#!/usr/bin/perl -wT
use strict;
####
####
#!/usr/bin/perl -wT
use strict;
use CGI;
use Fcntl;
use constant BUFFER_SIZE => 16_384; # Amount of upload file to read at one time
use constant MAX_FILE_SIZE => 1_048_576; # This is the filesize upload limit
use constant UPLOAD_DIR => "/home/sites/web/directory/";
$CGI::DISABLE_UPLOADS = 0; # Temporarily reenable uploads
$CGI::POST_MAX = MAX_FILE_SIZE; # This will stop someone from uploading
# a fifty meg file to your system
my $req = CGI->new;
my $theext = "gif";
my $donepage = "up2.html";
my %upload_path = {personal => 'personal/',
impersonal => 'anotherpath/'};
my $path = $req->param('path');
if (! exists $upload_path{$path}) {
# Oops! It's not in our hash. Someone was being naughty!
print $req->redirect("some_error_page.html");
exit;
}
$path = $upload_path{$path};
UPLOAD_FILE:
{
for my $onnum (1..10) {
my $file = $req->param("FILE$onnum") or next UPLOAD_FILE;
if ($file) {
my $buffer;
my $file_handle = $req->upload( $file );
my $format = $req->uploadInfo($file)->{'Content-Type'};
# In the following regex, we're getting the image type of the MIME type.
# This is better than checking the extension because if they upload from
# a system that doesn't use extensions - or if the user's redefined their
# extensions, we'd have problems.
$format =~ s!^image/([a-zA-Z]+)$!$1!;
if ($format !~ /$theext/o) {
next UPLOAD_FILE;
}
my $fileName = "";
# Create a random filename. Keep running the loop if the filename exists,
# or if $fileName is false.
while (! $fileName or -e UPLOAD_DIR.$path.$fileName) {
$fileName = "";
my @myarray=('a'..'z','A'..'Z','1'..'9');
for (1..8) {
$fileName .= $myarray[rand(@myarray)];
}
$fileName .= ".$theext";
}
# This will create the new file
sysopen OUTFILE, UPLOAD_DIR . $path . $fileName, O_CREAT or die "Can't open UPLOAD_DIR$path$fileName: $!";
while ( read( $file_handle, $buffer, BUFFER_SIZE ) ) {
print OUTFILE $buffer;
}
close (OUTFILE);
}
}
}
# Send them to the confirmation page.
print $req->redirect($donepage);