A self-contained, password-protected PHP file manager with a full-featured code editor, archive support, drag-and-drop uploads, and clipboard operations — all in a single PHP file.
| Feature | Description |
|---|---|
| 📁 File Browser | Grid and list views, sort by name/size/date, real-time filter search |
| ✏️ Code Editor | Ace Editor with syntax highlighting for 12+ languages, unsaved-changes indicator |
| ☁️ Drag-and-drop Upload | Multi-file upload modal with size preview before confirming |
| 📋 Clipboard | Copy / cut / paste files between directories via session-persisted clipboard bar |
| 🗜️ Archive | Compress any file or folder to .zip, extract archives in-place |
| 🔐 Permissions | Change chmod permissions using octal notation from the UI |
| ✅ Multi-select | Hold ⌘/Ctrl to select multiple items, bulk copy / compress / delete |
| 🧭 Path Travel | Animated breadcrumb trail, browser history navigation (back/forward works) |
| 🔑 Authentication | Session-based password login, IP-pinned token |
1. Upload the file
scp filemanager.php user@yourserver.com:/var/www/html/2. Change the password (line 3)
$pass = "your-secure-password-here";3. Visit in your browser
https://yourdomain.com/filemanager.php
That's it. No Composer, no database, no config files.
- PHP 7.4+ (8.x recommended)
ZipArchiveextension (usually bundled)- PHP Sessions enabled
- Write permissions on directories you want to manage
| Action | Shortcut |
|---|---|
| Refresh directory | R |
| Open upload modal | U |
| Focus search filter | / |
| Select all items | ⌘ A |
| Multi-select item | ⌘ Click |
| Save file (in editor) | ⌘ S |
| Close / Cancel anything | Esc |
All file operations are performed via POST ?action=<name>. Every response is JSON:
{
"status": "success",
"msg": "Listed",
"data": {}
}| Action | POST Fields | Description |
|---|---|---|
list |
path |
List folders and files in a directory |
read |
target |
Return raw file content |
save |
target, content |
Write content to a file |
delete |
target |
Delete file or directory (recursive) |
rename |
target, name |
Rename in-place |
create_folder |
path, name |
Create a new directory |
create_file |
path, name |
Create an empty file |
upload |
path, files[] |
Upload one or more files |
zip |
target |
Compress to target.zip |
unzip |
target |
Extract .zip to parent directory |
chmod |
target, perms |
Change permissions (octal string) |
copy_item |
target |
Store in session clipboard as copy |
cut_item |
target |
Store in session clipboard as cut |
paste_item |
path |
Paste clipboard item to path |
Download is handled via a GET request: ?download=/absolute/path/to/file
This tool is for trusted administrators only. A logged-in user has full read/write access to every path accessible by the PHP process.
Known limitations
- Password stored as plaintext — no bcrypt or hashing
- No path jail — the entire server filesystem is accessible
- No CSRF tokens on AJAX actions
?download=does not restrict paths to webroot
Recommended hardening
# .htaccess — restrict to your IP
<Files "filemanager.php">
Require ip 203.0.113.1
</Files>- Serve over HTTPS only
- Rename the file to something non-obvious (e.g.
mgt_4f9b2.php) - Remove from the server when not actively in use
- Set
session.gc_maxlifetimeinphp.inito expire sessions quickly
PHP JavaScript CSS HTML Python JSON Markdown SQL YAML Shell XML Plain text
Mode is auto-detected from file extension. Powered by Ace Editor with the github light theme.
- Complete UI overhaul to Stratum white design system
- Added grid / list view toggle
- Added multi-select with bulk actions (copy, compress, delete)
- Added sort dropdown (name, size, date)
- Animated breadcrumb path trail with browser history (
pushState) - Toast notification system — replaces all
alert()calls - Delete confirmation modal
- Upload modal with file preview before confirming
- FAB menu with sub-actions (New Folder, New File, Upload)
- Code editor: 12-language support, unsaved changes dot, line count,
⌘Ssave - Real-time filter search (no re-fetch)
- Full keyboard shortcut set
- Initial release — basic file manager with Tailwind CSS, Lucide icons, Ace editor, context menu, upload, zip, chmod, clipboard, and password authentication
MIT © envrc