I've been trying to modify my file upload script so that it handles 10 files instead of one.
i was thinking the most straightforward way would be to add a FOR LOOP? placed strategically somewhere like just before the my variables get declared???
the POST input name is "fileup" so maybe i could call them fileup1, fileup2 etc.
This is the upld.pl script itself.
Expand|Select|Wrap|Line Numbers
- #!/usr/bin/perl -w
- use CGI;
- use CGI::Carp "fatalsToBrowser";
- use strict;
- use DBI;
- use Data::Dumper;
- use Digest::MD5 qw(md5 md5_hex md5_base64);
- require 'dbconfig.pl';
- require 'functions.pl';
- require 'server.pl';
- my %server = &getServer();
- my %config = &getDbConfig();
- # Dump Post Data To File
- my $post_length;
- my $tmpfiledir = 'temp/';
- my $filedir = 'files/';
- my $query;
- my $tmpfilename;
- my $filename;
- my $line;
- my $f;
- my $readline;
- my $seperator;
- my $ender;
- my $fread;
- my $key;
- my $value;
- my $lenfilename;
- my %post;
- my $cookie;
- my $session;
- my $result;
- my $unique;
- my $session_expire;
- $post_length = $ENV{'CONTENT_LENGTH'};
- binmode STDIN;
- my $dbh;
- $dbh = DBI->connect('dbi:mysql:'.$config{'db_database'}.':'.$config{'db_server'},$config{'db_user'},$config{'db_password'})
- or die ($dbh::errstr);
- my %config = &getConfig($dbh);
- my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time);
- $year += 1900;
- $mon++;
- $filedir .= sprintf('%02d%02d%02d',$year,$mon,$mday);
- mkdir $filedir;
- $query = $ENV{'QUERY_STRING'};
- if($query =~ /unique=([a-f0-9]{32})/){
- $tmpfilename = $tmpfiledir . $1;
- $unique = $1;
- $filename = $filedir . "/$unique";
- } else {
- # Some error message here
- print "Content-type: text/html\n\n";
- print "Error";
- exit;
- }
- $lenfilename = $tmpfilename . '.size';
- open TEMPFILE, ">$lenfilename";
- print TEMPFILE $post_length;
- close TEMPFILE;
- open TEMPFILE, ">$tmpfilename";
- binmode TEMPFILE;
- while (read STDIN, $f, 4096 && $post_length > 0){
- print TEMPFILE $f;
- $post_length -= length $f;
- }
- close TEMPFILE;
- open TEMPFILE, "<$tmpfilename";
- binmode TEMPFILE;
- $seperator = <TEMPFILE>;
- $seperator =~ /(.+?)(\r?\n)/;
- $ender = "$1--$2";
- my $fsize = 0;
- while ($readline = <TEMPFILE>){
- if ($readline =~ /^Content-Disposition: form-data; name="fileup"; filename="(.+?)"/)
- {
- $post{'filename'} = $1;
- open DFILE, ">$filename";
- binmode DFILE;
- $fread = <TEMPFILE>;
- $post{'contenttype'} = '';
- if($fread =~ /^Content-Type: ([a-zA-Z0-9\/-]+)/){
- $post{'contenttype'} = $1;
- }
- $fread = <TEMPFILE>;
- while (($fread = <TEMPFILE>) && ($fread ne $seperator) && ($fread ne $ender)){
- $fsize += length $fread;
- print DFILE $fread;
- }
- close DFILE;
- }
- else{
- if ($readline =~ /^Content-Disposition: form-data; name="(.*?)"/){
- $key = $1;
- $fread = <TEMPFILE>;
- $value = '';
- while (($fread = <TEMPFILE>) && ($fread ne $seperator) && ($fread ne $ender)){
- $value .= $fread;
- }
- $value =~ s/^(.*)\r\n$/$1/;
- $post{$key} = $value;
- }
- }
- }
- if($fsize > $config{'upload_max_size'}){
- print "Content-type: text/html\n\n";
- print "<html><head><title>File Uploaded</title></head><body onload=\"parent.location.href='".$config{'site_basedir'}."/filetoobig/'\">";
- print "File Too Big";
- print "</body></html>";
- die();
- }
- my $extension = '';
- if($post{filename} =~ /\.([^\.]+)$/){
- $extension = $1;
- }
- if ($config{upload_blocked_extensions} =~ /\b$extension\b/){
- $post{filename} .= '.renamethis';
- }
- close TEMPFILE;
- $session_expire = $config{'user_session_expire'};
- print "Content-type: text/html\n\n";
- $cookie = $ENV{'HTTP_COOKIE'};
- if($cookie =~ /session=([a-f0-9]{32})/){
- $session = $dbh->quote($1);
- } else {
- $session = "''";
- }
- my $userip = $ENV{REMOTE_ADDR};
- $query = "SELECT `session_user_index` FROM `sessions` WHERE `session_unique`= $session AND `session_time`>(UNIX_TIMESTAMP() - $session_expire) LIMIT 0,1;";
- $result = $dbh->prepare($query);
- $result->execute()
- or die $result::errst;
- my $userindex;
- $userindex = $result->fetchrow();
- if ($userindex){
- #user is logged in
- } else {
- # user is not logged in
- $userindex = -1;
- }
- if($post{'filename'} =~ /\/([^\/])$/){
- $post{'filename'} = $1;
- }
- $query = "INSERT INTO `files` (`file_server_index`,`file_unique`,`file_disk_location`,`file_name`,`file_mime`,`file_size`,`file_user_index`,`file_description`,`file_upload_ip`,`file_upload_time`,`file_hits`,`file_downloads`,file_last_download_time) VALUES (".
- $dbh->quote($server{'server_index'}).','.
- $dbh->quote($unique).','.
- $dbh->quote($filename).','.
- $dbh->quote($post{'filename'}).','.
- $dbh->quote($post{'contenttype'}).','.
- $dbh->quote($fsize).','.
- $dbh->quote($userindex).','.
- $dbh->quote($post{'description'}).','.
- $dbh->quote($userip).','.
- $dbh->quote(time).','.
- '0,0,UNIX_TIMESTAMP()'.
- ");";
- $result = $dbh->prepare($query);
- #print $query;
- $result->execute
- or die $result::errstr;
- print "<html><head><title>File Uploaded</title></head><body onload=\"parent.location.href='".$config{'site_basedir'}."/fileuploaded/$unique'\">";
- print "File uploaded sucessfully";
- print "</body></html>";
- #################################