A simple php script to upload and download files. There is no complex user management as it aims for private file repository use. Supporting direct file deletion using AJAX, instant table sort using a self modified version of sorttable.js and finally upload file progressbar using a cgi(perl) script.
If you want to know more about those technologies, go to more information section.
Features
- Easy upload form
- Allow to define which kind of file can be uploaded
- Limit max file size
- On page table sort (by name, date, type, size)
- Direct deletion using AJAX
- View file by clicking on them
- Direct download by clicking on the download arrow
- Protect and hide upload or/and delete functions only for admin
- Logging upload/delete actions (time ip action)
- Upload progress bar (disable by default)
Online Demo
Visit the online demo. Delete the deleteme.txt file or upload some meaningless files.
How to Install
Download w2box 4.1 (~46 KiB)
License
This script is licensed under a Creative Commons License. It allows you to use and modify the script for noncommercial purposes. In order for me to keep this site running and if w2box solves your needs, please make a small donation. (Most people donate about €5. If you genuinely can’t afford at least a few euros then take w2box as my gift to you). Thank you for you support =)
For commercial use, make a fair donation of at least €20 or more, especially if you using it on multiple domains or for contract work.
Changelog
- 4.1 Bug fixes, more languages and icons
- 4.0.0Beta5 Redirection and security fixes and more languages
- 4.0.0Beta4 More folders bug fixes
- 4.0.0Beta3 Folders bug fixes
- 4.0.0Beta2 Safari fix
- 4.0.0Beta Folder and multi language support
- 3.3.2 Security fix
- 3.3.1 Extention fix
- 3.3 Authentification fix for some host and cgi redirection fix
- 3.2 Fixed chmod issues, simplified directory structure and files
- 3.1.3 Improved upload.cgi error and aborted upload cleanup
- 3.1 Added icons, date and auto-deleting
- 3.0.3 Fixed file perms bug
- 3.0.2 Fixed direct linking
- 3.0.1 Fixed minor strange bug
- 3.0 Finally a upload progress bar (under windows&linux)
- 2.5.1 Fixed hide upload form
- 2.5 Easier configuration, localisation & many fixes
- 2.3 Possibilty to log upload and delete actions
- 2.2 Deletion is working for international charsets
- 2.1 Fixed some weird FF bug and allow client without javascript
- 2.0.1 Fixed a javascript bug for Opera
- 2.0 Added admin authorization to protect/hide upload/delete
- 1.6 Fixed issues with filename characters
- 1.5.2 Fixed some css bugs
- 1.5 Better error management, removed sajax using prototype.js
- 1.0 Initial Release
FAQ
I’ve just unpacked w2box and got an error 500 ?
It seems that some server configuration doesn’t support the .htaccess file. Just delete that file.
How to enable the upload progress bar ?
Enabling the progress bar can be a bit trickier. That’s why it is disabled by default. Before enable it, make sure the script works without it.
If it’s working, make sure the first line of upload.cgi is right according to where you have perl (on standard unix config, you probably don’t need to do anything) and the file will probably require to be chmod 755 in order to be executed. You can check if the perl script is working by opening it. You should get “CGI Working” like by example on my server.
If you don’t get an error, the default temporary dir is working. By default, it is set to “tmp” in the same folder as w2box. However, you might prefer to change it to a full path like /tmp or ~/tmp. Make sure to change it in both upload.cgi and config.php.
Finally, you can turn the variable upload_progressbar to true in config.php and hopefully it will works.
How could I password protect entriely w2box ?
The best was to protect the whole box and your files is to use apache http access protection. You can use this utility to make the required files. If you are using the admin feature, do not forget to add the admin username/password as a user in the htpassword file.
How to increase the maximum file size limit ?
By default the script is set to a maximum file size of 50MiB and use a .htaccess file to try to configure php to allow such maximum file size. However, if it doesn’t work you should modify the post_max_size & upload_max_filesize variables in php.ini which is the php configuration file. It is related to your webhost, therefore you should check with them if you are allowed to change them and how to do it.
Why files aren’t complete when using the downloading feature ?
