A simple php script to upload and download files. There is no complex user management as it aims for private file repository use. Supporting direct file deletion using AJAX, instant table sort using a self modified version of sorttable.js and finally upload file progressbar using a cgi(perl) script.
If you want to know more about those technologies, go to more information section.
Features
- Easy upload form
- Allow to define which kind of file can be uploaded
- Limit max file size
- On page table sort (by name, date, type, size)
- Direct deletion using AJAX
- View file by clicking on them
- Direct download by clicking on the download arrow
- Protect and hide upload or/and delete functions only for admin
- Logging upload/delete actions (time ip action)
- Upload progress bar (disable by default)
Online Demo
Visit the online demo. Delete the deleteme.txt file or upload some meaningless files.
How to Install
Download w2box 4.1 (~46 KiB)
License
This script is licensed under a Creative Commons License. It allows you to use and modify the script for noncommercial purposes only. If w2box solves your needs, please make a small donation. Thank you!
For commercial use, make a fair donation of at least €10 or more, especially if you using it on multiple domains or for contract work.
Changelog
- 4.1 Bug fixes, more languages and icons
- 4.0.0Beta5 Redirection and security fixes and more languages
- 4.0.0Beta4 More folders bug fixes
- 4.0.0Beta3 Folders bug fixes
- 4.0.0Beta2 Safari fix
- 4.0.0Beta Folder and multi language support
- 3.3.2 Security fix
- 3.3.1 Extention fix
- 3.3 Authentification fix for some host and cgi redirection fix
- 3.2 Fixed chmod issues, simplified directory structure and files
- 3.1.3 Improved upload.cgi error and aborted upload cleanup
- 3.1 Added icons, date and auto-deleting
- 3.0.3 Fixed file perms bug
- 3.0.2 Fixed direct linking
- 3.0.1 Fixed minor strange bug
- 3.0 Finally a upload progress bar (under windows&linux)
- 2.5.1 Fixed hide upload form
- 2.5 Easier configuration, localisation & many fixes
- 2.3 Possibilty to log upload and delete actions
- 2.2 Deletion is working for international charsets
- 2.1 Fixed some weird FF bug and allow client without javascript
- 2.0.1 Fixed a javascript bug for Opera
- 2.0 Added admin authorization to protect/hide upload/delete
- 1.6 Fixed issues with filename characters
- 1.5.2 Fixed some css bugs
- 1.5 Better error management, removed sajax using prototype.js
- 1.0 Initial Release
FAQ
I’ve just unpacked w2box and got an error 500 ?
It seems that some server configuration doesn’t support the .htaccess file. Just delete that file.
How to enable the upload progress bar ?
Enabling the progress bar can be a bit trickier. That’s why it is disabled by default. Before enable it, make sure the script works without it.
If it’s working, make sure the first line of upload.cgi is right according to where you have perl (on standard unix config, you probably don’t need to do anything) and the file will probably require to be chmod 755 in order to be executed. You can check if the perl script is working by opening it. You should get “CGI Working” like by example on my server.
If you don’t get an error, the default temporary dir is working. By default, it is set to “tmp” in the same folder as w2box. However, you might prefer to change it to a full path like /tmp or ~/tmp. Make sure to change it in both upload.cgi and config.php.
Finally, you can turn the variable upload_progressbar to true in config.php and hopefully it will works.
How could I password protect entriely w2box ?
The best was to protect the whole box and your files is to use apache http access protection. You can use this utility to make the required files. If you are using the admin feature, do not forget to add the admin username/password as a user in the htpassword file.
How to increase the maximum file size limit ?
By default the script is set to a maximum file size of 50MiB and use a .htaccess file to try to configure php to allow such maximum file size. However, if it doesn’t work you should modify the post_max_size & upload_max_filesize variables in php.ini which is the php configuration file. It is related to your webhost, therefore you should check with them if you are allowed to change them and how to do it.
Why files aren’t complete when using the downloading feature ?
There is an inherent problem with readfile() in PHP 5.0.4. Upgrade to the last version of php.
Why am I getting error 404 when I am accessing folders ?
Folders require the .htaccess file to work properly (which might be hidden depending your OS). Be sure that the .htaccess file is in the w2box folder and enable .htaccess support and mod_rewrite in your httpd.conf of the apache webserver.
The Buzz {9 trackbacks/pingbacks}
The Conversation {140 comments}
Great program..has a lot of potential!
Oh by the way, folder support won’t work without enabling direct link support =o
But then again, it’s still a WIP ;]
Hi AHMAZ,
U manage to get the folders to work? how to enable direct link support = 0?
Hi Michael,
Actually I did not get it to work….I keep getting 404 errors. I’m pretty sure I’ve set everything right…
What I meant with the last comment was that in order for folder support to work, you needed to enable direct link support. Logically, it can be enabled through config.php
I can’t seem to get the cgi file to work to show file upload progress bar.
The manager works great and the file uploads are wokrling fine. I get the following message from the upload.cgi file when it is run. ” The tmp directory doesn’t exist. Please correct upload.cgi!” hen the file does not upload
If i change the line $config['upload_progressbar']=false; o $config['upload_progressbar']=true; in the config file.
Any suggestions or ideas as the how to properly setup the path. I ususally just leave the tmp path as tmp and it works okay for other scripts. I have also tried the direct path fro mthe server to a temp folder. I also chmod the temp folder to make sure it can write to the folder but still not luck. thansk for any tips etc..
cheers
AWESOME product. I was impressed with how easy it was to install and configure.
Feature requests =):
- Ability to restrict the total amount of disk space taken up… that way malicious users can’t eat up the entire hard disk.
- E-mail notifications. Ability for admins to become aware if/when a file is uploaded.
- Upload/Download rights by one-time use tags. Combined with e-mail notifications. Just a thought. =)
Thank you again for making this app. IT’s sooooo helpful!
really great script!
