Im new to PHP so please be gentle...

Im trying to make a script that allows a user to enter a user name and pass, but no path, the path should be hidden from the user.

I want them to only be able to view whats in the folder I direct them to and upload a file plus not be able to browse, edit or create other folders.

All the scripts I found allow the user to insert a path to the server and allows them full access to all the folders, which I dont want.

Can I do that? or am I asking to much?

Samples would be nice.


hello kamui,

a part of your answer:
- identification of user
- read all the files/directory of a directory
- read a file for the transfert
- display only files on the list (actually all elements appears file & dir.)

find it on

see you, and hope that help you,



$logins = array(
        "user" => "php",
        "login" => "pass"

# quick check of user
function check_user ($log, $pas) {
  global $logins;

  if (($logins[$log] == $pas) && !($log == "") ) {
    return 1;
  } else {
    return 0;

# read directory 
function read_dir ($path) {
  global $PHP_SELF,$login,$pass;

  $ls = popen ("/bin/ls $path", "r");
  echo "The link does not open the file<BR>\n";
  while (!feof($ls)) {
   $buffer = fgetss($ls, 4096);
   #here the link to read the file
   echo "<A HREF=$PHP_SELF?login=$login&pass=$pass&read=$buffer>$buffer</A><BR>";

if (isset($login) && (check_user($login,$pass)==1)) {
 echo "welcome $login<BR>";
 read_dir ("/var/cache/man/X11R6");
} else {
 echo "for test try:<BR>\nlogin = user<BR>\npass=php<BR>\n";
 echo "<FORM ACTION=$PHP_SELF>\n";
 echo "Login : <INPUT TYPE=TEXT NAME=login><BR>\n";
 echo "Pass : <INPUT TYPE=TEXT NAME=pass><BR>\n";
 echo "<INPUT TYPE=submit value=\"Identify\">\n";
 echo "</FORM>\n";

ahh... ok .. i see .. so sed to coding in html so i thought the server entry had to be hidden ala like a form would do , so i got it all wrong...

thanks now i have to do 1 more thing and I should be good to go thanks