There is an inherent problem with readfile() in PHP 5.0.4. Upgrade to the last version of php.
Why am I getting error 404 when I am accessing folders ?
Folders require the .htaccess file to work properly (which might be hidden depending your OS). Be sure that the .htaccess file is in the w2box folder and enable .htaccess support and mod_rewrite in your httpd.conf of the apache webserver.
The Buzz {3 trackbacks/pingbacks}
The Conversation {64 comments}
Great program..has a lot of potential!
Oh by the way, folder support won’t work without enabling direct link support =o
But then again, it’s still a WIP ;]
Hi AHMAZ,
U manage to get the folders to work? how to enable direct link support = 0?
Hi Michael,
Actually I did not get it to work….I keep getting 404 errors. I’m pretty sure I’ve set everything right…
What I meant with the last comment was that in order for folder support to work, you needed to enable direct link support. Logically, it can be enabled through config.php
I can’t seem to get the cgi file to work to show file upload progress bar.
The manager works great and the file uploads are wokrling fine. I get the following message from the upload.cgi file when it is run. ” The tmp directory doesn’t exist. Please correct upload.cgi!” hen the file does not upload
If i change the line $config['upload_progressbar']=false; o $config['upload_progressbar']=true; in the config file.
Any suggestions or ideas as the how to properly setup the path. I ususally just leave the tmp path as tmp and it works okay for other scripts. I have also tried the direct path fro mthe server to a temp folder. I also chmod the temp folder to make sure it can write to the folder but still not luck. thansk for any tips etc..
cheers
AWESOME product. I was impressed with how easy it was to install and configure.
Feature requests =):
- Ability to restrict the total amount of disk space taken up… that way malicious users can’t eat up the entire hard disk.
- E-mail notifications. Ability for admins to become aware if/when a file is uploaded.
- Upload/Download rights by one-time use tags. Combined with e-mail notifications. Just a thought. =)
Thank you again for making this app. IT’s sooooo helpful!
really great script!
I’ve tweaked it to suite my needs and its really easy to modify.
One thing that it misses is the password protection for each directory, I’m working on a mod that can implement it
It should need:
-new boxes in the form (username/password)
-if around the script to print out a lock icon on selected folders
-htaccess creation/update for each directory
@HiProfile:
Using full unix path instead of relative path might helps. You should edit the upload.cgi file to correct this.
Cheers
Hi
very interesting script!
But it upload files without upload.cgi… Why?
I try local (WindowsXP, EasyPHP1-8, w2box 3.3.2 )
Script worked normally.
Further I attempted enable progress bar.
I set temporary dir to “/tmp” in upload.cgi, config.php and $config['upload_progressbar']=true.
But progress bar do not work.
I watched for temporary files (“xxxx_postdata”, “xxxx_flength” …)
where uploading big files.
But I have not seen it …
Then I deleted upload.cgi
I was surprised, script prolonged to work, and normally uploaded files
Why ??????????
P.S.
w2box 4.0.0Beta5 worked without upload.cgi too
Did the 4.0.0Beta5 version fix the vulnerability identified in Bugtraq ID: 23975?
If so, please notify SecurityFocus: http://www.securityfocus.com/bid/23975/solution
Great project! I too am having problems with the folders. Error 404, keeps coming up…I tried .htaccess, and checked to make sure the .htaccess support and mod_rewrite was enabled….
I will look into trying to enable the direct link support via the config.php
Any additional thought on the folder support CLEM?
Thanks,
Jank
@JURI:
upload.cgi is needed only when the progress bar is active.
@interesteduser:
yes, there shouldn’t be any exploit now otherwise my demo site would be hacked.
@Jank:
404 for folders is usually a non working mod_rewrite or htaccess support. Be sure that it works. you might contact your webhost.
Hey, great script thanks works just as wanted.
I have a question about dates, both those used in the log and in the table to show when a folder was updated. How would I change those to reflect UTC time?
Thanks again!
Hi All, great app. Question:
I’ve password protected the directory that this application sits in with .htaccess, however, now when I try and log-in to admin, it fails. It will not accespt the user/pass at all. Is there a conflict I am unaware of? Is my htaccess file missing something?
