#!/usr/bin/perl -w

#
# Perl script to accept file uploads. This script is provided for demonstration 
# purposes only.
# you need to have the CGI module installed.
#
# Copyright Rad Inks (pvt) 2003
# http://www.radinks.com


#
# This is a sample file upload handler script that demonstrates how files
# can be accepted or rejected based on it's extension.
#
# You can define a list of allowed types in the $allowed array, only files
# with matching extensions will be accepted. Alternatively you can define 
# a list of file types to be rejected using the $reject array. Any file with
# a matching extension will be rejected while all other file types will be
# considered safe.
#
# If both $allow and $reject are defined, $accept takes precedence. Please use
# lower case extensions.
#


use CGI;			
use Carp;

sub bye_bye {
	$mes = shift;
	print "<br>$mes<br>\n";

	exit;
}



print "Content-type: text/html\n\n ";
my $cg = new CGI();

#
# Files will not be saved if $save_path is left undefined. Please make sure
# the path you choose is writable. And don't forget the trailing '/'
#

my $save_path='/tmp/junk/';


#
# enter a list of file extensions that should be rejected.
#
my @reject =('html','exe','com','bat','dll','sh','php','cgi','class');

#
# If $accept array is defined only files with matching extensions
# are allowed.
#
# @accept = array('gif');
#
 
 

print <<__TABLE__;
<html>
<body  bgcolor="FFFFCC">

<table border="1" cellpadding="5" width="100%" align="center">
<tr><td colspan="3" bgcolor="#0066cc"><font color="#FFFFCC" size="+1" align="center">Files Uploaded</font></td></tr>
<tr  bgcolor="#ffff00"><td style="font-size: 110%;"><nobr>File Name</nobr></td>
	<td style="font-size: 110%"  align="right"><nobr>File size</nobr></td>
	<td style="font-size: 110%"  align="right"><nobr>Status</nobr></td>
	</tr>
__TABLE__

my $size = $cg->param;
my $userfile_parent = $cg->param('userfile_parent');

#
# attempt to loop through the list of files.
#
CONT: for($i=0 ; $i < $size ; $i++)
{
	$file_upload 	= $cg->param("userfile[$i]");

	if($file_upload) {
	
		my $fh = $cg->upload("userfile[$i]");
		my @name = split('/',$fh);
		my $filename = pop(@name);
		my $fsize = (-s $fh);
		
		
		if($i %2)
		{
			print '<tr bgcolor="#FFFF99"> ';
		}
		else
		{	
			print '<tr>';
		}

		print "<td>$filename </td>\n";
		print "<td>$fsize</td>\n";

		# 
		# extracts the extension and converts it to lower case.
		#
		my @parts = split('\.',$filename);
		my $ext = $parts[$#parts]; 
		$ext =~ tr/A-Z/a-z/;
		carp $ext;
		
		if(@accept)
		{
			foreach(@accept)
			{
				if($_ eq $ext)
				{
					print'<td>rejected</td></tr>';
					next CONT;
				}
			}
		}
		elsif(@reject)
		{
			foreach(@reject)
			{
				if($_ eq $ext)
				{
					print'<td>rejected</td></tr>';
					next CONT;		
				}
			}
		}
		
		#
		# if we have reached this stage that means the file has passed the test
		#
		open (OUTFILE,">>$save_path/$filename");
			while(<$fh>) {
				print OUTFILE $_;
			}
		close(OUTFILE);
		print '<td>accepted</td></tr>';
	}
}


print <<__TABLE__;
</table>

<p style="text-align:center; font-size: 80%">Sample  Perl Upload handler provided by
 <a href="http://www.radinks.com/?dn">Rad Inks</a></p>
 
<p style="text-align:center; font-size: 80%">have you seen our <a href="http://www.radinks.com/sftp/?dn">Secure FTP Applet</a> or our
<a href="http://www.radinks.com/mms/?dn">Multimedia Messaging Solution</a>?</p>

__TABLE__