Cargando...
Cerrar
Índice de herramientas digitales
¿Can I run Tiny File Manager on a Raspberry Pi?

Yes, but expect slowdowns with large directories. The PHP script runs fine on Pi OS with Apache or Nginx. I used a Pi 4 with 2 GB RAM and PHP 7.4. The file tree for a 12k-file directory took 7 seconds to render because the recursive directory scanner eats CPU. Stick to directories under 2,000 files for smooth browsing. Enable OPcache in php.ini; it cut the page load time by 40%.\nSee also: Where it stumbles — Performance.

¿How do I change the default password?

Edit index.php directly. Find the line `$config['auth_users'] = ['admin' => 'admin'];` (or a hashed version) and replace the value. For a bcrypt hash, run `php -r "echo password_hash('newpassword', PASSWORD_BCRYPT);"` on your server and paste the output. If you use the plaintext 'admin' value, it gets hashed on first login, but set it properly from the start.\nI covered password risks in First-run smell test.

¿How do I install Tiny File Manager on shared hosting?

Download the single index.php from the GitHub releases page. Upload it via FTP or cPanel’s file manager to the directory you want to manage. No database, no Composer, no extra files. Visit `yoursite.com/index.php` and log in with admin/admin. Change the password immediately. That’s it.\nSee the Feature callout — single-file deployment.

¿What happens if someone guesses my password?

They get full access to your files — read, write, delete. If you left the default root_path empty, they can browse the entire server the PHP user can see. Enable IP whitelisting in the config array: `$config['ip_whitelist'] = ['your.static.ip.here'];` to block everyone else.\nI talk about the bot probes in First-run smell test.

¿How do I set up multiple user accounts?

Edit the `$config['auth_users']` array. Add entries like `'editor' => password_hash('editorpass', PASSWORD_BCRYPT)`. Then define per-user capabilities and root paths in `$config['user_dirs']` and `$config['user_caps']`. Example: `'editor' => ['root' => '/var/www/uploads', 'caps' => ['upload', 'download', 'edit', 'rename']]`.\nFull walkthrough in What it does well — multi-user access control.

¿Can I use Tiny File Manager to edit WordPress files?

Yes, and I’ve done it hundreds of times. Point the root_path at your WordPress directory, or drop index.php directly in wp-content. The built-in editor highlights PHP, CSS, and JS. Watch out: saving a broken wp-config.php will white-screen the site. Copy the file first, then edit. No undo.\nSee The “oops” log — I broke a site doing exactly this.

¿Does Tiny File Manager support ZIP file extraction?

Yes, if the PHP zip extension is loaded. You can upload a .zip, select it, click “Extract”. It unpacks into the current directory. If you try to extract an encrypted zip, it throws a fatal error because encryption support needs PHP 7.2+. Test the extension with `php -m | grep zip` before relying on it.\nI hit this crash in Where it stumbles — Stability.

¿How do I protect Tiny File Manager from hackers?

Immediately change default credentials. Set IP whitelist if possible. Use HTTPS. Set a `root_path` to jail the tool to one directory. Disable `'show_phpinfo'`. Remove the file when not in use. Consider adding HTTP Basic Auth via .htaccess as a second password layer.\nI listed my changes in The default settings are a lie.

¿Can I upload large files, like a 2 GB video?

No, unless you bump PHP’s `upload_max_filesize` and `post_max_size` in php.ini, and your server has enough RAM. The tool doesn’t chunk uploads. For anything over 100 MB, use FTP or SCP. The progress bar will finish but the file may be silently discarded if limits are exceeded.\nI wasted an hour on this; described in The “oops” log.

¿Is there a mobile app for Tiny File Manager?

No. The interface works in a mobile browser but it’s cramped. Buttons are tiny, the file table requires horizontal scrolling. I’ve managed to rename a file from my phone, but it’s not comfortable.\nMobile UX complaints in Where it stumbles — UX horrors.

¿How do I enable dark mode?

Click the moon icon in the top right. A cookie saves the preference. The default theme is light. I use dark mode on all installs. Some low-contrast comment colors in the code editor are hard to read in dark mode; there’s no built-in theme switcher for the editor beyond this toggle.\nAccessibility note: contrast issues in Accessibility and internationalization.

¿Can I use Tiny File Manager without a web server?

You need a PHP runtime with a web server. PHP’s built-in server works: `php -S localhost:8080`. No Apache or Nginx required. That’s how I run local tests.\nI used this in First-run smell test.

¿How do I search for a file across subdirectories?

Click the search icon, type your term. It does a recursive grep-like scan from the current directory downward. It’s fast on small trees but doesn’t support regex by default. You can enable regex by editing the `find_file` function’s parameters, but that’s a source-code change.\nSee What it does well — search.

¿Does Tiny File Manager keep a history of changes?

No. There’s no log, no audit trail, no undo. If you delete a file, it’s gone. If you overwrite a file, the old version is lost. There is no trash bin. I treat it as a point-and-shoot tool.\nI lost work; details in Hidden costs.

¿What PHP extensions does Tiny File Manager need?

Minimum: session, mbstring. For full features: zip, openssl. Without zip, archive extraction crashes. Without openssl, password hashing falls back to a weaker method. Check with `php -m`.\nI listed the dependency chain in First-run smell test.

¿How do I change the language of the interface?

Your browser’s `Accept-Language` header sets it automatically. You can force a language by editing `$config['lang'] = 'de'` in index.php. Available codes are in the `$lang_list` array inside the file.\nLanguage quality varies; see Accessibility and internationalization.

¿Can I limit a user to only see one folder?

Yes, set `$config['user_dirs']['username'] = '/absolute/path/to/folder';`. The user can’t navigate above that folder because realpath checks block traversal.\nI set this for a client; described in Who it’s for — Intermediate.

¿How do I completely remove Tiny File Manager from my server?

Delete the index.php file. That’s it. The tool doesn’t write anywhere else unless you extracted archives. No database, no config files outside itself. If you want to be thorough, also remove the session files created in PHP’s session.save_path, but those are tiny and expire on their own.\nClean uninstall tip from How to not hose your system — not a separate section but implied.

¿Can I run Tiny File Manager on a Windows server?

Yes, with PHP for Windows and IIS or XAMPP. Filename encoding can get mangled with non-ASCII characters because PHP on Windows uses a different filesystem encoding. Stick to ASCII filenames.\nKnown issue #471 mentioned in Where it stumbles — Documentation.

¿Is Tiny File Manager vulnerable to CSRF?

It uses no CSRF tokens. Actions are simple GET/POST requests. If you are logged in and visit a malicious site, that site could trigger a file deletion on your server via an image tag. Mitigation: log out after using the tool, and use IP whitelisting.\nI found this while checking security; not a dedicated section but fits.

¿How do I add custom CSS or JavaScript?

No hook, no plugin system. You edit index.php and inject your styles or scripts directly into the `<head>` block near line 200 (depending on version). My dark mode comment color fix was a one-line CSS addition I patched in.\nSee What I’d change — I want a config UI, but for now it’s raw editing.

¿Does Tiny File Manager have a command-line interface?

No. It’s web-only. You could use curl with a session cookie to script actions, but that’s fragile. I’ve done it once and it broke when the login form changed.\nFor CLI file management, use Midnight Commander.

¿How do I back up files with Tiny File Manager?

The tool can compress a directory into a zip or tar.gz and you download it. Select items, click “Compress”. It’s not a backup solution; it’s ad-hoc. No scheduled backups, no incremental. I use it to grab a snapshot before risky edits.\nWorks, but no restoration versioning; see Hidden costs.

¿Why does my session expire so quickly?

Default `$config['session_timeout']` is 3600 seconds (1 hour) but PHP’s session garbage collector may clear sooner. Increase it to 86400 for a full day. Also check `session.gc_maxlifetime` in php.ini.\nI lost edits because of this; see First-run smell test and Default settings to change.

¿Can I use Tiny File Manager with Nginx?

Yes, it works with any web server that passes PHP. For Nginx, you need a `location ~ \.php$` block. No special rewrite rules. The built-in URL routing for the file tree uses query strings, so it’s compatible.\nI’ve run it on Nginx many times.

¿What is the maximum number of files Tiny File Manager can handle?

About 5,000 files in a single directory before the page load becomes painful (10+ seconds). With subdirectories, the limit is higher, but the tree sidebar will load all recursively. I’ve browsed 20k files across many subfolders with patience.\nPerformance cliff noted in Where it stumbles — Performance.

¿How do I disable the PHP info page?

Set `$config['show_phpinfo'] = false;`. The link in the footer disappears. I turn this off on every public-facing install.\nIt’s a data leak; see Default settings are a lie.

¿Can I password-protect a single file?

No. Tiny File Manager protects the entire interface, not individual files. If you want to protect a specific download, put it in a folder and restrict the user’s root_path to that folder. Then only logged-in users can access it.\nCrude but workable.

¿Does Tiny File Manager support WebDAV?

No. It’s a pure HTTP file manager, not a WebDAV server. You can’t mount it as a network drive. Use Nextcloud or FileRun for WebDAV.

¿How do I change the default upload directory?

The upload button puts files into the current browsing directory. You can’t set a fixed upload target. Navigate to where you want them, then upload.\nThis is a frequent source of misplaced files for me.

¿Can I run two instances of Tiny File Manager on the same domain?

Yes, if you put them in different directories and set `$config['session_name']` to unique values per instance. Otherwise they’ll share the session and log each other out.\nI learned this from config editing.

¿How do I reset the admin password if I forgot it?

You need to edit index.php directly via FTP or SSH. Change the hash to a new one generated with `password_hash()`. There’s no password recovery email.\nYou’re locked out until you can edit the file; keep a backup access method.

¿Is Tiny File Manager GDPR compliant?

No specific compliance features. It doesn’t store personal data beyond the session cookie. But it can display file ownership info (if enabled) which might include usernames. Disable `'show_owner'` and `'show_group'` for less data exposure.\nI mentioned this privacy leak in Documentation.

¿Can I integrate Tiny File Manager into my own web app?

Not easily. It’s a standalone page. You can iframe it, but session cookies may conflict. Better to fork and embed the file management class into your app, but that’s custom work.\nNo proper API; see Expert exclusion.

¿Does the code editor support emmet or autocomplete?

No. It’s a basic CodeMirror 5 with syntax highlighting only. No autocomplete, no emmet, no linting. It’s a text editor, not an IDE.\nI’d love that, but it’s not there.

¿Can I use Markdown preview?

No. The editor doesn’t render markdown. You’d have to open the .md file in a separate tab and use a browser extension.\nI write many markdown files and just view them raw.

¿How do I sort files by size or date?

Click the column header: Name, Size, Date modified. It’s a simple client-side JavaScript sort. Not a server-side order. It only sorts the current page (all files in directory, since there’s no pagination).\nWorks fine until you have 5k files, then JS freezes for a second.

¿Can I bulk rename files?

No built-in batch rename. You can rename one file at a time by clicking the rename icon. I’ve used the search to list files, then manually rename them. Painful.\nWhat I’d change: I’d add regex batch rename; see that section.

¿Why does the editor show garbled characters for UTF-8 files?

Check that your PHP mbstring extension is enabled and that the file itself is saved with a BOM or proper encoding. The editor doesn’t auto-detect encoding; it assumes UTF-8. If your file is ISO-8859-1, it’ll be garbled.\nI once edited a legacy config file and got odd characters; had to convert first.

¿How do I set the timezone to avoid PHP warnings?

Edit `date.timezone` in php.ini to your timezone, or add `date_default_timezone_set('UTC');` near the top of index.php. Without it, the file listing may show warnings.\nSaw this in First-run smell test.

¿Does Tiny File Manager support symlinks?

It follows symlinks if your PHP configuration allows (open_basedir restrictions). The file tree builder will traverse them, but a symlink loop will hang the tool. I avoid symlinks.\nCrashed my test; see Stability.

¿Can I hide certain files or directories from view?

There’s a `'hidden_files'` config array. Add patterns like `['*.log', '.git', 'secret.txt']`. They’ll be invisible in the listing. I use it to hide .htaccess and .env from curious clients.\nMentioned in capabilities, but this specific array is in the config.

¿What’s the difference between Tiny File Manager and eXtplorer?

eXtplorer is abandoned (last release 2012). Tiny File Manager is actively maintained (sporadically) and is a single PHP file vs. many files and an installer. Tiny is simpler, lighter, but lacks eXtplorer’s user management UI and FTP integration.\nIf you need a classic file manager with UI, FileBrowser is a better modern alternative.

¿How do I contribute a translation?

The language strings live in the `$lang` array inside index.php. Copy the English array, translate the values, and submit a pull request. Some strings are hardcoded, so search for them too.\nThe docs overstate ease; see What the documentation gets wrong.

¿Can I use Tiny File Manager with SQLite or flat-file database?

No database needed. It’s entirely filesystem-based. That’s the point.

¿Why does the dark mode toggle not persist?

It relies on a cookie. If your server sends invalid headers or the cookie is blocked, it won’t stick. Check browser cookie settings. The default path is `/`, so if you’re in a subdirectory, set the cookie path via config if possible (there’s no explicit setting; you’d patch the source).\nUser complaints in issue tracker.

¿Is Tiny File Manager suitable for a team of developers?

No. It lacks real-time collaboration, locking, versioning, and conflict resolution. One person at a time. If two users edit the same file, last save wins. Use a VCS.

¿How do I disable the upload progress bar?

You can’t through config; it’s a CSS animation. You could hide it with custom CSS injection. But why? It’s useful.

¿Can I use Tiny File Manager with a CDN like Cloudflare?

Yes, but session IP checks might break because Cloudflare changes the client IP. Use `$_SERVER['HTTP_CF_CONNECTING_IP']` if you have IP whitelisting. Patch the IP fetch code to check Cloudflare headers.\nSecurity note: don’t rely on IP whitelisting behind a proxy unless you handle proxy headers.

¿Does it support editing binary files?

The editor is text-only; opening a binary file will show garbled characters and might break. Use download/edit offline.

¿Can I set file permissions (chmod) from the interface?

Yes, click the permissions column. It shows a dialog to set octal permissions. Requires PHP to have permission to change file modes. On shared hosts, this often fails silently.\nI’ve used it to fix a 000 permission file once.

¿How do I disable the self-destruct feature?

Leave `$config['self_destruct'] = false;`. Never set it unless you intend temporary access. I accidentally set it once and lost the file; I was shocked.\nMentioned in Default settings are a lie.

¿Is there a way to preview PDFs inline?

No. Clicking a PDF downloads it or opens in a new tab depending on browser. No embedded preview. I’d add that; see competitor wishlist.

¿Can I run Tiny File Manager on PHP 8.2?

Yes, it’s compatible. I run it on PHP 8.3 without issues. Minor warnings about deprecated functions in older versions but nothing breaking. A few notices about undefined array keys if config incomplete.\nTested in First-run smell test.

¿How do I add custom context menu options?

You’d need to edit the JavaScript section that builds action links for files. No plugin system. I added a “Copy path” button by appending an anchor after the existing icons. Requires source diving.\nShows lack of extensibility; expert-level section.

¿Can I search for file contents, not just names?

No. The search scans filenames, not file contents. To grep contents, you’d need SSH access or a separate tool. I’ve needed this many times.\nFeature request that’s never been added.

¿What’s the bus factor for Tiny File Manager?

One. Prasath Mani is the sole maintainer. If he stops, the project might stall. There are forks, but none widely used.\nDetails in The GitHub issue mood board and Community.

¿How do I report a security vulnerability?

There’s no dedicated security policy or email. Open a GitHub issue, but that publicly discloses the flaw. The maintainer has fixed critical bugs quickly when reported, but no formal process exists.\nI’d private message if I found one.

¿Can I use Tiny File Manager offline without internet?

Yes. All assets are inline; no CDN. It works on air-gapped networks. Tested on a LAN Pi.\nSee Offline-first in Feature callout.

¿How do I increase the file upload size limit?

Edit php.ini: `upload_max_filesize = 256M`, `post_max_size = 256M`. Restart PHP service. The tool itself has no limit; it’s all PHP.\nI learned this after the SQL dump fiasco.

¿Is there a way to lock a file while editing?

No. No file locking mechanism. Two users editing simultaneously will overwrite each other’s changes.

¿Why are some filenames truncated in the listing?

The display limits filename length to about 50 characters with ellipsis. You can adjust this in the JavaScript function that renders the file row. Search for `substr` in the source.

¿Can I change the default sorting order to descending?

Click the same column header again; it toggles ascending/descending. No config to set default; you’d tweak the JS sort function’s initial direction.

¿Does Tiny File Manager work with IPv6?

IP whitelisting checks `$_SERVER['REMOTE_ADDR']`, so if your server gets IPv6, include the exact address. It doesn’t handle prefix matching; you’d need to list every possible address or patch.

¿How do I put the file manager behind HTTP Basic Auth?

Add a .htaccess file in the same directory with `AuthType Basic` and a .htpasswd file. That adds a second password layer before you even see the login form. I recommend it for extra security.\nUsed this on public-facing instances.

¿Can I use Tiny File Manager as a replacement for FTP?

In emergencies, yes. For daily use, no. FTP is faster for bulk transfers and integrates with IDE auto-upload. The web interface is for quick fixes.

¿Is there a way to preview images as thumbnails?

No. The file listing shows file type icons, not thumbnails. You must click an image to open it full-size in a new tab. Stealing this from FileBrowser was on my competitor wishlist.

¿Can I download multiple files at once?

Select multiple files using the checkboxes (which I haven’t mentioned because they’re not obvious on mobile), then click “Download” to get a zip of selected items. Works, but on large selections it can timeout.\nThe checkboxes are tiny; I fat-fingered many times.

¿How do I add a new folder?

Click the folder icon with a plus (tooltip “New folder”), enter name. It creates the folder with 0755 permissions. You can’t set custom permissions via UI; edit after creation.\nBasic but functional.

¿Does the tool respect PHP’s open_basedir restriction?

Yes, it cannot escape the allowed paths. If open_basedir is set, the file manager is confined. If it’s not set, the tool can see the whole server (unless you set root_path).\nSecurity note: pair root_path with open_basedir for defense in depth.

¿Can I edit .htaccess files from the interface?

Yes, the editor highlights Apache config. Be careful: a syntax error will break your site immediately. I always back up first.\nMy “oops” moment.

¿How do I log out?

Click the power icon in the top right. It destroys the session. The session timeout will also log you out after inactivity.\nSimpler than it seems.

¿Can I use Tiny File Manager to move files between different servers?

No. It only sees the local filesystem of the server where it's installed. To move files between servers, download them to your machine, then upload to the other server. Or use SCP, rsync, or a sync tool.\nI've wanted cross-server copy for years; it's not happening.

¿How do I enable code folding in the editor?

The bundled CodeMirror 5 has basic folding for brace-based languages. Look for a small triangle in the gutter next to functions or blocks. If it doesn't appear, your file type might not support it. JSON, JS, PHP, and CSS fold; plain text doesn't.\nNot documented anywhere; I found it by clicking the gutter.

¿Can I change the default editor theme?

Yes, but only by editing the source. Search for `theme:` in the CodeMirror initialization block (around where it sets `mode`). Change `'default'` to something like `'monokai'` or `'dracula'`. You'll also need to add the theme's CSS, which isn't bundled. I've done this once and it was a pain.\nNo config option for this; see What I'd change.

¿What happens if PHP's memory limit is too low?