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName “EnterPassword”
AuthType Basic
require valid-user
RewriteEngine on
RewriteCond %{QUERY_STRING} ^$
RewriteRule ([^\s]+).php$ $1.php?BAD_HOSTING=%{HTTP:Authorization}
RewriteCond %{QUERY_STRING} ^(.+)$
RewriteRule ([^\s]+).php $1.php?%1&BAD_HOSTING=%{HTTP:Authorization}
interesting script, but very short on installation instructions. this is what I did:
- set $config['upload_progressbar']=true; in config file
- set tmp directory to “/home/username/tmp” (or whatever…) in both config and cgi file
- upload all (non-cgi) files and (non tmp) directories to some directory on your server
- upload tmp directory to place of your choice (if not already in place)
- chmod data directory 777
- upload cgi file to cgi directory on your server
- chmod cgi file 755
it now works for me if I set upload_progressbar=false. But if true, then I see no progress bar, and once upload is done, I get an error:
Warning: chmod() [function.chmod]: Operation not permitted in /home/username/public_html/testupload/index.php on line 178
the file is safely uploaded, so that is no problem, but the chmod didn’t work out. what is likely to be the problem? And why is there no progress bar?
Any support? No one has tried to password protect the directory that W2BOX resides in? I’m almost 100% certain that its a conflict of interest for the administrator’s password to work when the directory is .htaccess’d.
CLEM, can you assist?
Thanks-
What a bunch of slackers you guys are! I’m just messin’ around. I figured it out on my own dime… here’s the problem to all & Clem (suggest updating your ‘How could I password protect entriely w2box ?’ Faq above):
You can’t have 2 HTTP authentications in the same layer. The config.php script uses HTTP auth to authenticate the administrator. Well, when you add HTACCESS to the mix, they conflict.
The fix? So easy… just make sure your admin user/pass combo in the config.php script matches the admin user in your .htpasswd file.
In my case, I have multiple users configured into my .htpasswd files.
admin | alkj2;4j234jaj (matches config admin user/pass)
ftpuser | 20-iia-sdf-0=2
newb | 23042-3402-]sfdk
newb2 | caisdfj9asdfas
I reserved one for administrator and matched it up with the config.php scripts admin user/pass combo.
The result? When you authenticate as the admin through .htaccess, the admin features are automatically enabled in the script.
You don’t even need the “administrator” link in the footer anymore.
I’ll be you guys later. Good luck to all!
@amorvi:
You can try to change your timezone date_default_timezone_set(’UTC’)
@stan:
php might not have the right to chmod. Remove the warnings or comment the line.
@PINESSIGNS:
Signs Pembroke Pines is right the admin password conflict with htaccess thus your should put the admin as a htaccess user as well.
Hi, great script, easy to use and modify. Can make it work on Apache, IIS6 with no ploblems, but with IIS7 there are “500 erro” all over, did anyone tryed this under IIS7?
Still cant get folders to work, istead of going to 127.0.0.1:8080/files/data/foldername
it goes to 127.0.0.1:8080/files/foldername?
@AW: It should be that way… it is not working because you haven’t mod_rewrite enable and the .htaccess file. Read the faq.
Whenever I enable the upload.cgi bar, I’ll get errors that state that the filesize is larger than the filesize limit. But the .htaccess file is fine and the config.php is fine. What am I missing… seems to only happen for larger files >400 MB.
Hello,
I am just wondering what happened to this feature?
// if true, show file only for admin
$config['hide_files'] = true;
Thanks
Morgs
Hi,
Great script Clem !!!
Just two questions :
1) I can see the upload-bar, but it remains empty. The files are uploaded though.