I’ve tweaked it to suite my needs and its really easy to modify.
One thing that it misses is the password protection for each directory, I’m working on a mod that can implement it
It should need:
-new boxes in the form (username/password)
-if around the script to print out a lock icon on selected folders
-htaccess creation/update for each directory
@HiProfile:
Using full unix path instead of relative path might helps. You should edit the upload.cgi file to correct this.
Cheers
Hi
very interesting script!
But it upload files without upload.cgi… Why?
I try local (WindowsXP, EasyPHP1-8, w2box 3.3.2 )
Script worked normally.
Further I attempted enable progress bar.
I set temporary dir to “/tmp” in upload.cgi, config.php and $config['upload_progressbar']=true.
But progress bar do not work.
I watched for temporary files (“xxxx_postdata”, “xxxx_flength” …)
where uploading big files.
But I have not seen it …
Then I deleted upload.cgi
I was surprised, script prolonged to work, and normally uploaded files
Why ??????????
P.S.
w2box 4.0.0Beta5 worked without upload.cgi too
Did the 4.0.0Beta5 version fix the vulnerability identified in Bugtraq ID: 23975?
If so, please notify SecurityFocus: http://www.securityfocus.com/bid/23975/solution
Great project! I too am having problems with the folders. Error 404, keeps coming up…I tried .htaccess, and checked to make sure the .htaccess support and mod_rewrite was enabled….
I will look into trying to enable the direct link support via the config.php
Any additional thought on the folder support CLEM?
Thanks,
Jank
@JURI:
upload.cgi is needed only when the progress bar is active.
@interesteduser:
yes, there shouldn’t be any exploit now otherwise my demo site would be hacked.
@Jank:
404 for folders is usually a non working mod_rewrite or htaccess support. Be sure that it works. you might contact your webhost.
Hey, great script thanks works just as wanted.
I have a question about dates, both those used in the log and in the table to show when a folder was updated. How would I change those to reflect UTC time?
Thanks again!
Hi All, great app. Question:
I’ve password protected the directory that this application sits in with .htaccess, however, now when I try and log-in to admin, it fails. It will not accespt the user/pass at all. Is there a conflict I am unaware of? Is my htaccess file missing something?
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName “EnterPassword”
AuthType Basic
require valid-user
RewriteEngine on
RewriteCond %{QUERY_STRING} ^$
RewriteRule ([^\s]+).php$ $1.php?BAD_HOSTING=%{HTTP:Authorization}
RewriteCond %{QUERY_STRING} ^(.+)$
RewriteRule ([^\s]+).php $1.php?%1&BAD_HOSTING=%{HTTP:Authorization}
interesting script, but very short on installation instructions. this is what I did:
- set $config['upload_progressbar']=true; in config file
- set tmp directory to “/home/username/tmp” (or whatever…) in both config and cgi file
- upload all (non-cgi) files and (non tmp) directories to some directory on your server
- upload tmp directory to place of your choice (if not already in place)
- chmod data directory 777
- upload cgi file to cgi directory on your server
- chmod cgi file 755
it now works for me if I set upload_progressbar=false. But if true, then I see no progress bar, and once upload is done, I get an error:
Warning: chmod() [function.chmod]: Operation not permitted in /home/username/public_html/testupload/index.php on line 178
the file is safely uploaded, so that is no problem, but the chmod didn’t work out. what is likely to be the problem? And why is there no progress bar?
Any support? No one has tried to password protect the directory that W2BOX resides in? I’m almost 100% certain that its a conflict of interest for the administrator’s password to work when the directory is .htaccess’d.
CLEM, can you assist?
Thanks-
What a bunch of slackers you guys are! I’m just messin’ around. I figured it out on my own dime… here’s the problem to all & Clem (suggest updating your ‘How could I password protect entriely w2box ?’ Faq above):
You can’t have 2 HTTP authentications in the same layer. The config.php script uses HTTP auth to authenticate the administrator. Well, when you add HTACCESS to the mix, they conflict.
The fix? So easy… just make sure your admin user/pass combo in the config.php script matches the admin user in your .htpasswd file.
In my case, I have multiple users configured into my .htpasswd files.
admin | alkj2;4j234jaj (matches config admin user/pass)
ftpuser | 20-iia-sdf-0=2
newb | 23042-3402-]sfdk
newb2 | caisdfj9asdfas
I reserved one for administrator and matched it up with the config.php scripts admin user/pass combo.
The result? When you authenticate as the admin through .htaccess, the admin features are automatically enabled in the script.
You don’t even need the “administrator” link in the footer anymore.
I’ll be you guys later. Good luck to all!
@amorvi:
You can try to change your timezone date_default_timezone_set(‘UTC’)
@stan:
php might not have the right to chmod. Remove the warnings or comment the line.
@PINESSIGNS:
Signs Pembroke Pines is right the admin password conflict with htaccess thus your should put the admin as a htaccess user as well.
Hi, great script, easy to use and modify. Can make it work on Apache, IIS6 with no ploblems, but with IIS7 there are “500 erro” all over, did anyone tryed this under IIS7?
Still cant get folders to work, istead of going to 127.0.0.1:8080/files/data/foldername
it goes to 127.0.0.1:8080/files/foldername?
@AW: It should be that way… it is not working because you haven’t mod_rewrite enable and the .htaccess file. Read the faq.
Whenever I enable the upload.cgi bar, I’ll get errors that state that the filesize is larger than the filesize limit. But the .htaccess file is fine and the config.php is fine. What am I missing… seems to only happen for larger files >400 MB.
Hello,
I am just wondering what happened to this feature?
// if true, show file only for admin
$config['hide_files'] = true;
Thanks
Morgs
Hi,
Great script Clem !!!
