#! /usr/bin/perl -wT
use strict;	
use CGI qw(:standard escapeHTML);	
use CGI::Carp qw(warningsToBrowser fatalsToBrowser); 
my @field_list =
({ name => "object_to_be_uploaded1", label => "Name optional attachment #1" },
 { name => "object_to_be_uploaded2", label => "Name optional attachment #2" },
 { name => "object_to_be_uploaded3", label => "Name optional attachment #3" });

print header (),
start_html (-title => "Work Request Origination", -bgcolor => "orange");
my $choice = lc (param ("choice"));	# get choice, lowercased
if ($choice eq "")			# initial script invocation
{ display_entry_form (); }
elsif ($choice eq "submit")
{ process_form (\@field_list); }
else
{ print p (escapeHTML ("Logic error, unknown choice: $choice")); }
print end_html ();
exit (0);

sub display_entry_form
{
my @row;       # define array
	print start_multipart_form (-action => url ()), 
			p ("<center><h2>Upload multiple files\n");
        push (@row, qq(<table border=3 bordercolor="blue" align="center" bgcolor="xffff00">) );
        push (@row, Tr (
   ( qq(<TD ALIGN="CENTER" VALIGN="TOP" BGCOLOR="yellow" COLSPAN="2">), qq(Please provide the information requested in the table below to initiate a work request.))));
        push (@row, Tr (
   ( qq(<TD ALIGN="LEFT" VALIGN="TOP" COLSPAN="3">), 
     qq(Attachment #1 (Optional)),
     filefield (-name => "object_to_be_uploaded1",
                            -size => 60))));
        push (@row, Tr (
   ( qq(<TD ALIGN="LEFT" VALIGN="TOP" COLSPAN="3">), 
     qq(Attachment #2 (Optional)),
     filefield (-name => "object_to_be_uploaded2",
                            -size => 60))));
        push (@row, Tr (
   ( qq(<TD ALIGN="LEFT" VALIGN="TOP" COLSPAN="3">), 
     qq(Attachment #3 (Optional)),
     filefield (-name => "object_to_be_uploaded3",
                            -size => 60))));
	print table (@row),
			submit (-name => "choice", -value => "Submit"),
			end_form ();
}

sub process_form
{
my $field_ref1 = shift;     # reference to field-List
my $file1 = param("object_to_be_uploaded1");
my $file2 = param("object_to_be_uploaded2");
my $file3 = param("object_to_be_uploaded3");
my $upload_dir = "/home/yadayada/public_html/cgi-bin/upload_docs";
my ($base_filename, $untainted_filename);
my @full_filename = ("", "", "");
my @upload_file = ($file1, $file2, $file3);
my $upload_file = param(@upload_file);
my $y=0;
foreach $upload_file(@upload_file)
    {
     print "Uploading $upload_file.....<br>\n";
     if ($upload_file eq "")
          {}
     else
          {
           $base_filename = $upload_file;
           $base_filename =~ s/.*[\/\\](.*)/$1/;
           $untainted_filename = $base_filename;
           if ($base_filename =~ /^([-\@ :\/\\\w.]+)$/  )
               { $untainted_filename = $1; }
           else
               { die <<"EOT";
Unsuported characters in the filename "$base_filename".
Your filename may only contain alphabetic characters, numbers,
and the characters '_', '-', '\@', '/', '\\', and '.'
EOT
                }
           if ($untainted_filename =~ m/\.\./ )
                { die <<"EOT";
Your upload filename may not contain the sequence '..'
Rename your file so that it does not contain the sequence '..', and try again. 
EOT
                 }
           else {}

           @full_filename[$y] = $upload_dir . "/" . $untainted_filename;
           open (UPLOADFILE, ">@full_filename[$y]") || die ("Can't open (@full_filename[$y]): $!"); 
#                                  open $file_name using FILEHANDLE INFILE
           binmode UPLOADFILE;       # allow FILEHANDLE read in binary mode
           while ( <$upload_file> )
                 {
                  print UPLOADFILE;
                 }
           close (UPLOADFILE);          # close input file
          }
    $y++;
    }
      
print p ("Thank you. Your file(s) have been uploaded.\n");
}