PHP/HTML indexing?
 

Is there a way with PHP to generate HTML of an index?

Lets say there are 50 files in root/goat_cheese/ and I dont like having indexing turned on. How do I get PHP to output an HTML file that lists these 50 files without letting someone know the dir name.

It would be a nice security feature.

~k_day64

Crap, this is in one of my books on how to do it.
Here's a recursive one:
http://www.phpbuilder.com/snippet/do...snippet&id=747
Here's another:
http://www.phpbuilder.com/snippet/do...snippet&id=726
I'm sure with a little tweaking, you could get either to work.

Hmm, sounds like "security through obscurity" which by itself is a Bad Thing (tm).

What security concerns do you have?

I dont like the thought of ppl knowing my dir structure becasue it is based of the FTP users and I dont want their logins know.

~k_day64

You can use PHP's directory functions to open any directory that the webserver user has read access to, including dirs outside of the web root. Open a directory, get a listing of files, then return that listing without naming the directory. If you're worried about your interpreter going belly up and spewing out your raw code (with file paths and all), you can also put your directory parsing functions in a file outside of your web root and "include" that file in your script. Even if your PHP code is readable, they'll get no directory names.

Hopefully I understood your concerns and this advice is helpful.

Depending if you have enough access rights to your server, you could set up your server to automatically use the forementioned code instead of the "No directory listing allowed" html.

Well, actually, it's not, really. Security through obscurity refers to closed-source methods, not by using tried-and-tested techniques to secure something.

Arguably not. The NSA Tier 1 algorithms are apparently pretty good. All that we know about them is an estimate of key and block size, as well as a name.
So, it's a question of resources, if you have a larger budger than the CIA and more computing power than 20 earth simulators, then you're likely safe to stick to closed source :)
Well, he doesn't want people poking around his directories, which is fair, particularly if he has stored passwords for php or something.

anyway, my solution would be to remember to use dud index.html in all sub directories as well, because image urls and things reveal part of the directory structure.

It all depends what level you're aiming for. If you really want to go for it, you could use a keyed method for generating urls (the key in php, with the links opened in js).