2) I would like that the people who visit the page;
– can upload
– can see the uploaded files and their size
– but can’t download the files
Kind regards,
DrWeB
By the way, I’ve also translated the script in dutch :
“Het verzonden bestand is groter dan de instelling upload_max_filesize van de php.ini”,
2 => “Het verzonden bestand is groter dan de instelling MAX_FILE_SIZE van het HTML-formulier.”,
3 => “Het verzonden bestand werd slechts gedeeltelijk verzonden.”,
4 => “Er werd geen bestand verzonden.”,
6 => “De tijdelijke map ontbreekt.”);
$lang['upload_error_sizelimit'] = “Het verzonden bestand is te groot.”;
$lang['upload_error_fileexist'] = “bestaat reeds in deze map.”;
$lang['upload_error_nocopy'] = “Het is niet mogelijk om het bestand in deze map te kopiëren.”;
$lang['upload_error_sid'] = “Het is niet mogelijk om het gevraagde bestand te vinden.”;
$lang['upload_error_badext'] = “Dit bestandstype is niet toegestaan !”;
$lang['make_error_exist'] = “Deze map bestaat reeds !”;
$lang['make_error_cant'] = “Het is niet mogelijk om een nieuwe map te maken.”;
$lang['make_error_maxdepth']= “U kunt geen sub-map meer maken.”;
?>
I noticed that Mike had a feature request for email notification. This would also be very helpful to me. I have done some coding and testing of email notification. The good news is that an email notification is sent. The bad news is that downloads no longer work properly. Maybe someone can figure this out, I’ve spent several hours and what I have found is that ANY change to index.php, causes downloads to stop working properly. Could this just be something unique to my server? Even just adding a blank space on a line gets the same result.
Anyway, adding email notification was accomplished by adding these lines in config.php:
//— email —
$config['email_to'] = “youremail@your.domain”;
$config['email_from'] = “From: your website [files]“;
and this one line of code in index.php just before the end of the function logadm($str):
mail($config['email_to'], $_SERVER["REMOTE_ADDR"].’ ‘. $str, date(”D M d Y H:i:s”).’
‘.$_SERVER["REMOTE_ADDR"].’ ‘. $str.”\n”, $config['email_from']);
That’s it — three lines of code.
awesome script! only one problem tho… .htaccess isn’t supported by my server. i read the faq and deleted the file and it still redirects to the root. any help? i’m sure i’m missing something simple here… thanks in advance
Regarding email notification, after further testing, I don’t know why this doesn’t work properly in v4.1, but it works just fine in v4.0 Beta5.
Add this code to config.php:
//— email —
$config['send_email'] = true;
$config['email_to'] = “youremail@your.domain”;
$config['email_from'] = “your website name [files]“;
Modify index.php – find function deletefile($cell){
change this line:
$str=substr($str, strpos($str,’href=”‘)+6);
to this:
$str=substr($str, strpos($str,’href=”‘)+16);
Add this code to index.php, as the last thing in function logadm($str):
// added email code
if ($config['send_email']) {
$to = $config['email_to'];
$subject = $_SERVER["REMOTE_ADDR"].’ ‘. $str;
$msg = date(”D M d Y H:i:s”).’ ‘.$_SERVER["REMOTE_ADDR"].’ ‘. $str.”\n”;
$mailheaders = “From: ” . $config['email_from'];
mail($to, $subject, $msg, $mailheaders);
}
// end added email code
It functions perfectly in v4.0 not in v4.1???
@mike: I never uploaded such large file. It might be some perl or apache limitation.
@drweb: I guess you’ll have to do the change yourself as they are not standard behaviour. It should be fairly simple. ( you could just htpasswd the data folder to totally lock it)
@tjohio: There aren’t much difference between the two version. It is certainly the change you do in the deletefile function. It shouldn’t be require.
Hi,
Great script. thx, just the thing i was looking for.
I only have this proplem:
I can see the upload-bar, but it remains empty until the file is uploaded, then the upload-bar goes immediately to 100%
b.t.w. i’m using lighttpd
switched to apache and the upload-bar is working now. only folders are not working -> 404 error
my mistake. i accidentaly deleted the .htaccess file. folders are working now
Cant get the progressbar working.
The page works perfectly fine without it, but when i enable it theres just and empty bar, nothing happens and the file doesnt get uploaded.
upload.cgi has 755
Path to perl is correct
perl upload.cgi returns that its working
If i open it in a browser i only get the text in the file.
Hi there,
Thanks for a really useful and well programmed script.
