#### use strict; use CGI::Carp qw(fatalsToBrowser); use CGI qw( :standard); use File::Slurp qw( read_file ); use DBI; use Crypt::Lite; use File::Basename; ############################################### # CGI IN my $query = CGI->new; my $submit = $query->param('SUBMIT'); my $user_id= $query->param('USER_ID'); my $filename = $query->param("photo"); my $safe_filename_characters = "a-zA-Z0-9_.-"; my $upload_dir = "\images-user"; $CGI::POST_MAX = 1024 * 5000; ############################################### if ($user_id eq '') { my $cookie = CGI->new; $user_id = $cookie->cookie('TEC_USER_ID'); my $crypt = Crypt::Lite->new( debug => 0, encoding => 'hex8' ); my $decrypted = $crypt->decrypt($user_id, $ip_address); $user_id = $decrypted; } #################################################### ##################### Main Page #################### #################################################### # Start Main Page if ($submit eq '') { #code } elsif ($submit eq 'Submit Form') { if ( !$filename ) { print $query->header ( ); print "There was a problem uploading your photo (try a smaller file)."; exit; } my ( $name, $path, $extension ) = fileparse ( $filename, '..*' ); $filename = $name . $extension; $filename =~ tr/ /_/; $filename =~ s/[^$safe_filename_characters]//g; if ( $filename =~ /^([$safe_filename_characters]+)$/ ) { $filename = $1; } else { die "Filename contains invalid characters"; } my $upload_filehandle = $query->upload("photo"); open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!"; binmode UPLOADFILE; while ( <$upload_filehandle> ) { print UPLOADFILE; } close UPLOADFILE; }