AJAX File Manager for your Admin Control Panel (XF1) 1.0

[Nerbert]

Nerbert submitted a new resource:

AJAX File Manager for your Admin Control Panel (XF1) - AJAX file manager for the Development section of your admin control panel

This product was designed and tested on a Linux server. I have no access to a Windows server and can't test it on one. If anyone wants to test this on a Windows server I would appreciate any feedback.

This product places an AJAX File Manager in your admin CP in the Development section.

File Manager Functions:

• New Folder
• New File
• Compress (zip archive)
• Extract (zip archive)
• Download
• Upload (four files)
• Permissions...

Read more about this resource...

 

[RSI]

For the life of me I cannot figure out what is supposed to go in the Path to Directory Tree box. I've tried several things that I think it should be but nothing works and it gives me an error. Can you please give me an idea or sample? I'm trying to make it open within my root directory but it doesn't seem to work.

 

[RSI]

If I use /home/me/public_html/library/FileManager I can get in, but how to navagate to my root directory instead?

 

[Nerbert]

It looks like you would want just /home/me/public_html. You don't want to go all the way down to FileManager.

I asked my other admin about general structure for websites and it varies so much it's hard to give any general advice. Can you screenshot the directory tree with that setting left blank?

 

[RSI]

The only way it comes up and works is if I use that long path to the FileManager folder

/home/me/public_html/library/FileManager
Works

/home/me/public_html/library
Doesn't work

/home/me/public_html
Doesn't work

If I leave it blank it just times out with the below error...

Fatal error: Maximum execution time of 30 seconds exceeded in /home/me/public_html/library/FileManager/Model/FileManager.php on line 55
.

 

[Nerbert]

Sorry I wasn't able to respond sooner. The power's been out here from a wind storm.

That first path should only show File Manager files, right?

I'm definitely not an expert on set up, my other admin does that. I write code and that's as far as I can go.

When you upload an addon what's the directory name that contains library, js and style? public_html?

Try /home/me or /home or just / . The worst that can happen is another time out error.

 

[RSI]

I had already tried all of that and the only thing that works is the long path to the FileManager folder.

My guess is its a server permission issue and the add-on needs the ability to login with your webhosting credentials. Like what you login with for ftp.
.

 

[Nerbert]

Can you post an image of the full directory tree from cPanel or ftp or any other source? On an old hosting service I used to use with vBulletin there were two locations with the active files in them. I'm wondering if it could be something like that.

I've had no issue with having to log in on my site. Could it be a file owner or group issue?

 

[RSI]

All under /public_html

I think it’s works within the FileManager folder because that's running inside of the xenforo application, but to get out of it, like to your main root directory probably requires logging on with your webhosting credentials. That’s my best guess. The server in not mine, I'm on a shared server via a business webhosting plan and I'm not changing the folder or file permissions to make it work because it wouldn't be safe.

 

[RSI]

I'm guessing you might need to add the below fields to the File Manager Admin settings.



I think it does actually make sense because within the library folder there is the .htacess file which blocks activity into that folder directly and then the permissions of my public_html folder cannot be altered because the hosting company runs a cron every night to set all of the permissions of the public_html folders on the server back if you change it. They do it for security reasons. The only way around it might be to add the login fields above.
.

 

[Nerbert]

I was wondering if it was your .htaccess file. Can you post its contents? This is an area I know practically nothing about as I haven't had any problems with this. I used to be on shared hosting with an early version of this on vBulletin and everything worked fine.

Frankly, I don't know if I'm educated enough to figure this out but I'll give a try.

 

[RSI]

I was wondering if it was your .htaccess file. Can you post its contents?