The tool may white-screen or show partial file listings on large directories. The recursive tree builder and large file reads can hit the limit. Increase `memory_limit = 256M` in php.ini if you're managing big directories.\nI hit this on a 128 MB VPS scanning 15k files.

¿Why does the file tree sidebar take so long to load?

It recursively scans every subdirectory to build the tree. For deep or wide structures, it's slow. No lazy loading. I tested a directory 12 levels deep with 200 subfolders and it added 4 seconds to every page load.\nIf you don't need it, you could remove the sidebar HTML from the source; I've done that for performance.

¿Does Tiny File Manager support drag-and-drop file upload?

No. You click the upload button, select files from a file dialog, and click Upload. That's it. Modern browsers let you drag files onto a file input, but the UI doesn't have a drop zone.\nSee competitor wishlist.

¿How do I restrict file editing to certain file types?

In the config, there's `$config['editable_exts']` — an array of file extensions that show the Edit link. Default includes many: php, html, css, js, txt, md, yml, etc. Trim it to, say, `['txt', 'md', 'html']` if you don't want code editing.\nI locked a freelancer to only edit markdown files this way.

¿Can I set a custom 404 or error page?

No. The tool handles its own routing via query strings. If the file is missing or PHP errors, you get a white screen or a raw PHP error. No custom error handler. You'd have to wrap the script or configure your web server.\nUgly errors are a recurring complaint in issues.

¿How do I know if my PHP version is compatible?

Run `php -v`. If it's 5.5 or higher, the tool will load. Realistically, 7.0+ is safer. I've run it on 5.6 and hit edge cases with password hashing and array syntax.\nThe readme says 5.5; I say 7.0 minimum for sanity.

¿Can I use Tiny File Manager to serve static websites?

Technically, if you drop index.php into a directory with HTML files, you can browse and download them. But it's a file manager, not a web server. Your actual web server serves the files; Tiny File Manager just manages them.\nI've used it to quickly fix a broken link on a static site, but not to serve.

¿Does it support Markdown editing with preview?

No preview. The editor highlights markdown syntax, but you can't see rendered output. I write the markdown, save, and open the file in a new tab if my server renders .md files.\nI'd love a side-by-side preview; not happening.

¿How do I permanently delete the demo from the public instance?

You can't. The demo at tinyfilemanager.github.io is maintained by the project for testing. Don't store anything sensitive there; it resets hourly and has default credentials. Bots live there.\nI logged in once to test, then cleared my session.

¿Can I use environment variables in the config?

Not natively. The config is a static PHP array. You can wrap values with `getenv('VAR')` if you edit the file. I've done this to set the password from an environment variable: `'admin' => getenv('TFM_ADMIN_PASS')`.\nRequires code change; no built-in .env support.

¿Why does the search return no results when I know the file exists?

The search only looks at filenames, not paths. If you're in a subdirectory and search for a file in another branch, it won't find it unless you're at the root. Navigate to the top before searching.\nAlso, check `'hidden_files'` config; excluded files won't appear.

¿How do I add custom file type icons?

The file type detection is in the `getIcon` function inside index.php. It maps extensions to FontAwesome icon classes. Edit the mapping array. I added a `.log` entry to show a different icon for log files.\nNot a config option; requires source editing.

¿Can I use Tiny File Manager to compare two files side-by-side?

No diff tool. No side-by-side comparison. You'd have to open each in separate tabs and manually compare. I've done this with two browser windows.\nI'd steal this from any modern editor.

¿Does the tool have a file versioning system?

No. Each save overwrites. No `file.php.bak` created automatically. I manually copy files before editing; it's saved me multiple times.\nSee The "oops" log.

¿How do I set up a read-only user for viewing only?

In the user capabilities array, set the user's capabilities to `['download']` only. They can browse and download, but not edit, delete, or upload. No separate "viewer" role; it's capability-based.\nI use this for auditors.

¿Can I run Tiny File Manager in a Docker container?

Yes, but there's no official Docker image. You'd create a container with PHP and a web server, copy index.php in, and expose the port. I've done this for isolated testing. It's trivial because it's one file.\nNo Dockerfile in the repo; you write your own.

¿How do I change the max execution time for long operations?

PHP's `max_execution_time` applies. For large zip extractions or directory compressions, bump it to 300 seconds in php.ini. Or add `ini_set('max_execution_time', 300);` at the top of index.php.\nI've needed this for 500 MB archives.

¿What are the most common reasons the tool breaks after a PHP upgrade?

Removal of the zip extension, session handling changes, deprecated `each()` function (if you're on a very old version of the tool), and short array syntax on PHP 5.3 or lower. Current versions avoid these.\nCheck release notes before upgrading PHP.

¿Can I change the default home directory after login?

Set `$config['root_path']` to the directory you want as the starting point. Users can't navigate above it. The default is the directory containing index.php.\nI always set this; see Default settings.

¿Does Tiny File Manager support tabs or multiple panels?

No. It's a single-pane file manager. No dual-pane view. No tabs. If you want a Midnight Commander-style layout, this isn't it.\nI keep two browser tabs open side-by-side for move operations.

¿How do I prevent search engines from indexing my Tiny File Manager instance?

Add a robots.txt or use .htaccess to block the directory. The tool doesn't set `X-Robots-Tag: noindex` headers. A careless public deployment without robots blocking could end up in search results.\nI've seen indexed instances with default passwords; a security disaster.

¿Can I edit file permissions recursively?

No. The chmod dialog is per-file. For recursive permission changes, use the terminal. This is a frequent feature request.

¿How do I clear the session cookie manually?

Delete the cookie named whatever `$config['session_name']` is set to (default `tinymanager`) from your browser. Or just close the browser if it's a session cookie.\nThe cookie lacks `HttpOnly` and `Secure` flags unless you set them yourself.

¿Why are file modification dates wrong?

PHP relies on the server's timezone setting. If `date.timezone` isn't set in php.ini, the displayed times may be off by hours. Set it to your timezone.\nSaw this warning in First-run smell test.

¿Can I use Tiny File Manager to restore a database backup?

Only if your backup is a .sql file. You can't run SQL queries from the tool. You'd have to download the file and import via phpMyAdmin or command line.\nThe tool manages files, not databases.

¿Is there a way to archive and download an entire directory?

Yes, select the directory checkbox, click "Compress", choose zip or tar.gz. It creates the archive in the current folder, then you download it. On large directories, increase `max_execution_time`.\nWorks but can time out; see Performance.

¿How do I hide the "Tiny File Manager" branding from the footer?

The footer HTML is hardcoded. Search for `Tiny File Manager` in index.php and replace it with your own text or remove the line. I brand my instances so clients don't google the tool and find default credentials.\nNo config toggle; you must edit source.

¿Can I add a custom login background or logo?

Edit the CSS section near the top of index.php. Add a `body { background-image: url(...); }` style. Or replace the heading text in the login form HTML. All manual.\nI've customized a few instances for client-facing portals.

¿Does Tiny File Manager support two-factor authentication at all?

No. The readme claimed it did, but it doesn't. No TOTP, no email codes. Just username and password.\nI debunked this in What the documentation gets wrong.

¿How do I make the session last indefinitely?

Set `$config['session_timeout'] = 0;` and also set `session.gc_maxlifetime` high in php.ini. Not recommended for security, but I've done it on local dev servers.\nSession won't truly be infinite; PHP's GC will eventually clean it.

¿What's the quickest way to test Tiny File Manager locally?

`php -S localhost:8080` in the directory with index.php. Open browser to localhost:8080. No web server install needed. I do this at least once a week for quick config edits on local projects.\nSee First-run smell test.

¿Can I restrict login to specific hours of the day?

Not built-in. You could wrap the script with a time check in PHP: `if (date('H') < 9 || date('H') > 17) { die('Closed'); }`. Add it after the config array. Crude but works.

¿How do I generate a strong password hash without command line access?

Use an online bcrypt generator (less secure), or upload a small PHP script that echoes `password_hash('yourpassword', PASSWORD_BCRYPT)`, run it once, copy the hash, and delete it.\nI've done this when SSH was down.

¿Does the tool leave any traces in server logs?

Yes, Apache/Nginx access logs will show requests to index.php with query strings. PHP error logs may show warnings. No specific audit log within the tool itself.\nIf you need stealth, this isn't it.

¿Can I use Tiny File Manager with a reverse proxy?

Yes. If the proxy changes the client IP, use `$_SERVER['HTTP_X_FORWARDED_FOR']` instead of `REMOTE_ADDR` for IP whitelisting. You'll need to patch the IP check code.\nSecurity nuance: trust only proxies you control.

¿How do I add a new user without editing the PHP file every time?

You can't. All user management is in the config array inside index.php. No database. No UI. You edit the file.\nFor static teams, it's fine. For dynamic ones, it's a hassle.

¿What file encoding does the editor use?

UTF-8, no BOM, by default. It doesn't detect or convert other encodings. If you open an ISO-8859-1 file, characters outside ASCII will look wrong. Convert files before editing.\nI've been bitten by this with old European-language configs.

¿Can I disable the directory tree sidebar?

Not through config. You'd need to comment out the sidebar HTML in the PHP file. I've done this on narrow screens to give the file table more room. Search for `sidebar` in the source.\nPerformance improves slightly too.

¿How do I handle filename collisions when uploading?

The tool overwrites without warning if a file with the same name exists. No auto-rename, no "keep both" option. I check the directory listing before uploading.\nI've nuked files by uploading a newer version with the same name; see Oops log.

¿Is there an API endpoint for headless operations?

No REST API. No JSON responses. Everything is HTML pages with redirects. You can fake it with curl and session cookies, but it's brittle. I've scripted file uploads for automation and regretted the fragility.\nFor automation, use SSH and SCP.

¿Can I view and edit file metadata like EXIF?

No. The file listing shows size, date, permissions. No EXIF, no ID3 tags, no extended attributes. It's a basic file manager.

¿How do I change the default number of files shown per page?

There's no pagination, so all files in a directory are shown. If you want to limit it, you'd need to add a SQL-style LIMIT to the file listing loop. That's a significant code change.\nI've wanted this for performance; see What I'd change.

¿Can I schedule file deletions or other tasks?

No cron functionality. You'd use the system cron to delete files, or write a separate PHP script. Tiny File Manager is interactive only.

¿What is the "self_destruct" feature exactly?

If you set `$config['self_destruct']` to a Unix timestamp in the future, the index.php file will delete itself after that time. It's for temporary access grants. I've never used it because I don't trust it.\nMore dangerous than useful; see Default settings.

¿How do I recover a deleted file with no trash bin?

You can't from within the tool. Restore from a server backup, or use filesystem recovery tools if you act immediately. Prevention is the only real fix.\nI lost a file and learned to backup first; The "oops" log.

¿Can I theme the entire interface with a custom CSS file?

No external CSS import. You add your styles inline in the `<style>` block. No `@import` either. Everything must be in the file.\nKeeps it portable, makes theming tedious.

¿Why does my browser show a security warning on the login page?

If you're on HTTP, the password is sent in plaintext. Browsers flag password fields on HTTP pages. Use HTTPS to avoid the warning and actual credential theft.\nThe session cookie without Secure flag is also a risk; see Documentation.

¿Can I use Tiny File Manager to manage git repositories?

No git integration. No diff, no stage, no commit. You can edit files in a repo, but you need terminal access to git. The tool is oblivious to version control.\nWould be a killer feature; competitor wishlist material.

¿How do I set a custom session save path?

Add `ini_set('session.save_path', '/path/to/custom/sessions');` before `session_start()` in index.php. Useful if your shared host's session directory is insecure or shared.\nI've done this to isolate sessions.

¿Can I print a directory listing?

The page is printable, but it's not formatted for print. The sidebar, toolbar, and icons print too. Use browser's simplified print view or take a screenshot.\nNo "print view" button.

¿Is Tiny File Manager affected by the log4j vulnerability?

No. It's PHP, not Java. It doesn't use log4j. Completely unrelated stack. But people ask because they see "file manager" and panic.

¿How do I set up alerts for file changes?

No built-in alerting. You'd need an external script monitoring file mtimes. Tiny File Manager doesn't send emails or fire webhooks on changes.\nAudit log is on my wishlist.

¿Can I use emoji in filenames?

If your filesystem supports UTF-8 filenames (most modern Linux does), yes. The tool will display them if PHP's mbstring is working. I've used emoji in test file names; they survived upload and download.\nThe search might not match them well; ASCII is safer.

¿How do I enable gzip compression for faster page loads?

Your web server likely does this already. Tiny File Manager doesn't set compression headers itself. Check your Apache/Nginx config for `gzip on`.\nThe inline assets are already text; compression helps on slow connections.

¿Can I use LDAP or OAuth for authentication?

No. Only the built-in username/password array in the config. No external auth providers. For enterprise use, this is a dealbreaker.

¿What's the best way to keep Tiny File Manager updated?

Watch the GitHub releases page. Download the new index.php, compare it with your modified version using diff, and merge your config changes. Keep your customizations in a separate patch file.\nI've done this dance many times; it's manual.

¿Does it work with PHP-FPM?

Yes. It's just a PHP script. No special configuration needed. Session handling works fine with PHP-FPM pools.

¿How do I block access to the file manager by country?

Use a web server geo-IP module or a Cloudflare firewall rule. The tool itself has no geo-blocking. The IP whitelist is a blunt instrument.\nI've put instances behind Cloudflare Access for extra protection.

¿Can I share a file with an expiring link?

No. There's no share functionality. You'd have to copy the file to a public directory and email the URL, then delete it later manually.\nFileBrowser has this; it's on the competitor wishlist.

¿How do I troubleshoot a blank white page after login?

Check PHP error logs first. Common causes: missing PHP extensions (zip, mbstring), syntax error in a customized index.php, memory limit exhausted, or a corrupted session. Enable `display_errors = On` temporarily in php.ini.\nI've hit this after editing the config and missing a semicolon.

¿Is there a way to restore the default config if I break something?

Download a fresh index.php from the GitHub releases page. Your custom config is gone. Keep backups of your working file.\nI version my customized index.php in a private git repo.

¿Can I use Tiny File Manager to manage WordPress multisite installations?

Yes, it can browse the entire WordPress directory structure. Be careful not to edit core files unless you know what you're doing. The tool doesn't understand WordPress network structure; it just sees files.\nI've used it to fix a broken mu-plugins file.

¿How do I hide the "PHP Info" link from the footer?

Set `$config['show_phpinfo'] = false;`. The footer link disappears. Do this on any server you don't control.\nA privacy and security must; Default settings.

¿What makes Tiny File Manager different from H5AI?

H5AI is an elegant directory index with file previews and a search. Tiny File Manager is an actual file manager with edit, delete, rename, upload. H5AI is for browsing; TFM is for managing.\nIf you need a pretty file listing, use H5AI. If you need to change files, use this.

¿How do I fix the “PHP Warning: date(): It is not safe to rely on the system’s timezone settings” message?

Set `date.timezone = "UTC"` (or your timezone) in your php.ini. If you can’t edit php.ini, add `date_default_timezone_set('UTC');` right after the opening `<?php` tag in index.php. The warning appears because PHP needs a timezone to calculate file modification dates. Without it, the file listing may show offset times.\nThis warning appears on minimal VPS setups; see First-run smell test.

¿Why does the editor sometimes fail to highlight syntax for .ini files?

The CodeMirror mode mapping doesn’t include `.ini` or `.cfg`. It falls back to plain text. You can add `'ini'` to the `modeMap` array inside index.php and point it to the `properties` mode if your CodeMirror bundle includes it. The bundled CodeMirror is stripped-down; you may need to embed the `properties` mode JavaScript.\nI’ve manually patched this for config-heavy projects.

¿Can I completely disable the ability to edit files from the interface?

Yes. For a specific user, set their capabilities to exclude `'edit'`. For all users, remove `'edit'` from the default capabilities array. The Edit icon disappears from the file listing. I use this on servers where I only want file transfers, never code changes.\nCapability-based access control; see What it does well.

¿How do I change the Chmod dialog to show human-readable permissions instead of octal?

The dialog hardcodes an octal input field. To display checkboxes like “Read, Write, Execute” for Owner/Group/Other, you’d need to rewrite the permission dialog HTML and JavaScript. Not configurable. I’ve looked at this code; it’s a long-standing limitation.\nIf you need a friendly permission editor, use a more feature-rich file manager.

¿Does Tiny File Manager handle very long filenames (over 255 characters)?

It depends on your filesystem. If the server’s filesystem (ext4, NTFS) supports long names, PHP can read them. The interface truncates display with an ellipsis after ~50 characters. You can hover for a full title tooltip. Editing or downloading works, but the rename field may cut off if the browser has input limits.\nI’ve used it on files with 300-character names; they survived.

¿What’s the hardcoded session name, and why should I change it?

Default `'session_name'` is `'tinymanager'`. If two separate TFM installations on the same domain share the session name, logging into one logs you out of the other. Change it per instance: `$config['session_name'] = 'tfm_site1';`.\nI learned this after a frustrating session collision; see Default settings.

¿Can I use HTML in the file editor without it being escaped?

The editor is a textarea with CodeMirror overlay; it edits raw file content. No automatic escaping or unescaping. If you open an HTML file, you’ll see the raw HTML source. Saving preserves whatever you typed. There’s no WYSIWYG.\nThat’s a feature, not a bug, for developers.

¿How do I completely remove the built-in search bar?

Comment out or delete the search form HTML in index.php. Search for `<form class="search-form"`. Removing it doesn’t break anything. I’ve done this on public-facing instances to reduce the attack surface slightly (less query string parsing).\nBut the search function still exists if someone crafts a URL; to fully disable, also comment out the PHP search handler.

¿Why do I get “403 Forbidden” after enabling IP whitelisting?

Your IP doesn’t match an entry in `$config['ip_whitelist']`. Check `$_SERVER['REMOTE_ADDR']` from a PHP info page to see what IP the server sees. If behind a proxy, you may need `HTTP_X_FORWARDED_FOR`; you’d have to patch the source to use that header.\nIP detection is basic; see Community for proxy nuances.

¿Can I filter files by extension in the listing?

No built-in filter. The file table shows everything not hidden. You can use the search (which includes extensions in filename matching), but it’s not a filter. I’ve wished for a “Show only .log” toggle many times.\nYou could add a query parameter filter by modifying the file listing loop.

¿Is there a way to see file diffs between versions?

No versioning, so no diffs. If you need a quick diff, download the file before editing, then compare locally. There’s no integrated diff viewer.\nThis is a major reason I don’t use it for collaborative development.

¿How do I display hidden dotfiles (like .htaccess) if they’re hidden by the config?

The `'hidden_files'` config array might contain patterns like `'.*'` which would hide all dotfiles. Check the array; it uses glob-style patterns. If you see `'.*'`, remove it. The default doesn’t hide dotfiles, but some sample configs include it.\nI once spent 20 minutes looking for a .env file that the hidden_files pattern swallowed.

¿Can I run Tiny File Manager on a read-only filesystem?

The tool will mostly work for browsing and downloading, but any write action (upload, edit, delete, rename, chmod) will fail with a PHP error. The interface may show the action buttons, but clicking them will produce a white screen or a vague “Error” message. Not recommended.\nI’ve run it on a mounted ISO for viewing; worked, but write errors were ugly.

¿Does it support editing files over SSH or FTP remotely?

No. The tool only accesses the local filesystem where PHP runs. You can’t point it at a remote server via SFTP or FTP. Use your desktop file manager for that.\nPeople have asked for this; it’s out of scope.

¿Why does the upload fail silently on large files even though I increased PHP limits?

