Recent Topics

[HACK] File manager with webadmin.php

Thread started by , Fri Apr 28, 2006 14:03 – Last touched: Fri Apr 28, 2006 14:03
Started by , 04/28/06

Apr 28, 2006 14:03    

I have integrated [url=]webadmin.php[/url] into the back-end as a file manager. I am not sure how useful this is since Phoenix already has a file manager, but I am so sick of people "persuading" me to switch to WordPress that I have decided to contribute whatever I have to the community. Hopefully someone will find it useful.

This hack was developed on v0.9.0.11.

1. Download [url=]webadmin.php[/url].

2. Add the lines enclosed between "B2EVO HACK" to webadmin.php (for login control and headers):


/* Filenames related to the apache web server:
$htaccess = '.htaccess';
$htpasswd = '.htpasswd';
/*-----------------B2EVO HACK---------------------*/
require_once( dirname(__FILE__). '/_header.php' );
require_once( dirname(__FILE__) . '/../conf/_admin.php' );
$admin_tab = 'uploads';
$admin_pagetitle = T_('File management');
require( dirname(__FILE__).'/_menutop.php' );
require( dirname(__FILE__).'/_menutop_end.php' );
$homedir = 'e:\your\b2evo\media\path';
/* ----------------END B2EVO HACK---------------- */
if (get_magic_quotes_gpc()) {

3. Add the lines enclosed between "B2EVO HACK" to webadmin.php, somewhere above "switch ($action)" (for preventing user from wandering outside the media folder):


/*-----------------B2EVO HACK---------------------*/
if ( ( strpos($directory, $homedir) === FALSE
     || strpos($directory, $homedir) != 0  )
     || ( !empty($_REQUEST['destination']) && $action != 'rename'
     && ( strpos(addslash($_REQUEST['destination']), $homedir) === FALSE
     || strpos(addslash($_REQUEST['destination']), $homedir) != 0) ) )
   $directory = $homedir;
   listing_page('<tr id="error"><td>Permission denied</td></tr>');
/* ----------------END B2EVO HACK---------------- */
switch ($action) {
case 'view':

3. Upload the edited webadmin.php to your b2evo/admin folder.

4. Modify _menutop.php to show the file manager tab. Add the lines enclosed between "WEBADMIN HACK":


if( $admin_tab == 'tools' )
  echo '<li class="current">';
  echo '<li>';
echo '<a href="tools.php" >', T_('Tools'), '</a></li>';
/*-----------------WEBADMIN HACK---------------------*/
if( $admin_tab == 'uploads' )
  echo '<li class="current">';
  echo '<li>';
echo '<a href="webadmin.php" >', T_('File Management'), '</a></li>';
/*-----------------END WEBADMIN HACK---------------------*/

That's all. You should be able to access the "File Management" tab after you login.

May 13, 2006 18:57

Hi, I want to use this hack in 0.91, but i´ve got en error with :
permission denied
where must i give the ftp--Login and passwords into??
without password my server will never give any informations to fileManager....

May 15, 2006 05:49

Hi Wannhoff,

I think the login and password thingy is specific to apache servers. I am using IIS so I am not 100% sure how it works.

I suggest you try your server login name and password. If that does not work, try to add a line to webadmin.php:


if (!empty($_SERVER['SERVER_SOFTWARE'])) {
  if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
    $apache = true;
  } else {
    $apache = false;
} else {
  $apache = true;
//Add following line to disable authentication related to Apache server
$apache = false;

This should disable the authentication process related to Apache server. It should be safe if you have added the b2evo hack for login control.

I have not tested this yet because I am using IIS. Looking at the code it should not cause anything disastrous, but use at your own risk.

Form is loading...

blog engine – This forum is powered by b2evolution CMS, a complete engine for your website.