Just two questions :
1) I can see the upload-bar, but it remains empty. The files are uploaded though.
2) I would like that the people who visit the page;
– can upload
– can see the uploaded files and their size
– but can’t download the files
Kind regards,
DrWeB
By the way, I’ve also translated the script in dutch :
“Het verzonden bestand is groter dan de instelling upload_max_filesize van de php.ini”,
2 => “Het verzonden bestand is groter dan de instelling MAX_FILE_SIZE van het HTML-formulier.”,
3 => “Het verzonden bestand werd slechts gedeeltelijk verzonden.”,
4 => “Er werd geen bestand verzonden.”,
6 => “De tijdelijke map ontbreekt.”);
$lang['upload_error_sizelimit'] = “Het verzonden bestand is te groot.”;
$lang['upload_error_fileexist'] = “bestaat reeds in deze map.”;
$lang['upload_error_nocopy'] = “Het is niet mogelijk om het bestand in deze map te kopiëren.”;
$lang['upload_error_sid'] = “Het is niet mogelijk om het gevraagde bestand te vinden.”;
$lang['upload_error_badext'] = “Dit bestandstype is niet toegestaan !”;
$lang['make_error_exist'] = “Deze map bestaat reeds !”;
$lang['make_error_cant'] = “Het is niet mogelijk om een nieuwe map te maken.”;
$lang['make_error_maxdepth']= “U kunt geen sub-map meer maken.”;
?>
I noticed that Mike had a feature request for email notification. This would also be very helpful to me. I have done some coding and testing of email notification. The good news is that an email notification is sent. The bad news is that downloads no longer work properly. Maybe someone can figure this out, I’ve spent several hours and what I have found is that ANY change to index.php, causes downloads to stop working properly. Could this just be something unique to my server? Even just adding a blank space on a line gets the same result.
Anyway, adding email notification was accomplished by adding these lines in config.php:
//— email —
$config['email_to'] = “youremail@your.domain”;
$config['email_from'] = “From: your website [files]“;
and this one line of code in index.php just before the end of the function logadm($str):
mail($config['email_to'], $_SERVER["REMOTE_ADDR"].’ ‘. $str, date(“D M d Y H:i:s”).’
‘.$_SERVER["REMOTE_ADDR"].’ ‘. $str.”\n”, $config['email_from']);
That’s it — three lines of code.
awesome script! only one problem tho… .htaccess isn’t supported by my server. i read the faq and deleted the file and it still redirects to the root. any help? i’m sure i’m missing something simple here… thanks in advance
Regarding email notification, after further testing, I don’t know why this doesn’t work properly in v4.1, but it works just fine in v4.0 Beta5.
Add this code to config.php:
//— email —
$config['send_email'] = true;
$config['email_to'] = “youremail@your.domain”;
$config['email_from'] = “your website name [files]“;
Modify index.php – find function deletefile($cell){
change this line:
$str=substr($str, strpos($str,’href=”‘)+6);
to this:
$str=substr($str, strpos($str,’href=”‘)+16);
Add this code to index.php, as the last thing in function logadm($str):
// added email code
if ($config['send_email']) {
$to = $config['email_to'];
$subject = $_SERVER["REMOTE_ADDR"].’ ‘. $str;
$msg = date(“D M d Y H:i:s”).’ ‘.$_SERVER["REMOTE_ADDR"].’ ‘. $str.”\n”;
$mailheaders = “From: ” . $config['email_from'];
mail($to, $subject, $msg, $mailheaders);
}
// end added email code
It functions perfectly in v4.0 not in v4.1???
@mike: I never uploaded such large file. It might be some perl or apache limitation.
@drweb: I guess you’ll have to do the change yourself as they are not standard behaviour. It should be fairly simple. ( you could just htpasswd the data folder to totally lock it)
@tjohio: There aren’t much difference between the two version. It is certainly the change you do in the deletefile function. It shouldn’t be require.
Hi,
Great script. thx, just the thing i was looking for.
I only have this proplem:
I can see the upload-bar, but it remains empty until the file is uploaded, then the upload-bar goes immediately to 100%
b.t.w. i’m using lighttpd
switched to apache and the upload-bar is working now. only folders are not working -> 404 error
my mistake. i accidentaly deleted the .htaccess file. folders are working now
Cant get the progressbar working.
The page works perfectly fine without it, but when i enable it theres just and empty bar, nothing happens and the file doesnt get uploaded.
upload.cgi has 755
Path to perl is correct
perl upload.cgi returns that its working
If i open it in a browser i only get the text in the file.
Hi there,
Thanks for a really useful and well programmed script.
Took the liberty to add 2 snippets of code in it:
- Line 27 in en.php: $lang['go_up'] = ‘Up one level’;
- Line 475/475 in index.php
$uplink = $lang['go_up'];
echo ‘‘.$uplink.’‘;
Makes the (go up) vary from language.
One question though:
I’ve enabled the progress bar and uploading works fine. However when uploading large files (30 mb+) the progress/status bar in IE6 says the upload completed, but the included progress bar is still at something like 85-90%. The file never arrives at the server either.
Anyone know anything about this?
Hi Clément,
Great script. Thank you.
I’ve spotted a bug: if you create a folder in w2box that is the same name as one of the install folders (data, images, lang, tmp), then clicking on that folder from the w2box interface produces a blank screen. E.g. http://clement.beffa.org/labs/apps/w2box-demo/images/ Any suggestions on a fix for that?
Also, the header h1 URL always goes to the current page – so it’s actually of no use. I modified it so that it always goes to the root of the w2box data:
<?php $path = rooturl(); echo ‘‘.$config['w2box_title'].’‘;?>
Thanks again.
David.
where to send translations files – translated it to Danish…
otherwise it is found at http://www.angler.dk/da.zip
this is absolutely great!
