files access access deneid

Question

Hi have this code to manage my main page. Everything works fine on my local server at home,i'm using easyphp. But on my webhosting server i got this error

Warning: scandir(D:\Hosting\12067690\html/,D:\Hosting\12067690\html/) [function.scandir]: Access is denied. (code: 5) in D:\Hosting\12067690\html\index_menu.php on line 65

Any ideas? thank you in advance.

<?php
          $dir = $_SERVER['DOCUMENT_ROOT'].stripslashes(dirname($_SERVER['PHP_SELF'])).'/';
            if(!empty($_GET['p'])){
                $pages = scandir($dir, 0);
                unset($pages[0], $pages[1]);
                $p = $_GET['p'];
                if (in_array($p.'.htm', $pages)){
                    include($dir.'/'.$p.'.htm');
                }else{
                echo 'Sorry, page introuvable';                     
                }
            }else{
                include($dir.'/enter_index01.htm');
            }
        ?>

Answer 1

You could make it simpler by using file_exists instead of using all the scandir stuff:

$p = $_GET['p']; // WARNING: sanitize this before using it in production app
if (file_exists($dir.'/'.$p.'.htm')){
    include($dir.'/'.$p.'.htm');
} else {
    echo 'Sorry, page introuvable';
}

And sanitize user input (such as limiting it to certain path, whitelisting etc).