Thank you for this nice work!

Zip folder and download IT.

Please try to implement bulk select and operation like delete, move, copy.

Feature request for a future version. I'd love to have a config for hiding certain files, extensions or folders from the files list.

Hi,

When uploading from IE on Win10, upload is fine but nothing happen on the page.

User needs to refresh the page manually to see the newly uploaded file.

Is it possible to get file modified date as a default file orderind instead of file name ordering?
Any news about search feature?
Thank you and best regards.
Fernando Grimmer.

Hi

On my file link, a dont have a right URL !!
I have : http://myServ/DD/timelaps%2FGMTimelaps%2Fcloud.pi0.253.vendredi.speed.mp4

But I need http://myServ/DD/timelaps/GMTimelaps/cloud.pi0.253.vendredi.speed.mp4

My root directory is DD/timelaps.

Do you have some idéea ?

G.

It is possible to extract sensitive information from the server when downloading a file. When altering the download request with the PHP file:/// extension fitter it is possible to download files outside the root folder. Find the PoC below.

Request send

GET /index.php/?do=download&file=file:///etc/passwd HTTP/1.1
Host: 127.0.0.1

Request received

HTTP/1.1 200 OK
Date: Fri, 14 Sep 2018 11:27:37 GMT
Server: Apache/2.4.34 (Debian)
Set-Cookie: _sfm_xsrf=82b713d531811279f4b62e02b3f54a7d
Content-Length: 3142
Content-Disposition: attachment; filename="passwd"
Vary: Accept-Encoding
Content-Type: text/plain;charset=UTF-8

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync

after host it error log show, this line has an error then error_log file show in file manager

header('Content-Type: ' . mime_content_type($file));

@jcampbell1 Also, Please check your Gmail inbox

The file manager page loads properly from Windows browsers (tried Google Chrome and Firefox) and has no problem loading from my Samsung tablet using Android V6.1 (Marshmallow) using Samsung Internet Explorer, Google Chrome and Firefox.

But when I try loading it from another Samsung tablet using Android V7.0 (Nougat), nothing loads. Only a blue bar appears, but nothing else loads.

As I was trying different things with it to narrow down the problem, I added a password and some PHP echo lines in the body, I get asked for the password but the PHP echo lines and other javascript commands are not executing. As if the tablet does not allow the javascrips and PHP lines to be executed. The changes are visible from windows browsers and Marshmallow tablet.

Any suggestions?

There are already the arrays $disallowed_extensions and $hidden_extensions which allow blacklisting showing or uploading extensions. But I want to show files of only one type, so it's easier for me to just give the list of the extensions that I allow instead of the ones that I disallow.

Thanks for great code.

This works perfectly on my home server.
No issues on firefox, but it does not move to unicode directory on iphone.
For example, the name of directory is correctly shown as following.

Home > 유니코드

but iphone shows as following

Home > %EC%95%82....

and no file is shown.

It doesn't list nothing when there is a folder with special characters like á, é, ã, õ...
Just "crashes". No php errors. Only say "Uncaught TypeError: $(...).tablesorter is not a function
jquery.min.js:16 Uncaught TypeError: Cannot read property 'success' of null".

Please tell me how to remove the delete function also with the delete button on index.php

here is comprehensive PHP file manager.
Add those functions to your filemanager too.

Can you add a feature which allows me to set the default folder so it could be another folder other than the same on as the file is in as i would like to save files that my users upload into a file called folder which is at ./user/files/$_SESSION['UserName']/ where as my file browser is at ./user/dashboard/filemanager

could be very great if can upload form url

you can implement the transition to the root directory ".."
For example, file simple-file-manager(inidex.php) is in the directory "file_manager" and you need to return to the level above.

Hi,

Delete button doesn't seem to work on IE 11. When click on it nothing happens.

The link # is not understood by IE, maybe need to change for a form?

Hello,
thank you much for your utility.
Please consider, especially on large dir to avoid a refresh and rescrolling, to allow to delete more than one file in one operation (ie. mark multiple files and then delete button).
thanks you much

Am I missing something here?

I don't see how one is supposed to upload any files. Dragging items into the page doesn't seem to do anything either, and there are no javascript errors in the console or any scripts that failed to download. Tried with latest Chrome and Firefox, no difference. This is using the latest master source, and $allow_upload is set to true per the default.

I have the following problem: On my server, I have multiple instances of index.php each of which have different passwords. But when I log in into one of them, the server also lets me log in into all the others although I might not know their passwords. This is a security bug if I use multiple instances of index.php.

I am enjoying this code and using it in conjunction with IFM.

However, I have two feature requests:

• Make a responsive interface that looks good on mobile browsers. It isn't too bad now, but could be a lot better
• Integrate a simple file editor for text files.

Thanks!

I can create/delete UTF8/Chinese directory, but can not change to it.

I setup the test account
https://file.wonghome.net/test/

Hi, is there a simple way to hide subdirectories from listing?

Forked here - https://github.com/xcartmods/simple-file-manager

Screenshots

ADDITIONS...