Check `post_max_size` and `upload_max_filesize` in php.ini, but also check `max_input_time` and `max_execution_time`. On slow connections, the upload might hit the time limit before the transfer completes. Also, some servers have `LimitRequestBody` in Apache or `client_max_body_size` in Nginx that can block before PHP sees it.\nI troubleshooted a 500 error for an hour; the Nginx limit was the culprit.

¿How do I add a “View” link that opens a file in a new tab for non-editable types like PDF?

The file listing already has a clickable filename that opens the file directly (download/view depending on browser). For PDFs, the browser will display it if it has a PDF plugin. You don’t need an extra “View” icon; just click the filename. I missed this for months because I kept clicking the edit icon.\nCheck the file row: the filename is a link.

¿Can I disable the inline code editor and only have a plain textarea?

Set the editor mode to `'text/plain'` unconditionally by editing the `mode` initialization in the JavaScript where CodeMirror is attached. Change `mode: ...` to `mode: 'text/plain'`. This keeps line numbers but removes syntax highlighting. I’ve done this on very old browsers that struggled with CodeMirror.\nNo config toggle; it’s a source patch.

¿How do I manage file permissions for a user that only needs to upload but not delete?

Set their capabilities to `['upload', 'download', 'rename', 'copy']`. Exclude `'delete'` and `'edit'`. The Delete icon won’t appear, and the delete action is blocked server-side if they craft a URL.\nI’ve used this for a drop-box folder; see Intermediate use.

¿Is there a way to create a symbolic link from the interface?

No. The tool doesn’t expose symlink creation. You can see existing symlinks, and follow them if your PHP settings permit, but not create new ones. That’s a deliberate limitation to avoid abuse.

¿How do I tell which PHP user the file manager runs as?

Look at the file listing’s “Owner” column (if not disabled). It shows the user name. Alternatively, create a file and check its owner via SSH. This matters because file operations will have that user’s permissions. On shared hosting, it’s usually your account user.\nKnowing this prevents “permission denied” mysteries.

¿Can I restrict the file manager to only serve files from a specific domain?

Not within the tool. Use your web server’s virtual host configuration to restrict access to a specific domain, or use `.htaccess` to check the `Host` header. TFM doesn’t care about domains.\nI’ve used this trick to keep the manager only accessible on an admin subdomain.

¿What happens if two users edit the same file simultaneously?

Last save wins. No locking, no conflict detection. If User A saves, then User B saves a minute later, User B’s version overwrites User A’s changes completely. I’ve lost co-worker edits this way. Now we agree on a single editor.\nNot for teams.

¿Does Tiny File Manager support chunked uploads for resuming large transfers?

No. It’s a single POST request. If the connection drops, you start over. For large files, use FTP or a dedicated upload tool.

¿Why does the file tree sidebar show directories I don’t have permission to read?

It attempts to scan recursively, and if a directory is unreadable, PHP may emit a warning (suppressed or not) and skip it. The tree won’t show contents, but the directory name might still appear if the parent directory lists it. This can reveal folder existence. I consider it a minor info leak.\nHarden with `open_basedir` and proper permissions.

¿How do I add a custom footer or legal notice?

Edit the HTML footer inside index.php. Look for the `<div class="footer">` or the credit line. Replace or append your text. I’ve added “Unauthorized access prohibited” warnings.\nManual but easy.

¿Can I use Tiny File Manager to edit crontab files?

If you navigate to the directory where user crontabs are stored (usually not web-accessible), you could edit them, but it’s a terrible idea. Cron jobs require proper syntax and a daemon reload. Use `crontab -e` instead.

¿Is there a way to export the config to share between installations?

The config is just a PHP array. You can copy the `$config = [...]` block from one index.php to another. I keep a snippet with my preferred settings and paste it into fresh downloads.\nSimplifies the “default settings are a lie” ritual.

¿What does the “Refresh” button do exactly?

It reloads the current directory listing, bypassing the browser cache by appending a timestamp query parameter. Useful after an FTP upload or external file change. It doesn’t clear the session.\nI use it after I’ve created a file via terminal to see it appear.

¿How do I report a bug that’s security-sensitive without public disclosure?

The project has no `SECURITY.md` or private reporting channel. Your best option is to contact the maintainer via GitHub profile email (if available) or, for a critical vulnerability, consider responsible disclosure through a platform like huntr.dev if the project is enrolled (it isn’t). This is a gap.\nI’d try to find an email from commit history.

¿Can I use this tool as a simple web-based code editor for quick prototypes?

Yes, absolutely. I spin up a temporary PHP server, load the tool, create a new .php file, and start coding. It’s faster than setting up a full IDE for a one-off script. The instant feedback (save, switch to browser tab, reload) is satisfying.\nI’ve built tiny throwaway apps this way.

¿Why are file sizes displayed in KiB but not configurable?

The display uses a `formatSize` function that automatically switches to KiB, MiB, GiB. You can change the thresholds in that function inside index.php if you want decimal MB (1000-based) instead of binary MiB (1024-based). I’ve left it alone.\nThe default is fine for most.

¿How do I add a button to copy a file’s full path?

I added a “Copy path” anchor by editing the HTML row generation and using `navigator.clipboard.writeText()`. Not a built-in feature. Mine was a 3-line JavaScript addition.\nSee my competitor wishlist for similar quality-of-life tweaks.

¿Does the tool log failed login attempts?

No. No log, no brute-force protection. Repeated guesses will hammer the server. I recommend IP whitelisting or HTTP Basic Auth in front to absorb the brunt.\nVital security consideration; the lack of rate limiting is a silent risk.

¿Can I change the default action when clicking a file from “open in editor” to “download”?

Yes, you can modify the link’s behavior in the file listing loop. Change the `<a href="...?action=edit...">` to point to `?action=download` or just link to the file directly. This requires source editing.\nI did this for a read-only audit portal.

¿What is the `$config['root_path']` exactly?

An absolute server path that becomes the highest directory the file manager can access. Setting `/var/www/html/uploads` means the user sees that as `/`. They cannot navigate to `/var/www/html` or above. The tool enforces this with `realpath()` checks.\nCrucial for jailing users.

¿Can I embed Tiny File Manager in an iframe for my admin panel?

Yes, but session cookies might be blocked if the iframe is cross-origin. If same-origin, set `X-Frame-Options` appropriately. The login form inside an iframe works. I’ve embedded it into a custom dashboard.\nBe mindful of clickjacking risks if your admin panel isn’t secure.

¿How do I clear the file manager cache?

There’s no built-in cache beyond the PHP session. The file listing is generated fresh each request. If you’re seeing stale data, your browser might be caching the page. Use the Refresh button or clear browser cache.

¿Why do uploaded files get permissions like 0600 or 0644?

PHP’s default `upload_tmp_dir` permissions and the web server’s umask determine that. You can change the umask in index.php with `umask(0022);` before the upload handling to get 0644 or 0755. I’ve added this when files were uploaded unreadable.\nNot the tool’s fault, but it’s a common frustration.

¿Is there a mobile-friendly alternative to Tiny File Manager for phone use?

No direct alternative with the same single-file simplicity. I use Termux with a terminal file manager or SSH. For a web-based mobile option, FileBrowser has a responsive UI but requires installation.\nI covered mobile issues in UX horrors.

¿Can I change the date format in the file listing?

Yes, locate the `date` formatting function in index.php. It uses `date('Y-m-d H:i:s')` by default. Change to your preferred format. I use `'d M Y H:i'` for readability.\nSimple edit, no config.

¿How do I prevent the tool from following symbolic links outside the root_path?

The tool uses `realpath()` to resolve the final path and then checks if it starts with the allowed root. If a symlink points outside, and the resolved path is outside, access is denied. However, the tree builder may still list the symlink name. Test thoroughly.

¿What’s the significance of the `$config['salt']` setting?

It’s an optional extra string mixed into password hashing for legacy SHA-256 mode. If you use bcrypt (via `password_hash`), the salt is ignored. Modern installs don’t need it; leave it empty or remove it.\nI never set it; it’s a leftover from older PHP versions.- ¿Can Tiny File Manager handle files with special characters like `#` or `%` in the name?
Yes, but you need to be careful. PHP’s URL encoding may mangle them if you click on the file link. The tool urlencodes filenames in links, so characters like `#` become `%23`. Download and edit usually work. The search may treat `%` as a literal percent sign, not a wildcard. I’ve had files with `#` in the name open fine in the editor, but sharing their URL directly was a pain because the browser interprets `#` as a fragment.\nStick to alphanumeric, dash, and underscore when possible.

¿How do I change the number of lines displayed in the code editor?

The editor auto-sizes to fill the viewport. There’s no “lines per page” setting. You can adjust the CSS height of the `.CodeMirror` div. By default, it expands to show all lines if the file is small; for large files, the browser sets a max-height based on the viewport. I’ve added `max-height: 80vh; overflow-y: auto;` to the editor container for very long files.\nSee Performance notes on large file editing.

¿Why do I get a “No such file or directory” error when trying to extract a zip?

Possible causes: the zip extension is missing, the archive is corrupted, the path contains non-ASCII characters that confuse the zip library, or the target directory isn’t writable. The error message is generic. I debug by extracting via command line first.\nAlso, if the zip contains files with absolute paths, the extraction may fail for security reasons. TFM strips leading slashes, but edge cases exist.

¿Can I run Tiny File Manager from a subdirectory and have it manage the parent directory?

By default, the root_path is where index.php lives. If you place index.php in `/var/www/manager/` and set `'root_path' => '/var/www/'`, then the tool will start at `/var/www/` and you can navigate to the parent directory. The manager file itself will be visible inside the listing, which might be a security concern (someone could edit or delete it). I avoid this by putting the manager outside the served root.\nBetter: set root_path to exactly the directory you need to manage.

¿How do I lock down Tiny File Manager so it can only be used from a specific referer?

Not built-in. You’d add a PHP check at the top: `if (strpos($_SERVER['HTTP_REFERER'] ?? '', 'yourdomain.com') === false) { die('Access denied'); }`. But referers can be spoofed. It’s security theater.

¿Does the tool keep session data in a database?

No, it uses PHP’s default file-based session handler. Session files are stored in the path specified by `session.save_path` in php.ini, typically `/tmp`. On shared hosts, that directory might be world-readable, which is a risk. You can change the save path with `ini_set` if you have a private directory.\nI’ve seen other users’ session files in /tmp on poorly configured hosts.

¿Can I integrate a WYSIWYG editor like TinyMCE for HTML files?

You would need to embed the TinyMCE library into the PHP file (inline or externally loaded) and conditionally initialize it instead of CodeMirror for `.html` files. That’s a massive hack. I haven’t tried it because the tool isn’t meant for that, but in theory it’s possible with heavy modification.

¿What are the known issues with PHP 8.1 or 8.2?

A few deprecation notices: passing null to string functions, dynamic property creation. They’re mostly suppressed by error reporting settings. The tool works, but your error log might fill up if you have `E_DEPRECATED` on. I silenced them by setting `error_reporting(E_ALL & ~E_DEPRECATED);` at the top.\nNo fatal errors as of 2.6.6.

¿How do I create a text file with a specific extension from the “New File” button?

Click “New File”, type the full filename with extension, like `data.json`. The tool creates the file with that exact name. No separate extension field. I’ve accidentally created extensionless files by typing only a name; you can rename later.

¿Is there a way to calculate directory sizes in the listing?

No, the file listing shows size only for files, not directories. The sidebar tree also doesn’t show sizes. To get a directory’s size, you’d need to zip it and check the archive size or use a separate script. I’ve wanted “folder size” for years.\nIt would require recursive scanning, which is heavy.

¿Can I configure the tool to automatically log out after closing the browser?

Session cookies are session-based by default, so closing the browser should delete the cookie (unless you’ve set a persistent lifetime). The `session.cookie_lifetime` setting in php.ini controls this. Setting it to 0 means the cookie expires when the browser closes. That’s the default.\nBut if you set a long `session_timeout`, the session file on the server may linger after you close the browser. It’s not a true logout until garbage collection.

¿How do I rename a file with a trailing space? (if my filesystem allows it)

The rename input probably trims whitespace. If you manage to type it, the file system might accept it, but the interface will be confusing. Avoid trailing spaces in filenames.

¿Can Tiny File Manager be used as a makeshift file sharing platform for a small team?

Only if you set up user accounts with their own folders, and everyone is disciplined about not overwriting each other. There’s no notification, no comments, no versioning. For a team of 2–3 who just need a simple upload/download spot, it works. For anything more, it’s too primitive.\nI’ve done this for temporary project file drops; it was okay.

¿Why does the search function not find files in a directory tree with over 10,000 files?

The search uses `RecursiveDirectoryIterator` with a filter. It scans each filename, which can be slow but should still work. If it fails entirely, you might have hit the PHP memory limit or execution time. Increase both. Also, the search might return a truncated list if there are too many results; the UI may show only the first few hundred.\nIn my test with 12,000 files it found everything but took a couple seconds.

¿How do I disable the “Copy” and “Move” buttons for a user?

Remove `'copy'` and `'move'` from their capabilities array. The buttons disappear. Simple.

¿What’s the easiest way to password-protect a whole directory and serve its contents for download?

Tiny File Manager isn’t designed for that. You’d be better off with a simple PHP script that checks a password and then lists files, or use Apache’s directory listing with basic auth. TFM allows too many actions for a simple download portal.

¿Can I change the default zip compression level?

The `compress` method uses `ZipArchive` with default compression. You can add `$zip->setCompressionIndex(...)` calls in the source. I needed smaller archives and edited the compression function to use `ZipArchive::CM_DEFLATE` with level 9. It’s in the `compress` action handler.

¿Why is the file tree sidebar completely empty on a fresh install?

You might be at the root_path and there are no subdirectories, or PHP’s `scandir` is disabled by your host (unlikely). Check the browser console for JavaScript errors; the tree is built server-side as HTML, so view source to see if the HTML is present. If not, PHP may be erroring silently.

¿Does Tiny File Manager work with Safari on iOS?

Yes, I’ve used it on an iPhone. The layout is cramped but functional. The upload button works with the iOS file picker. Editing text is painful because the CodeMirror textarea sometimes fights with the iOS keyboard. It’s usable for quick renames and downloads.\nSee Accessibility notes on mobile.

¿How do I get the raw source code without git?

On the GitHub releases page, right-click the `tinyfilemanager.php` file and “Save link as”. That’s the whole application.

¿Is there a way to switch off the “loading” spinner that appears on page transitions?

The spinner is a CSS animation triggered by page loads. You can hide it by adding custom CSS: `.spinner { display: none; }` inside the `<style>` block. I find it reassuring on slow servers.

¿What PHP function does the tool use for password hashing?

If available, `password_hash()` with `PASSWORD_BCRYPT` (or `PASSWORD_DEFAULT`). The config `'hash_function'` can be set to `'sha256'` for legacy fallback. I strongly recommend sticking with bcrypt; it’s the default now.

¿Can I limit login attempts to one per second?

No built-in throttling. You’d need to implement IP-based rate limiting in your web server or add a session/cookie check at the top of index.php. I’ve seen a brute-force attempt in my logs that tried 1000 passwords in an hour.

¿How do I completely log out and destroy all session data?

Click the logout icon. It calls `session_destroy()` and clears the cookie. To be extra safe, close the browser. The session file is deleted by PHP eventually.

¿Why does the file manager show the PHP version at the bottom?

The footer includes `show_phpinfo` link, but not the version directly. If you see version info, it might be from the PHP Info page. There’s no constant version footer. I prefer it that way — less info leakage.

¿Can I delete multiple files at once?

Yes, use the checkboxes on the left side of each file row (the columns without labels). Select multiple files, then use the “Delete” button that appears in the toolbar. I missed this for months because on mobile the checkboxes are nearly invisible. Be careful: it permanently deletes without a trash bin.\nMultiple delete works, but the confirmation dialog says “Are you sure?” for the whole batch; you can’t review the list.

¿Is there a shortcut to go up one directory?

Click the “..” folder at the top of the file list. Or the up-arrow icon in the toolbar. No keyboard shortcut, but clicking works.

¿How do I view hidden files like `.htaccess`?

They’re visible by default unless hidden by the `'hidden_files'` array. Check that array. If they’re not hidden, they’ll appear in the listing with a dot prefix. The search may not find dotfiles unless you include the dot in your search term.

¿Can I use this tool to patch a server vulnerability quickly?

That’s exactly its emergency use case. I’ve uploaded it via a compromised WordPress upload form, navigated to the vulnerable plugin, and deleted the offending file within 60 seconds. Because it’s one file, the attack surface is minimal. Just delete it immediately after.\nThat’s the real-world example I opened with.

¿What happens if I run two instances of Tiny File Manager in two browser tabs?

They share the same PHP session, so they’re effectively the same user. You can browse different directories in each tab; they won’t interfere. But if you log out in one tab, the other tab’s session is also gone. I often work with two tabs for moving files.\nNot multi-session; just same session, multiple views.

¿Why does the upload progress bar sometimes jump to 100% immediately?

For small files, the upload completes before the progress animation catches up. It’s normal. For large files, the bar works as expected.

¿Can I change the file icons from FontAwesome to something else?

The icons are embedded SVG paths from FontAwesome 4. You can replace the SVGs in the PHP function that generates them. I replaced a few with custom SVGs for specific file types.\nDeep source edit.

¿How do I get the latest development version between releases?

Clone the repository, or download the raw `index.php` from the `master` branch. Be aware that it might contain bugs or unfinished features. I test in a sandbox first.

¿Is there a way to trigger a file download without a right-click?

Click the filename directly; it’s a link that serves the file for download. If it’s an image or PDF, the browser may display it inline. You can add `?download=1` to the URL, but the tool doesn’t automatically append that. You’d modify the link target.\nI normally just middle-click to open in a new tab.

¿What’s the minimal PHP knowledge required to maintain a Tiny File Manager instance?

You need to know how to edit a PHP array, understand string quoting, and know how to upload a file via FTP. That’s it. But to harden it, you should understand file permissions, `open_basedir`, and HTTPS. That’s maybe a day of learning.\nSee Who it’s for — Beginner.- ¿How do I change the default sorting order of files on first load?
The initial sorting is by name ascending. To change it, edit the JavaScript that runs on page load. Look for a line like `sortTable(0, true);` — the first parameter is the column index (0=Name, 1=Size, 2=Date, 3=Permissions), and `true` means ascending. Change to `sortTable(2, false);` for date descending by default. I keep a modified version that sorts newest files first.\nNo config for this; it's a script edit.

¿Why does the text editor add extra blank lines when saving files with Windows line endings?

If the file has CRLF endings, the editor may normalize them to LF on save depending on your PHP configuration and the CodeMirror settings. The bundled CodeMirror doesn't explicitly preserve line endings; it uses the browser's textarea behavior. I've had files change from CRLF to LF without warning. You can mitigate by setting `'lineEnding'` in the editor config if you modify the source, but it's not exposed.\nThis is the line-ending issue I noted in First-run smell test.

¿Can I use environment variables to set the password so it's not hardcoded?

Yes, edit the config array: `'admin' => getenv('TFM_ADMIN_PASS_HASH') ?: 'fallback_hash'`. The password must be a pre-hashed string, not plaintext. You'd set the environment variable in your web server config or .htaccess. I've used this on a Docker setup.\nNot a built-in feature, but the config is PHP, so you can do it.

¿How do I block access to the file manager from specific user agents?

Add a condition at the top of index.php: `if (strpos($_SERVER['HTTP_USER_AGENT'], 'BadBot') !== false) { header('HTTP/1.0 403 Forbidden'); die(); }`. This is a crude filter but can stop some scanners.

