Home/ Questions/Q 6237267
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T10:59:49+00:00

Hi I’m making some kind of file explorer on PHP and I’d like for

  • 0

Hi I’m making some kind of file explorer on PHP and I’d like for example if I have a root folder like this:

/ (root)
|
|
|---home
      |
      |
      |---user
           |
           |
           |---folder
           |
           |---folder1
           |
           |---file1

Now how I would do so user would be only able to browse files inside /home/user/ and would not be able to do for example cd ../../ and go outside? Thanks a lot 🙂
This is the code I use for the cdcommand:

<?php
function cd($actualdir, $dir) {
    //echo $actualdir.$dir."<br>";
    if($dir == "..") {
        $expdir = explode("/", $actualdir);
        $newdir = array_pop($expdir);
        $fulldir = "";
        foreach($expdir as $value) {
            $fulldir .= $value."/";
        }
        $fulldir = substr($fulldir, 0, -1);
        if($fulldir == "./rootfs/home") {
            return "permission denied";
        } else {
            return $fulldir;

        }

    } else {
        if(file_exists($actualdir."/".$dir)) {
            //echo $dir;
            return $actualdir."/".$dir;
        } else {
            return "no";
        }
    }

}

?>

BTW The root dir is just a directory on the web server root that should act as the system root for the shell

EDIT: Basically, if the user is user only allow him to enter to /home/user and its subdirectories. If the user is testonly to /home/test and subdirectories. That’s all

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use realpath($fulldir) to let the filesystem resolve relative paths (like .. and symbolic links).

    $fulldir = $actualdir . "/" . $dir;
$rootdir = "/home/user";
$length = strlen($rootdir);

$realdir = realpath($fulldir);
if ($realdir === false)
  return "file does not exist";

if(substr($realdir, 0, $length) != $rootdir)
  return "permission denied";

return "OK: $realdir";
    • 0