Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by KnowledgeWoods Consulting
KnowledgeWoods Consulting
5,607 Points

How do I recursively delete a directory and its entire contents Using php

How do I recursively delete a directory and its entire contents Using php

3 Answers

Robert Bojor
PLUS
Robert Bojor
Courses Plus Student 29,439 Points
Robert Bojor
Robert Bojor
Courses Plus Student 29,439 Points

There isn't a straight way to delete a folder and its contents recursively in PHP so a function like the one below should do the trick.

function deleteDirectory($dir) { 
        if (!file_exists($dir)) { return true; }
        if (!is_dir($dir) || is_link($dir)) {
            return unlink($dir);
        }
        foreach (scandir($dir) as $item) { 
            if ($item == '.' || $item == '..') { continue; }
            if (!deleteDirectory($dir . "/" . $item, false)) { 
                chmod($dir . "/" . $item, 0777); 
                if (!deleteDirectory($dir . "/" . $item, false)) return false; 
            }; 
        } 
        return rmdir($dir); 
    }

// call it like: deleteDirectory('/var/www/site.com/folder_to_delete');
// It will remove all files and folders inside that folder and finally the initial folder itself

You have to call it with the full filesystem path in order to work. Please be careful not to delete the folders you need while testing - Treat it like a ticking bomb :)

KnowledgeWoods Consulting
KnowledgeWoods Consulting
5,607 Points

This one worked for me but now i am in little worried situation here. Suppose i provided a sub directory on my webserver to one of my new team mate so that he can access it via FTP. Although he just got access to that particular directory but he can delete every file on my server using the same script. deleteDirectory('/var/www/site.com/'); Is there any way to overcome this security threat????

Robert Bojor
PLUS
Robert Bojor
Courses Plus Student 29,439 Points
Robert Bojor
Robert Bojor
Courses Plus Student 29,439 Points

Normally, users have to be jailed to their home folder when they connect through FTP to your server. This way, you can have some sort of security by not letting them access any other files outside their folder.

If the function you are worried about is located somewhere outside their reach, in terms of include / require_once then everything should be ok, since they won't be able to use it. However, if you need to give them access to this function, I guess you will just have to trust them that they won't abuse it.

I currently manage 4 servers and the only allowed users to connect through SSH to them are me and the owner of the servers. There are plenty of FTP users on them, but each user has its own home folder, and if they need a folder to upload images into their website, there's nothing else that they can do since that's all they see, images.

KnowledgeWoods Consulting
KnowledgeWoods Consulting
5,607 Points

But what will happen if the FTP user of your server upload a php file containing uplink($_SERVER['DOCUMENT_ROOT'].'/*') and run the php file from their browser. It can delete all the files in the root of the server.

Robert Bojor
Robert Bojor
Courses Plus Student 29,439 Points
Robert Bojor
Robert Bojor
Courses Plus Student 29,439 Points

That won't happen because every user has his own rights to write only in that folder. The web server can read these files but the user can't remove the other files, plus the users, as I said, are jailed to their home folder, not the site root folder.

For example, the site's files are located in "/var/www/site.com/" and in that folder there's another called "images". The user connecting through FTP will be thrown straight in the images/ folder, and he can't go up a level. If he decides to delete all his files, that's his problem, he is the owner of the website afterall.

Couple this with strong passwords for the ftp accounts and you should have a good enough security measure against other users trying to delete files from your sites.

KnowledgeWoods Consulting
KnowledgeWoods Consulting
5,607 Points
KnowledgeWoods Consulting
KnowledgeWoods Consulting
5,607 Points

Hi Robert, I am in a strange situation here. Your unlink code worked fine for me on my Amazon server. But when i tried to delete files on my test server which is using static IP it couldn't delete any of the files. Is there any security setting which is protecting the files on my test server?