PHP AJAX File Manager
PHP JavaScript CSS Makefile
Switch branches/tags
Nothing to show
Clone or download
Latest commit b83f1e7 Mar 15, 2018

PHP AJAX File Manager


PHP AJAX File Manager (PAFM) is a web file manager based on the KISS Principle.

It is intended for use by web masters who need a simple way to interact with their files. As much control as possible is given, which makes it only suitable for those who already have complete access.


Get build/pafm.php or see the downloads at Sourceforge.

Open pafm.php with your code editor of choice (note that you can change the password of pafm using pafm) then scroll down till you see /** configuration **/

  • PASSWORD is, obviously, the password for PAFM. The default password is auth.

  • ROOT is the path to the directory you want to manage (this is done by chdir).

    • E.g. if you want to manage your home directory, change ROOT to /home

Recent Changes


  • Added experimental terminal/shell
  • Added drag-and-drop upload
  • Added support for copying entire directories
  • Added file & folder count
  • The complete path is now shown in the breadcrumbs
  • Timezone offset is now used when displaying timestamps
  • Changed CSRF protection; the nonce is now generated per session
  • Paths are no longer sanitized, as pafm doesn't attempt to prevent the user from intentional behavior
  • When leaving file editing, the user is prompted if unsaved changes were made.
  • The password is now encrypted before being stored in the session
  • Minor fixes and style changes


  • Added CSRF protection
  • Fixed bug in bruteforce protection
  • CodeMirror installation more secure
  • Minor code and CSS changes


  • Added bruteforce protection
  • Improved file list sorting
  • Minor code and CSS changes


  • Minor changes


  • Rewrote CodeMirror installation method
  • Minor code changes


  • Bug fixes


  • CodeMirror Added
  • Minor bug fixes


  • Fixed upload-check bug in Chrome
  • Fixed bug with move list directory icon
  • Added warning when the password is default


  • One-file release (thanks to make, which combines all of the assets into one file).


  • HTML5 uploading


  • File Copying
  • Remote Copy
  • File Last Modified Column


  • Removed CodePress
  • ROOT directive changes
  • Display version number
  • Multiple file upload


  • Rewrite folder/file loops
  • Remove onclick events
  • Hash file operations (e.g. #edit&
  • AJAX-ify existing refreshes
  • File and folder sorting