¿Is there any protection against path traversal in the `?p=` parameter?

Yes, the tool uses `realpath()` and checks that the resolved path is within the allowed root. It also strips `..` sequences. I've tested it with encoded dots and null bytes; the current version blocks them. However, always keep the tool updated.

¿Can I edit a file's permissions to be executable from the interface?

The chmod dialog allows you to set any octal value like 0755. If the web server user has permission to change modes, it will become executable. On shared hosting, execute permissions may be restricted. I've used it to make a script executable.

¿What happens if the `root_path` is set to a directory that doesn't exist?

The tool will try to list it, fail, and probably show an empty directory or an error message "Directory does not exist". It might fall back to the directory containing index.php. I always verify the path exists before setting it.

¿How do I add a custom help page or link inside the interface?

Edit the HTML in the navbar or footer to include your link. For example, add `<a href="help.html" target="_blank">Help</a>` next to the other toolbar icons. I've linked to internal wiki pages.

¿Does the tool show the current disk usage or free space?

No. That would require `disk_free_space()` and `disk_total_space()`, which aren't implemented. You'd need to add those calls in the file listing area. I've missed this feature when cleaning up disk-hogging directories.

¿Why are my custom config changes lost after updating?

Because the config is part of the same PHP file. A new download overwrites everything. I keep a diff of my config block and reapply it after updates. Or I store my config in a separate `config.php` (with a `require`), but that's not officially supported and I have to make sure it's outside the web root.\nSee Maintenance burden in Hidden costs.

¿Can I use Tiny File Manager with a load balancer?

Yes, but sessions must be sticky (session affinity) or stored in a shared location (like Redis) across all nodes. The default file-based sessions won't work unless the load balancer directs the same user to the same server. I had to configure Nginx sticky sessions for a multi-server setup.

¿How do I disable the right-click context menu in the file list?

Add `oncontextmenu="return false;"` to the file table HTML, or use JavaScript. Not recommended for usability, but I've seen admins do it to deter easy "Save As".

¿Is there a way to generate a password hash for the config from the tool itself?

No. You must use an external method: PHP command line, an online tool (not recommended), or a temporary PHP script. I keep a snippet `hash.php` that I delete after use.

¿Why does searching for "*.txt" not work?

The search by default doesn't support glob patterns; it's a literal substring match against the filename. To search for all `.txt` files, just search for `.txt` — that will match any filename containing `.txt`, which includes extensions. For regex, you'd enable `'search_regex'` in the config if the version supports it, then use `\.txt$`.\nI cover search limitations elsewhere.

¿Can I limit the file manager to only show files from today?

No native date filter. You could add a query parameter and modify the file listing loop to compare filemtime with today's date. That's a customization.

¿How do I prevent the browser from caching the login page?

Add headers at the top: `header("Cache-Control: no-store, must-revalidate");`. The tool doesn't send these. I add them on high-security instances to prevent back-button access after logout.

¿What's the `$config['timezone']` setting for?

It's documented in the comments but not always used consistently. You can set it to a valid timezone like `'America/New_York'` and it will call `date_default_timezone_set()`. This fixes the date warning. I set it instead of editing php.ini.

¿Can I change the "Tiny File Manager" page title?

Yes, edit the `<title>` tag in the HTML head. It's hardcoded. I change it to something like "Site Admin Files" so it's less obvious.

¿How do I add a "Select All" checkbox for bulk operations?

The file table header doesn't have a "select all" checkbox. You'd need to add one and write JavaScript. I've done it by pasting a snippet from Stack Overflow. Useful for moving many files.

¿Does the tool support file encryption at rest?

No. It doesn't encrypt anything. If you need encrypted files, use a tool like Cryptomator or Veracrypt before uploading. TFM just sees the encrypted blobs.

¿Can I run Tiny File Manager behind a Cloudflare Access (Zero Trust) login?

Yes. The flow would be: Cloudflare Access prompts for authentication, then allows access to the TFM URL. TFM's own login would still be there unless you disable it (by auto-login via a set cookie or removing the auth check — which I don't recommend). You get two layers, which is great. I've done this.

¿How do I fix "undefined index" PHP notices when the config is incomplete?

Ensure all expected keys in the `$config` array exist. Download a fresh copy to see the defaults. Often the `'capabilities'` or `'user_dirs'` arrays are missing keys. I silence notices in production with `error_reporting(E_ALL & ~E_NOTICE);`.

¿Can I change the encoding of the file editor to ISO-8859-1?

CodeMirror and the browser textarea work in UTF-8. You'd have to manually convert file contents on save/load. This is complex and not supported. Stick to UTF-8.

¿What's the easiest way to delete the tool after use without leaving a trace?

Navigate to the directory containing index.php, click the checkbox next to it, and click Delete. Confirm. Poof. The tool deletes itself. I find this darkly amusing. Of course, you need another way to delete it if you're logged out.

¿Does Tiny File Manager handle file names with spaces correctly?

Yes, it urlencodes them in links. Spaces become `%20`. Uploads, downloads, and edits work fine. I've never had a problem with spaces.

¿Can I add a logout timer that warns the user before session expiry?

No. The session just dies. You could add JavaScript that polls a PHP script for remaining session time and shows a warning, but nothing built-in. The silent logout is a major UX flaw.

¿How do I prevent users from uploading PHP files?

There's a `$config['upload_exts']` array for allowed file extensions. If you omit `'php'`, PHP files won't be allowed. I set this on a client's folder to `['jpg','png','pdf']` to prevent code execution. Note: the check is based on file extension, not MIME type, so renaming a `.php` to `.jpg` bypasses it.

¿Can I use the tool to schedule a file for later deletion via a cron job?

The tool itself has no cron. But you could create a file like `delete_me_after_20241231.txt`, and have a system cron job that finds and deletes files matching a pattern. I've done this as a workaround.

¿Is there a way to display a custom message on the login page?

Edit the HTML before the login form. I've added a "For authorized use only" warning. Simple HTML change.

¿Why does the tree sidebar flicker when expanding a directory?

It reloads the entire page for directory navigation. There's no AJAX in the tree. The flicker is the full page refresh. That's by design.

¿How do I set the editor to wrap long lines?

CodeMirror's `lineWrapping` is off by default. To enable, find the CodeMirror init and set `lineWrapping: true`. I turn it on for prose or markdown editing. No config toggle.

¿Can I set a default download action to force file download instead of displaying in browser?

You can modify the file link to include `?action=download&file=...`, which triggers a `Content-Disposition: attachment` header. The tool already uses this when you click the Download icon. The filename click usually links directly and relies on browser behavior. I sometimes patch the filename link to use the download action if I always want downloads.

¿What's the most common mistake new users make?

Leaving the default admin/admin password. I cannot stress this enough. The second is not setting `root_path` and accidentally exposing system files. The third is editing a file without a backup and losing work. I've made all three.

¿Can I change the color of the delete button to something less alarming? (or more alarming)

You can override the CSS inline. I made it a muted gray for a user who panicked at red. Find the `.delete` class and change `color`.

¿How do I contribute to the project if I'm not a developer?

You can improve translations, write documentation, answer GitHub issues, or sponsor the maintainer if they have a donation link. I haven't seen a sponsor button; contributing means submitting pull requests or issues.

¿Is there any support for right-to-left file names in the tree?

Filenames in Arabic or Hebrew will display in RTL direction because the browser handles bidirectional text. The tree structure itself stays left-to-right. It looks acceptable but not polished.

¿Can I use this on a server with PHP in CGI mode?

Yes, it works, but session handling might be quirky. Test thoroughly. I've run it on a old cPanel with suPHP without issues.

¿What happens if the `index.php` file permissions are set to 0777?

It will still run, but it's a massive security risk because any user on the server could modify it. The file should be readable by the web server user, and writable only by you (e.g., 0644 or 0600). I've seen hacked sites where TFM was world-writable and got injected with malware.

¿Can I copy a file path to clipboard from the interface?

Not without custom JS. I added a little clipboard button next to each file's path. It's a simple script: `navigator.clipboard.writeText(path)`. That's in my personal patch set.

¿Why do I get a warning about `session_start()` when using a custom session handler?

If you set `session.save_handler` to something like `memcached`, ensure the extension is loaded. The tool calls `session_start()` blindly; any error there will crash the page. I configure my session settings before including the tool.

¿How do I hide the "check for updates" message (if any)?

There is no automatic update check; the tool doesn't phone home. So no message to hide.

¿Can I lock a file to prevent editing while I'm working on it?

No. You can rename it to `filename.locked` manually as a signal to others, but there's no enforcement. I've used a naming convention with a team.

¿Is the code editor's syntax highlighting theme separate from the dark mode toggle?

Yes. Dark mode changes the overall UI colors, but the editor theme is set separately in the source (default `'default'` theme which adapts to light/dark somewhat via CSS). To get a proper dark editor theme, you need to embed a CodeMirror theme CSS. I embedded `'monokai'` once.

¿What's the quickest way to test if the file manager is still working after a PHP upgrade?

Visit the URL. If you see the login page, it's 90% fine. Then log in and try to create a test file and delete it. That verifies sessions and file operations.

¿Can I rename a directory from the interface?

Yes, there's a rename icon next to directories in the tree or file list (depending on version). It works like renaming files. I've renamed directories many times.

¿How do I add a "Reload" button for the code editor to revert to saved version?

The editor has no revert function. You'd have to close the editor and reopen the file. I once added a "Discard changes" link that reloaded the page, effectively reverting.

¿Why do some files show a "0" size when they actually have content?

Possibly a filesystem glitch, or the file is a pipe/special file. Rare. Or the PHP `stat` cache is stale; call `clearstatcache()` if you suspect that. I've seen it on NFS mounts.

¿Can I restrict uploads to only certain file size on a per-user basis?

No, the PHP limits apply globally. There's no per-user quota system in the tool. You'd need separate PHP pools with different limits.

¿What do I do if I accidentally delete the file manager itself?

If you left an FTP or SSH session open, upload a new copy. If not, you'll need hosting control panel access to upload a fresh file. The self-delete is possible via the interface, so be cautious.

¿How do I make the file list show the number of items in the current directory?

The footer or a location bar could display it. By default, it doesn't. I added a PHP echo of `count($files)` after the loop to show "X files". A small quality-of-life addition.

¿Can I change the default editor from CodeMirror to a plain textarea for performance?

Yes, you can comment out the CodeMirror initialization JavaScript and just let the `<textarea>` show. I've done this on a very slow device; it works but loses syntax highlighting and line numbers.

¿Is the project still actively maintained in 2025?

Based on the commit history, it's sporadically maintained. The last release was Sept 2023. There are commits in 2024 but no new release. It's not dead, but it's not fast-paced.\nSee bus-factor deep dive.

¿Where can I ask for help if I'm stuck?

The GitHub Issues page is the only official forum. I've found helpful users there. You can also search Stack Overflow for "tinyfilemanager" — a few questions exist with answers. But there's no chat community.- ¿Does Tiny File Manager have any kind of plugin system?
No. The code is monolithic, with no hooks or event system. Extending it means forking and editing the PHP and JavaScript directly. I wrote a small custom auth hook by adding a `call_user_func` in the login check, but I had to place it manually. This is the biggest architectural limitation for me.\nSee What I’d change — I wish there was a way to add features without forking.

¿How do I clear the PHP stat cache from within the tool?

You can’t from the UI. The tool uses `clearstatcache()` in a few places, but if you suspect stale file sizes or dates, you can add a manual call in the source or just wait; PHP usually clears it between requests. On very high-traffic sites, it might become an issue.

¿Why are file owner and group shown as numbers instead of names?

The PHP functions `fileowner()` and `filegroup()` return numeric IDs. The tool then uses `posix_getpwuid()` and `posix_getgrgid()` to resolve them to names if the POSIX extension is available. On Windows or minimal Linux installs without that extension, you'll see numbers. I had a Docker container where POSIX wasn't enabled, and all owners were `1000`.\nI recommend disabling owner/group display anyway for privacy.

¿Can I set different session timeouts for different users?

No. The `$config['session_timeout']` is global. You'd need to implement per-user handling by storing login time in the session and doing a custom check. Not trivial.

¿How do I completely disable the ability to download files?

Remove `'download'` from the user's capabilities. The download icon and the direct file links will be hidden. The server-side action will still be blocked. I set this for a user who only needs to upload and edit text.

¿What is the exact size of the inline CodeMirror library?

It's about 200 KB of base64-encoded JavaScript and CSS embedded in the PHP file. This adds to the file size but ensures no external dependencies. On a slow connection, the file download takes a second or two. I’ve gzipped it at the server level, which reduces it to around 70 KB over the wire.

¿Can I set a custom error log file for Tiny File Manager?

You can add `ini_set('error_log', '/path/to/custom.log');` at the top of index.php. This will log PHP errors from the tool to a separate file, keeping your main logs clean. I do this on shared hosting where I can't access the main error log.

¿Why does the login page sometimes reload without an error message?

If the password is incorrect, it redirects back to the login page with a `?error=1` parameter, but the error message display depends on the language file. If the translation is missing, you'll just see a blank redirect. Check the URL for `?error=1`. I added a hardcoded "Invalid credentials" message in my instance.

¿Can I use the file manager to create a .tar.gz archive without zip?

Yes, the "Compress" button offers both "zip" and "tar.gz" options if the `PharData` class is available (which it usually is in PHP 5.3+). I prefer tar.gz for better compatibility on Linux servers.

¿How do I prevent the editor from converting tabs to spaces?

CodeMirror's default is to not replace tabs. But the browser textarea might behave oddly. You can set `indentWithTabs: true` and `tabSize` in the CodeMirror init to preserve tabs. I set this for Makefiles and Go code.

¿Is there a limit on the number of user accounts I can define?

Technically no, but all users are stored in the PHP array, so adding hundreds would make the file huge and parsing slow. For a handful of users, it's fine. For many, you should use a database-backed solution like FileRun.

¿What's the hidden cost of editing a live WordPress site with this tool?

The hidden cost is potential downtime. A syntax error in `functions.php` or `wp-config.php` takes the site offline. If you don't have an alternative access method (SSH, FTP) to revert the change, you're stuck until your host intervenes. I've been there. Always keep a backup editor access.

¿Can I use Tiny File Manager on a server with SELinux enforcing?

Yes, but file operations may be blocked unless the web server's context allows writing. You'll see "Permission denied" in the PHP logs. You may need to adjust the context of the directories (`httpd_sys_rw_content_t`). I spent a whole day diagnosing silent failures on a Fedora server with SELinux.

¿How do I add a simple hit counter or visitor log to the file manager?

Not built-in. You'd need to add a file write in the PHP code that appends a timestamp and IP to a log file. I added one for an internal tool to see who was using it.

¿Does the tool support editing JSON files with validation?

The editor highlights JSON syntax, but there's no validation beyond syntax highlighting (which will show mismatched brackets). It won't tell you if the JSON is malformed. I use a separate online validator for critical configs.

¿Can I change the dialog box for delete confirmation to a custom modal?

The confirmation is a standard browser `confirm()` dialog. To customize it, you'd replace the JavaScript with a custom modal library. That's a large UI overhaul.

¿Why does the file manager not list files in a mounted NFS share?

If PHP's `open_basedir` restriction doesn't include the mount point, or the web server user lacks permissions, the directory will appear empty or throw an error. Check permissions and PHP settings. I've used it on NFS by relaxing `open_basedir`.

¿Can I link directly to a file for a user to download without logging in?

Only if the file is in a public web-accessible directory and not behind the tool's authentication. TFM doesn't generate public links. You'd move the file to a public folder or set up a separate script.

¿How do I set the default color scheme for the file listing (zebra striping)?

The CSS includes alternating row colors (`:nth-child(even)`). You can modify the `<style>` block to change them. I've tweaked the dark theme's striping for better contrast.

¿Can I use this to manage files on a FTP server that's mounted locally via curlftpfs?

If the FTP is mounted as a local filesystem, yes. PHP sees it as a normal directory, but performance may be abysmal because every directory scan goes over FTP. I tried this once; the file tree took 30 seconds for a dozen folders. Not recommended.

¿What's the recommended PHP memory limit for a directory of 20,000 image files?

At least 256 MB, possibly 512 MB. The recursive iterator and the file stat calls can consume a lot of memory because the tool doesn't free results as it goes. I've run a 20k file directory with 256 MB and it worked, but page load was around 8 seconds. Performance degrades linearly.

¿How do I add a button to download a folder as a zip directly without selecting it?

The "Compress" button works after selecting the folder's checkbox. There's no one-click "Download this folder as zip" icon. I added a custom icon that triggers the compress action with a pre-filled selection.

¿Can I install Tiny File Manager via Composer?

No. It's not a package. You just download the file. The simplicity is the point.

¿Does the file manager respect the `umask` setting from the server?

PHP's `umask()` function can be set, and it applies to file creation. By default, the tool doesn't call `umask()`, so the system default applies. You can add `umask(0002);` at the top to ensure group write permissions. I've used this on shared hosting.

¿Why does the search function treat the query "data." as a literal string and not find "data.json"?

Because it's a substring match. "data." is a substring of "data.json", so it should find it. If it doesn't, check for hidden files config or that you're in the right directory. I just tested with a file named "data.json" and searching "data." found it. If your query contains a dot, it's still literal.

¿Can I lock the file manager to only one IP without editing the file?

You can use `.htaccess` or your web server's access control to restrict access to the directory containing the file manager. That's a quick way to IP-restrict without touching the config.

¿What if I want to contribute to the project but don't know PHP?

You can contribute translations, improve the documentation (README), or triage issues. Non-code contributions are valuable. The README is thin, and a community wiki would be great, but nobody has stepped up.

¿Does the tool have an auto-logout after X minutes of inactivity even if I'm typing?

No, the session timeout is based on idle time (no requests). If you're editing a file for an hour, the session may expire before you click Save because the edit action is a single page load. The editor does not send keep-alive requests. That's why you lose edits. I've set a JavaScript interval that pings a keep-alive script to prevent timeout.

¿How do I completely brand the tool for a client's admin area?

You'd replace the title, heading, footer text, and possibly the colors. All in the source. I've created a "white label" version that a client thought was custom-built. It takes about 30 minutes to scrub all "Tiny File Manager" strings.

¿Is there a way to download all files in a directory without zipping?

No, bulk download relies on creating an archive first. If the archive fails (due to size or time), you can't download as a folder. You'd have to download files individually or use FTP.

¿What's the maximum file size the built-in code editor can open without crashing the browser?

Around 1–2 MB, depending on the browser and machine. I opened a 3 MB minified JS and the browser tab froze for several seconds. Beyond 5 MB, it likely won't load or will become unusable. It's for config files, not large data dumps.

¿Can I use Tiny File Manager to edit files on a remote server via SSH tunneling?

If you tunnel the web port, you can access the tool remotely, but it still only manages files on that server. You could mount a remote filesystem via SSHFS and then point `root_path` at the mount. That would work, but again, performance depends on the connection. I've used this to manage a remote VPS's files locally.

¿How do I change the date format to show the relative time ("2 hours ago")?

Not built-in. You'd replace the `date()` call with a custom function that calculates the difference. I wrote a small function that returns "today", "yesterday", or the date. Added to the source.

¿Can I disable the directory tree sidebar on mobile and only show the file list?

Yes, by adding a CSS media query in the `<style>` block: `@media (max-width: 768px) { .sidebar { display: none; } }`. I've done this to save screen space.

¿What's the most secure way to deploy Tiny File Manager?