Took the liberty to add 2 snippets of code in it:
- Line 27 in en.php: $lang['go_up'] = ‘Up one level’;
- Line 475/475 in index.php
$uplink = $lang['go_up'];
echo ‘‘.$uplink.’‘;
Makes the (go up) vary from language.
One question though:
I’ve enabled the progress bar and uploading works fine. However when uploading large files (30 mb+) the progress/status bar in IE6 says the upload completed, but the included progress bar is still at something like 85-90%. The file never arrives at the server either.
Anyone know anything about this?
Hi Clément,
Great script. Thank you.
I’ve spotted a bug: if you create a folder in w2box that is the same name as one of the install folders (data, images, lang, tmp), then clicking on that folder from the w2box interface produces a blank screen. E.g. http://clement.beffa.org/labs/apps/w2box-demo/images/ Any suggestions on a fix for that?
Also, the header h1 URL always goes to the current page – so it’s actually of no use. I modified it so that it always goes to the root of the w2box data:
<?php $path = rooturl(); echo ‘‘.$config['w2box_title'].’‘;?>
Thanks again.
David.
where to send translations files – translated it to Danish…
otherwise it is found at http://www.angler.dk/da.zip
this is absolutely great!
Im a very very beginner of server runner and couldnt run your prog at first, but finally, because of your kindness explanation, I could run your program.
thankyou verymuch!
verana_ss
You can download Turkish Language file from
http://www.5555.com.tr/1/tr.zip
regards
Ugur Onur
Swedish languagefile
“Den uppladdade filen överstiger upload_max_filesize inställningen i php.ini”,
2 => “Den uppladdade filen överstiger MAX_FILE_SIZE inställningen som specificerades i HTML formuläret.”,
3 => “Filen blev bara delvis uppladdad.”,
4 => “Ingen fil blev uppladdad.”,
6 => “Temp mappen saknas.”);
$lang['upload_error_sizelimit'] = “Filen är större än den maximalt tillåtna filstorleken.”;
$lang['upload_error_fileexist'] = “Finns redan i mappen.”;
$lang['upload_error_nocopy'] = “Kunde inte kopiera in filen i mappen.”;
$lang['upload_error_sid'] = “Kan ej hitta filen.”;
$lang['upload_error_badext'] = “Filändelsen är inte tillåten!”;
$lang['make_error_exist'] = “Mappen finns redan!”;
$lang['make_error_cant'] = “Kan inte skapa ny mapp.”;
$lang['make_error_maxdepth']= “Du kan inte skapa en ny mapp i detta katalogdjupet..”;
?>
I would like to see a download option for folders, where it would zip up the folder and then download it. Other than that, it looks fantastic.
Just thought I’d share this in case it helps anyone else. I have a shared web server hosted solution. In my .htaccess I had to add the following directives:
Options +FollowSymLinks
RewriteBase /w2box/
(where “w2box” is the name of the directory that is my storage repository – a subfolder of my web root)
Without these I got the infamous 404 error when accessing folders.
Thanks Nick Brown. Got the folder working without an error by adding RewriteBase /w2box/ in the .htaccess.
Your script is awesome!
I got the password protection and the upload portions of the script to work perfectly but I can’t seem to get the folders not to come up with a 404. I understand the reasoning behind but I’m not to familiar with how to modify the .htaccess to allow the folders to be viewed and I can’t seem to find any examples of the .htaccess code. What would a rewrite line look like if my upload folder is titled data?
nevermind — got it working finally. thanks Clem for a really great script!
I got everything working just the progress bar which I need the most. Tried to do as suggested “How to enable the upload progress bar ?” but it seemed not to work.
Any other ideas?
Any way to do multiple file uploads?