• New security setting - $THIS_FILENAME
• New security setting - $PASSWORD_STRONG
• Bootstrap v4, Bootswatch themes ($bootswatch_theme), responsive
• New login form
• Images replaced with FontAwesome icons
• Icons for specific file types
• Modals for image, video and audio file types, all other files types load in new tab
• Optional advanced lightbox for image files ($lightgallery)
• Delete file confirm dialog setting ($delete_confirm)
• App title setting ($app_title)
• Full width layout setting ($full_width)
• Copy link setting ($copy_link)
• Home, refresh and logout buttons
• Tested with PHP v7.3

a Rename feature is really necessary... and a Search feature would be nice too... not to mention, a Drag and Move feature would pretty much complete this simple file manager !!

also, thanks for this script, simple and awesome at the same time !!!

Two Feature Requests

Rename

Edit

thx

I checked and found a problem in line 434, should be $allow_create_folder instead $aloow_upload.

Hello,
I don't use it now but before installation I would like to know :
Can I rename files and folde?

Add possibility to edit files ? (php, html, css, txt, md)

Add confirm before Delete ? (My mouse can be nervous !)

Great app for beginners by the way

Cordialy - nib

The Script Works Fine On Home, But When U GO To A Directory It Doesn't Show The Files Inside Of It

But There Is No Issue For My Friend, Only For Me

Here Is The Example

This Won't Work
http://besoeasy.com/data/#[JulesJordan]%20Abella%20Anderson%20%28Anal%20Cruising%20South%20Beach%29%20[XXX]%20x264

This WIll

http://besoeasy.com/data/[JulesJordan]%20Abella%20Anderson%20%28Anal%20Cruising%20South%20Beach%29%20[XXX]%20x264

I think it will be a good idea to hide "Create new folder" menu, if "$allow_create_folder = false;" is set.

how to change the working directory

I have the following structure:
/
/ admin - here's the simple-file-manager
/ images - here are the files it should manage.

Where do I change the working path of the script?

First time user, I would like to use SFM for an admin page.

When I launch the file I get Failed to load resource: the server responded with a status of 403 (Forbidden)

{"error":{"code":403,"msg":"XSRF Failure"}}

What could this be please ?

Is there a setup tutorial somewhere ? The information provided on the Github page are not enough for me to understand. It only says to copy the index.php file

Description

I found this bug in a fork of this software. It allows every registed user to download any file at the webserver root.

How to reproduce

• Open <YOURPAGE>/index.php?do=download&file=index.php

Possible Solution

I think you should add a check if the filetype is allowed. Otherwise it's possible to download the index.php file and follow each include until you reach something interesting

https://github.com/jcampbell1/simple-file-manager/blob/master/index.php#L113

hi
I added language support by the following changes:

• For RTL i add line after 208 line
  td.empty { color:#777; font-style: italic; text-align: center;padding:3em 0;}
• For characters in different languages:
  In line 61 $file = urldecode($_REQUEST['file']) ?: '.';
  And
  In line 410 .append( $('<a/>').attr('href','#'+base+v).text(decodeURI(v)) );

Just a note that if the file manager directory is not writeable (ie. the web server does not have permission to write to the directory/folder) there is no explanation, the upload box just disappears. It took me a few minutes to work this out.

Would be more user friendly to add an informational message if the directory/folder is not writeable so as not to confuse the new user.

I upload a file, but show the tips of 'exceeds max upload size of 2.0 MB',
so how to remove restrictions of the max upload size ?

Hi, I'm working on OS X and I'd like to hide .DS_Strore file, I've tried in hidden extensions settings with ''(empty) but doesn't work. Thanks in advance.

I ran this class on php5, it works but there is only one thing, that it has some errors "Undefined variable", I solved this problem by using isset(), to all the $REQUEST $POST variable.
Thanks,

Can u add a function for following Symlinks?

I added my Usb drive with a symlink to my www dir and i cant open the directory.

Dear Nico

I will be thankful if you provide me same code using object-oriented approach.

index.php
line 434
replace
<?php if($allow_upload == true): ?>
with
<?php if($allow_create_folder == true): ?>

HI, I find it (simple-file-manager) very simple and useful, thank you.

One I missing feature is recursive upload.
It is much simple and useful, if it support drag directory to recursively upload.

Thank you and your nice software.

First of all - great tool, thanks for creating it.
The problem I have is that directories whose name contain a plus character cannot be listed. This is the error response:

{"error":{"code":412,"msg":"Not a Directory"}}

However files whose filename contain a + can be downloaded without any problem.

Hello,

Can someone please help me solve this server error. The error happens when I try to download any file from the server to the desktop when using the Chrome browser. The line where the error is happening is 116. I guess I am missing something here, but I don't know what it is.

116: header('Content-Type: ' . mime_content_type($file));

When I use the Firefox browser, I just get a blank page with nothing in it.

There really needs to be some way to change/configure the working directory. This is a really awesome system, however it's use is very limited without the ability to choose where the "home" directory is. This is definitely on my watch list, but I can't use it until there is some kind of feature allowing me to change the directory.

I'd Like to disable file uploading for users and simply not show the thing at the the top. How would I do so.