Im a very very beginner of server runner and couldnt run your prog at first, but finally, because of your kindness explanation, I could run your program.
thankyou verymuch!
verana_ss
You can download Turkish Language file from
http://www.5555.com.tr/1/tr.zip
regards
Ugur Onur
Swedish languagefile
“Den uppladdade filen överstiger upload_max_filesize inställningen i php.ini”,
2 => “Den uppladdade filen överstiger MAX_FILE_SIZE inställningen som specificerades i HTML formuläret.”,
3 => “Filen blev bara delvis uppladdad.”,
4 => “Ingen fil blev uppladdad.”,
6 => “Temp mappen saknas.”);
$lang['upload_error_sizelimit'] = “Filen är större än den maximalt tillåtna filstorleken.”;
$lang['upload_error_fileexist'] = “Finns redan i mappen.”;
$lang['upload_error_nocopy'] = “Kunde inte kopiera in filen i mappen.”;
$lang['upload_error_sid'] = “Kan ej hitta filen.”;
$lang['upload_error_badext'] = “Filändelsen är inte tillåten!”;
$lang['make_error_exist'] = “Mappen finns redan!”;
$lang['make_error_cant'] = “Kan inte skapa ny mapp.”;
$lang['make_error_maxdepth']= “Du kan inte skapa en ny mapp i detta katalogdjupet..”;
?>
I would like to see a download option for folders, where it would zip up the folder and then download it. Other than that, it looks fantastic.
Just thought I’d share this in case it helps anyone else. I have a shared web server hosted solution. In my .htaccess I had to add the following directives:
Options +FollowSymLinks
RewriteBase /w2box/
(where “w2box” is the name of the directory that is my storage repository – a subfolder of my web root)
Without these I got the infamous 404 error when accessing folders.
Thanks Nick Brown. Got the folder working without an error by adding RewriteBase /w2box/ in the .htaccess.
Your script is awesome!
I got the password protection and the upload portions of the script to work perfectly but I can’t seem to get the folders not to come up with a 404. I understand the reasoning behind but I’m not to familiar with how to modify the .htaccess to allow the folders to be viewed and I can’t seem to find any examples of the .htaccess code. What would a rewrite line look like if my upload folder is titled data?
nevermind — got it working finally. thanks Clem for a really great script!
I got everything working just the progress bar which I need the most. Tried to do as suggested “How to enable the upload progress bar ?” but it seemed not to work.
Any other ideas?
Any way to do multiple file uploads?
Thanks for a great script
ok i have a Question i download it just to try it ok i got it to work……i make a directory. folder comes up when i click on the folder it gose to page can not be displayed? in the demoi tryed in on thispage i made a directory and go into the folder and it comes up. and i upload into thefolder. how come when i do make a directory in my hosting and click on that folder it gose to a page cant not be displayed what am i doing wrong?? cna someone tell me i have yahoo messenger its jchrzempiec and my email is joseph.c@internetstreets.com where the uploader is http://www.internetstreets.com/up8 can someone help please thanx you.
my question is i got the scripts uploaded but when they go to make a directory folder that works….. butthe problem is when clicking on the folder to uploads stuff it gives me a error of 404 page can not be deisplayed can someone tell me why that is im pretty sure i did everything to work right but can not see it.can someone help pleae??????? this is a great script…. one otherthing i put in the config to accpect mp3 that works but after it up0loads it shows in the main index page but no icon next to it…. like a music icon or something how can i add something to it??
It seems that most error get resolved… I do not do much support at the moment.
Is it possible to post larger files then 500mb?
i have set in php.ini max size and post size to 1000 but it still shows 500mb in w2box, ideas?
/F
Anyone know why, when I have intergrated this into a page to test, it works with IE but not with firefox??
Great script, though I am having trouble changing the ['allowed_ext'] = array as I want to allow my users to upload any file extention without having to write in all the extentions I know.
Does anyone know how to do this?
Hello,
I would like to enable the script to hide all the uploaded files from non-admin people not just just the delete function. Can anyone help me do this? The script used to function this way from memory.
Exists any installation file, I don´t have experience. Thank you
When I’m creating a new directory, it creates the directory in the right place, but the link to the directory goes to the root folder, where it isn’t.
So if I make a folder named “test”, it will be created in “example.com/data/test”, but the link will go to “example.com/test”, where there isn’t a folder. I don’t get what’s going wrong here. Any help would be appreciated.
I keep getting this when i try to upload a file larger then 2gb:
“http negative content length detected” and the upload basically stops. In the tmp dir it creates ####_flength file but the ####_postdata gets created but doesn’t grow in size(0kb)
any ideas? i’ve changed the settings in the php.ini file to 10GB for POST and UPLOAD. i’ve changed the $HIGH_MAX_UPLOAD setting in upload.cgi.
Note sure what else is the issue.
Thanks,
ed
@Clem: Very nice Clem. Thank you for writing it. I searched for hours for a simple upload script, *that allows directory creation* before I stumbled upon your script. Just what I needed.
@David Cog: did you resolve your problem? I have the same issue. Creating new directories works for all directories except “images.” That always produces a blank page. It could have something to do with embedding w2box within another app? (I have it inside a wiki to make image uploading easier.) Or possibly that I use a 3rd level domain name, i.e. wiki.domain.com/w2box. Does the same situation apply for you? If I figure it out I will post back here.
Oh whoops nevermind. The same error happens at the demo for this script. Try to access the “images” folder here:
http://clement.beffa.org/labs/apps/w2box-demo/
to see what I mean.
OK very simple fix to this problem. I simply renamed the images folder w2boximages.
