deblan-mirror/tinyfilemanager
deblan-mirror/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager synced 2026-03-14 12:45:51 +01:00
Code Issues Projects Releases Wiki Activity

Add user environment variable support

Browse source
This commit is contained in:
brittany mitchell 2025-12-20 20:05:37 -06:00
commit 936022476d
6 changed files with 237 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.env

3
Dockerfile
View file

@ -1,7 +1,7 @@
# how to use?
# docker run -d -v /absolute/path:/var/www/html/data -p 80:80 --restart=always --name tinyfilemanager tinyfilemanager/tinyfilemanager:master
FROM php:8.3.26-cli-alpine
FROM php:8.4.16-cli-alpine
RUN apk update && apk upgrade --no-cache
@ -15,5 +15,6 @@ RUN docker-php-ext-install \
WORKDIR /var/www/html
COPY tinyfilemanager.php index.php
COPY pwd.html ./pwd.html
CMD ["sh", "-c", "php -S 0.0.0.0:80"]

87
README.md
View file

@ -1,75 +1,44 @@
# Tiny File Manager
[![Live demo](https://img.shields.io/badge/Live-Demo-brightgreen.svg?style=flat-square)](https://tinyfilemanager.github.io/demo/)
[![Live demo](https://img.shields.io/badge/Help-Docs-lightgrey.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/wiki)
[![GitHub Release](https://img.shields.io/github/release/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/releases)
[![GitHub License](https://img.shields.io/github/license/prasathmani/tinyfilemanager.svg?style=flat-square)](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE)
[![Paypal](https://img.shields.io/badge/Donate-Paypal-lightgrey.svg?style=flat-square)](https://www.paypal.me/prasathmani)
![GitHub Sponsors](https://img.shields.io/github/sponsors/prasathmani)
This repository is built on top of [prasathmani/tinyfilemanager](https://github.com/prasathmani/tinyfilemanager). The manager can be ran using PHP, Docker, or Kubernetes.
> TinyFileManager is a versatile web-based PHP file manager designed for simplicity and efficiency. This lightweight single-file PHP application can be effortlessly integrated into any server directory, allowing users to store, upload, edit, and manage files and folders directly through their web browser.
With multi-language support and compatibility with PHP 5.5+, TinyFileManager enables the creation of individual user accounts, each with its dedicated directory. The platform also includes built-in functionality for handling text files using the Cloud9 IDE.
Featuring syntax highlighting for over 150 languages and more than 35 themes, TinyFileManager offers a comprehensive solution for file management in an online environment.
## Adding Users
<sub>**Caution!** _Avoid utilizing this script as a standard file manager in public spaces. It is imperative to remove this script from the server after completing any tasks._</sub>
> [!CAUTION]
> Do not use the example passwords in production environments, use the [Password Generator](pwd.html) to create unique passwords.
> Default username/password: **admin/admin@123** and **user/12345**.
## Demo
1. If running locally users can be added by setting the `USERS` JSON object array environment variable in `sample.env`, rename this to `.env`.
[Demo](https://tinyfilemanager.github.io/demo/)
```bash
#inside .env
USERS='{"admin": "ADMIN_PASSWORD_HASH","user": "USER_PASSWORD_HAS"}'
```
2. Set the environment variable `USERS` using a JSON object array `'{"USER_NAME": "PASSWORD_HASH"}'`.
## Documentation
Tinyfilemanager is highly documented on the [wiki pages](https://github.com/prasathmani/tinyfilemanager/wiki).
[![Tiny File Manager](screenshot.gif)](screenshot.gif)
## Requirements
- PHP 5.5.0 or higher.
- Fileinfo, iconv, zip, tar and mbstring extensions are strongly recommended.
