GET['read'])){
//changing the header to text/php-x so that the php code in any jpg file can be viewed clearly
    ob_clean();
    header('Content-Type: text/x-php; charset=UTF-8');
    ob_start();
    $file1 = $_GET['read'];
    read_file($file1);
    ob_end_flush();
}

?>

The above codes works perfectly fine, but there is this one problem. since its content-type is not text/html anymore, it wouldn't display the html content on the web page. which is good but bad at the same time because then I wouldn't get the list of directory in the anchor tag form, because I thought ob_start and ob_end_flush(). if I use these two, it would just solve the problem by creating a buffer for each of the function separately and executes it. so when it executes it the above function would be render with the content-type text/html and would show the directory listing with anchor tag, and the 2nd would just be in text/x-php which would solve the above two cases, but I was soooooo wrong.

I have to agree with Ken Lee, it's unclear what you exactly want. Try to focus on one problem. — KIKO Software, Nov 28 '21 at 12:36
Look into frames. One frame can be html, the other text. Or wrap the output of read_file in pre tags, and html escape it. The specific file you show was identified as an attack by WHCM a decade ago, and I’m also seeing a file called `deface.php` so I’m concerned about how this will be used. — Chris Haas, Nov 28 '21 at 14:23
@KIKOSoftware it's actually the only one problem in short the file manager I gave Above i.e tinyfilemanager I don't know but it's designed in a way that it's able to read files source and no matter what the source is , it gives in a clear text file , so I just want the same , the problem 2 i embedded there is because I don't want the first problem that I just mentioned to be solved with header function content-type:text/html cuz if you check the filing in c/c++ , it can read any binary file but why can't PHP ? I just wanna know that — Umair Ali, Nov 28 '21 at 23:56
@KIKOSoftware or maybe a simple question is that , is there a function that can render html codes and show it without displaying or executing it ? , cuz if so i could use it in the file manager codes — Umair Ali, Nov 29 '21 at 00:08
You probably make something that's quite simple overly complicated. PHP runs on a server. The output of PHP is transported from the server to a client. On the client the input from PHP is **interpreted** by a browser. It is probably the latter you struggle to understand. The browser does not passively render its input. If you want to see the raw input you have to look at [the source code](https://www.computerhope.com/issues/ch000746.htm). — KIKO Software, Nov 29 '21 at 09:22
@KIKOSoftware true , the source codes shows the output in play text , but i don't understand why it is not getting displayed on the browser ? , while in tinyfilemanager when I open the same file , it displays the complete code in the browser . — Umair Ali, Nov 29 '21 at 11:45
@KIKOSoftware Woah Wait a min , Bro I love you , Cuz you just told me the answer , by saying the word "Raw data" , I searched and Found that there's a function show_source($file); ---> usually it takes two argument but the 2nd is optional , I used that and I apparently was able to get the raw data from the image or any file without executing or displaying it, Thanks Alot :* ♥ — Umair Ali, Nov 29 '21 at 11:59
You're still not making sense. Are you talking about this [show_source()](https://www.php.net/manual/en/function.show-source.php)? Anyway, I'm happy you solved your problems. — KIKO Software, Nov 29 '21 at 12:04

score 1 · Accepted Answer · answered Nov 29 '21 at 12:08

With the grace and help of God , and suggestion from kikoSoftware in the Comments , the Problem is solved, there's a function name show_source(); ,which takes two arguement , the 2nd argument however is optional , hence we don't need to do filing or send a content-type response with the header() function , we can just use that function , source codes are below.

<?php
function list_all_files($directory){
//opening the dir
    if($handle=opendir($directory.'/')){
        echo "looking inside '$directory'"."<br>";
    }

    while($file=readdir($handle)){
        //listing all the directories without ".." (dots)
        if($file!='.'&&$file!='..') {

            echo '<a href="Read.php?dir='.$directory.'&read='.$directory.'/'.$file.'">'.$file.'</a><br>';
        } //if ends here
    } //while loop endds here
} //list_all_files ends here


function read_file($file)
{
    $handle = fopen($file, "r");
    if ($handle) {
        while (($line = fgets($handle)) !== false) {
            echo($line);
        }
        fclose($handle);
    } else {
        echo "error opening the file";
    }
}


//main function
if(!isset($_GET['dir'])) {
    $dir=getcwd();
}else{
    $dir=$_GET['dir'];
}

//listing all the directories and files in text/html format so that our anchor tag would be available.
list_all_files($dir);




if(isset($_GET['read'])){
//changing the header to text/php-x so that the php code in any jpg file can be viewed clearly

    $file1 = $_GET['read'];
    show_source($file1);
}

?>

appreciate ya guys for helping out ♥

Problem in reading files with php fopen and in making file manager

1 Answers1