And then did a search-and-replace on all calls to “images” and replace with “w2boximages.” Very easy:
6 occurrances in index.php
2 occurrances in sortable.jp
3 occurrances in w2box.css
The best information i have found exactly here. Keep going Thank you
The article is ver good. Write please more
Hi! I like your srticle and I would like very much to read some more information on this issue. Will you post some more?
hi
im using your script it works perfectly, but i have a question.
when im sending a link, via email or whatever, and the file doesnt exist,
the script enters the parent directory automatically. i dont want that.
it should display an error file not found or 404.
how can i make that?
regards
To allow all file extensions, change allowed_ext to:
$config['allowed_ext'] = array(“*”);
Comment out the following lines in index.php:
// if (!in_array(strtolower(extname($filename)),
//$config['allowed_ext'])) {
// $errormsg = $lang['upload_badext'];
// return;
// }
And finally, comment some of the following lines (as below) in w2box.js:
// if (ALLOWED_TYPES.indexOf(ext) == -1) {
// document.getElementById(“allowed”).className =’red’;
// document.getElementById(“upload”).disabled = true;
// } else {
document.getElementById(“allowed”).className =”;
document.getElementById(“upload”).disabled = false;
// }
I m not able to upload large video like more than 50 MB.
Can you please help me how to resolve this issue???
Please reply me as soon as possible.
Thanks in advance.
index.php UTF-8 encode plz:p
Your script is awesome! Thats what I’ve been looking for so long!
Wishliste:
- an user management
- an email notifier after finished upload or
- file upload in chunks
- admin panel for settings
After that, I will donate 20 extra Euros!
@Toby: You are taking the wrong approach. Donate *first* and hope that donations will entice the author to add the features you are requesting.
Clem, could you add sanitizing to the filename of the file to upload? Right now, for example, if the filename has \’ (test\’ing.txt) it will break functionality.
I tried to do it myself to no avail.
The problem with bad names resides on the renaming part. I replaced the line:
:
With:
:
And set:
$config['hide_rename'] = true;On the configuration file. Only admins can rename.
Anyone who know how I can change default sort-type in that way to show newest file in the top, descending?
Right now it loads with sorting filenames. I got it changed to file date by changing:
ts_resortTable(firstRow.cells[0].childNodes[0]);
to
ts_resortTable(firstRow.cells[1].childNodes[0]);
but how to make it descending from start as well?
Hi Clément, great script. Thank you.
To make the progressbar working it need to correct w2box.js
The line:
//ajax magic
uploadUpdater = new Ajax.PeriodicalUpdater({},
Should be replaced:
uploadUpdater=new Ajax.PeriodicalUpdater(“upload_progress”,
Serge
Excellent Serge, thanks!
hi
how can i prevent jumping back to parent directory
when trying to download non-existant files?
eg:
trying to download
http://www.host.de/w2box/FOLDER_NAME/filename.zip
but file has been deleted a time ago, so clicking this link
goes to
http://www.host.de/w2box/FOLDER_NAME/
and showing its contents..can i turn this off somewhere?
Thank you for script! Great job!
Feature requests:
- Ability to make custom permissions for users.
e.g. John Doo have read-write access to their folder “Uploaded by J.D.”, but read-only to other folders.
- e-mail notifications.
- RSS
- percentage indicator when uploading
P.S. Thanks again for great job.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Redesigned ( Mac OS X Snow leopard style). Enjoy:
http://quakealarm.kz/w2box.zip
Great script!
I’m having 2 problems:
1. When I create a dir it always leads to a 404 if I click on it. It seems it’s pointing back to the root… any ideas?
2. The progress bar is working, but it get’s stuck just right at the end and nothing is uploaded. Uploads work fine w/o progress bar.
MARTIM.
Edit your .htaccess
MARTIM.
Rewrite engine mod must be turned on.
#————————————–
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^(.*)$ index.php?d=$1&BAD_HOSTING=%{HTTP:Authorization} [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{QUERY_STRING} ^(.+)$
RewriteRule ^(.*)$ index.php?%1&d=$1&BAD_HOSTING=%{HTTP:Authorization} [L]
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule (.+).php $1.php?%1&BAD_HOSTING=%{HTTP:Authorization}
#—————————–
Thanks for the help ST0NEHEAD
My .htaccess looks exactly like yours plus these lines:
SecFilterScanPOST Off
I see the apache solution up in the FAQ, except I’m not using apache. I’m using Abyss web server: http://www.aprelium.com/ Any more ideas?
HI, Uploaded to 4.1 but still get a login bug on IE8 (works on IE6 and FF)
line 43
char 2
file w2box.js
how can I fix it?
also in w2box.css
line 151
overflowù: none is not valid
Value: visible | hidden | scroll | auto | inherit
I’ve got a correction for this correction:
The line:
//ajax magic
uploadUpdater = new Ajax.PeriodicalUpdater({},
Should be replaced:
uploadUpdater=new Ajax.PeriodicalUpdater(”upload_progress”,
should actually be
uploadUpdater=new Ajax.PeriodicalUpdater(‘upload_progress’,
its not working with the ajax mod.
BTW also with Firefox 3.5.5 the
Error: document.getElementById(“filename”) is null
w2box.js
line: 43
issue prevent the software from working.
regarding the 404 and htaccess:
Hey on our server, mod-rewrite is activated however we need to put a forward slash “/” in front of the index.php named in the htaccess file (I know this because I’ve had to make that adjustment to other htaccess mod-rewrite files in the past to get them working).
So I added the extra / in the 2 obvious places (see below), but it does not seem to activate and still gets the 404 on folders.
amended htaccess as follows:
———
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^(.*)$ /index.php?d=$1&BAD_HOSTING=%{HTTP:Authorization} [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{QUERY_STRING} ^(.+)$
RewriteRule ^(.*)$ /index.php?%1&d=$1&BAD_HOSTING=%{HTTP:Authorization} [L]
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule /(.+).php /$1.php?%1&BAD_HOSTING=%{HTTP:Authorization}
SecFilterScanPOST Off
——-
Should I also be making another forward slash “/” somewhere in the last cond & rule to complete this requirement?
or do I also have to mke some change somewhere else in the application files to allow for this forward slash addition?
