Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Determine type of file using cgi-lib.pl

Status
Not open for further replies.
bnc123

bnc123

Technical User
Mar 25, 2001
59
AU
I have a script for uploading files to the web server. The code is as follows (I use cgi-lib.pl):

Code: 
#!/usr/bin/perl

# Copyright (c) 1996 Steven E. Brenner
# $Id: fup.cgi,v 1.2 1996/03/30 01:35:32 brenner Exp $

use CGI::Carp qw(fatalsToBrowser);

require "./cgi-lib.pl";

$ref_number = 12345;

#Delete old file
$delfile = "/home/easy/public_html/cvs/$ref_number.doc";
unlink $delfile;


# When writing files, several options can be set... here we just set one
# Limit upload size to avoid using too much memory
$cgi_lib'maxdata = 50000;
$cgi_lib'writefiles = "/home/easy/public_html/cvs";


# Start off by reading and parsing the data.  Save the return value.
# We could also save the file's name and content type, but we don't
# do that in this example.
$ret = &ReadParse;


# A bit of error checking never hurt anyone
&CgiDie("Error in reading and parsing of CGI input") if !defined $ret;
&CgiDie("No data uploaded", "Please enter it in <a href='fup.html'>fup.html</a>.")
if !$ret;


# Munge the uploaded text so that it doesn't contain HTML elements
# This munging isn't complete -- lots of illegal characters are left as-is.
# However, it takes care of the most common culprits.
$in{'upfile'} =~ s/</&lt;/g;
$in{'upfile'} =~ s/>/&gt;/g;

$uploadedfile = $in{'upfile'};

rename($uploadedfile, "/home/easy/public_html/cvs/"."$ref_number".".doc");

# Now produce the result: an HTML page...
#print &PrintHeader;
print &HtmlTop("File Upload Results");
print <<EOT;

<p>You've uploaded a file $uploadedfile. Your notes on the file were:<br>
<blockquote>$in{'note'}</blockquote><br>
EOT

print &HtmlBot;

However, I want to upload only MS Word documents. So, how do I determine that the file being uploaded by a client is infact a MS Word document and nothing else.

Can I do that using cgi-lib.pl? I have been to the cgi-lib.pl website but did not find anything.

Also, if you notice, I am using a very crude way of overwriting the old file. I am first deleting the existing file and then uploading the new file. Can some improvement be made in that regard?

Thanks.

 
Sort by date Sort by votes
Thanks Kevin,

I have never understood how to use these CPAN modules. It is too complicated for me. Can you please show me how to use CPAN modules of how to incorporate them into the cgi scripts, or whatever it is that you do with them?

I started with cgi-lib.pl some time ago. I am trying to switch to CGI.pm but my progress is rather slow.

Let's see if somebody else has any ideas.
 
Upvote 0 Downvote
Check the FAQ section, there's a CGI.pm file upload script there.

Basically you can check the extension, and if it's .doc, .rtf or whatever permit it.

I think that script is images and zip files, but the logic is the same.

You will have to adjust the file size (number of bytes) for word docs I'm sure

HTH
--Paul

Spend an hour a week on CPAN, helps cure all known programming ailments ;-)
 
Upvote 0 Downvote
checking just the extension isn't as good as checking the file header, but it's better than nothing.

As far as File::Type is concerned, just copy and paste the source code (from CPAN) into text file, name it FileType.pm, and upload it to your cgi-bin. Then to use the module you just use "use" in your script:

use FileType;

It looks like File::Type just needs IO::FIle to work, and IO::File is a standard perl module so should be installed.

The File::Type module has examples of how to use it and explanations, a little experimentation will figure it out pretty fast, it's not a complicated module by any means. But if after trying a bit you are still stuck, post your code and ask more questions.
 
Upvote 0 Downvote
Many Thanks Kevin,

This is a start. I'll do exactly as you say. I still don't see how the file type will be checked without putting any more code into my script except use FileType; but I'll mess arround with it a few times and let you know what the result is. May take a couple of days, so stay tuned.

Thanks again Mate.
 
Upvote 0 Downvote
Yes Kevin, I did try File::Type. It does upload the file, but then gives me an internal server error (error 500). I have chmodded FileType.pm and my cgi script to 755. Also, it does not check for the file type. I really don't know what is supposed to happen, so I have no detailed debug information. Is there some configuration required in FileType.pm? And today being Sunday and all, I don't think there will be anybody at the server to read the server log and let me know exactly what happened.

I did copy and upload the code of File::Type as FileType.pm. My code now looks like this:

Code: 
#!/usr/bin/perl

# Copyright (c) 1996 Steven E. Brenner
# $Id: fup.cgi,v 1.2 1996/03/30 01:35:32 brenner Exp $

use CGI::Carp qw(fatalsToBrowser);

use FileType;

require "./cgi-lib.pl";

$ref_number = 12345;

#Delete old resume
$delfile = "/home/easy/public_html/cvs/$ref_number.doc";
unlink $delfile;


# When writing files, several options can be set... here we just set one
# Limit upload size to avoid using too much memory
$cgi_lib'maxdata = 50000;
$cgi_lib'writefiles = "/home/easy/public_html/cvs";


# Start off by reading and parsing the data.  Save the return value.
# We could also save the file's name and content type, but we don't
# do that in this example.
$ret = &ReadParse;


# A bit of error checking never hurt anyone
&CgiDie("Error in reading and parsing of CGI input") if !defined $ret;
&CgiDie("No data uploaded", "Please enter it in <a href='fup.html'>fup.html</a>.")
if !$ret;


# Munge the uploaded text so that it doesn't contain HTML elements
# This munging isn't complete -- lots of illegal characters are left as-is.
# However, it takes care of the most common culprits.
$in{'upfile'} =~ s/</&lt;/g;
$in{'upfile'} =~ s/>/&gt;/g;

$uploadedfile = $in{'upfile'};

rename($uploadedfile, "/home/easy/public_html/cvs/"."$ref_number".".doc");

# Now produce the result: an HTML page...
#print &PrintHeader;
print &HtmlTop("File Upload Results");
print <<EOT;

<p>You've uploaded a file $uploadedfile. Your notes on the file were:<br>
<blockquote>$in{'note'}</blockquote><br>
EOT

print &HtmlBot;

A few years ago, I took a course run by the University of W.Australia and they went with cgi-lib.pl. Now, I will have to learn CGI.pm from scratch and wonder how to do that on my own. I'll have to learn how to write to database files, how to add, edit and delete records etc. The tutorials on the web and the article recommended by WWMike on the other forum, are all Greek to me. So basically, I am stuck with cgi-lib.pl.

All I basically need is to collect some data from a client, together with his resume, put the data in a pipe delimited text file and his resume in a certain location on the server. The resume has to be .doc or .rtf. Whether I use cgi-lib.pl or not is not significant.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rob54321
  • Locked
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
1K
rob54321
rob54321
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
614
mikrom
mikrom
Anurag Sinha
  • Locked
  • Question
calling perl script on click of the button
Replies
0
Views
336
Anurag Sinha
Anurag Sinha
Limbomusic
  • Locked
  • Question
Perl files getting accessed directly
Replies
0
Views
466
Limbomusic
Limbomusic
pendle666
  • Locked
  • Question
Update Perl Script to latest version of Perl
Replies
1
Views
406
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top