*note*
This project now has its own page, please see:
While going thru my old projects to see which would be of any use to the open-source community, i came along an old project of mine, WebFM (Web File Manager).
I was applying for my previous job when i was asked to write a filemanager demonstrate my php abilities, the time alloted for this undertaking was 2 days, and i’m sure they wanted something a lot simpler, so i may have gone a little over the top when writing this, but i did feel i had a point to make 
Its Written for PHP 4, but i’m sure with some minor modifications it can be made to work fine with PHP 5.x too.
You can download the tarbal locally: webfm-0.1.tar.gz
or via google code’s download
Google code project page: http://code.google.com/p/webfm/
Subversion repository: http://webfm.googlecode.com/svn/trunk/
To configure the file manager for all virtual hosts and hide the script from the virual host’s document root:
Place fm.php in a dir outside of the document root (for example /var/www/fm.php, and the images in /var/www/fmicons).
Then configure Apache aliases in your httpd.conf to access them as such:
Alias /filemanager “/var/www/fm.php”
Alias /fmicons/ “/var/www/fmicons/”
It tries to be security conscious, stores its passwords outside of the webroot (must have feature), and is very simple to configure for mass-hosting environments.
Hi Chris,
WebFM looks GREAT! One question: What’s the best way to change the root directory to some subdir?
For example, I have an area I allow clients to access:
http://xxxxxx/clients/Acme/
and I’d like to use WebFM as a simple CMS for my client’s files:
http://xxxxxx/clients/Acme/filemanager/
for example, and “lock” the root to “…/clients/Acme/”
Thanks,
-david
Hi David, glad to hear your enjoying WebFM!
First make a cop for this client, forinstance copy fm.php to /var/www/fm-acme.php.
Then to restrict someone to where they can browse, change this setting in that fm-acme.php:
$conf_chroot = $_SERVER['DOCUMENT_ROOT']; // Set this manualy to ” or any other given path to alow browsing outside of the webroot
Forinstance in your situation you would set it to:
$conf_chroot = $_SERVER['DOCUMENT_ROOT'].”/Acme”;
Or you could use an absolute path like:
$conf_chroot = “/var/www/html/www.acme.com/Acme”
Then setup the aliases for that virtual host:
ServerName http://www.acme.com
DocumentRoot /var/www/html/www.acme.com
Alias /Acme/filemanager “/var/www/fm-acme.php”
Then everything should be setup the way you want it, hope this is of some help!
Thanks, this helps, but I can’t use DocumentRoot — rather than support multiple virtual hosts, I’d like to support multiple subdirectories off of one host. I.e.
http://www.MyCo.com/clients/Acme1/filemanager
http://www.MyCo.com/clients/Acme2/filemanager
http://www.MyCo.com/clients/Acme3/filemanager
where MyCo is my company/URL and Acme1, Acme2, and Acme3 are my clients. I’d like to restrict each client to his subdirectory. I’m using Apache for Authentication.
Thanks.
Well unfortunatly the configuration for fm.php isn’t that flexible yet that it supports per-login chroot settings.
However you could just make 3 copies of fm.php, and set the chroot for each one to the relevant client folder, and alias fm-acme1.php to Acme1/filemanager, fm-acme2.php to Acme2/filemanager, etc..
I set this handy script up just for a quicky webdisk function, no virtual hosts or anything. However, the chroot was set to a directory off document root, e.g. $conf_chroot=’webdiskdir’ for /var/www/html/webdiskdir. This seems to bring up a bug where the direct http link to a file is missing the chroot part, i.e. the physical file /var/www/html/webdiskdir/file1 shows up with href=http://web.server/file1, instead of href=http://web.server/webdiskdir/file1. This issue was similar for created subdirectories. I was able to make a slight code change which fixed the above problem and didn’t obviously create any new ones:
In draw_files, for the echo of each file (specifically the line with the “target=_new” directive), I changed $current_path to $path (seeing as how $path was set earlier to include $conf_chroot).
On the other hand, since I know little of php, maybe I did something wrong that ended up looking like it was instead right.
Let me know.