If you can advise what should be the best corse of action that would be great as I think your application would be a real asset if I can get it past this issue.
Thanks
Note: As I said earlier, the mod-rewrite module IS ACTIVATED on our server, but requires the additional forward slash to be compatible.
Hi all,
I got this script working on my test box.
I also got the max filesize to 100MiB but I can’t get the progress bar to work.
When enabled, the progress bar shows up but it stays 0% filled and the file never actually uploads.
What information do people need from me?
I’m running in an hosted enviroment and my tmp directories are set to full path.
If I can get it working I’ll use it for work which means a nice donation for Clem
BTW I thought I might add,
I’m using a .htaccess as a method of security, if I go to the http://www.test.com/test this works fine and I can login and see the index page, but if I got to http://www.test.com/test/upload.cgi directly I get a Forbidden 403 Error, even if after I authenticate on index.cgi/htm
Hi,
I managed to install this great script, i can create maps, i can upload files but…i can not delete anything…
Even when i delete httacces file, it doesnt work, i always get an 403
Can somebody please help me out?
It seems that when uploading the ownership of the files and folders is switched in apache apache so thats why i cant delete them.
Is there a solution for?
Kind regards
Really nice module ! congratz
i wish to add an email notification when a file are uploaded, but i add a mail(à just after FINISHED, and i not receive the mail:(
Someone to help me ?
Grtz
Hello,
How to go in another page when the upload are finished?
Thanks
lo estoy instalando en debian 4, pero cuando creo la carpeta y acceso a ella, me lleva a la carpeta w2box, es decir se sale de la carpeta data.. ayuda por favor.. creo que debe ser por el Rewrite, donde modifico esto? y lo del tamaño maximo de archivo por favor…
hi, i using wamp (with php 5.3)
it’s error at :
// coefficient
$coef=sprintf(‘%3.1f’,$found[5]?$found[5]:’1′);
Undefined offset: 5 in …..\lang\index.php
it will works if change to 1 or 3 only.
but i dont know what’s the effect later.
Hi
Thanks for great script. Everything works fine and progress bar works ok.
I need help with one thing. I have made div#filelisting hidden, so customers when uploading files cannot see list of files. Now, I would like to make a notifications for successful upload, because when upload is finished there is no any message. Can you help me with this?
Oh yes one more thing. Sometimes files just do not upload, there is no any error message. This happens in one of ten uploads.
Hi and thanks for the script!
Here, the progress bar sticks to echoing 0.
Look index.php between lines 143 and 148: I’ve checked with Firebug and the Ajax response is almost always 0. With relatively big files (over 1 Mb with a slow DSL connection), you can sometimes display $total (the size of the info_file) but never $current (the size of $data_file). All these files are being correctly created, but somewhat file_exists() do not find them.
I’ve tried adding clearstatcache() in line 118 with no avail.
Could be the problem related to the way the host server manages files?
Best regards,
Juan
Possible root disclosure security issue due to function.opendir?
Default: /t/?download=test.jpg
POC: /t/test.jpg
Will return root image storage dir. Example it is /data/
Warning: opendir(/var/www/t/data/test.jpg) [function.opendir]: failed to open dir: Not a directory in /var/www/t/index.php on line 371
With this information you could point to /t/data/test.jpg allowing someone to hotlink and more.
magnificent code
may I suggest an addition update for uploading large files?
if there a way to split the temp files into 2 or 4 or 8mb each then merge them into a one large file
so we can upload the large files without the limits of those server dictator administrators
thanks alot
Hello from Mexico:
Very grateful for the code, I only have a problem …
I can browse directories, I click on one and tells me that IE “is not the page”.
Could give me some advice, please?
Thanks
I have edited the file. Htaccess as this:
RewriteEngine on
RewriteCond% (REQUEST_FILENAME)!-D
RewriteCond% (REQUEST_FILENAME)!-F
RewriteCond% (QUERY_STRING) ^ $
RewriteRule ^(.*)$ / index.php? D = $ 1 & BAD_HOSTING =% (HTTP: Authorization) [L]
RewriteCond% (REQUEST_FILENAME)!-D
RewriteCond% (REQUEST_FILENAME)!-F
RewriteCond% (QUERY_STRING) ^(.+)$
RewriteRule ^(.*)$ / index.php?% 1 & d = $ 1 & BAD_HOSTING =% (HTTP: Authorization) [L]
RewriteCond% (QUERY_STRING) ^(.*)$
RewriteRule /(.+). php / $ 1.php?% 1 & BAD_HOSTING =% (HTTP: Authorization)
SecFilterScanPOST Off
SecFilterScanPOST Off
But I still have this error when clicking a directory:
HTTP 404 – File not found
Internet Information Server
Any suggestions, please?
Hi, Just need to know, if i donate some $$ would you please install it for me ?
@Beasiswa: It is not so hard, you just need to unpack the zip and it should work out of the box.
This is a really good program but try as I might I cannot change the max file size above 64mb. Looking to set it at 2 gig but although I can set it lower than 64mb i cant set it higher. Any clues? Will be looking to make a donation once successfully installed as it will be for commercial use.
@John: Try to read the faq on this page about increase the maximum file size limit. If it doesn’t work or you do not have the right to change it, you can try to enable the progress bar (read the faq as well) and bypass php max filesize limit.
Hi there guys,
First – This is a GREAT script! works really well (after several attempts at getting the .htaccess file right for the folders to work!)
Question tho – I have enabled the admin in the config.php file so that people not signed in (not admin) cant seem some options – this works fine for IE 7, Firefox and Opera – however NOT in Safari 4.04 …. I try to log in and it just spits me back to same page :S
Clem – amazed to see that you’re still giving support for this – any ideas on why this may be happening?!
