Why can't i change the root directory?

Question

i'm building a directory browser and while i was looking for info i found this question, to my surprise the code is quite easier than i expected and i'm able to understand it, so i'm using it on my project(i'm quite new to php, and i never use code that i don't understand). It works fine and i've made a few aesthetic changes. Now here comes the problem, for some reason i cannot change the root directory, i have this:

<?php
session_start();
if(!isset($_SESSION['username'])){
 header("Location: ./test.php");
}
?>
<!doctype html>
<html>
<head>
    <title>CoroCloud</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="./js/material.min.js"></script>
    <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
    <link rel="stylesheet" href="https://code.getmdl.io/1.3.0/material.pink-indigo.min.css" />
</head>
<html>
<body>
  <div class="mdl-layout mdl-js-layout mdl-layout--fixed-header">
    <header class="mdl-layout__header">
      <div class="mdl-layout__header-row">
        <!-- Title -->
        <span class="mdl-layout-title">Cloud</span>
        <!-- Add spacer, to align navigation to the right -->
        <div class="mdl-layout-spacer"></div>
        <!-- Navigation. We hide it in small screens. -->
        <nav class="mdl-navigation mdl-layout--large-screen-only">
            <?php
            echo "<a class=\"mdl-navigation__link\" href=\"\">{$_SESSION['username']}</a>";
            ?>
        </nav>
    </div>
</header>
<div class="mdl-layout__drawer">
  <span class="mdl-layout-title">CATEGORIES</span>
  <nav class="mdl-navigation">
    <a class="mdl-navigation__link" href="">File</a>
    <a class="mdl-navigation__link" href="">Images</a>
    <a class="mdl-navigation__link" href="">Music</a>
    <a class="mdl-navigation__link" href="">Films</a>
</nav>
</div>
<main class="mdl-layout__content" style="background-color: white; background-image: url('https://i.warosu.org/data/tg/img/0357/97/1414469732022.gif'); background-size: auto 100%; background-repeat: no-repeat; background-position: center;">
    <center>
      <div class="page-content" style="padding: 24px; flex: none; align-items: center; justify-content: center;">

        <?php
// Snippet from PHP Share: http://www.phpshare.org

        function formatSizeUnits($bytes)
        {
            if ($bytes >= 1073741824)
            {
                $bytes = number_format($bytes / 1073741824, 2) . ' GB';
            }
            elseif ($bytes >= 1048576)
            {
                $bytes = number_format($bytes / 1048576, 2) . ' MB';
            }
            elseif ($bytes >= 1024)
            {
                $bytes = number_format($bytes / 1024, 2) . ' kB';
            }
            elseif ($bytes > 1)
            {
                $bytes = $bytes . ' bytes';
            }
            elseif ($bytes == 1)
            {
                $bytes = $bytes . ' byte';
            }
            else
            {
                $bytes = '0 bytes';
            }

            return $bytes;
        }

        $root = dirname("path");

        function is_in_dir($file, $directory, $recursive = true, $limit = 1000) {
            $directory = realpath($directory);
            $parent = realpath($file);
            $i = 0;
            while ($parent) {
                if ($directory == $parent) return true;
                if ($parent == dirname($parent) || !$recursive) break;
                $parent = dirname($parent);
            }
            return false;
        }

        $path = null;
        if (isset($_GET['file'])) {
            $path = $_GET['file'];
            if (!is_in_dir($_GET['file'], $root)) {
                $path = null;
            } else {
                $path = '/'.$path;
            }
        }

        if (is_file($root.$path)) {
            readfile($root.$path);
            return;
        }

        echo "<div>\n";
        echo "<table class=\"mdl-data-table mdl-js-data-table mdl-shadow--2dp\" style=\"min-width:300px\"\n";
        echo "  <thead>\n";
        echo "    <tr>\n";
        echo "      <th class=\"mdl-data-table__cell--non-numeric\">File</th>\n";
        echo "      <th>Size</th>\n";
        echo "    </tr>\n";
        echo "  </thead>\n";
        echo "  <tbody>";

        if ($path) echo '<tr><td colspan="2" style="text-align:center"><a href="?file='.urlencode(substr(dirname($root.$path), strlen($root) + 1)).'">..</a></td></tr><br />';
        foreach (glob($root.$path.'/*') as $file) {
            $file = realpath($file);
            $link = substr($file, strlen($root) + 1);
            if (is_dir($file)){
                echo '<tr><td style="text-align:center; vertical-align:middle"><a href="?file='.urlencode($link).'"><i class="material-icons" style="vertical-align:middle">folder</i></a></td><td style="text-align:center; vertical-align:middle"><span style="vertical-align:middle"><a href="?file='.urlencode($link).'">'.basename($file).'</a></span></td></tr><br />';
            }
            else {
                $size = formatSizeUnits(filesize($file));
                echo '<tr><td><a href="?file='.urlencode($link).'" download>'.basename($file).'</a></td><td>'.$size.'</td></tr><br />';
            }
        }
        ?>
    </tbody>
</table>
</div>
</center>
</main>
</div>
</body>
</html>     

What i'm doing is changing the value of $root, but the result is not what i expected, instead of allow me to browse the contents it stays in root directory even if i click another folder. In some of the tests i've done (with different paths and permissions) sometimes it didn't even show anything.

Can anybody tell me why is this happening AND how to solve this? (Please don't answer with just a solution, i'd like to know what's is what I missunderstood and learn)

Answer 1

I think the issue lies within retrieving the $root path. Your whole script is based on working with absolute paths, therefore I've changed the $root path to also get its absolute path and voilà it worked.

Make sure that argument given to dirname does exist, as it looks like it's not intended to be just the string "path". More at php.net

$root = realpath(dirname("path"));

By the way: While testing your script I found an issue regarding downloading files. When clicking a file it allows me to download it, but the downloaded file contains the HTML code of your script up to the point where the file is being sent. So make sure to move your code to the beginning of the file in order to fix it.

if (is_file($root.$path)) {
    readfile($root.$path);
    return;
}

Edit:

I found another issue regarding the function is_in_dir, it's not capable of working with relative paths when the root directory is not the exact same as the scripts directory. To let it work the function needs to look for the specified $file within the root directory $directory like the following:

    function is_in_dir($file, $directory, $recursive = true, $limit = 1000) {
        $directory = realpath($directory);
        // new:
        $parent = realpath($directory . DIRECTORY_SEPARATOR . $file);
        $i = 0;