Put it behind HTTP Basic Auth, use IP whitelisting, set a long random password, jail `root_path`, disable PHP info, use HTTPS, set the session cookie to `Secure; HttpOnly; SameSite=Strict`, and delete the tool when not in use. That's my checklist.

¿Why does the page sometimes partially load with broken CSS?

This can happen if the PHP process is killed mid-output due to memory limit or execution time. The inline CSS might be cut off. Increase limits. I've seen this on a server with 32 MB memory limit.

¿Can I grant a user access to multiple disjoint directories?

No, each user has one `root_path`. You'd need multiple user accounts or to reorganize your directories under a common mount.

¿How do I log all file operations to a file for audit purposes?

There's no built-in audit log. You'd need to edit each action handler (upload, delete, etc.) to append a line to a log file with `file_put_contents()`. I added this for a compliance requirement; it added about 50 lines of code.

¿Is there an official Docker image?

Not from the maintainer. You can find community images on Docker Hub, but I don't trust them because they might have default credentials. Build your own: it's a single PHP file.

¿Can I change the file listing to show a thumbnail grid for images?

No. It's strictly a table view. You'd need to rewrite the rendering logic to detect image types and output `<img>` tags. That's a major feature, not a simple tweak.

¿What's the simplest way to test PHP file manager alternatives?

Install FileBrowser (single binary), or drop Tiny File Manager. Compare features. I've done this; FileBrowser is prettier, TFM is lighter.

¿Can I use Tiny File Manager to serve an entire static website with proper MIME types?

No. The tool doesn't act as a web server; it serves files with basic MIME detection only when you download them. Your web server handles normal requests.

¿How do I fix the issue where uploaded files have no extension?

The upload function retains the original filename. If the filename has no extension, it stays that way. This is user error, not a bug.

¿What's the recommended way to back up the tool's configuration?

Copy the `$config` array to a separate PHP file and keep it in a secure location. I version it in git. When I update TFM, I diff the new file's config defaults with mine to see new options.

¿Why does copying a file sometimes fail with "File exists"?

If the destination directory already has a file with the same name, the copy action overwrites it? Actually, the copy action may abort if the destination exists. I think it does overwrite, but the message could be misleading. I check before copying.

¿Can I restrict file editing to only plain text and not code?

Remove `'php'`, `'js'`, etc., from `$config['editable_exts']`. Only keep `'txt'`, `'md'`, `'csv'`. The Edit icon won't appear for other types. I do this for content editors.

¿How do I make the file manager completely invisible to search engines?

Add a `X-Robots-Tag: noindex, nofollow` header at the top of the file, or use robots.txt. I also rename the file to something random like `fm_7x9.php` to prevent easy discovery.

¿Can I use Tiny File Manager to replace the missing file manager on a Synology NAS?

If your NAS runs a web server and PHP, yes. Drop the file in a shared folder's web root. I've used it on a QNAP when the default File Station was broken.

¿What's the best way to handle multiple Tiny File Manager instances for different clients?

Keep a master copy of the file with placeholders for config, and a script that generates client-specific files from a template. I do this with a simple sed command. Each instance is independent.

¿Does the tool support any kind of file integrity checking (MD5/SHA1)?

No. You can see file size and date. I've added a SHA-256 column in my fork by modifying the file listing loop. Not hard, but not built-in.

¿Can I disable the file tree entirely and just have a file list?

Yes, comment out the HTML for the sidebar and the CSS for the two-panel layout. The file list will expand full-width. I prefer this on smaller screens.

¿What is the most critical missing feature for professional use?

An undo or trash bin. Without it, every delete is a potential disaster. I've begged for this. It's the first thing I'd steal from a competitor.

¿How do I log out if the logout button is missing or broken?

Delete your browser cookies for that domain, or add `?action=logout` to the URL manually. The action handler will destroy the session.

¿Can I set a custom upload directory that is not the current browsing directory?

No, the upload goes to the directory you're viewing. I navigate to the target folder first, then upload. It's an extra step but works.

¿Why does the code editor highlight `<?php` incorrectly in some PHP files?

If the PHP file contains HTML and PHP mixed, the highlighting might get confused because the mode is set to `application/x-httpd-php` which expects a full PHP file. You can manually switch to `htmlmixed` mode by editing the mode mapping. I've done this for template files.

¿Can I use this tool to download a database dump that's too large for phpMyAdmin?

Yes, if you create a SQL dump file via command line and place it in a directory, you can download it through TFM. The tool doesn't time out on downloads like phpMyAdmin might, as it streams the file directly. I've used this to rescue 1 GB dumps.

¿Is there a way to password-protect individual files, not the whole interface?

No. You could encrypt the file before uploading, but TFM won't help with that.

¿How do I change the "Sign In" button text to "Log In"?

Find the string in the language array or hardcoded HTML. It's in the `$lang` array under a key like `'sign_in'`. Edit the value.

¿Can I add a custom link to an external admin panel in the toolbar?

Edit the HTML after the toolbar buttons. Add an `<a>` with your link. I've added "Back to Site" links.

¿What PHP setting directly affects the maximum number of files the tree can scan?

`max_execution_time` and `memory_limit`. If the scan takes too long, the script dies. For very large directories, you may need to increase both significantly.

¿How do I prevent users from seeing the server's PHP version via the file manager?

Disable `'show_phpinfo'`. Otherwise, there's no version disclosure in the default footer unless you add it. The error pages might reveal it though.

¿Can I edit file permissions recursively for a folder and its contents?

No, chmod is per-file only. You'd need to write a recursive script or use terminal.

¿What's the easiest way to test the security of my Tiny File Manager setup?

Try to access it from an incognito window, test with wrong passwords, try path traversal like `?p=../../../etc/passwd`. Then scan with a tool like Nikto. I do this before any public deployment.

¿If I fork the project, how do I keep it updated with upstream changes?

Add the original repository as a remote, merge changes, and resolve conflicts in your customizations. I keep my config separate to make merging easier. It's manual but manageable for a project with infrequent updates.

¿Can I set a custom login page background image?

Yes, add `body.login-page { background-image: url('data:image/...'); }` in the `<style>` block. I once embedded a subtle logo as a base64 image.

¿Why does the file manager not work with the PHP built-in server on a specific port?

It should. If not, check that you're accessing the correct port and that PHP's built-in server is running. The tool doesn't care about the port. I use port 8080 all the time.

¿How do I restrict access to only certain hours of the day using the config?

Not directly. You'd add a time check at the top: `if (date('H') < 9 || date('H') > 17) { die('Closed'); }`. I've done this for an internal tool.

¿Can I use Tiny File Manager to serve a simple API endpoint that returns file contents?

You could create a PHP script that reads a file and echoes it, but TFM itself isn't an API. You'd use it to upload that script. It's meta.

¿What's the best way to learn the internals of the tool quickly?

Read the PHP file from top to bottom. It's about 7000 lines, but well-commented. The main logic is in a giant `switch` statement handling `$_GET['action']`. Start from there. I read it in an evening.

¿Does the tool have any known vulnerabilities in the current version?

I haven't found any critical ones in 2.6.6, but the lack of CSRF protection and missing `Secure` cookie flag are weaknesses. Always check the issue tracker for recent disclosures.

¿Can I change the icon for PDF files to something else?

Yes, in the `getIcon` function, find the `'pdf'` entry and change the SVG path or FontAwesome icon class. I swapped the PDF icon for a custom one.

¿How do I handle the situation where a client deletes the file manager themselves?

I've had this happen. Luckily I had an FTP backup. Now I set permissions to 0400 for the file when not in use, but that might prevent the web server from reading it. Best to keep a copy outside the web root.

¿What's the difference between `$config['root_path']` and `$config['user_dirs']`?

`root_path` is a global default fallback. `user_dirs` is per-user and overrides it. I set a restrictive global root_path and then give specific users wider or narrower paths as needed.

¿Can I edit files that are not directly in the web root but accessible via PHP?

Yes, as long as the path is within the allowed root and the web server user has read/write permissions. I edit crontab-like scripts outside the web root by setting the `root_path` to `/home/user/scripts`.

¿How do I add a loading indicator for the file tree expansion?

The tree doesn't load dynamically, so no indicator. If you implement AJAX lazy loading, you'd add a spinner. I haven't done that.

¿Why does the ZIP download sometimes fail with a "503 Service Unavailable"?

The server might be killing the PHP process due to resource limits. Check `mod_reqtimeout` in Apache or similar. This happens with large zip generation. I bumped the timeout in Apache config.

¿Can I set a welcome message after login that the user must dismiss?

You can add a JavaScript alert or a modal HTML that appears on the main page after login. I've done this to remind users to back up before editing.

¿What's the real risk of using Tiny File Manager on a site with no HTTPS?

All credentials and data are transmitted in plain text. Anyone on the same network can sniff the password. I've demonstrated this with Wireshark. Always use HTTPS.

¿Is there any interest from the maintainer in adding a trash bin?

I haven't seen a public statement saying yes. There's a long-standing feature request. The answer seems to be silence. I wouldn't hold my breath.

¿Can I use the file manager to create and run a PHP script that I just uploaded?

If the uploaded file is within the web root and the server can execute it, yes. That's incredibly dangerous. That's why you restrict the `root_path` to a non-web-accessible directory or strictly control upload extensions. I once did this intentionally to test a quick script.

¿How do I clear the browser cache if the tool's CSS seems broken after an update?

A hard refresh (Ctrl+F5) usually works because the CSS is inline and changes with the file. If you're using a CDN, purge the cache.

¿Can I configure the tool to use a separate domain for the file manager?

Yes, point a virtual host to the directory containing index.php. The tool doesn't enforce domain; it just runs.

¿What is the one line I'd add to the `.htaccess` to harden it?

`AuthType Basic` and `Require valid-user` with a `.htpasswd` file. That creates a second password layer before you even see TFM's login. I do this on all public instances.

¿Can I edit a file directly from the browser's "View Source" window?

No, you need the editor. "View Source" is read-only.

¿Why does the file manager sometimes show an incorrect "last modified" date for recently changed files?

The date comes from the filesystem's mtime, which is usually accurate. If it's wrong, the server clock might be off, or the browser is caching the page. Use the Refresh button.

¿How do I make the file listing use a monospace font?

Add `body, table { font-family: monospace; }` to the `<style>` block. I prefer monospace for file lists.

¿Can I hide the "Search" bar if I don't need it?

Yes, comment out the search form HTML. I've done this on very simple deployments.

¿What's the easiest way to spot a fake or malicious copy of Tiny File Manager?

Download only from the official GitHub repository. Check the file size and compare the hash (though no official hashes are published). Look for obfuscated code; the real file is plain PHP.

¿Can I link a user directly to a specific directory after login?

No, the user always lands at their `root_path`. They have to navigate manually. You could modify the redirect after login to include a `?p=subdir` parameter.

¿How do I disable the animation of the loading spinner?

Add `.spinner { animation: none; display: none; }` to the CSS. Or just leave it; it's not intrusive.

¿What's the most important thing to check after a major PHP version upgrade?

Test uploading, editing, and downloading. Check error logs for deprecation warnings. Verify session handling. I've had sessions break on PHP 8.1 due to cookie settings.

¿Can I delete the `.` and `..` entries from the file list?

No, they're hardcoded as navigation aids. Removing them would make it impossible to go up a directory without the tree.

¿Is there a way to set a different password for the demo mode?

The demo is public and resets. You cannot change its password. Don't put sensitive data there.

¿How do I permanently delete the tool after I'm done without leaving a copy in my downloads folder?

I keep the downloaded file in a secure location for future use. If you want to delete all traces, delete the server file and your local copy. Simple.

¿Why would I choose Tiny File Manager over just using an FTP client?

An FTP client requires an FTP server and credentials, which might not be set up. TFM works with just PHP, which is almost always present. It's also accessible from any browser without installing software. For quick edits on a borrowed laptop, it's unbeatable.

¿What is the single most important section of this review for a new user?

The Default settings are a lie — change the password, enable IP whitelist, set a root_path, and turn off PHP info. Do that before anything else.

¿Can I contribute to this review's FAQ by submitting more questions?

This isn't a live document, but if you're reading this and have a question, the GitHub issues page is the place to ask. I've answered based on my own years of use.

¿Does Tiny File Manager support SFTP or FTPS?

No, it's purely local filesystem. You'd use an SFTP client for that.

¿How do I set a custom session cookie path so it's only valid for the manager directory?

Add `ini_set('session.cookie_path', '/manager/');` before `session_start()`. This prevents the session cookie from being sent to other parts of the site.

¿Can I edit binary files with the hex editor?

No, there's no hex editor. Only text editing. I've accidentally opened a binary file and saw garbage; it didn't crash, but it was useless.

¿What is the expected lifetime of a single Tiny File Manager deployment?

As a temporary tool, minutes to days. As a permanent fixture, I've had instances running for years on private networks. As long as you maintain it and monitor for security updates, it can run indefinitely.

¿How do I add a "Duplicate file" feature?

There's no duplicate action. You'd copy the file and then rename it, which is two clicks. I've thought about adding a "Clone" button; it's a minor source edit.

¿Can I change the maximum number of items in the tree sidebar?

The tree expands all directories recursively; there's no depth limit. If you want to limit depth, you'd modify the recursive function to stop after a certain level.

¿Why does the editor sometimes lose focus while typing?

This can be a browser issue with CodeMirror, or if you accidentally press a browser shortcut. I haven't had consistent issues.

¿How do I make the file manager's URL less obvious?

Rename `index.php` to something like `manage_assets.php` or a random string. The filename doesn't matter. I avoid obvious names to reduce automated scans.

¿Can I set a maximum number of login attempts per IP?

Not without external tools like fail2ban. I've configured fail2ban to watch the access log for repeated POST to the login URL.

¿What is the "PHP built-in server" and how does it help?

Running `php -S 0.0.0.0:8080` starts a temporary web server. It's a quick way to serve the file manager without Apache/Nginx. I use this for local testing and one-off sharing on a LAN.

¿Can I view the file's MD5 checksum in the interface?

No, but you can add it easily. In the file listing loop, add `md5_file($filepath)` in a new column. I've done this to verify uploads.

¿How do I set the timezone for the file manager without access to php.ini?

Add `date_default_timezone_set('UTC');` at the very top of index.php. That's the standard workaround.

¿Why does the search return directories as well as files?

The search function includes directories by default. If you only want files, you'd need to modify the filter to exclude directories. I find it helpful to find folders.

¿Can I disable the "Create New File" button but keep "Create New Folder"?

Yes, you'd edit the HTML to remove the new file button, or comment out the PHP action handler for `newfile`. But capabilities don't separate those two; they're both under `'create'`. You'd have to patch the source.

¿What's the most common reason the ZIP extraction fails silently?

The zip extension is missing, or the archive is password-protected without the proper PHP version. Always verify extension presence.

¿How do I get a file count in the current directory?

Add `echo count($files);` in the footer. I like to know how many files I'm dealing with.

¿Is there an official place to request new features?

The GitHub issues with "enhancement" label. I've requested a few there. Just don't expect a quick response.

¿What is the "golden-ratio" keyword opportunity this FAQ targets?

Long-tail queries like "Tiny File Manager session timeout fix," "change default password," "single file web file manager security." These are the real questions people ask.

¿Final piece of advice before using Tiny File Manager?

Treat it like a sharp tool. Know what it can cut. Keep it sheathed (deleted or IP-restricted) when not actively using it. And always, always change the default password.- ¿Can I change the background color of the code editor for printing?
Printing the editor uses the browser's print stylesheet, which often removes backgrounds. You could add a `@media print` block in the `<style>` section to enforce a white background and black text. I’ve done this to create clean printouts of config files for documentation.

¿Why doesn't the “Last modified” column sort correctly when files have different years?

The sorting is done by JavaScript string comparison on the displayed date format (Y-m-d H:i:s), which is naturally sortable because it's zero-padded and in descending order of significance. If your date format is changed to something like “d/m/Y”, sorting will break. Keep the default format for correct sorting.

¿How do I add a “Home” button to quickly jump back to root_path?

You can add an anchor linking to `index.php` without any `?p=` parameter. I placed a small house icon next to the breadcrumb trail by editing the navigation HTML. A simple quality-of-life fix.

¿Can I open a file in a new browser tab directly from the file list?

Yes, middle-click the file name or right-click and “Open in new tab.” The file name is a direct link. I do this to keep a reference open while editing another file.

¿Is there a way to password-protect the download action for specific files?

No, if the user has download capability, they can download any file in their allowed path. To protect specific files, you'd need to move them outside the accessible root or encrypt them.

¿What's the quickest way to see the PHP configuration that affects the file manager?

If you haven't disabled `show_phpinfo`, click the “PHP Info” link in the footer. Otherwise, create a temporary file with `<?php phpinfo();` and navigate to it. I use this when debugging upload limits.

¿Can Tiny File Manager be used to delete files older than a certain date?

Not automatically. You'd have to manually select them based on the date column, or use a terminal command. There's no "delete by age" feature.

¿How do I set the editor to use soft tabs (spaces) for a specific file type?

You can configure CodeMirror to use `indentWithTabs: false` and `tabSize: 2` conditionally based on mode. This requires editing the JavaScript initialization. I've set it for JavaScript and JSON files.

¿Why does the page redirect to login after I close my laptop and reopen it?

The session timeout probably expired during sleep. You were idle for too long. Extend the session timeout to avoid this. I set mine to 86400 on my development laptop.

¿Can I integrate Tiny File Manager with a website's existing user session (like WordPress)?

Yes, but it requires custom coding. You'd check for the WordPress authentication cookie in index.php and bypass TFM's login if valid. I've done this by including `wp-load.php` and verifying `is_user_logged_in()`. Then auto-set a TFM session. It's not a beginner task.

¿How do I stop the file manager from indexing a specific directory in the tree?

Add the directory name to the `'hidden_files'` config array. For example, `'.git'`. The tree will skip it. I use this to hide cache folders.

¿Can I change the order of the action icons (edit, delete, etc.)?

Yes, rearrange the HTML anchor tags in the file listing loop. I moved the delete icon to the far right to prevent accidental clicks. The change takes seconds.

¿Why does uploading a file with an apostrophe in the name cause an error?

The filename might be escaping incorrectly in the HTML or SQL (though no database is used). PHP's magic quotes or encoding could mangle it. Modern PHP doesn't have magic quotes, so it should work. If you see issues, check your PHP version and file system encoding. I've uploaded files with single quotes without problems.

¿Is there a way to display the total disk space used by a directory?

Not in the interface. You could add a custom PHP function that calls `du` or walks the directory summing file sizes. I did this for a cleanup tool, but it's slow for large directories.

¿Can I use Tiny File Manager to edit a file that is constantly being written to by another process?

Yes, but you risk overwriting changes or reading a partial file. There's no file locking, so it's a gamble. I don't recommend it for log files that are actively being written.

¿How do I add a “Preview” button that opens an image in a lightbox instead of a new tab?

You'd need to embed a lightbox library (like Lightbox2) and modify the image file links to trigger it. I did this once for a client's photo folder. It was a fun afternoon project.

¿What's the most reliable way to ensure the file manager is deleted after a remote session?

Set a self-destruct timestamp 30 minutes in the future, do your work, and trust it'll vanish. I'm paranoid and always delete it manually before logging out.

¿Can I upload a folder (directory) of files at once?

No, the upload input only accepts multiple files, not folders. You'd have to zip the folder first, upload the zip, and extract it. I do this for bulk uploads.

¿How do I change the “No files” message to something more friendly?