## How to use
Download ZIP with latest version from master branch.
Just copy the tinyfilemanager.php to your webspace - thats all :)
You can also change the file name from "tinyfilemanager.php" to something else, you know what i meant for.
Default username/password: **admin/admin@123** and **user/12345**.
:warning: Warning: Please set your own username and password in `$auth_users` before use. password is encrypted with <code>password_hash()</code>. to generate new password hash [here](https://tinyfilemanager.github.io/docs/pwd.html)
a. Docker Compose - set in the `docker-compose.yml`
b. Docker - set on the system or pass in the value
c. Kubernetes - in the deployment YAML set using a secret with `envFrom` or as an environment variable
To enable/disable authentication set `$use_auth` to true or false.
:information_source: Add your own configuration file [config.php](https://tinyfilemanager.github.io/config-sample.txt) in the same folder to use as additional configuration file.
## How to run
:information_source: To work offline without CDN resources, use [offline](https://github.com/prasathmani/tinyfilemanager/tree/offline) branch
Run it locally within the directory with PHP.
### :loudspeaker: Features
```bash
# use the development server
php -S localhost:8080
```
- :cd: **Open Source:** Lightweight, minimalist, and extremely simple to set up.
- :iphone: **Mobile Friendly:** Optimized for touch devices and mobile viewing.
- :information_source: **Core Features:** Easily create, delete, modify, view, download, copy, and move files.
- :arrow_double_up: **Advanced Upload Options:** Ajax-powered uploads with drag-and-drop support, URL imports, and multi-file uploads with extension filtering.
- :file_folder: **Folder & File Management:** Create and organize folders and files effortlessly.
- :gift: **Compression Tools:** Compress and extract files in `zip` and `tar` formats.
- :sunglasses: **User Permissions:** User-specific root folder mapping and session-based access control.
- :floppy_disk: **Direct URLs:** Easily copy direct URLs for files.
- :pencil2: **Code Editor:** Includes Cloud9 IDE with syntax highlighting for 150+ languages and 35+ themes.
- :page_facing_up: **Document Preview:** Google/Microsoft document viewer for PDF/DOC/XLS/PPT, supporting previews up to 25 MB.
- :zap: **Security Features:** Backup capabilities, IP blacklisting, and whitelisting.
- :mag_right: **Search Functionality:** Use `datatable.js` for fast file search and filtering.
- :file_folder: **Customizable Listings:** Exclude specific folders and files from directory views.
- :globe_with_meridians: **Multi-language Support:** Translations available in 35+ languages with `translation.json`.
- :bangbang: **And Much More!**
For Docker, set the `USERS` environment variable in the system or pass in the value.
### [Deploy by Docker](https://github.com/prasathmani/tinyfilemanager/wiki/Deploy-by-Docker)
```bash
docker run --name tfm -p 8080:80 britslampe/tfm:2.0
### <a name=license></a>License, Credit
- Available under the [GNU license](https://github.com/prasathmani/tinyfilemanager/blob/master/LICENSE)
- Original concept and development by github.com/alexantr/filemanager
- CDN Used - _jQuery, Bootstrap, Font Awesome, Highlight js, ace js, DropZone js, and DataTable js_
- To report a bug or request a feature, please file an [issue](https://github.com/prasathmani/tinyfilemanager/issues)
- [Contributors](https://github.com/prasathmani/tinyfilemanager/wiki/Authors-and-Contributors)
# OR
docker run --name tfm --env USERS='{"admin": "ADMIN_PASSWORD_HASH"}' -p 8080:80 britslampe/tfm:2.0
```

