Check if a file folder contains certain extensions

PHP English

Security is one of the most important issues in web applications. Failure to check uploaded files can lead to the installation of files that can damage your system. In this article, we will learn how to create a system that uses PHP to scan file extensions in a specific folder and alert when it finds files with specific extensions.

Scanning PHP file extension in folders and atl folders

In this article, we will develop a PHP application that scans a folder called uploads and its subfolders. If a file with .php extension is found, the system will issue a warning and show the path to the found file. This is a useful security measure to detect the presence of unwanted PHP files in the uploads folder.

Step 1: Let's code a function to search for extensions in the 'uploads' folder and its subfolders.

<?php

function check_uploads_files($dir){
    if (file_exists($dir)) {
      $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir));
      $phpFiles = [];
      foreach($files as $file){
          if (pathinfo($file, PATHINFO_EXTENSION) == 'php') {
              $phpFiles[] = $file->getPathname();
          }
      }
      return $phpFiles;
    } else {
      echo "uploads Folder not found! In this case the application will not work!";  
    }
  }

  $uploadsPath = "uploads";
  $check_uploads_files = check_uploads_files($uploadsPath);

?>

Step 2: If a file with .php extension is found in the 'uploads' folder, let's give a warning and specify in which directory the files with .php extension are located.

<div class="widget-body">
    <?php if (!empty($check_uploads_files)) { ?>
    <p><b>Warning:</b> Malware found in the 'uploads' folder or its subfolders!</p>
    <p>Bulunan dosyalar:</p>
    <?php foreach ($check_uploads_files as $file) { ?>
    <ul>
        <li><?= $file; ?></li>
    </ul>
    <?php } ?>
    <?php } else { ?>
    <p>Everything's fine: No malware was found in critical areas.</p>
    <?php } ?>
</div>

In this article, we learned how to create a system that uses PHP to scan file extensions in a specific folder and alert when it finds files with specific extensions. This is an effective way to detect unwanted PHP files in your installation folder.

Now you can integrate this system into your application and improve file security. The code can be customized and improved according to your needs. If you have any questions about this, please share them in the comments section.


Yorumlar (0)

    Bu yazıya henüz bir yorum yapılmamış! İlk yorum yapan sen ol!