Thanks for a great script
ok i have a Question i download it just to try it ok i got it to work……i make a directory. folder comes up when i click on the folder it gose to page can not be displayed? in the demoi tryed in on thispage i made a directory and go into the folder and it comes up. and i upload into thefolder. how come when i do make a directory in my hosting and click on that folder it gose to a page cant not be displayed what am i doing wrong?? cna someone tell me i have yahoo messenger its jchrzempiec and my email is joseph.c@internetstreets.com where the uploader is http://www.internetstreets.com/up8 can someone help please thanx you.
my question is i got the scripts uploaded but when they go to make a directory folder that works….. butthe problem is when clicking on the folder to uploads stuff it gives me a error of 404 page can not be deisplayed can someone tell me why that is im pretty sure i did everything to work right but can not see it.can someone help pleae??????? this is a great script…. one otherthing i put in the config to accpect mp3 that works but after it up0loads it shows in the main index page but no icon next to it…. like a music icon or something how can i add something to it??
It seems that most error get resolved… I do not do much support at the moment.
Is it possible to post larger files then 500mb?
i have set in php.ini max size and post size to 1000 but it still shows 500mb in w2box, ideas?
/F
Anyone know why, when I have intergrated this into a page to test, it works with IE but not with firefox??
Great script, though I am having trouble changing the ['allowed_ext'] = array as I want to allow my users to upload any file extention without having to write in all the extentions I know.
Does anyone know how to do this?
Hello,
I would like to enable the script to hide all the uploaded files from non-admin people not just just the delete function. Can anyone help me do this? The script used to function this way from memory.
Exists any installation file, I don´t have experience. Thank you
When I’m creating a new directory, it creates the directory in the right place, but the link to the directory goes to the root folder, where it isn’t.
So if I make a folder named “test”, it will be created in “example.com/data/test”, but the link will go to “example.com/test”, where there isn’t a folder. I don’t get what’s going wrong here. Any help would be appreciated.
I keep getting this when i try to upload a file larger then 2gb:
“http negative content length detected” and the upload basically stops. In the tmp dir it creates ####_flength file but the ####_postdata gets created but doesn’t grow in size(0kb)
any ideas? i’ve changed the settings in the php.ini file to 10GB for POST and UPLOAD. i’ve changed the $HIGH_MAX_UPLOAD setting in upload.cgi.
Note sure what else is the issue.
Thanks,
ed
@Clem: Very nice Clem. Thank you for writing it. I searched for hours for a simple upload script, *that allows directory creation* before I stumbled upon your script. Just what I needed.
@David Cog: did you resolve your problem? I have the same issue. Creating new directories works for all directories except “images.” That always produces a blank page. It could have something to do with embedding w2box within another app? (I have it inside a wiki to make image uploading easier.) Or possibly that I use a 3rd level domain name, i.e. wiki.domain.com/w2box. Does the same situation apply for you? If I figure it out I will post back here.
Oh whoops nevermind. The same error happens at the demo for this script. Try to access the “images” folder here:
http://clement.beffa.org/labs/apps/w2box-demo/
to see what I mean.
OK very simple fix to this problem. I simply renamed the images folder w2boximages.
And then did a search-and-replace on all calls to “images” and replace with “w2boximages.” Very easy:
6 occurrances in index.php
2 occurrances in sortable.jp
3 occurrances in w2box.css
The best information i have found exactly here. Keep going Thank you
The article is ver good. Write please more
Hi! I like your srticle and I would like very much to read some more information on this issue. Will you post some more?
hi
im using your script it works perfectly, but i have a question.
when im sending a link, via email or whatever, and the file doesnt exist,
the script enters the parent directory automatically. i dont want that.
it should display an error file not found or 404.
how can i make that?
regards
To allow all file extensions, change allowed_ext to:
$config['allowed_ext'] = array(”*”);
Comment out the following lines in index.php:
// if (!in_array(strtolower(extname($filename)),
//$config['allowed_ext'])) {
// $errormsg = $lang['upload_badext'];
// return;
// }
And finally, comment some of the following lines (as below) in w2box.js:
// if (ALLOWED_TYPES.indexOf(ext) == -1) {
// document.getElementById(”allowed”).className =’red’;
// document.getElementById(”upload”).disabled = true;
// } else {
document.getElementById(”allowed”).className =”;
document.getElementById(”upload”).disabled = false;
// }
Leave Your Own Comment
You can follow any responses to this entry via its RSS comments feed. You can also leave a trackback if the inclination is there.