Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

File Upload - AND hidden values

by Anonymous Monk
on Jul 05, 2001 at 02:01 UTC ( #93962=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi,
I know how to upload a file using a script and thats fine.
BUT, i want to pass along 3 hidden text variables too.

I just cant find an example clear enough or complete enough to follow.
Can somebody please be a genius and tell me how the hell you right it so it just does a simple thing like the following...

Carry in the FILE and the 3 HIDDEN VARIABLES.
Work out what the 3 HIDDEN VARIABLE VALUES are
UPLOAD the FILE dependant on the 3 variables

Basically, I need the 3 variables passed through as they decide where the FILE is going to be uploaded to.
I need to know them before the FILE gets uploaded.

Please please please will someone be good enough to show me how to do this in one simple bit of script.
I think ALOT of people would appreciate it also as all I seem to find are other people asking the same question with no answers.

Hope theres a brainy person out there!!
Thanks =)
Adam
adam_s@lineone.net

Replies are listed 'Best First'.
Re: File Upload - AND hidden values
by eejack (Hermit) on Jul 05, 2001 at 08:04 UTC
    Howdy, This is a snippet that should give you the idea...
    #!/usr/bin/perl -w use strict; use CGI; my $query = new CGI; my $go_switch = $query->param('go_switch'); if ($go_switch){ my $file1 = $query->param('file1'); my $file_type = $query->param('file_type'); if ($file_type eq "jpg" || $file_type eq "gif"){ #only allowing im +ages here my $file_mod = "p000001"; if ($file1) { # uploads the first file my $save_directory = "/var/www/storage/$file_mod.$file_typ +e"; print "$save_directory<BR>"; my $BytesRead; my $Buffer; my $Filename = $file1; $Filename =~ s/^\.+//; my $File_Handle = $query->param('file1'); open (OUTFILE,">>$save_directory"); while (my $Bytes = read($File_Handle,$Buffer,1024)) { $BytesRead += $Bytes; print OUTFILE $Buffer; } close($File_Handle); close(OUTFILE); chmod (0666, "$save_directory"); } } }
    It's not perfect, normally I increment the filename from a datasource and have a broader variety of files I allow, but I feel by setting the file type and name (and putting in places that are not executable just in case) and giving the person uploading absolutely no options at all concerning where it is placed, how it is named, and what the permissions are, I can sleep with only one ear listening for the emergancy pager...

    A necessary evil in the current environment....:(

    EEjack

      I dont understand where the variables are suppose to be.. sorry!
      Adam
        Adam,

        Since you are not using CGI.pm (and you should) you need to parse out incoming data.

        But instead of doing that, you should use CGI.pm.

        use strict would be another good thing. -w would be helpful as well.

        EEjack

Re: File Upload - AND hidden values
by voyager (Friar) on Jul 05, 2001 at 02:22 UTC
    Can you show the code you have so far?

    If you are using CGI.pm then the hidden fields are available through calls to the param method, just as the file upload FH is. So before writing the contents of the upload, get the values from the param method.

      Hi, Its me again, the guy with the original problem. Right, heres the code I use so far for JUST uploading a file. It does not use CGI.pm. I wanted all the code on one page so I could see how it worked using my own variable names, etc. Here it is:
      #!/usr/bin/perl print "Content-type: text/html\n\n"; #SET MAXIMUM FILE SIZE ################################################# $maxfilesize = 30508; # 30.2kb #CHECK FILE SIZE ################################################# $len = $ENV{'CONTENT_LENGTH'}; if ($len > $maxfilesize) { print "file is bigger than 30.2kb, sorry\n"; exit; } #SET PATH VARIABLES ################################################ $| = 1; $upath = "/absolute/path/to/upload/dir/"; $uindex = "/absolute/path/to/upload/dir/upload.index"; $tempfile = $upath . $ENV{'REMOTE_ADDR'}; #READ IN BUFFER AND WRITE TO TEMP FILE ################################################ read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); open (x,">$tempfile"); print x $buffer; close (x); #OPEN TEMP FILE AND PROCESS IT ################################################ open (temp,$tempfile); #PULL OUT MIME/MULTIPART ################################################ $_ = <temp>; ($vernum) = /(\d+)/; # Next line of the file contains the filename in the format: # filename="C:\windows\win.ini" # KEEP ONLY PART WITHIN QUOTES ################################################ $_ = <temp>; $filetemp = $1 if (/filename=\"(.*)\"/); #REMOVE FULL PATH NAME ################################################ @pathz = (split(/\\/,$filetemp)); $filetempb = $pathz[$#pathz]; @pathza = (split('/',$filetempb)); $filename = $pathza[$#pathza]; #IF FILENAME IS BLANK, SHOW ERROR MESSAGE ############################################### if ($filename eq "") {<br> print "Oops, the you did not give a valid file name\n\n"; close(temp); `rm $tempfile`; } #CREATE FILE IN UPLOAD DIR ############################################### open (outfile, ">$upath$filename"); # Now we don't care about the Content-type of this, so<br> we'll pass +that up $junk = <temp>; $junk = <temp>; #READ/WRITE ALL APART FROM MIME/MULTIPART BIT ############################################## while (<temp>) { if (!(/-{28,29}$vernum/)) { print outfile $_; } } #ALL DONE, CLOSE AND PRINT SUCCESS MSG ############################################## close (temp); close (outfile); `rm $tempfile`; print "Your file <i>$filename</i> has been successfully<br> transferre +d to this site.<br>\n"; exit;

      So theres the code, anyone know how I can pass through 3 VARIABLES too?. I do need the variables for security but at this stage the user has already logged in. I just like to constantly pass throught a username and password so that the .cgi script cant be accessed on its own without going through the login.

      Im pretty new to all this so I really am sorry if I sound like a gimp. lol Really appreciate more help on this, thanks for all the replies everyone, Ill make sure I put you on the Thanks Page. :)

        You'd be wanting to use CGI.pm, no really, you would.

        You'd also want to be using warnings, strict and taint checking, particularly as you seem to trust the filename provided...

        Have you considered getting a user account at perlmonks? it'd tell you about responses to questions when you log in then...

        --
        RatArsed

        I've only used CGI.pm to parse query parms. But if you insist on doing it yourself, I think the hidden fields are going to be field=value pairs in STDIN that you apparently assume is just the uploaded file. Since you are writing everything to a temp file, take a look in there and see if you can find references to the hidden fields. HTH
Re: File Upload - AND hidden values
by vaevictus (Pilgrim) on Jul 05, 2001 at 04:07 UTC
    IIRC, you'll be getting a value of a temp file from your http server... you can use any sort of data to move that file from the temp directory to whatever your script decides.

    So, any form data sent in the same form that uploads the file should be easily accessed.

    BTW, the way you mention 3 HIDDEN VARIABLE VALUES, makes me terribly worried that you might think of using the values as some sort of security measure, which is not any sort of security at all... all hidden values are visible in the source code, and sent in cleartext over internet connections. If this is not the case, my apologies, and please disregard this last paragraph.

Re: File Upload - AND hidden values
by Kevin Ar18 (Initiate) on Jul 05, 2001 at 10:06 UTC
    Actually that does seem pretty easy. I've heavely modified a file upload script that passes along the file and other variables as well. If understand what you are doing then I should be able to help. Got AIM or ICQ? If not can you post the script here or tell me what it is or email it to me at perlmonks@op.virtualave.net
      Ive posted the code up above, hope you can help

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://93962]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2022-05-23 01:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (81 votes). Check out past polls.

    Notices?