Custom PHP scripts can be automatically executed when the users perform one of the monitored actions (Actions_keynames).

For example, to automatically run custom PHP code after a file is uploaded, you can simply place a PHP file named “upload.php” inside the folder “customizables/events/”.

Here's an example script:

Set file permissions after upload:

$data = unserialize($data['data']);
chmod($data['full_path'], 0644);

If you want the code to be executed before the file is saved to the folder, so that you can process it and perhaps reject the uploaded file, you need to name the script file “file.upload.php”.

Here's how an example script would look like in this case:

Clamscan antivirus check on upload:

global $auth;
$data = unserialize($data['data']);
$out = '';
$int = -1;
exec($command, $out, $int);
exec("clamscan ".escapeshellarg($data['full_path']), $out, $int);
if ($int != 0) {
return array(
	'error' => array('code' => 100, 'msg' => 'This file has been rejected as it contains viruses!'),
	'return' => false

Prevent non-admin users to delete files labeled as APPROVED.

Place the following code inside “customizables/events/file.delete.php”:

global $auth;
if (!\FileRun\Perms::isSuperUser() && !\FileRun\Perms::isSimpleAdmin() && !\FileRun\Perms::isIndependentAdmin()) {
	$metaFileInfo = \FileRun\MetaFiles::getByPath("*", $extra['filePath']);
	if ($metaFileInfo['id']) {
		$label = \FileRun\Labels::getByFileId($metaFileInfo['id']);
		$v = \FileRun\Labels::parseValue($label);
		if (strtoupper($v['text']) == 'APPROVED') {
			return array(
				'error' => array('code' => 100, 'msg' => 'Approved files cannot be deleted!'),
				'return' => false

For running a script when folders are being deleted the file needs to be named “folder.delete.php”. To run a script when files are being downloaded, name the script file “”.

Calculate and store the files' MD5 checksum values in a metadata field

Please follow these steps:

  • Go to “Control Panel » System configuration » Metadata » Fieldsets » Create new”
  • Set the “Fieldset name” (Something like “Info”, it doesn't really matter)
  • Tick the “Generic fieldset” checkbox. (So that all files show this fieldset)
  • Click “Save” to add the fieldset.
  • Click “Manage Fields > Create new”
  • Type “Checksum” for the “Field name” and click “Save”
  • By holding the mouse cursor over the newly created field name you can find out its ID, from the link's URL (……&fid=X)
  • Create the text file “customizables/events/upload.php” and paste the following code inside:
$fieldId = 15; //set here the ID of the metadata field that will be hold the filename
global $db, $fm;
$data = unserialize($data['data']);
$metaFileInfo = \FileRun\MetaFiles::getByPath("*", $data['full_path']);//get file metadata record
if (!$metaFileInfo['id']) {
	$id = \FileRun\MetaFiles::addFile($data['full_path']);//add file metadata record if not found
	if ($id) {
		$metaFileInfo['path'] = $data['full_path'];
		$metaFileInfo['id'] = $id;
$hash = md5(file_get_contents($data['full_path']));
\FileRun\MetaValues::set($metaFileInfo['id'], $fieldId, $hash);//set hash as metadata

* Replace the “XXXX” with the ID of your “Checksum” metadata field on the first line of the script file.

The “upload.php” script will execute each time a user uploads a file, and it will calculate the file's hash and store it in the file's “Hash” metadata field.

Being a metadata field, you can also display it as a column in the file list view.

Please note that with this method, PHP reads the entire file's contents into memory. This can be slow and might not even work for files larger than PHP's configured “memory_limit” value. A solution available for Unix type of servers is to replace the line “$hash = md5(file_get_contents($data['full_path']));”, with the following one:

$hash = exec("md5sum \"".escapeshellcmd($data['full_path'])."\"");