Clem,
I am using my own IIS server and have been setting the temp directory in both the config.php and upload.cgi file.
No matter what I set as the temp directory, the upload always fails saying that C:\WINDOWS\Temp\phpE0.tmp do not exist!
This is really frustrating, and I am running out of ideas.
Hopefully you can point me in the right direction so I can resolve this issue.
BTW… It works fine on my WAMP server.
If you allow uploads and use Apache, MAKE SURE you lock down your php interpreter so it doesn’t execute uploaded files like file.php.ext (ex. sunnyday.php.jpg). Most DEFAULT installs will allow you to run this kind of file!
If you ONLY store php files as *.php, you can add this to php.conf:
AddType text/html .php
AddType application/x-httpd-php .php
AddHandler php-script .php
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
Otherwise, you can use .htaccess to achieve the same lockdown.
ref.
http://www.tehfear.com/2009/04/07/apache-addtype-and-addhandler/
http://isc.sans.org/diary.html?storyid=6139
*Fix for inconsistent small file upload*
I don’t know if this is a bug or just a problem with my install, but I was having issues uploading smaller files with the progress bar turned on. I suspect that if the file is uploaded too quickly, it breaks the progress bar routine and the file never makes it or doesn’t get copied to the data folder. I changed “sleep(1)” to “sleep(5)” in upload.cgi, and the problem went away.
Hope that helps someone!
How about a real administration login and the ability to logout? I’ve set so only I have restrictions to add directories. And whilst in the directory, I can only upload files. So, limited to 1 directory, and admin only. But I want o be able to logout! How’s this done? unset($_GET['admin'])? or… unset what? session_close()? What does need to be done. I’m happy to share what I’ve done, it’s a repository for FireFox add-on, ChatZilla (motifs/skins). You select the theme/skin you want, and then “drag-and-drop” it on your ChatZilla window. Works great, but I want to be able to log out correctly.. The login system is a bit weird!
I figured it was time to share some of my experiences as I’ve been running w2box as a “beta” hidden file repository where I work for some time. I’ve ended up customizing it quite a bit over the years.
So far I’ve re-skinned it via CSS and some revised HTML, changed various defaults, updated the Prototype and Sortable libraries (seems faster) and probably some other changes I have forgotten. Clem, if you ever update w2box I’ve got a lot of careful forking to do.
I’ve never gotten the progress bar to work on my host, but also never put much time into it either. It’s sort of the last problem to solve whenever I get time.
It would appear that Sortable v1 was used when this was originally built. I dabbled with replacing that with Sortable v2 which seems to be quite the rewrite. Or I’m completely wrong and the customizations completely masked whatever version of Sortable was used.
I can say that Sortable v2 works and you can roll over some of the customizations (I may have missed a few) and everything seems to work fine. Doing that upgrade seems to add some options and improves the speed when sorting. It does change the default sorting behavior as well which is why I tried it in the first place. We need to sort by date, newest file on top and it’s never worked quite right. I’m probably closer to that now but haven’t had time to do any more since the update.
The Prototype update was simply to catch up with the bug fixes in Prototype. It appears that the nicely optimized Prototype Ajax library hasn’t changed since the version included in w2box so if you do this you’re adding bulk to the page load by loading the entire Prototype library. Figured I’d try this and aside from potentially being more robust in modern browsers it is faster. I usually work with JQuery so I can’t really say much else about Prototype right now. If I had more time I’d consider doing my own reduced version.
Thanks for the script Clem. I’ve learned some things and even though my customized version is just a functional beta, I owe you a donation sometime soon.
Hi were i can download stable version ??
Is there anyways that i can exclude some files from being shown ?
Great script and works straight out of the box
Just need a way to enable multiple uploads and it will be complete
Thanks Clem
sorry to bothr you, clem.
i’m not able to make admin work.
if i enable it, after pushig powered, it asks me the pw. if i provide the right one it asks me the pw 3 times and then tell me that i’m not authorized. if i give a wrong one it takes me to a empty page and i’ve to cloe/reopen the browser to try another time.
and also have the same warning of “post 80″ from dexter .
really not able to make it works. (even progress bar and directory exploring doesn’t work but i don’t need that at the moment).
thank you if you can help me.
i’ve already read all the post and all the faq.
the pw in config.php are admin and w2pass
i can write everything for the username
but when i write for the pw : adm(what i want) it stucks
admapple
admin
admusment
….
any other word (also the right w2pass) doesn’t work.
sorry for my english
(italy)
Hello, I’m a novice programmer and I tried this–so great, very easy! I did have a question though…how do I add allowed file types? I have some PSD files I’d like to place in here, but it seems that I can’t do it.
Please let me know…thanks!
@Ruth: Edit the file config.php and simply add psd to the line following $config['allowed_ext']
What can I say, excellent script, works straight out of the box and the upload bar works as it should.
For those that cannot get the progress bar please make sure you have given that file execute permissions (755) otherwise it will not work. Also on some hosts they only allow cgi files to run in the cgi-bin directory, try moving it there and update the config to point to the cgi file
Some requested features.
1. Multiple uploads, via ajaz with a plus symbol to add a new line to get a new file.
2. Additional user level(s). As in upload and download only with no delete options and no directory creations.
Keep up the great work
GW
How to change the script to display longer filenames?
Cool script. Got it installed….able to upload files fine, but nothing is displayed in the file/folder area….any ideas?
how can i add more file in the same form?
Hi, fantastic script. In my installation I need to install the W2Box scripts and PHPs in a directory that already exist another INDEX.PHP, doing something else, and it is can not be changed at all.
So I renamed W2Box INDEX.PHP to UFILES.PHP and found two reference to “index.php” on W2Box.Js, what I changed to ufiles.php. Found no other references to index.php, except inside the .htaccess file.