198
pwd.html Normal file
View file

@ -0,0 +1,198 @@
<!DOCTYPE html>
<html lang="en"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="Web based File Manager in PHP, Manage your files efficiently and easily with Tiny File Manager">
<meta name="author" content="CCP Programmers">
<meta name="robots" content="noindex, nofollow">
<meta name="googlebot" content="noindex">
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
<title>TINY PHP5 PASSWORD HASH GENERATOR</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<style>
.code {
background: #e8e8e8;
border-radius: 5px;
padding: 10px;
margin-bottom: 10px;
}
pre { margin: 0}
.form-control:focus {
border-color: #28a745;
box-shadow: none;
}
</style>
</head>
<body class="bg-secondary">
<div id="wrapper" class="container-fluid">
<section>
<div class="row">
<div class="col-xs-12 col-sm-6">
<div class="card mt-4 mb-2">
<h5 class="card-header">TINY FILE MANAGER</h5>
<div class="card-body">
<h5 class="card-title">PHP5 PASSWORD HASH GENERATOR</h5>
<p class="card-text">PHP5 password_hash() is a predefined (built in) function on php 5.5 and above. Verifiable with password_verify() but non reversable.</p>
<form class="form-signin" action="" method="post" autocomplete="off">
<div class="form-row align-items-center">
<div class="col-sm-8 my-1">
<label class="sr-only" for="fm_pwd">Password</label>
<div class="input-group">
<div class="input-group-prepend">
<div class="input-group-text">Password</div>
</div>
<input type="text" class="form-control" id="fm_pwd" name="fm_pwd" placeholder="Enter your password" required="">
</div>
</div>
<div class="col-auto my-1">
<button class="btn btn-outline-primary btn-sm mr-1" id="js-new-pwd" title="Create random password">
<!--?xml version="1.0" encoding="UTF-8"?-->
<svg width="27px" height="27px" style="vertical-align: bottom;" enable-background="new 0 0 561 561" version="1.1" viewBox="0 0 561 561" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
<path d="m280.5 76.5v-76.5l-102 102 102 102v-76.5c84.15 0 153 68.85 153 153 0 25.5-7.65 51-17.85 71.4l38.25 38.25c17.85-33.15 30.6-68.85 30.6-109.65 0-112.2-91.8-204-204-204zm0 357c-84.15 0-153-68.85-153-153 0-25.5 7.65-51 17.85-71.4l-38.25-38.25c-17.85 33.15-30.6 68.85-30.6 109.65 0 112.2 91.8 204 204 204v76.5l102-102-102-102v76.5z" fill="#006DF0"></path>
</svg>
</button>
<button type="submit" class="btn btn-success">GENERATE</button>
</div>
<div class="col-10 mt-3">
<div class="form-group">
<label for="resultarea">PASSWORD HASH <img src="../img/30.gif" id="loading-image" class="d-none"></label>
<textarea type="text" class="form-control" rows="3" id="resultarea" readonly=""></textarea>
<a href="#/resultarea" id="copy-hash">Copy</a>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="col-xs-12 col-sm-6">
<div class="card mt-4 mb-2">
<h5 class="card-header">HOW TO USE</h5>
<div class="card-body">
<div class="code" role="alert">
<pre><code>$auth_users = array(
'username' =&gt; 'REPLACE YOUR GENERATED PASSWORD HERE'
);
</code></pre>
</div>
<p>or you can use directly use password with hash in <code>$auth_users</code></p>
<div class="code" role="alert">
<pre><code>$auth_users = array(
'username' =&gt; password_hash('password here', PASSWORD_DEFAULT)
);
</code></pre>
</div>
</div>
</div>
</div>
</div>
</section>
<div class="mt-5 text-center text-white">
—— © <a href="https://github.com/prasathmani/tinyfilemanager" target="_blank" class="text-white"> Tiny File Manager</a> ——
</div>
</div>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
<script>
function copyToClipboard(text) {
if (window.clipboardData && window.clipboardData.setData) {
return clipboardData.setData("Text", text);
} else if (document.queryCommandSupported && document.queryCommandSupported("copy")) {
var textarea = document.createElement("textarea");
textarea.textContent = text;
textarea.style.position = "fixed";
document.body.appendChild(textarea);
textarea.select();
try {
return document.execCommand("copy");
} catch (ex) {
console.warn("Copy to clipboard failed.", ex);
return false;
} finally {
document.body.removeChild(textarea);
}
}
}
function generate(l) {
if (typeof l==='undefined'){var l=8;}
/* c : alphanumeric character string */
var c='abcdefghijknopqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ12345679',
n=c.length,
/* p : special character string */
p='!@#$+-*_',
o=p.length,
r='',
n=c.length,
/* s : determinate the position of the special character */
s=Math.floor(Math.random() * (p.length-1));
for(var i=0; i<l; ++i){
if(s == i){
/* special charact insertion (random position s) */
r += p.charAt(Math.floor(Math.random() * o));
}else{
/* alphanumeric insertion */
r += c.charAt(Math.floor(Math.random() * n));
}
}
return r;
}
$("#js-new-pwd").on("click", function (e) {
e.preventDefault();
$("#fm_pwd").val(generate(10));
})
$("a#copy-hash").on("click", function (e) {
e.preventDefault();
var data = $("#resultarea").val();
if(!!data) {
copyToClipboard(data);
}
});
$('.form-signin').on('submit', function (e) {
e.preventDefault();
$("#resultarea").val('');
var pwd = $('#fm_pwd').val();
if(!!pwd) {
$.ajax({
type: "GET",
url: "http://tinyfilemanager.alwaysdata.net/pwd.php",
data: 'pwd='+pwd,
dataType: 'jsonp',
cache: false,
beforeSend: function() {
$("#loading-image").removeClass('d-none');
},
success: function(data){
$("#loading-image").addClass('d-none');
$("#resultarea").val(data);
},
error : function(){
$("#loading-image").addClass('d-none');
}
});
}
});
</script>
</body></html>

2
sample.env Normal file
View file

@ -0,0 +1,2 @@
# Remove this line: Replace the default passwords with unique ones. Open pwd.html in the browswer.
USERS='{"admin": "$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW", "user": "$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO"}'

12
tinyfilemanager.php
View file

@ -2,6 +2,9 @@
//Default Configuration
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"theme":"light"}';
// If running locally with PHP, use the env variable
// $env = parse_ini_file('.env');
/**
* H3K ~ Tiny File Manager V2.6
* @author CCP Programmers
@ -24,11 +27,8 @@ $use_auth = true;
// Login user name and password
// Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
// Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html
$auth_users = array(
'admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', //admin@123
'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' //12345
);
// Generate secure password hash - pwd.html
$auth_users = json_decode(getenv('USERS'), true);
// Readonly users
// e.g. array('users', 'guest', ...)
@ -213,7 +213,7 @@ if ($report_errors == true) {
// if fm included
if (defined('FM_EMBED')) {
$use_auth = false;
$use_auth = true;
$sticky_navbar = false;
} else {
@set_time_limit(600);