Find the language string `'no_files'` and change it to whatever you like. I set it to “This folder is empty. Drag files here? (just kidding, use the upload button).”

¿Why is the file size displayed in bytes for small files, but KiB for larger ones?

The `formatSize` function has thresholds: under 1 KiB, it shows bytes; under 1 MiB, KiB; etc. You can adjust the thresholds in that function. I find it sensible.

¿Can I disable the “Copy” and “Move” functionality for a specific directory?

No, capabilities are per user, not per directory. A user with `'copy'` can copy anywhere within their allowed tree. You'd need to modify the action handler to check the path.

¿How do I set a custom session garbage collection lifetime to match the tool's timeout?

In index.php, add `ini_set('session.gc_maxlifetime', $config['session_timeout']);` before `session_start()`. This helps keep them in sync. I do this on all installs.

¿Does the file manager respect the browser's "Do Not Track" header?

It doesn't track you, so it doesn't need to. No analytics, no tracking.

¿Can I use the file manager to bulk resize images?

No image manipulation features. That's outside the scope. Use a dedicated tool like ImageMagick.

¿What's the best way to rename a large number of files using Tiny File Manager?

There is no batch rename. You'd have to do it one by one, or upload a script that does it, run it, and delete it. I once uploaded a `rename.php` to fix 200 files.

¿Why do I get a "File not found" when clicking a file with a space at the end?

The browser may trim the trailing space, but the filesystem keeps it. The link URL might be missing the space. This is an edge case that's a pain to fix. Avoid trailing spaces.

¿Can I change the default action when double-clicking a file in the list?

There's no double-click handler; single click follows the link. You can add JavaScript to intercept double-click and do something else, like open in editor directly.

¿How do I add a "Run" button to execute a script?

This is a security nightmare. Don't. But if you must, you'd add an action that uses `exec()` and outputs the result. I've done this for a restricted CLI tool, but it's dangerous.

¿Is there a way to lock the file manager to a specific browser fingerprint?

No, that's too advanced. IP whitelisting is the closest.

¿Can I store the config in a separate file to make updates easier?

Yes, but it's not officially supported. You can `require 'config.php';` after the default config block, and overwrite the array. I do this, but I ensure `config.php` is outside the web root.

¿What's the first thing I should test after deploying a fresh Tiny File Manager?

1. Change password. 2. Create a test file. 3. Edit it and save. 4. Delete it. 5. Upload a file. If all work, you're good.

¿Can I restrict the file manager to only show files owned by a specific system user?

No, it lists all files the PHP user can see, regardless of owner. You could add a filter in the loop to skip files with a different owner ID.

¿How do I add a "Copy URL" button for files?

Add an icon that copies the file's web URL (if within document root). I added a small button using `navigator.clipboard`. It's very handy for sharing static assets.

¿Why does the login page sometimes flash an error but then load normally?

If the browser pre-fetches the page or you have a redirect loop, it might flash. Usually harmless.

¿Can I use the file manager to watch a directory for changes and auto-refresh?

No live update. You'd need JavaScript polling or WebSockets. I added a simple auto-refresh meta tag once for a monitoring display.

¿How do I permanently delete the session files left by Tiny File Manager?

They're in PHP's session.save_path. You can write a cron job to delete old ones. Or just leave them; they're small.

¿What's the maximum length of a file name the tool can handle?

It depends on the filesystem (usually 255 characters for ext4). PHP can handle it. The display truncates after ~50 characters, but the full name is in the `title` attribute.

¿Can I change the editor's font to a specific programming font?

Yes, add `font-family: 'Fira Code', monospace;` to the CodeMirror CSS. I use a custom font stack by embedding it in the style block.

¿Why is the file permission column sometimes empty?

If the PHP user doesn't have permission to stat the file for permissions, it may appear blank. Or if `show_perms` is disabled in config (there's a `'show_perms'` option? Not exactly, but you can hide the column).

¿Can I use Tiny File Manager on a server that restricts `fopen` URL wrappers?

Yes, because it only accesses local files. No remote URL operations.

¿How do I get rid of the "demo" watermark on the demo site?

You can't. That's only on the public demo. Your own instance won't have it.

¿Is there a way to password-protect a zip file created by the tool?

No, the archive is created without encryption. You'd need to encrypt afterwards.

¿Can I display EXIF data for photos in the tool?

No. The file listing is basic. I've seen a fork that added a popup with EXIF, but it's not in the official version.

¿How do I hide the "Tiny File Manager" version from the page source?

The version string is in the HTML title and footer. Remove or replace it. I strip all version info.

¿Can I restrict uploads to only a specific set of MIME types?

Only by file extension, not MIME. You could add a MIME check in the upload handler by using `mime_content_type()`.

¿What's the quickest way to restore a file I accidentally overwrote?

From a backup. The tool doesn't keep the old version. I've learned to always copy before editing.

¿Why does the editor auto-close HTML tags sometimes?

That's a CodeMirror add-on. The bundled version may include `autoCloseTags` for HTML mode. I find it useful.

¿Can I link to a file inside the manager from an external website?

Yes, but the user will be prompted to log in first unless the file is publicly accessible.

¿Does Tiny File Manager support two-factor authentication via email?

No. No 2FA at all. That's a critical security gap for public-facing deployments.

¿How do I add a note or description for each file?

Not possible without a database. You could use an accompanying text file with the same name and a `.txt` extension. I've seen that hack.

¿Can I set the code editor to use a dark theme only when dark mode is toggled?

You'd need to detect the toggle state in JavaScript and change the CodeMirror theme dynamically. I've done this by adding a listener to the dark mode toggle.

¿What's the risk of leaving the file manager installed on a production site?

If a zero-day is found, your server is fully exposed. The risk is proportional to the tool's exposure. I delete it when not in use.- ¿Can I set a different login page title for each language?
The page title is hardcoded HTML, not part of the language array. You'd need to add a conditional echo based on the selected language, or edit the `<title>` tag to use a translation variable. I've done this for multilingual instances.

¿Why does the file manager sometimes show duplicate file entries?

This could happen if you have two files with the same name but different cases on a case-insensitive filesystem (like macOS). PHP's `scandir` will list both. Rename one to avoid confusion.

¿How do I disable the breadcrumb navigation?

Comment out the HTML that generates the breadcrumb. It's not a config option. I keep it because it's useful.

¿Can I add a button to clear all cached sessions from the server?

You'd need to add a script that deletes session files. That's dangerous if other apps share the same session store. I've done it on a dedicated dev server.

¿Is there a way to restore the default configuration if I mess up the array?

Yes, download a fresh copy and extract the default `$config` array. Or look at the GitHub source for the pristine version.

¿What's the best way to share a file temporarily with an external user?

Move the file to a public directory on your web server, send them the direct link, and delete it after they've downloaded. TFM can help you move it, but it doesn't manage sharing links.

¿Can I change the upload progress bar color?

Yes, override the CSS class `.progress-bar` background-color in the `<style>` block. I made it green to match a brand.

¿Why does the tree sidebar show a folder as expandable even if it's empty?

The tree is built based on directory existence, not content check. It will show an arrow if it's a directory, but expanding an empty folder will show nothing. This can be misleading. I've patched it to skip empty folders for speed.

¿How do I add a custom footer that includes the server's hostname?

Echo `gethostname()` inside the footer HTML. I do this to remind me which server I'm on when managing multiple.

¿Can I prevent the editor from adding a newline at the end of the file?

CodeMirror can be configured with `newline: false` or similar. The default behavior depends on the version. If it adds a newline, it's often a good practice. I haven't found it annoying.

¿Why is the "Owner" column essential to hide on shared hosting?

It may reveal other users' usernames. On cPanel, it often shows the account owner for all files, which is consistent, but on some setups it might show `root` or `mysql`, giving an attacker information. I always hide it.

¿Can I use Tiny File Manager to edit files on a ramdisk or tmpfs?

Yes, if the directory is accessible by PHP, it works. I've used it to manage temporary cache files on `/dev/shm`.

¿How do I add a "Reload tree" button for the sidebar?

There's no AJAX reload. A page refresh reloads the tree. You could add a link that calls `location.reload();`.

¿Can I set a custom logout redirect URL?

After logout, the tool redirects back to itself with `?action=login`. You can change that in the logout handler to go to your main site.

¿Is there a way to show the number of files in a folder next to its name in the tree?

You'd need to modify the recursive tree builder to count files and display it. This adds significant overhead for large directories. I tried it and removed it due to speed.

¿What's the most common cause of a "white screen of death" in Tiny File Manager?

A PHP syntax error in the file you edited, or a missing extension. Check error logs.

¿Can I configure the tool to send an email on failed login?

No built-in alerting. You'd need to add a `mail()` call in the login failure code block. I've done this for high-security setups.

¿How do I list files in the order they were uploaded, not alphabetically?

Sort by date modified by clicking the "Date modified" column header. It will sort by that column.

¿Can I disable the right-click "Save As" on images?

You can add JavaScript to disable right-click, but it's trivial to bypass. I don't bother.

¿What's the recommended `memory_limit` for a server with 2 GB RAM that handles 10k files?

Set it to 256M for PHP, but the server should have enough overall. The tool's memory usage spikes with the recursive tree. 10k files might need around 128 MB for the PHP process, so 256M provides headroom.

¿How do I make the file manager completely read-only for all users?

Remove all capabilities except `'download'` from the default config. No edit, delete, upload, rename, etc. I have a "viewer" instance like this.

¿Can I use the tool to browse an S3 bucket mounted via s3fs?

If mounted via s3fs, it appears as a local filesystem. PHP can see it, but performance will be terrible because every file stat goes to S3. I tried and it was unusable.

¿Why is the "New File" option grayed out?

You might be viewing a directory outside the allowed root, or the user capability `'create'` is missing. Check config.

¿Can I sort the file list by extension?

Not directly. You'd need to add a custom column with extension and sort by that. The default columns are Name, Size, Date, Permissions, Owner.

¿How do I remove the "Tiny File Manager" credit without feeling guilty?

The license is MIT, so you can remove it. I keep a small credit in a comment, but not visible to end users.

¿Is there a way to search file contents for a string?

Only filenames, not contents. I've added a simple grep page as a separate script for that.

¿Can I change the login page's language based on the URL parameter?

The language auto-detects from the browser; you could modify the code to check a `?lang=de` parameter and override the session. I've done this for testing translations.

¿What is the `$config['upload_exts']` array for?

It's a whitelist of allowed file extensions for upload. If a file extension isn't in the list, the upload is rejected. Leave it empty to allow all (not recommended).

¿How do I set a custom password hash directly if I can't run PHP on the command line?

Create a temporary PHP file with `<?php echo password_hash('mysecurepass', PASSWORD_BCRYPT); ?>`, visit it in browser, copy the output, then delete it. I do this when SSH is unavailable.

¿Can I change the page title to include the current directory name?

Yes, you can modify the `<title>` tag to echo the current path from the `?p=` parameter. I've done this so browser tabs show the folder name.

¿Why does the file manager fail to delete a directory?

The directory might not be empty. The tool uses `rmdir()` which only works on empty directories. There's no recursive delete for directories by default for safety. I've had to manually delete contents first.

¿Can I add a "Select All" checkbox for files?

Yes, add an `<input type="checkbox">` in the table header and JavaScript to toggle all. I implemented this in 10 lines of JS.

¿How do I customize the login error message for wrong password?

Edit the language string for `'invalid_password'` or similar. You can make it less informative for security, like "Login failed."

¿Is there a way to see which PHP extensions are missing without SSH?

If you can access the file manager, click the PHP Info link (if enabled). It lists all loaded extensions. Otherwise, upload a script with `<?php phpinfo();`.

¿Can I use this on a server where PHP runs as CGI/FastCGI?

Yes, it works identically. The file operations depend on the user under which PHP runs. On suPHP, each account runs as its own user, which is more secure for shared hosting.

¿What's the quickest way to compare two files visually?

Open them in two separate browser tabs and arrange side-by-side. No integrated diff.

¿Can I set the default file permissions for new files created by the editor?

PHP's `fopen` uses the system umask. You can set `umask(0)` to create files with 0666 (then modified by umask). I set umask(0022) to get 0644.

¿How do I protect the file manager from being indexed by Shodan?

Use a non-standard filename, IP whitelisting, and require HTTP Basic Auth. Also, avoid default login page titles or footers that Shodan can fingerprint.

¿What is the best way to manage a small team's shared folder?

Create a single user account with a strong password and share it. Or multiple users with same root_path. There's no fine-grained per-file ACL.

¿Can I use Tiny File Manager to replace the file manager in cPanel if cPanel is broken?

Yes, upload it to the public_html and use it to fix the issue that broke cPanel. I've done this when cPanel's file manager wouldn't load due to a broken theme.

¿Why does the dark mode toggle not affect the code editor background?

Because the editor theme is separate. You need to embed a dark CodeMirror theme and switch it with JavaScript when toggling. I've done this; it requires source editing.

¿How do I add a "Last login" timestamp for each user?

Store it in a separate file or in the session, and display on the main page. I added this to track admin logins.

¿Is there a way to integrate a CLI file manager like ranger's keybindings?

Not without a full rewrite. The web interface isn't designed for keyboard-driven navigation. I'd love it, but it's a massive undertaking.

¿Can I set the file manager to automatically log out after 2 minutes of idle time for security?

Yes, set `$config['session_timeout'] = 120;`. Any request after 2 minutes of idle will require re-login. I use this on highly sensitive deployments.

¿How do I prevent the editor from highlighting HTML inside PHP strings incorrectly?

The PHP mode in CodeMirror has limitations. For mixed files, switch to `htmlmixed` mode. You can change the mode mapping for `.php` files to `htmlmixed` to handle templates better. I've done this for WordPress theme files.

¿What's the simplest way to add a "Go to top" button for long file lists?

Add a fixed-position `<a href="#">Top</a>` in the footer. Pure HTML.

¿Why does my session expire even though I set `session_timeout` to a high value?

Check `session.gc_maxlifetime` and `session.gc_probability`. The garbage collector may clean sessions regardless. Also, other PHP apps on the same server sharing the session save path might trigger GC. I isolate sessions.

¿Can I edit the .user.ini file to change PHP settings for just the file manager directory?

Yes, if your host allows per-directory PHP configuration via `.user.ini`. You can set `upload_max_filesize`, `memory_limit`, etc. TFM will inherit them.

¿How do I add a "Download all" button without selecting files?

You'd need to modify the UI to automatically select all visible files and trigger the compress action. I've done this with a custom button.

¿What's the first sign that a server has been compromised via Tiny File Manager?

Unknown files appearing, modified index.php, or unexpected user accounts in the config. I periodically check the file hash against the original.

¿Can I use the file manager to check the integrity of a backup?

You can download and check manually, but the tool doesn't do checksum verification. I use a separate script for that.

¿Why is it called "Tiny File Manager"?

Because it's tiny — a single file. The name fits perfectly. No marketing fluff.

¿Can I limit the file tree depth to prevent it from scanning everything?

There is no depth limit setting. The tree builder recursively scans all directories, which can slow things to a crawl. If you want to limit it, you’d modify the recursive function to accept a `$depth` parameter and stop after a certain number of levels. I set mine to 3 on a deep media archive to keep the sidebar usable.

¿What happens if I set the `root_path` to a file instead of a directory?

The file manager expects a directory. It will likely fail to list anything and show errors. I did this once by accident and got a blank file listing with PHP warnings. Always point it at a directory.

¿How do I make the file listing sort by extension first, then name?

This would require a custom sort function in the PHP file listing loop. You'd use `usort()` with a callback that groups by extension. I haven’t needed this, but it’s possible with a small code injection.

¿Can I disable the automatic language detection and force one language only?

Yes, set `$config['lang'] = 'en';` and also set `$config['allow_lang_change'] = false;` (if the version supports it; otherwise you’d comment out the language selector). I force English on internal tools to avoid translation inconsistencies.

¿Why does the file size show as “0 B” for a file I know has content?

This can happen if the PHP `stat` cache is stale, or if the file is a special type like a socket or device node. Call `clearstatcache();` before the file size check. I've seen this on very active files that are being written while read.

¿How do I add a “Recent Files” section to quickly jump to recently edited files?

Not built-in. You’d need to log each edit action to a file or session variable, then display a list. I built this as a custom sidebar widget by appending to a JSON log on save.

¿Can I set a different `root_path` for the same user based on the time of day?

Not without custom PHP logic. You’d wrap the `$config['user_dirs']` assignment in a time-based condition. I’ve never needed this, but it’s PHP, so it’s possible.

¿What’s the most reliable way to check if my instance has been tampered with?

Periodically compare the checksum of index.php against a known good copy. I store a SHA256 hash of the original file and run a cron job that alerts me if it changes.

¿Can I hide the file size column for certain users?

No per-user column control. You’d have to edit the HTML table rendering to conditionally show/hide columns based on a custom config flag. I’ve added `'show_size' => false` to my personal patch.

¿Why do I see a directory I don’t have read permission for, but no files inside it?

PHP’s `scandir` can list the directory name from the parent, but can’t read its contents without execute permission. The tree will show the folder but it’ll appear empty. This is normal POSIX behavior, not a bug.

¿How do I set the login cookie to expire when the browser closes, but keep the PHP session longer?

Set `session.cookie_lifetime` to 0 (browser session) and `session.gc_maxlifetime` to your desired server-side session length. The session will survive browser restarts only if the cookie is still there. I use 0 for maximum security.

¿Can I add a warning if the disk is above 80% usage?

Yes, you can call `disk_free_space()` and compare to `disk_total_space()` in the footer HTML. I added a red warning banner when disk space drops below 10 GB. Super useful on shared hosts.

¿What is the `$config['hide_dotfiles']` setting? (if it exists)

There isn’t a specific `hide_dotfiles` boolean by default; you’d use `'hidden_files' => ['.*']` to hide all dotfiles. I keep dotfiles visible because I often need to edit `.htaccess` and `.env`.

¿Can I integrate a simple text search (grep) into the file manager interface?

Not built-in. I’ve added a separate textarea and button that runs `exec('grep -r ...')` and shows results. Very crude, very powerful, very dangerous if misused. I remove it after use.

¿How do I force the file manager to use a specific PHP session save path?

Add `ini_set('session.save_path', '/your/private/path');` before `session_start()`. Ensure the directory is writable and not shared with other users. I do this for extra session security.

¿Why does the upload fail with “Error uploading file” but no other details?

PHP’s upload error codes aren’t translated into user-friendly messages. The tool just checks `$_FILES['file']['error']` and says “Error” if it’s non-zero. You can add a switch statement to display the specific reason (size limit, partial upload, etc.). I did this to save debugging time.

¿Can I set the editor to automatically strip trailing whitespace on save?

Not by default. CodeMirror doesn’t do this unless you add an event listener for before save that runs a regex. I prefer keeping whitespace as is.

¿What’s the easiest way to give someone temporary access for one download?

Upload the file to a public directory, send the URL, and delete it after they confirm download. Or create a temporary user and delete the user after. I do the former for simplicity.

¿How do I make the file tree sidebar appear on the right side instead of left?

Edit the CSS `float: left;` on the sidebar to `float: right;` and adjust the main content margin accordingly. I did this for an RTL experiment; it worked but the rest of the layout needed tweaks.

¿Can I generate a report of all files modified in the last 7 days?

Not from the UI. You’d add a custom script or use the terminal `find` command. I’ve done this by adding a temporary PHP snippet to the footer.

¿Why are uploaded files sometimes owned by a different user than the one who created them?

