If you drop the [`index.php`](https://github.com/kd2org/picodav/raw/main/index.php) file in a directory of your web-server, it will make the contents of this directory available via WebDAV, and will also provide a nice web UI to manage the files, using [WebDAV Manager.js](https://github.com/kd2org/webdav-manager.js).
* Linux: Any file manager should be able to connect to WebDAV (Dolphin, Thunar, Nautilus, etc.), but you can also use [FUSE webdavfs](https://github.com/miquels/webdavfs)
* Android: [RCX](https://f-droid.org/en/packages/io.github.x0b.rcx/) and [DAVx⁵](https://www.davx5.com/), see [the manual](https://manual.davx5.com/webdav_mounts.html)
It's really as simple as it says: just upload the [`index.php`](https://github.com/kd2org/picodav/raw/main/index.php) file to a directory on your web-server, and it will now be available via WebDAV!
If you are using Apache (version 2.3.9 or later is required), a .htaccess file will be created if it does not exist, to redirect requests to `index.php`. If not, you can use
The only requirement is PHP 7.4, or more recent (8.0 and 8.1 are also supported, not tested with PHP 8.2).
Note that by default, write access is disabled for security purposes. See below to enable write access.
### Configuration
PicoDAV accepts a configuration file named `.picodav.ini`.
It should be in the same directory as `index.php`.
### Users and passwords
By default, the WebDAV server is accessible to everyone.
You can disable anonymous access by writing the following line inside `.picodav.ini`:
```
ANONYMOUS_READ = false
```
Then you need to create user accounts, for that add a new section to `.picodav.ini` for each user. For example if we want to give write access to a user named `greta`:
```
[greta]
password = verySecret
write = true
```
Note that PicoDAV will replace this password with an encrypted version the next time it is accessed, don't worry about that, this is for extra safety, just in case the `.picodav.ini` is accessed by a hacker if you made mistake in your web server configuration.
Here is an example of the password once it has been encrypted:
If you want something more detailed, you can also limit users in which directories and files they can access by using the `restrict[]` and `restrict_write[]` configuration directives.
These are tables, so you can have more than one directory restriction, don't forget the `[]`!
In the following example, the user will only be able to read the `constitution` directory and not write anything:
#### Using the web-server auth instead PicoDAV auth
If you don't want to use the provided auth (users and passwords) feature, you can also restrict access by using a [`.htpasswd` Apache file](https://www.cyberciti.biz/faq/create-update-user-authentication-files/), or any other mean provided by your web server.
If you do this, you might want to uncomment the two commented `RewriteCond` lines in `.htaccess`, this way all downloads of files will happen directly from the web server, and not going through PHP, making things a bit faster.
For security purposes, the WebDAV server will not allow to read or delete UNIX hidden files (with the file name beginning with a dot, eg. `.htaccess` etc.).
Access to PHP files is also disabled for the same reasons.
This is designed to work best with Apache web servers. If you are using another web server, you'll have to adapt the rules described in `.htaccess` to your own server.
This software and its dependencies are available in open source with the AGPL v3 license. This requires you to share all your source code if you include this in your software. This is voluntary.
For entities wishing to use this software or libraries in a project where you don't want to have to publish all your source code, we can also sell this software with a commercial license, contact me at bohwaz at kd2 dot org. We can do that as we wrote and own 100% of the source code, dependencies included, there is no third-party code here.