upload.pl // Upload

This is the upload component of the project. Note that this has not been tested, test compiled, or even double-checked. This is asis for now.

#!/usr/bin/perl -w
#index.pl -- Perl Uploadr by Brad Arsenault
use CGI::Carp qw(fatalsToBrowser);
use CGI (fatalsToBrowser);
use DBI;
use Time::HiRes qw(gettimeofday tv_interval);
use Time::gmtime;
use File::Basename;
$t0 = [gettimeofday];
require "subs.pl";

$tp = "";

$query = new CGI;
$filename = $query->param("uploadedfile");
$usrname = $query->param("usr_name");
$commentz = $query->param("comment");
$osc = $query->param("sc");
$tp .= &Say("Passed CGI stuffs");

if(!$usrname){
	$usrname = "noname";
	$tp .= &Say("Noname");
}

if(!$filename){
	$tp .= &Say("No Filename!")
	$tp .= &setMessage(1);
	&printHeader("Problem!");
	print $tp;
	&printFooter();
	exit;
}

($name, $path, $ext) = fileparse($filename, '\..*');
$filename = $name.$ext;
$filename =~ tr/ /_/;

&connectDB();
$tp .= &Say("DB Commected");

if(!$osc){
	$len = 1;
	$x = 0;
	$y = 0;
	$maxTries = 150;
	$u = 0;
	while($u == 0){
		$shortened = &randomPassword($len);
		$mysql_q = "SELECT *  FROM urls WHERE sc LIKE " . $shortened;
		my $query_handle = $dbh->prepare('SELECT * FROM urls WHERE sc LIKE ?') or die "Couldn't prepare statement: " . $dbh->errstr;
		$query_handle->execute($shortened);
		if($query_handle->rows == 0){
			$u = 1;
		}
		$y++;
		$x++;
		if($y == 10){
			$y = 0;
			$len++;
		}
		if($x-1 == $maxTries){
			$tp .= &setMessage(2);
			&printHeader("Uh oH!");
			print $tp;
			&printFooter();
			exit;
		}
	}
}
$tp .= &Say("Got ShortCode");

if(!$osc){
	mkdir ('./upload/' . $osc);
	$sc = $osc;
}
open (fh, '>./upload/' . $sc . '/' . $filename) or die "$!";
binmode fh;
while(<$fh>){
	print fh;
}
close fh;
$tp .= &Say("Done File Writing");

#for DB writing
$usr_ip = $ENV{'REMOTE_ADDR'};
$now_time = time();
$f_size = -s "/upload/$filename";
##THIS IS WHERE USER ID LOOKUP WOULD HAPPEN##
$u = 0;
##revision not yet in use, so have defaulted to 1st revision!

$msq = "INSERT INTO files (f_name, f_size, dt, ip, sc, revision, comment, user) VALUES ('$f_name','$f_size', '$now_time','$sc','1','$commentz','$u')";
$qh_f = $dbh->prepare($msq) or die "Couldn't prepare statement: " . $dbh->errstr;
$qh_f ->execute() or die "Couldn't execute: ".$dbh->errstr;

$fu = $file_url . "1" . $filename;

$msq = "INSERT INTO urls (sc, goto, dc, dlu, user, views) VALUES ('$sc','$fu','$now_time','0','$u','0')";
$qh_u = $dbh->prepare($msq) or die "Couldn't prepare statement: " . $dbh->errstr;
$qh_u -> execute() or die "Couldn't execute: " . $dbh->errstr;

$tp .= &Say("DB writing done");
$tp .= "

Your File has been saved with the shortcode of $sc

";
&printHeader("Suck-sess!");
print $tp;
&printFooter();