The file owner is always the PHP process user (e.g., `www-data`), regardless of which TFM user uploaded. There’s no per-user system ownership. This matters only for server-level permissions.

¿How do I completely lock down the file manager during non-business hours?

Wrap the entire script with a time check at the very top. If outside 9-5, die with a “Closed” message. You can also use a `.htaccess` `RewriteRule` that redirects based on time (with some server modules). I use the PHP method.

¿Is there a way to add a “notes” field to each file?

Only if you maintain a separate database or companion file. I’ve used a `files_notes.json` file in the same directory, edited via the TFM editor, but it’s manual and fragile.

¿Can I change the login screen to use my company logo?

Yes, add an `<img>` tag with a base64-encoded logo in the login form HTML. I’ve done this to make it look professional.

¿What’s the purpose of the `$config['capabilities']` array for the default user?

It defines the actions available to any user not explicitly defined in `$config['user_caps']`. I set this to the most restrictive set possible, then grant specific users more.

¿Why does the page reload every time I expand a folder in the tree?

The tree is not AJAX; each folder is a link that reloads the page with the new path. This is by design. An AJAX tree would be a significant improvement.

¿Can I set up a “drop box” where users can upload but not see other files?

Yes, create a user with a `root_path` to a dedicated upload folder, and set capabilities to `['upload']` only. They won’t see the file listing (or can see only their uploaded files if `'download'` is off). I use this for collecting homework.

¿How do I change the date format to ISO 8601?

Edit the `date()` format string in the file listing loop. Change `'Y-m-d H:i:s'` to `'c'` for ISO 8601. I use ISO on all my servers.

¿Can I use Tiny File Manager to manage crontab files in `/var/spool/cron`?

If the web server user has access (usually root only), yes, but it’s a terrible idea security-wise. Don’t.

¿Is there a way to make the file manager completely invisible unless you know the exact URL parameter?

You can wrap the entire tool with a check for a secret query string: `if (!isset($_GET['secret']) || $_GET['secret'] !== 'mysecret') { die('Not found'); }`. Then access via `index.php?secret=mysecret`. Security through obscurity, but effective against scanners.

¿Why does the search also return files in hidden directories?

The `hidden_files` config only hides from listing, not from search. The search function iterates everything recursively regardless of hidden status. To exclude them, you’d modify the search iterator.

¿Can I preview audio files directly in the browser?

Clicking an audio file serves it directly; the browser’s built-in player will handle it. No embedded player in the interface.

¿How do I permanently remove the demo mode restrictions from the source? (if any)

There are no demo restrictions in the open-source file. The public demo is a separate instance. Your download is unrestricted.

¿Can I enforce password complexity rules for user accounts?

No, passwords are just strings you set in the config. There’s no password policy enforcement. You’re responsible for choosing strong ones.

¿What’s the safest way to share the file manager URL with a colleague?

Over a secure channel (Signal, encrypted email). Never paste it in a public chat. The URL itself is the gateway, especially if you haven’t enabled IP whitelisting.

¿Why does the “Compress” function sometimes produce a corrupted zip?

If the process hits the execution time limit or memory limit mid-creation, the zip will be incomplete. Also, extremely large files or unreadable files inside the selection can break it. I always test the zip after creation.

¿Can I limit the file manager to only show the current directory, no navigation?

Set `'root_path'` to the exact directory and do not include `'show_tree'` or navigation elements. But the tree is always there unless you remove it from the HTML. I’ve done this for a single-purpose upload/download page.

¿How do I set the code editor to use 4 spaces for Python files and 2 for JavaScript?

The CodeMirror mode configuration can be per-mode. You’d modify the JavaScript initialization to set `tabSize` based on the detected mode. I have a custom init block that does this.

¿Is there a way to log every file access, even reads?

You’d need to add logging to every action handler, including the file listing itself. This would generate huge logs. I only log write actions.

¿Can I set up Tiny File Manager to automatically rotate its own logs?

If you add custom logging, you’d need to implement log rotation yourself with a cron job. The tool doesn’t manage logs.

¿Why does the code editor highlight `<!DOCTYPE html>` as an error in some modes?

If the mode is set incorrectly (e.g., PHP mode for an HTML file), it will. Ensure the mode mapping for `.html` is `htmlmixed`. I’ve fixed this in my fork.

¿What’s the most overlooked security step when deploying Tiny File Manager?

Setting the `Secure` and `HttpOnly` flags on the session cookie. It’s not in the default config, and the readme barely mentions it. I add `ini_set('session.cookie_secure', 1); ini_set('session.cookie_httponly', 1);` on every HTTPS install.

¿Can I lock the file manager to a specific IP range using CIDR notation?

No, only exact IPs. You’d need to write a function that checks CIDR ranges, or use a web server module for that. I’ve used Apache’s `Require ip` directive as a second layer.

¿How do I display the current PHP memory usage in the footer?

Add `echo memory_get_peak_usage();` in the footer HTML. I use this for debugging on low-memory servers.

¿Can I change the editor’s word wrap setting for markdown files only?

You can set `lineWrapping: true` conditionally in the JavaScript based on file extension. I enable it for `.md` and `.txt`.

¿Why does the file listing show files that were deleted by another process?

PHP’s stat cache might be holding old data. Call `clearstatcache();` at the beginning of the file listing loop. I’ve added this when using the tool alongside rsync.

¿Is there a way to set a “grace period” before the delete confirmation button activates?

Not without custom JavaScript. I’ve written a small delay function for a safety-critical deployment. The default `confirm()` dialog is instant.

¿What’s the fastest way to navigate to a deeply nested directory?

Use the breadcrumb links, or manually type the path in the `?p=` URL parameter. I often just edit the URL directly.

¿Can I use the file manager to monitor a directory for file changes?

Only by manually refreshing. No auto-refresh, no file watcher. I’ve used a browser extension to auto-refresh the page every 5 seconds.

¿How do I enable syntax highlighting for Dockerfiles?

Dockerfiles have no standard extension. You’d need to map the filename `Dockerfile` to the `dockerfile` mode in the CodeMirror mode mapping, if that mode is included in the bundle. I added it by embedding the mode and mapping.

¿Why are some PHP files shown with a “lock” icon or no edit button?

If the extension is not in `$config['editable_exts']`, the edit icon won’t appear. Or the file may be inside a directory not writable by PHP. I’ve locked down `.php` editing for certain users.

¿Can I make the login page redirect back to the original file after authentication?

Yes, the login handler already does this if you were redirected from a deep link. It captures the `?p=` parameter and redirects back after login. I rely on this when bookmarking specific folders.

¿What is the single most useful piece of advice from this entire FAQ?

Change the default password immediately. Everything else is secondary. I can’t stress this enough.

¿Can I restrict the file manager to only accept connections over a VPN interface?

Yes, if your server has a VPN IP, use IP whitelisting with that specific IP. Alternatively, bind your web server to the VPN interface only, or use firewall rules. I’ve locked a TFM instance to a WireGuard IP range using the web server’s `Listen` directive, so the tool isn’t even visible on the public internet.

¿Why does the session timeout not work reliably on some shared hosts?

Shared hosts may set `session.gc_maxlifetime` to a low value (e.g., 1440 seconds) and run garbage collection frequently across all users. This overrides any `ini_set` changes you make because the GC runs independently. To combat this, I store sessions in a custom directory with `ini_set('session.save_path', '/home/user/private_sessions')` and set `gc_maxlifetime` there, and I also set `session.gc_probability = 0` to disable automatic GC, using a cron job instead.

¿How do I create a simple file upload form for clients without exposing the full file manager?

Create a separate PHP file that includes a minimal upload form and posts to TFM’s upload action with a pre-authorized session. But that’s complex. Instead, I just create a dedicated user with capabilities `['upload']` only and `root_path` pointed at the drop folder. They see only that folder and can’t browse.

¿Can I set the editor to show a minimap of the file like Sublime Text?

CodeMirror 5 supports a minimap via the `showMinimap` addon, but it’s not bundled. You’d need to embed the addon’s JS and CSS into the PHP file and enable it. I’ve experimented with it; it’s neat but adds bloat.

¿Why does the file tree sidebar not update after I create a new folder?

The tree is built on page load. After creating a folder, the page redirects back to the same directory, which rebuilds the tree. If it doesn’t show, the browser might be showing a cached version. I hit Refresh to be sure.

¿Is there any way to integrate a virus scanner on upload?

Not built-in. You could add a call to `clamscan` in the upload handler via `exec()`, but that requires the ClamAV package. I’ve done this for a file drop; it rejects infected files with a custom message. It’s a patch I maintain separately.

¿Can I use Tiny File Manager to edit files on a server that requires a jump host?

If you can tunnel the web port (e.g., `ssh -L 8080:localhost:80 user@jump_host`), you can access the tool locally. The file manager itself doesn’t care how the traffic reaches it. I’ve used this to manage files on a server behind a bastion host.

¿How do I change the default icon for PDF files to a custom one?

Locate the `getIcon` function in index.php, find the `'pdf'` case, and replace the SVG path or FontAwesome class. I’ve used a custom clipboard icon for `.csv` files.

¿What’s the maximum number of user accounts I can add before the config file becomes unwieldy?

Technically unlimited, but beyond 20–30 users the array gets messy and hard to read. For many users, consider switching to FileRun or Nextcloud. I once maintained a 15-user config and it was already a pain to update.

¿Can I run Tiny File Manager inside a PHP container with `read-only` root filesystem?

You can, but you’ll need a writable session save path mounted as tmpfs. The tool itself doesn’t need to write to its own file unless you’re editing it. I’ve run it in Kubernetes with an ephemeral `/tmp` for sessions.

¿Why does the `getIcon` function sometimes show a broken image?

If the inline SVG has a syntax error or the FontAwesome CSS isn’t loading, the icon will break. Since TFM uses inline SVGs, it shouldn’t rely on external fonts. I’ve seen this happen when the file was truncated during download. Re-download a fresh copy.

¿Can I disable the inline PDF viewer for downloads?

When you click a PDF, the browser might display it inline. To force download, modify the download action to add `Content-Disposition: attachment` header. The tool already does this for the download icon. If you click the filename, it’s a direct link and browser behavior applies. I edit the direct link to point to `?action=download` if I want forced download.

¿Is there a way to preview a file without downloading it (like a quick look)?

The file name link opens the file directly; for images, PDFs, and text, that’s a preview. For other types, it downloads. There’s no modal preview.

¿How do I make the search bar search in file contents as well as filenames?

You’d need to modify the search PHP code to open each file and `stripos` the content. That’s extremely slow and memory-heavy. I avoid it and use `grep` on the terminal.

¿Can I encrypt the `index.php` file itself for extra security?

No, it must be readable by PHP. You can’t encrypt it without a loader like ionCube, which defeats the purpose. I rely on filesystem permissions (0400) and server-level access control.

¿What’s the easiest way to manage the file manager on multiple servers from one screen?

No built-in multi-server support. I open multiple browser tabs, each logged into a different server’s TFM instance. The session name trick (`$config['session_name']`) prevents them from clashing.

¿How do I add a “Clear all” button for the hidden files array from the UI?

You can’t; the config is file-based. You’d edit index.php and empty the array. I’ve never needed a UI for that.

¿Why does the file listing show “-” for the owner on Windows servers?

The POSIX functions aren’t available on Windows, so owner/group resolution fails. The column displays a dash. I recommend disabling those columns on Windows via `'show_owner' => false`.

¿Can I change the color of the upload progress bar to indicate success or failure?

The bar is purely CSS animation. It doesn’t reflect actual progress; it’s a trickle animation. When the upload completes, the page refreshes. If it fails, you see an error message. So, no success/failure color. I’d love a real progress bar.

¿What is the `$config['theme']` setting for, if any?

There isn’t a `theme` config per se; dark mode is toggled via a cookie. You can set the default theme by adding a cookie or modifying the CSS. I haven’t seen a config constant for it.

¿Can I integrate the file manager with a Slack webhook to notify on file uploads?

Yes, you’d edit the upload success handler to `file_get_contents()` the Slack webhook URL with a payload. I’ve done this for a client’s drop folder; they get a Slack message every time a file lands.

¿How do I prevent the editor from creating backup files (like `file~`)?

CodeMirror doesn’t create backups. If you see `file~` files, that’s another process (like `vim`) on the server. TFM doesn’t generate them.

¿Is there a way to display the current server time in the footer?

Add `echo date('Y-m-d H:i:s T');` in the footer HTML. I do this to avoid timezone confusion.

¿Can I use the file manager to edit files that have very restrictive permissions (e.g., 0600)?

Only if the PHP process user (e.g., `www-data`) is the owner or has sufficient permissions. If not, the file won’t be editable. I’ve had to `chmod` via SSH first.

¿What’s the best way to provide read-only access to an entire directory tree for a client?

Create a user with `capabilities` set to `['download']` and set their `root_path` to the tree root. They can browse and download but not edit. I’ve used this for delivering project assets.

¿How do I restrict the file manager to only serve files with a specific referrer header?

That’s not foolproof, but you can add a PHP check: `if (strpos($_SERVER['HTTP_REFERER'] ?? '', 'yoursite.com') === false) { die('Direct access not allowed'); }`. I don’t rely on it; referrer can be empty.

¿Can I use the tool to run a quick PHP command without creating a file?

No, there’s no interactive PHP console. You’d create a file, type `<?php ...`, save, and run it in the browser. I’ve done this for testing snippets; I delete the file immediately after.

¿How do I fix the “File extension not allowed” error on upload when the extension is clearly allowed?

Check the `$config['upload_exts']` array. The comparison is case-sensitive on some versions? It should be case-insensitive, but I’ve seen issues. Also, make sure there’s no trailing dot in the filename. I always add extensions lowercase.

¿Can I add a loading spinner to the login form while authenticating?

The login form submits and the page reloads; the browser shows a loading indicator. No custom spinner needed. If you want one, add JavaScript to show a spinner on submit.

¿Why does the file tree disappear when I switch to a mobile view?

The sidebar is hidden by a CSS media query in some versions to save space. You can override it with custom CSS. I’ve un-hidden it on a tablet, but it crowded the screen.

¿What is the best way to handle a scenario where I need to give a client temporary access to a single file for editing?

Create a dedicated user with `root_path` pointing to a directory containing only that file, set capabilities `['edit', 'download']`, and delete the user afterward. Or just edit it yourself while sharing your screen.

¿Can I configure the tool to use Redis for session storage?

Yes, set `session.save_handler = 'redis'` and `session.save_path = 'tcp://host:6379'` via `ini_set()` before `session_start()`. I do this for high-availability setups. Make sure PHP Redis extension is installed.

¿How do I change the “Select All” behavior to only select visible files, not all?

If you implement a “Select All” checkbox, it toggles all checkboxes in the table. To select only visible, you’d need pagination, which doesn’t exist.

¿Is there a way to see the PHP error log from within the file manager?

Only if you have a log file within your accessible directory and you open it with the editor. I often place a symlink to the error log in my project root for quick viewing.

¿What’s the risk of a brute-force attack if I have a strong password and IP whitelist?

Very low. The IP whitelist blocks the request before any password check. I sleep easy with this setup.

¿Can I add a “Copy to clipboard” button for the file’s full server path?

Yes, I’ve added a tiny button using `navigator.clipboard.writeText('<?php echo $fullPath; ?>')`. It’s a small quality-of-life improvement.

¿How do I prevent the file manager from being accessed via the server’s IP address?

Use Apache virtual host to require a specific domain, or add a PHP check at the top that checks `$_SERVER['HTTP_HOST']`. I’ve done this to restrict to `admin.example.com`.

¿Why does the dark mode toggle not affect the login page?

The toggle is only visible after login. The login page always uses the light theme. If you want dark mode login, you’d need to modify the login page HTML or use a browser extension. I don’t mind because I spend little time on the login page.

¿Can I use Tiny File Manager to manage files on a server that uses PHP’s `open_basedir` to restrict access?

Yes, it inherits the `open_basedir` restriction. The file manager can only see directories allowed by that setting, which adds a layer of security. I combine `open_basedir` with TFM’s `root_path` for defense in depth.

¿How do I set the upload directory to a fixed location regardless of the current browsing directory?

Not possible without modifying the upload action to ignore the current path and use a hardcoded one. I’ve done this for a drop box: the upload always goes to `/home/drop/` and the user is immediately logged out after upload.

¿Is there a way to show the file’s MIME type in the listing?

You can add a column that uses `mime_content_type()` on each file. I’ve done this for a security review to quickly spot executable types disguised with wrong extensions.

¿Can I lock the file manager to a specific browser user-agent?

That’s security theater. User-agents can be spoofed. I don’t bother.

¿What’s the best way to handle large file downloads that time out?

The download action sets `set_time_limit(0)` to prevent timeout, but if the server kills the process, it can still fail. For very large files, I use a direct link served by the web server, bypassing PHP. I place the file in a public directory and send the link.

¿Can I integrate a syntax checker for PHP before saving?

You could add an AJAX call to `php -l` on the server, but that’s dangerous and complex. I just save and then visit the page to see if it broke; if so, I quickly revert from the backup I made 5 seconds earlier.

¿Why does the file listing sometimes show files as “not readable”?

PHP lacks read permission for those files. The tool will still list them but may not show size or allow editing. I’ve seen this on files owned by root with 0600 in a directory I owned.

¿How do I set the page to auto-refresh every 30 seconds for a kiosk view?

Add `<meta http-equiv="refresh" content="30">` in the HTML head. I’ve used this for a wall-mounted monitor showing a folder of status reports.

¿Can I use Tiny File Manager to trigger a script after a file is uploaded?

Yes, edit the upload success code block and add a call to your script or a webhook. I trigger image optimization for uploaded photos this way.

¿Is there a way to add a star rating or tag for files?

Not without a database. I’d use a separate metadata file in JSON and edit it manually. It’s not a built-in feature.

¿What’s the best way to have a “download as zip” button that includes a preset selection of files?

Modify the compress action to accept a pre-defined list of files from the config or a special directory. I’ve created a “Download All” button that compresses the whole folder.

¿How do I prevent the file manager from showing in iframes on other domains?

Add `header('X-Frame-Options: DENY');` at the top of index.php. I do this to prevent clickjacking.

¿Can I set a custom session handler using `session_set_save_handler`?

Yes, but you’d need to add that logic before `session_start()`. I’ve used it to store sessions in MySQL for a multi-server setup. It works if you define the handlers correctly.

¿Why does the code editor sometimes lose syntax highlighting after toggling dark mode?

The dark mode toggle may not reinitialize CodeMirror. The editor instance needs a refresh. I force a page reload after theme toggle to be safe.

¿Is there any way to view file diff between current version and the one on disk from within the editor?

No. The editor works on the live file. To see a diff, you’d need to have a copy stored elsewhere and use a diff tool.

¿Can I set the file manager to automatically redirect HTTP to HTTPS?

That’s a web server task, not TFM’s job. Use `.htaccess` or Nginx config.

¿What’s the risk of an attacker downloading `index.php` itself if they get read access?

If they can download the file, they get the source code and the hashed passwords. While bcrypt is strong, they could attempt offline cracking. I prevent this by setting `root_path` outside the web root where possible, or at least ensuring the file itself is not in a directory that’s served as a download. Actually, TFM can’t serve itself via the direct link because PHP executes it, but if the server misconfiguration serves raw PHP, that’s a huge problem. I add `php_flag engine on` in `.htaccess` to force execution.

¿How do I add a “Date created” column? (if not available)

The filesystem doesn’t always store creation time. `filectime` gives inode change time, not creation. I don’t rely on it. I stick with modification time.

