A secure, single-file PHP web application that provides a comprehensive file management interface with authentication, allowing users to list, upload, download, create, rename, and delete files and directories.
This PHP file manager is designed as a secure alternative to basic directory listings, featuring session-based authentication, CSRF protection, and comprehensive security measures. It's contained in a single PHP file for easy deployment and includes mobile-responsive design for modern usage.
- Session-Based Authentication: Secure login/logout with configurable credentials
- File & Directory Listing: Paginated display with sorting and navigation
- File Upload: Support for multiple file uploads with size limits and type validation
- Directory Management: Create, rename, and delete directories with confirmation prompts
- File Operations: Download, rename, and delete files securely
- Breadcrumb Navigation: Easy navigation through directory structure
- Pagination: Efficient handling of large directory contents
- CSRF Protection: Token-based protection against cross-site request forgery
- Input Sanitization: Prevention of directory traversal and injection attacks
- Path Validation: Strict validation of file paths within base directory
- Secure File Handling: Safe upload and download operations
- Session Management: Proper session handling with logout functionality
- Audit Logging: Comprehensive logging of all user actions
- Mobile Responsive: Optimized for mobile devices with touch-friendly controls
- Clean Design: Simple HTML/CSS interface with user-friendly messages
- Error Handling: Comprehensive error messages and validation feedback
- Modal Dialogs: Confirmation prompts for destructive actions
-
Prerequisites:
- PHP 7.1 or higher (tested up to 8.2)
- Web server (Apache, Nginx, or built-in PHP server)
- Write permissions for the base directory
-
Deployment:
# Copy filemanager.php to your web directory cp filemanager.php /var/www/html/ # Ensure proper permissions chmod 644 filemanager.php
-
Start the Server (for development):
php -S localhost:8080 filemanager.php
Edit the constants at the top of filemanager.php:
define('BASE_DIR', './files'); // Base directory for file management
define('MAX_FILE_SIZE', 30 * 1024 * 1024); // 30MB max file size
define('USERNAME', 'admin'); // Login username
define('PASSWORD', 'admin123'); // Login password
define('LOG_FILE', 'filemanager.log'); // Audit log fileThe script automatically creates the base directory if it doesn't exist. Ensure your web server has write permissions:
mkdir files
chmod 755 files- Navigate to
filemanager.phpin your web browser - Login with configured credentials (default: admin/admin123)
- Use the interface to manage files and directories
- Upload: Use the file input to select and upload files
- Download: Click the "Download" link next to files
- Rename: Click "Rename" and enter new name in the modal
- Delete: Click "Delete" and confirm in the modal
- Create Directory: Enter directory name and click "Create Directory"
- Use breadcrumbs to navigate up the directory tree
- Click on directory names to enter them
- Pagination links appear for directories with many items
- CSRF Tokens: All forms include unique tokens validated server-side
- Path Sanitization: Input paths are cleaned to prevent traversal attacks
- Directory Containment: All operations are restricted to the base directory
- Session Security: Proper session management with regeneration
- Input Validation: All user inputs are validated and sanitized
- Change default credentials before deployment
- Use HTTPS in production
- Regularly review audit logs
- Keep PHP and server software updated
- Restrict file permissions appropriately
All actions are logged to filemanager.log with format:
YYYY-MM-DD HH:MM:SS - ACTION - DETAILS - IP: xxx.xxx.xxx.xxx
- PHP Core: File system functions, sessions, hashing
- Optional: ZipArchive extension (not used in current version)
- Web Server: Any server supporting PHP
- Initial release with full file management capabilities
- Session-based authentication with CSRF protection
- Mobile-responsive design with touch-friendly interface
- Comprehensive security measures and audit logging
- Single-file deployment for simplicity
- Built as a secure replacement for basic directory scripts
- Incorporates mobile optimization and modern security practices
- Designed for easy deployment and configuration
- Tested with PHP 7.1+ and various mobile devices
Login not working:
- Verify username/password constants
- Check PHP session configuration
- Ensure cookies are enabled
Upload failures:
- Check file size against MAX_FILE_SIZE
- Verify web server upload limits (php.ini)
- Ensure write permissions on base directory
Permission errors:
# Set proper permissions
chmod 755 files/
chmod 644 filemanager.phpMobile display issues:
- Ensure viewport meta tag is present
- Check for conflicting CSS
- Test on actual mobile devices
Add temporary logging for debugging:
error_reporting(E_ALL);
ini_set('display_errors', 1);For production deployment, ensure:
upload_max_filesizeandpost_max_sizein php.ini are sufficientsession.save_pathis writable- Appropriate file permissions
This script is provided as-is for educational and personal use. Please review and comply with your local laws and regulations regarding file management and security.
For issues or questions:
- Check the troubleshooting section
- Review server logs
- Verify configuration settings
- Test with minimal setup
Security Notice: This script implements multiple security measures, but no system is completely secure. Use appropriate security practices and keep software updated.