Populating manualy the Data directory with directories, subdirectories and files, the first level appears at W2Box (runing the ufiles.php), but when clicking any directory it gaves me 404 error. I already copied the .htaccess file (from your zipped) to the data and each data directory.
Even so, the 404 continues.
Other than that, I can not make the admin + password works, it return the login screen over and over.
The same config.php from the test installation (using index.php) is being used here, same userid, same password.
I am getting crazy here, can’t find anywhere else to go to try to fix it.
As a suggestion to avoid future problems like mine, the index.php could be renamed to something else, in future releases, perhaps w2box.php ?
Please, any help, I am desperate here, need to make it work and fast.
Thanks
Pil Gaw
I would love to have the following two functions in a new version of W2BOX:
1) Administrator LOGOFF button.
2) An option at the CONFIG.PHP to allow any user to upload files to a specific directory at the file server, like “unsorted_files”. Config.php could have options for this be available, directory name, secondary password or not for common users. By this way, any user could upload files to that particular directory, then administrators could sort files to the correct directories.
We use to create a text file in each directory, containing file name, size and a simple description of the file. Sometimes just by the file name is impossible to figure out correctly the what the file is for.
I will try to include in your php the reading of such file and if the file name/size is found in the text file, then more info will be on screen. It will be a wonderful feature.
I can not create folders, why?
hi all.
my cgi works. (i have “You should get “CGI Working””.
i can do everithing. but when i upload files the progress bar remain empty and in the left bottom corner of iexplore/chrome i see a percentage growing. when reach 100% the prograss bar suddenly turn full of red, refresh the page and the file is uploaded. what’s wrong with showing progress on the proper progress bar?
thank you all.
i’m on a linux server. just buyed to make this great script working fine.
Can I please request a multiple login feature, as in leave the admin login as is, but also have a User login feature of which we can then set what the user can and cannot do, i.e. the hide admin options or not in config.
Also please a multiple upload feature is greatly needed.
Cheers
GW
For multiuser log in you have to create a mysql authentication function, or file based by reading the user & password to 2 variables on page loading…
Hi i have problem with make new Dir// I can make but if i opened this folder i have error 404 what do Wrong // Help me
Great Script, only misses 1 thing!
Any way to do multiple file uploads?
Are you also update your script? It’s important, to avoid hack of other.
Firefox 4 trubbles
admin do not funktion here
in Windows Mac and Linux
Works nicely in IE 8 Windows 7
and Safari Version 5.0.4 (6533.20.27)
and Opera 11.01/1190 Mac OS X Version 10.6.7
Warning: move_uploaded_file(data/cf1132399835.zip) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/habbog3/domains/habbog.lx10.net/public_html/upload/index.php on line 231
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move ‘/tmp/phpCz6eYY’ to ‘data/cf1132399835.zip’ in /home/habbog3/domains/habbog.lx10.net/public_html/upload/index.php on line 231
Warning: rename(data/cf1132399835.zip) [function.rename]: failed to open stream: Permission denied in /home/habbog3/domains/habbog.lx10.net/public_html/upload/index.php on line 232
Warning: rename(/tmp/phpCz6eYY,data/cf1132399835.zip) [function.rename]: Permission denied in /home/habbog3/domains/habbog.lx10.net/public_html/upload/index.php on line 232
————————————————————————————————————————
Warning: mkdir() [function.mkdir]: Permission denied in /home/habbog3/domains/habbog.lx10.net/public_html/upload/index.php on line 258
Through the years, I added a bit of knowledge to the project https://github.com/andreineculau/w2box
404 error when I enter a directory, plus I loaded files (containing the writable) left the links to try it who can help me in the project.
*********************
http://tools.powerpoint.site40.net/index.php
*********************
I expect a quick answer to the question, because it is a project for my work.
many thanks and greetings from Argentina
I like the script, but noticed one error, when I am finished with the admin area, there is no way to log-out of the admin area. Is there some way to log-out of the admin area when I am done?
Can I use folder outside of /w2box, on another disk?
I installed xampp for linux, so the path to w2box is
/opt/lampp/htdocs/w2box
I want to use this script for listing
/media/Files/d/
So, this is what i tried:
$config['storage_path'] = “/media/Files/d/”;
I get error message: opendir(/media/Files/d/) [function.opendir]: failed to open dir: Permission denied in /opt/lampp/htdocs/f/index.php on line 371
How to make this working? Thanks!
I resolve my issue by formating disk to linux filesstem and changed permissions. I couldnt do this change couse my disk was ntfs before.
My current problem is that files over 2GB are not visible…
Great Script! Some changes needed to work under Win 7, XAMPP 1.7.4 and PHP 5.3.5:
- index.php: split(…) -> @split(…)
- lang\index.php: ereg(…) -> @ereg(…)
And to use the progress bar under under Win 7, XAMPP 1.7.4 and PHP 5.3.5 your first row of upload.cgi should look like this (path to the perl.exe):
#!”C:\xampp\perl\bin\perl.exe”
# if you’re using windows, you should remove the first line
the arabic language translation file
http://www.mediafire.com/?xx9cad6c51h566f
note:
change the charset value in index.php to UTF-8 otherwise you gonna end up with shitty text
note: to change the language…
go to lang folder open index.php and replace the en with the name of the required language file
to install addittional languages just translate the base en file to your language and put it and use it >it’s that simple
) and don’t forget to share translations here…
ps: some languages need utf-8 to be displayed correctly..save the lang file in utf-8 instead of ansi and change the charset in index.php to utf-8
thnx for the great script
I subscribed to your rss feed as I wasn’t able to find your e-mail subscription link or newsletter service. Do you’ve any?
Leave Your Own Comment
You can follow any responses to this entry via its RSS comments feed. You can also leave a trackback if the inclination is there.