Here's the one in my main root. The names have changed to protect the innocent

# FORCE NON-WWW
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.mydomain\.net [NC]
RewriteRule ^(.*)$ http://mydomain.net/$1 [L,R=301]
</IfModule>
# END FORCE NON-WWW

# START SSL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 90
RewriteRule ^(.*)$ https://mydomain.net/$1 [R,L]
</IfModule>
# END SSL

# START MOD SECURITY
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
# END MOD SECURITY

# START XENFORO
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
# END XENFORO

# START ACP PROTECTION
<FilesMatch "admin.php">
AuthType Basic
AuthName "ACP"
AuthUserFile /home/me/.htpassword
require valid-user
</FilesMatch>
# END ACP PROTECTION

# START CONFIG PROTECTION
<FilesMatch "config.php">
deny from all
</FilesMatch>
# END CONFIG PROTECTION

# HOTLINK PROTECTION
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|tiff|pdf|mp3)$ - [F,NC]
</IfModule>
# END HOTLINK PROTECTION
.

 

[Nerbert]

Yikes!

I find it strange your hosting service has this tailored to XenForo. It looks like they would have had to do quite a bit of research to do it.

Does your hosting service have a forum where you can ask about this and explain what you're up to? File Manager uses ordinary filesystem functions for this and uses scandir() to generate the directory tree. Maybe they can help, but on the other hand they may say "Hell no, we're not going to help you sabotage our security set up!". If you do post anything send me a link by PM. Although I really don't understand all that htaccess stuff it looks like your hosting service isn't going to let you do this.

 

[RSI]

That .htaccess is mine, I created it. They only thing the hosting company does or changes is the permissions on the public_html folder each night which is the root folder the .htaccess. file is in, but that really shouldn't affect anything. My hosting company really doesnt support xenforo, but there is nothing there that stops it from working.

This is a really cool add-on and I think if you figured out a way to add those fields to the File Manager Admin settings so it would log on when it comes up it would probably override everything and solve the problem. It would just need to connect like an ftp client application.
.

 

[Nerbert]

I don't think any kind of log in for ftp would affect AJAX.

When you say the hosting service changes permissions do you mean the numerical permission values like 0755 or 0644, etc? If so what values do they set them for folders and files?

I looked at this http://extplorer.sourceforge.net some years ago and didn't like it because it used EditArea, which is agonizingly slow on large files. This project started out simply to get a faster editor for my very slow connection and inadequate PC. It eventually evolved into a full file manager. EXTplorere uses either ftp or AJAX. I have an old copy in my junk pile I can look at to see if I can get an ftp connection to work but don't hold your breath.

 

[RSI]

They change the permission value to 750 each night via a cron on the public_html folder, but I don't think that should cause the issue.

Since the add-on comes up and works when its directed to the FileManger folder that means it is working, but it’s probably a permission issue via the server itself and trying to move out of the FileManager folder just isn’t going to work without the login credentials. I could be wrong, but it’s the only thing that makes sense at this point.

Has anyone else tried this add-on yet?
.
.
.

 

[RSI]

Here some final info...

I can make the add-on work if its directed to the other folders like data, styles, etc. but it won’t work when directed to the public_html root folder. It times out and gives that error.

I’m wondering now if it's just really slow because it’s trying to find everything in the root using scandir() to generate the directory tree? Maybe it’s just so large that's it’s timing out?
.

 

[Nerbert]

I don't think that perm value is the problem either but you could change it to 0755 temporarily and see what happens.

Maybe it's your own htaccess that's causing the problem. Could you comment out most of that for a test?

I’m wondering now if it's just really slow because it’s trying to find everything in the root using scandir() to generate the directory tree? Maybe it’s just so large that's it’s timing out?

What's weird here is the line where it times out is just getting the basename, i.e., whatever comes after the last slash, which is the folder name that's supposed to be displayed in the dir tree. Why that function would time out is a mystery to me. I've never had a time out problem with scandir(). I have two old vBulletin dev sites, a XenForo dev site and a XenForo active site and I can get the dir tree for it all with no problem.

If anyone else is having a problem with this I would like to know.

 

[RSI]

Give me some time to play with that a little. I'm currently at work. I'll play around with it some more tonight and see what happens.

 

[Nerbert]

Okay, I'll keep an eye on this thread.