Brad Arsenault (dot com)
The Blog of Brad
upload.pl // Upload
This is the upload component of the project. Note that this has not been tested, test compiled, or even double-checked. This is asis for now.
#!/usr/bin/perl -w
#index.pl -- Perl Uploadr by Brad Arsenault
use CGI::Carp qw(fatalsToBrowser);
use CGI (fatalsToBrowser);
use DBI;
use Time::HiRes qw(gettimeofday tv_interval);
use Time::gmtime;
use File::Basename;
$t0 = [gettimeofday];
require "subs.pl";
$tp = "";
$query = new CGI;
$filename = $query->param("uploadedfile");
$usrname = $query->param("usr_name");
$commentz = $query->param("comment");
$osc = $query->param("sc");
$tp .= &Say("Passed CGI stuffs");
if(!$usrname){
$usrname = "noname";
$tp .= &Say("Noname");
}
if(!$filename){
$tp .= &Say("No Filename!")
$tp .= &setMessage(1);
&printHeader("Problem!");
print $tp;
&printFooter();
exit;
}
($name, $path, $ext) = fileparse($filename, '\..*');
$filename = $name.$ext;
$filename =~ tr/ /_/;
&connectDB();
$tp .= &Say("DB Commected");
if(!$osc){
$len = 1;
$x = 0;
$y = 0;
$maxTries = 150;
$u = 0;
while($u == 0){
$shortened = &randomPassword($len);
$mysql_q = "SELECT * FROM urls WHERE sc LIKE " . $shortened;
my $query_handle = $dbh->prepare('SELECT * FROM urls WHERE sc LIKE ?') or die "Couldn't prepare statement: " . $dbh->errstr;
$query_handle->execute($shortened);
if($query_handle->rows == 0){
$u = 1;
}
$y++;
$x++;
if($y == 10){
$y = 0;
$len++;
}
if($x-1 == $maxTries){
$tp .= &setMessage(2);
&printHeader("Uh oH!");
print $tp;
&printFooter();
exit;
}
}
}
$tp .= &Say("Got ShortCode");
if(!$osc){
mkdir ('./upload/' . $osc);
$sc = $osc;
}
open (fh, '>./upload/' . $sc . '/' . $filename) or die "$!";
binmode fh;
while(<$fh>){
print fh;
}
close fh;
$tp .= &Say("Done File Writing");
#for DB writing
$usr_ip = $ENV{'REMOTE_ADDR'};
$now_time = time();
$f_size = -s "/upload/$filename";
##THIS IS WHERE USER ID LOOKUP WOULD HAPPEN##
$u = 0;
##revision not yet in use, so have defaulted to 1st revision!
$msq = "INSERT INTO files (f_name, f_size, dt, ip, sc, revision, comment, user) VALUES ('$f_name','$f_size', '$now_time','$sc','1','$commentz','$u')";
$qh_f = $dbh->prepare($msq) or die "Couldn't prepare statement: " . $dbh->errstr;
$qh_f ->execute() or die "Couldn't execute: ".$dbh->errstr;
$fu = $file_url . "1" . $filename;
$msq = "INSERT INTO urls (sc, goto, dc, dlu, user, views) VALUES ('$sc','$fu','$now_time','0','$u','0')";
$qh_u = $dbh->prepare($msq) or die "Couldn't prepare statement: " . $dbh->errstr;
$qh_u -> execute() or die "Couldn't execute: " . $dbh->errstr;
$tp .= &Say("DB writing done");
$tp .= "
Your File has been saved with the shortcode of $sc
";
&printHeader("Suck-sess!");
print $tp;
&printFooter();
