#!/usr/bin/perl -w

###########################################################################
##  File upload script
##
##  Accepts a multi-part form data file, and uploads
##  it to the selected directory
##
##  Copyright (c) 2001 Nick Wyman. All rights reserved.
###########################################################################

use CGI qw(:standard);
$CGI::POST_MAX = 1000 * 1024;
use CGI::Carp qw/fatalsToBrowser/;


$html_file = "/home/pwc/public_html/scgi-bin/upload.html";
$njwdebug = 0;

if ( defined(param("filename")) ) {
  UploadFile();
}
  WriteForm();
exit;



###########################################################################
#
# SUB: WriteForm
#
#   Display the upload form.
#
sub WriteForm
 {
   open( F, $html_file )
   or quit( "Error opening form: $html_file");

   print header();

   while (<F>) {
     print $_;
   }

   close F;
   if ( $upload_successful ) {
     print h2("File successfully uploaded!" );
     print "<FORM METHOD=POST ACTION=http://pwc-editing.com/send_upload.php>";
     print "<INPUT TYPE=hidden NAME=recipient VALUE=support@awebstore.com><INPUT TYPE=hidden NAME=subject VALUE=New Upload File Completed>";
     print "Your name: <INPUT TYPE=TEXT NAME=name SIZE=30><BR>";
     print "Your email: <INPUT TYPE=TEXT NAME=email SIZE=30><BR>";
     print "\<b\>Local File:\</b\> $local_file \<br\>\n";
     print "\<b\><font color=white>Remote File:\</b\> $remote_file </FONT>\<br\>\n";
     print "<INPUT TYPE=submit name=submit VALUE='CONFIRM THIS UPLOAD'></FORM>";
   }
   print end_html;
 }


###########################################################################
#
# SUB: UploadFile
#
#   If a file was supplied, upload it to the selected directory.
#
sub UploadFile
 {

    $upload_successful = 0;
    $filename = param("filename");
    if ( !defined( $filename) ) {
      return;
    }
    if ( length $filename == 0 ) {
      return;
    }

    $dir = param("manager");
    if ( !defined( $dir) ) {
      quit( "Manager not selected: undefined!" );
    }
    if ( length $dir == 0 ) {
      quit( "Manager not selected: zero length!" );
    }

    if ( $njwdebug ) {
      quit( "Uploading from $filename to $dir/$filename" );
    }

    if ( ! -d $dir ) {
      quit( "Manager: $dir is not a directory" );
      return;
    }
    if ( ! -w $dir ) {
      quit( "Manager: Unable to write to directory: $dir" );
      return;
    }

    #-- file currently has entire path
    $file = $filename;
    $local_file = $file;

    #-- Get the just the filename from the complete path
    $_ = $file;
    s/\w://;
    s/([^\/\\]+)$//;
    $_ = $1;
    s/\.\.+//g;
    s/\s+//g;
    $filename = $_;

    if ( length $filename == 0 ) {
      #-- assume full path to upload file not given
      $filename = $file;
    }

    #-- Make sure file does not contain uppercase chars
    $filename = lc $filename;

    tmpFileName($file);

    $remote_file = "$dir/$filename";
    open(F,">$dir/$filename")
    or quit( "Error uploading file: $dir/$filename");

    binmode(F);

    while (<$file>) {
      print F $_;
    }

    close $file;
    close F;
    $upload_successful = 1;
}

############################################################################
#
# SUB: quit
#
#   Quit the script and write a message to the browser.
#
sub quit {
  print header;
  print start_html;
  print "$_[0] \<br\>";
  print end_html;
  exit;
}
