First things first...Thank you very much to everyone who responded. I'm still in the process of reading over the responses & incorporating the suggestions- I probably will be for some time, actually.

Several people pointed out that there was no validation of username/password so I wanted to mention that my first page & script http://busybody.w1.com/html/2010again.html check the validity of the username/password. I created 3 text files (one for each class) that have a list of user id & password which the script compares to what the user entered.

If anyone is curious, the Perl code for the first page is located at http://busybody.w1.com/html/2010b.pl.txt Wow, that is very cool- I just realized if I put braces around the URL it turns into a link. It's the little things that make me happy, I suppose. :)

As many of you pointed out, there are many other security loopholes that I will need to fix as I learn. Right now, since I am brand new to Perl, I am just trying to get the code working as best I can & am planning on tweaking it/learning about security issues once I get the basics going. I welcome all comments though as to how best do this as that is how I'll learn.

The second page allows them to upload their assignment & the third page shows them the history of what they've uploaded. The third page has not been created yet.

I just switched both my scripts over to using the CGI.pm module. (I can hear the cgi.pm fans cheering!!)

Question #1) Because cgi.pm has the built-in "text/html" header function, I need to find a different way to send the user to the next page. Previously I used: print "Location: /html/2010assignment.html\n\n"; but since CGI.pm has the built in function, it prints that to the screen which is obviously not what I want to do. Rather I want to send the user to the next HTML page.

The perl script that operates behind the second page has also been converted over to cgi.pm (code is included below) I was also able to get the variables working in the path $filename = "$HOME/classes/$CSC/$studentid/$assignment/outputfile.txt";

The problem was the variable ($CSC) was returning a value of uppercase CSC2010 while the folder was named lowercase csc2010. Once I renamed the folder to uppercase CSC2010, it worked. I also changed permissions on the folder to include "write" access.(Tadman- thank you for suggestion that I use "join". Once I get things working more smoothly, I will look into that. I agree- I do need to learn some about regular expressions as well)

Question #2: I am trying to print the variable $file which is holding the user input from the upload file box -->

Type path of document to upload or click "Browse" to navigate to docum
+ent:
<INPUT TYPE="file" name="path">
[download]

For some reason, my other variables will print with no problem with the exception of this one. I thought the variable would contain the path to the document the student wants to upload but, regardless of what it holds, it is stubbornly not anything printing out. Does anyone have any idea why?

While I realize I made a lot of progress today in my quest to learn some Perl, I'm left with the feeling that I have many more questions than when I began. (Sigh...)

Thanks again, everyone.
Laura
lfindle@mindspring.com

#!/usr/local/bin/perl -w
# 2010c.pl

use CGI;
require ("cgi-lib.pl");

my $q = CGI->new();

print $q->header();

$studentid = $q->param('studentid');
$CSC = $q->param('CSC');
chomp($CSC);  
$assignment = $q->param('assignment');
$file = $q->param('file');

$HOME = (getpwnam("wfp51916"))[7];
$filename = "$HOME/classes/$CSC/$studentid/$assignment/outputfile.txt"
+;
open( OUTFILE, ">>$filename" ) or die ( "no go miss ");
print OUTFILE "$studentid\n";
close( OUTFILE );

print "$studentid<br>";        
print "$CSC<br>";
print "$assignment<br>";
#below is the variable I cannot get to print
print "$file<br>";
[download]