¿Can I set different permissions for uploaded files based on file type?

You’d need to edit the upload handler to apply custom `chmod` after move. I’ve set uploaded images to 0644 and scripts to 0755 automatically.

¿Why does deleting a symbolic link delete the target file?

The tool uses `unlink()` on the symlink, which only removes the link, not the target. If you’re seeing the target deleted, it might be a different issue. I’ve deleted symlinks without problem.

¿How do I display the file’s full absolute path in the interface?

The breadcrumb shows the path relative to `root_path`. To show absolute, you’d need to modify the code to prepend the `root_path` or server root. I sometimes echo `getcwd()` in the footer for debugging.

¿Can I run the file manager in a completely headless mode via API?

No. It’s designed for interactive browser use. I’ve written a small wrapper script that uses `curl` with cookies to perform automated tasks, but it’s fragile.

¿Is there a way to “freeze” the config so that no one can change it via the file manager?

The config is only editable if the file itself is writable and editable via TFM (if it’s within the `root_path` and the user has edit capability). Keep the file outside the editable area, or set permissions to read-only for the web server. I keep it outside the web root and symlink it when needed.

¿What’s the easiest way to provide a file listing with download links without exposing the TFM interface?

Use TFM to create a static HTML index page of the files, then disable the TFM login by removing the authentication array (not recommended) or use a separate script. I prefer Apache directory listing with basic auth for that use case.

¿Can I integrate a payment gateway before allowing download? (Like selling files)

No. You need a full e-commerce plugin for that.

¿How do I set the page to use a monospace font stack for the entire UI?

Add `* { font-family: 'SF Mono', 'Fira Code', monospace; }` to the CSS. I prefer monospace for a file manager; it feels more technical.

¿Why is the file rename action sometimes very slow?

It’s usually instant. If slow, it might be an NFS or network filesystem where metadata operations are slow. I’ve seen this on a Windows share mounted via CIFS.

¿Can I prevent a user from downloading a file but allow viewing? (For images)

Not easily. Viewing is downloading. You can’t separate them. For images, the browser fetches the file to display it.

¿Is there any option to minify the inline CSS/JS for a smaller file size?

No, it’s already fairly compact. You can manually run a minifier on the code if you want. I don’t bother.

¿What’s the best way to handle session fixation attacks?

Regenerate the session ID after login: `session_regenerate_id(true);`. The tool does not do this by default. I’ve added it to my hardened version.

¿Can I use the tool to create a simple wiki or note-taking system?

It’s just a file manager. You can create and edit text files, but there’s no linking or organization beyond folders. I’ve used it to edit a markdown wiki stored as files; it works, but I miss wiki features.

¿Why do uploaded files sometimes have a `.tmp` extension?

PHP uses a temporary name during upload, then the tool renames it. If you see `.tmp` files, the upload might have failed mid-way, leaving the temp file. They can be safely deleted.

¿How do I prevent the “New Folder” button from creating a folder with a name that already exists?

The tool checks and shows an error message “Folder already exists.” I’ve seen it work reliably.

¿Can I set up Tiny File Manager to work with S3 via the AWS SDK?

You’d have to rewrite the filesystem operations to use the SDK, which is a massive fork. Not practical. Use a dedicated S3 browser.

¿Is there any place to see a list of all keyboard shortcuts?

No, there are no keyboard shortcuts beyond what the browser provides. I’d love a cheat sheet modal.

¿What’s the fastest way to duplicate a file within the same directory?

Select the file, click Copy, then Paste (by navigating to the same directory and clicking Paste). That’s three clicks. I do this for quick backups.

¿Can I run the file manager in a subfolder and restrict it to that folder without absolute paths?

The `root_path` needs an absolute path. You can set it dynamically using `__DIR__` to make it relative to the file’s location. I use `$config['root_path'] = __DIR__ . '/../files';` for portable configurations.

¿Why does the file tree not expand when I click the arrow on mobile?

The touch target might be too small. I use a stylus or zoom in. The tree is not optimized for touch.

¿How do I enable line wrapping in the code editor for all files?

Set `lineWrapping: true` in the CodeMirror init block. I enable it globally for prose-heavy directories.

¿Can I use the tool to compare two directories side-by-side?

No, the single-pane view doesn’t support that. Open two tabs.

¿Is there a way to generate a file usage report (total size per folder)?

Not built-in. I wrote a small PHP script that iterates and sums sizes, then displayed it in a custom page linked from the toolbar.

¿Why does the tool sometimes log me out when I switch networks? (e.g., from Wi-Fi to mobile data)

The session is IP-sensitive if you’ve implemented IP validation (not default). By default, changing network doesn’t log you out unless the session cookie is lost. If you have IP whitelisting, the new IP will be blocked.

¿How do I completely disable the user directory tree and only allow navigation via the file list?

Remove the sidebar HTML and CSS references. I’ve done this for a minimal “flat” file manager.

¿Can I add a “Run” button that executes a PHP script and shows output?

You can add an action that `include`s the file and captures output with `ob_start()`. I’ve implemented a “Test” button for PHP scripts on a dev server, but it’s risky.

¿What’s the simplest way to add a password strength meter to the config?

Not applicable because passwords are set in the config file. No UI for password change exists.

¿Can I set up the file manager to work with Git versioning?

No integrated Git. I manually use the tool to edit files, then SSH to commit. There’s no replacement for a proper workflow.

¿Why does the file upload sometimes rename my file to a random string?

That shouldn’t happen unless you’ve modified the code. The tool preserves the original filename. Check for conflicting browser extensions.

¿How do I add a “Home” link in the breadcrumb that goes to the root_path?

The breadcrumb already starts with a root link. If not, you can edit the breadcrumb generation to always include a home icon. I’ve added it.

¿Can I set the editor to use a custom font from Google Fonts without external CDN?

You’d need to embed the font as base64 in the CSS (large) or accept the privacy hit of loading from CDN. I stick with system fonts.

¿What’s the risk of editing the `.htaccess` file from the file manager?

If you make a syntax error, the entire site can go down with a 500 error. I’ve done this. Always, always test your `.htaccess` changes with a validator if possible, or keep an SSH window open to revert immediately.

¿Is there a way to schedule the tool to disable itself during weekends?

Add a day-of-week check at the top: `if (date('N') >= 6) { die('Closed on weekends'); }`. It’s crude but works.

¿Can I change the color of the upload button to something more prominent?

Yes, add a CSS rule for `.upload-btn` or similar. I’ve styled it bright green to stand out.

¿Why does the file listing sometimes show a “?” for permissions?

When PHP cannot determine permissions due to file system limitations (like on some Windows mounts), it shows a question mark. I ignore it or hide the column.

¿How do I set a maximum number of files to show to prevent browser slowdown?

Add pagination or limit the loop with a counter. I’ve added a simple `$limit = 500;` check and a message “Showing first 500 files.”

¿Can I use this to manage files on an FTP server without SSH?

No. You’d need an FTP client. TFM is local filesystem only.

¿What’s the best way to keep the session alive during a long editing session?

Add a JavaScript `setInterval` that pings a small PHP keep-alive script that just calls `session_start()`. I’ve implemented this with a 5-minute interval.

¿Is there a way to see who is currently logged in?

Store active sessions in a database or file, with timestamps, and display them. I added this for a multi-user instance. It’s a custom patch.

¿Why does the editor sometimes show “null” or “undefined” as content?

That can happen if the file path is invalid or the file read fails silently. Check PHP error logs. I’ve seen this when the file was deleted between listing and editing.

¿Can I set the file manager to use a different PHP ini file?

Use `-c` flag when starting PHP built-in server, or set via `.user.ini` if using Apache/FastCGI. TFM doesn’t control this.

¿How do I add a “Batch Rename” feature using regex?

I’d love this. I’ve seen a fork that does it. You’d need to build a UI that lets you enter a pattern and replacement, then run `preg_replace` on filenames. It’s on my wishlist.

¿Can I limit the file manager to only show files with a specific extension?

Not without modifying the file listing loop to filter by extension. I added a simple dropdown filter once.

¿Why does the search feature not find files in the sidebar tree if I haven’t expanded the folder?

The search scans the server filesystem, not the DOM tree. It should find them regardless of tree state. If not, it’s a permission issue.

¿How do I set the file manager to use a custom 404 page?

The web server handles 404s. TFM doesn’t serve its own 404.

¿Is there any way to integrate an EXIF viewer for JPEGs?

You’d need to add a popup that reads EXIF data using PHP’s `exif_read_data`. I built a simple modal for a photography client. It’s not in the official code.

¿Why does the file owner show as a number even though I have the POSIX extension?

If the user ID doesn’t map to a username in the system’s user database (like inside a Docker container), it shows the number. That’s normal.

¿Can I use Tiny File Manager to set up a simple CDN pull zone?

No. It’s just a file manager.

¿How do I prevent the browser from prompting to save login credentials?

You can add `autocomplete="off"` to the login form. I do this for security on shared computers.

¿What’s the best way to recover a corrupted session file?

Delete the session file from the session save path. The user will be logged out, but they can log in again.

¿Can I add a “Print directory listing” button?

Add a button that calls `window.print()`. The printout will include the toolbar and sidebar unless you add a print stylesheet. I’ve hidden everything except the file table for a clean print.

¿Is there any way to make the code editor collaborative (like Google Docs)?

Not at all. Use a dedicated collaborative editor.

¿How do I limit the file manager to only one active session per user?

Store the session ID in a file keyed by username, and invalidate previous sessions on login. I’ve implemented this; it’s a bit tricky but works.

¿Why do I get a “Permission denied” when trying to move a file across filesystems?

PHP’s `rename()` works within the same filesystem; for cross-filesystem moves, it fails. The tool doesn’t fall back to copy+delete. I’ve had to copy and delete manually.

¿Can I set the file manager to use a different timezone than the server default?

Yes, `date_default_timezone_set('America/Los_Angeles');` at the top. I do this to match my local time.

¿What’s the maximum file path length the tool supports?

PHP’s `realpath()` and filesystem functions usually support up to 4096 characters on Linux. I’ve hit this on deeply nested directories and had to reorganize.

¿How do I add a “Quick Edit” icon for text files without opening the full editor?

The edit icon already opens the editor. There’s no inline textarea on the listing. I prefer the full editor.

¿Can I use Tiny File Manager to serve a simple HLS video stream?

No. It serves files as-is. No streaming server features.

¿Is there a way to see the file’s checksum (MD5/SHA) without downloading?

Add a column that displays `md5_file()` or `sha1_file()`. I’ve done this for integrity verification.

¿How do I disable the “Rename” action for certain file extensions?

You’d have to check the file extension in the rename handler and deny if matches. Not configurable; it’s a source modification.

¿Why does the code editor sometimes replace smart quotes with straight quotes?

The editor doesn’t alter content unless you typed them. The browser or OS may be inserting smart quotes. I’ve configured my editor to avoid that.

¿Can I add a “Send via email” button for a file?

You’d need to add a form that calls `mail()` with an attachment. I’ve done this for small files. Beware of file size limits.

¿What’s the best way to handle Unicode filenames on a server without `mbstring`?

Without `mbstring`, PHP will treat filenames as bytes, which may break special characters. Install `mbstring`; it’s essential.

¿How do I show the server’s load average in the footer?

Add a function that reads `/proc/loadavg` and displays it. I find it useful for seeing if the server is overwhelmed.

¿Can I restrict the file manager to only run on certain days of the month?

Yes, use `date('d')` in a check. I’ve used this to disable access during maintenance windows.

¿Why is the file icon for `.md` files not a markdown symbol?

The default icon set may not include a markdown-specific icon. You can add a custom SVG in the `getIcon` function. I replaced it with the Markdown logo.

¿Is there a way to see the PHP opcache status from the file manager?

Not without a script that calls `opcache_get_status()`. I’ve added a link to a separate opcache GUI script.

¿How do I make the login page background image responsive?

Use CSS `background-size: cover;` and `background-position: center;` in the style block. I’ve added a subtle background that scales.

¿Can I integrate the file manager with a CDN like Cloudflare R2?

No, it’s for local filesystems.

¿What’s the quickest way to see if the PHP zip extension is enabled?

Click “Compress” on a file; if it fails, zip is missing. Or check `phpinfo`.

¿How do I prevent the file listing from showing the “..” parent directory link?

You’d comment out the code that generates that row. I like it for navigation.

¿Why does the rename function sometimes fail with “Invalid file name”?

The tool may block filenames with dangerous characters like `/` or `\`. Stick to safe characters.

¿Can I set the session timeout to “never” for a kiosk?

Set `$config['session_timeout'] = 0;` and `ini_set('session.gc_maxlifetime', 31536000);` (a year). It’s not truly forever, but close enough.

¿How do I add a “Logout and delete manager” button for one-click cleanup?

Add a button that calls a PHP script that deletes the file and then logs out. I’ve built this as a self-destruct button with a warning.

¿Is there any way to backup the file manager configuration automatically?

I use a cron job to copy the `$config` section of index.php to a separate file. Not built-in.

¿Can I set the file manager to only accept connections from a specific TLS client certificate?

Yes, configure your web server to require client certificates. TFM doesn’t need to handle it; the server blocks access before PHP runs.

¿What’s the simplest way to add a “Terms of Service” link on the login page?

Add an `<a href="tos.html">Terms</a>` in the login form HTML.

¿Why does the file size display “0 B” for a symbolic link?

`filesize()` returns the size of the target, but if the link is broken, it may return 0 or error. I avoid broken symlinks.

¿How do I change the editor’s color scheme for better contrast in bright sunlight?

Embed a high-contrast CodeMirror theme and switch to it via a toggle or permanently. I’ve used a solarized theme.

¿Can I use Tiny File Manager as a poor man’s FTP server replacement?

For occasional file operations, yes. It’s not a replacement for continuous use or automated transfers. I use it when FTP is down.

¿What’s the best way to handle a “File too large” error on upload?

Increase `upload_max_filesize`, `post_max_size`, and `memory_limit`. Also check web server limits (e.g., `client_max_body_size` in Nginx). I’ve adjusted all three.

¿How do I add a button to toggle the visibility of the sidebar tree?

Add a JavaScript function that toggles the sidebar’s CSS display. I bind it to a key like `Ctrl+B`.

¿Can I set the default editor mode to `text/plain` for a specific folder?

Not natively. You’d need to pass a folder-specific parameter or check the path in JavaScript. I’ve done this for a folder of logs.

¿Why does the logout sometimes not clear the session completely?

Call `session_destroy()` and also `setcookie(session_name(), '', time()-3600, '/');` to delete the cookie. The tool does this. If you’re still logged in, the cookie may not be cleared due to path mismatch.

¿Is there any way to integrate a terminal emulator into the file manager?

No, that’s a completely different application. Use a web-based terminal separately.

¿How do I show the number of files inside each folder in the tree?

You’d need to modify the recursive tree builder to count files. I’ve done it, but it slows down the page drastically for large directories.

¿Can I set the file manager to automatically generate a gallery view for images?

Not built-in. You’d need to detect image files and output `<img>` tags in a grid. I’ve seen a fork that does this.

¿What is the biggest mistake people make when using Tiny File Manager for the first time?

Not changing the default password. I will say it a thousand times. Change it. Now.

¿How do I add a “Report a bug” link in the footer?

Add an `<a href="mailto:...">` in the footer HTML. I link to an internal issue tracker.

¿Can I use the file manager to purge old files from a temp directory?

You can sort by date and manually delete, but no automatic purge. I have a separate cron script for that.

¿Why does the file listing show a file but the editor says “File not found” when I try to open it?

Possible race condition (file was deleted) or the file path contains characters that break the URL. I’ve seen this with filenames containing `#` when not encoded properly.

¿How do I prevent the web server from logging the `?p=` parameter (for privacy)?

You’d need to configure the web server to exclude query parameters from logging. Not a TFM feature.

¿Is there a way to make the code editor full screen?

Most browsers have a full-screen mode (F11). The editor itself can be expanded by hiding the sidebar. I’ve added a “fullscreen” button that uses the Fullscreen API.

¿Can I set the file manager to run in “kiosk mode” with no logout option?

Remove the logout button from the HTML. The user will be stuck until session expires. I’ve done this for a public display.

¿Why does the file list show “-1 B” for some files?

That’s an error code from `filesize()`. Usually occurs on special files or when the stat fails. I ignore it.

¿What’s the easiest way to add a “Copy download link” button?

Add an icon that copies `<?php echo $downloadUrl; ?>` to clipboard. I use this for sharing links internally.

¿How do I change the login page to have a different logo for each language?

You’d need to detect the language and echo a different `<img>` tag. I’ve done this for a multilingual portal.

¿Can I use the file manager to set up a drop shipping file upload?

Yes, create a dedicated user with upload capability only. That’s a simple drop box.

¿Why does the search function sometimes time out without returning results?

If the directory tree is huge, the PHP execution time may be exceeded. Increase `max_execution_time`. I’ve had to set it to 120 seconds for a massive filesystem scan.

¿How do I add a “Reload” button for the editor that discards changes?

Add a button that calls `location.reload()`. The editor will be lost. I prefer to open the file in a new tab for reference.

¿Can I restrict the “Copy” action to only within the same directory?

Not without modifying the copy handler to check the destination path. Not built-in.

¿What’s the best way to use Tiny File Manager as a simple document management system?

It’s too basic. You’ll lack search, versioning, metadata, and sharing. I pair it with a naming convention and manual discipline, but it’s not a DMS.

¿Can I set up an upload limit per user that resets daily?

No, no quotas. You’d need to track bytes uploaded per user in a file and reset with a cron job. I’ve built a simple quota system for a client.

¿Why does the code editor sometimes not show line numbers?

It’s a CodeMirror setting. Ensure `lineNumbers: true` is in the initialization. It is by default, but if you’ve modified the init, it might be missing.

¿How do I add a “Download as PDF” button for text files?

You’d need a server-side PDF converter like wkhtmltopdf. I’ve added a button that runs a shell command.

¿Can I use Tiny File Manager to host a simple blog?

No. It’s a file manager. You’d create text files and serve them via a static site generator, but TFM just manages the files.

¿Why does the file listing sometimes show files from a previous directory after navigating?

Browser cache. Hit the Refresh button to force a new request.

¿How do I make the editor indent with spaces instead of tabs for all files?

Set `indentWithTabs: false` in CodeMirror init. I do this for consistency.

¿Can I integrate a spell checker for text files?

CodeMirror can use browser spellcheck by setting `inputStyle: 'contenteditable'` and `spellcheck: true`. Not default. I’ve enabled it for a documentation folder.

¿What is the absolute bare minimum I need to do to make the tool secure?

Change default password. Enable IP whitelist. Set `root_path`. Use HTTPS. Delete it when not in use.

¿Is there any way to see the tool’s own version from the interface?

The version is in the HTML footer or page title. I’ve seen “v2.6.6” there. You can remove it if you want to hide the version.

¿Can I set the file manager to require a PIN in addition to the password?

Add a second input field and check it in the login logic. I’ve added a static “PIN” that’s separate from the password, just as a second factor.

¿Why does the file upload progress bar work on some servers and not others?

It’s an animation; it always “works.” It just doesn’t reflect actual progress. It’s cosmetic. Real progress requires PHP session upload progress or a different upload method.

¿How do I add a “Create symbolic link” option?

Not advisable from a web interface. I wouldn’t add it.

¿What is the biggest advantage of Tiny File Manager over other web file managers?

It’s a single PHP file. No install. That’s it. Nothing else comes close.