# upload_file.pl # Part of DCForum by DCScripts # Copyright ©1997-2000 DCScripts All Rights Reserved # # MODIFICATION HISTORY: # mod.2001.04.01.01 - secure file extension # # As part of the installation process, you will be asked # to accept the terms of Agreement outlined in the readme.txt # included with this distribution. This Agreement is # a legal contract, which specifies the terms of the license # and warranty limitation between you and DCScripts. # You should carefully read this terms agreement before # installing or using this software. Unless you have a different license # agreement obtained from DCScripts, installation or use of this software # indicates your acceptance of the license and warranty limitation terms # contained in this Agreement. If you do not agree to the terms of this # Agreement, promptly delete and destroy all copies of this software # #=================================================================== # upload_file # utility for uploading files #=================================================================== sub upload_file { my ($r_in,$r_setup) = @_; local $html_output; local $heading = $forum_title; local $sub_heading = "Define file type and the file you want to upload and click on 'Upload File!'"; my $max_file_size = $r_setup->{'file_upload_size'} * 1024; print_header(); print_header_end(); # Check to see if the file upload option is off unless ($r_setup->{'file_upload'} eq 'on') { $heading = "POSTING ERROR - PLEASE CONTACT YOUR ADMIN"; $sub_heading = "File Upload Disabled."; return ($heading,$sub_heading,'',''); } if ($r_in->{'command'} eq 'save') { unless ( $ENV{'HTTP_REFERER'} =~ /$cgiurl/i) { my $temp = join("::",$r_in->{'userdata'}->{'Username'}, $ENV{'REMOTE_HOST'},$ENV{'REMOTE_ADDR'}); check_datafile("$password_file_dir/$sec_file"); appenddata("$password_file_dir/$sec_file",$temp); print_header(); print_header_end(); $heading = "POSTING ERROR - PLEASE CONTACT YOUR ADMIN"; } # Check to see if the file type is OK elsif (invalid_file_type($r_in->{'file_type'})) { my $temp = join("::",$r_in->{'userdata'}->{'Username'}, $ENV{'REMOTE_HOST'},$ENV{'REMOTE_ADDR'}); check_datafile("$password_file_dir/$sec_file"); appenddata("$password_file_dir/$sec_file",$temp); $heading = "POSTING ERROR - PLEASE CONTACT YOUR ADMIN"; $sub_heading = "INVALID FILE TYPE"; } else { my $file_id = get_session_id(); open(F,">$uploaddir/$file_id\.$r_in->{'file_type'}") or my_die ("Can't upload your file",$!); binmode F; print F "$r_in->{'file_upload'}"; close(F); my $file_size = -s "$uploaddir/$file_id.$r_in->{'file_type'}"; my $log = join ("$join_delim", $r_in->{'date'},$r_in->{'localtime'}, $r_in->{'userdata'}->{'Username'}, $file_id,$file_size); appenddata("$password_file_dir/$upload_log",$log); if ($file_size > $max_file_size ) { $html_output .= qq~ ERROR: The file you tried to upload was $file_size bytes and was deleted. ~; unlink("$uploaddir/$file_id\.$r_in->{'file_type'}"); } else { $html_output .= qq~ File was successfully uploaded to remote server. The URL of this file is $uploadurl/$file_id.$r_in->{'file_type'} ~; } }#End of unless } else { $html_output =qq~
File type:
HTML file
JPEG picture
ZIP compressed file 		Text file
GIF picture
TAR compressed file
Select a file ($r_setup->{'file_upload_size'} KBytes maxmimum size):
 
  Close this Window
~; } require "$cgilib/blank_template.pl"; exit; } # mod.2001.04.01.01 # Check for input file type # altering it would be detected here # sub invalid_file_type { my $file_type = shift; my @allowed = qw(html jpg zip txt gif tar); foreach (@allowed) { if ($file_type eq $_) { return 0; } } return 1; } 1;