[scott2500uk]

I know there are a lot of perl and php based upload scripts out there E.G Magaupload and Uber Upload, but Im finding it real hard to modify these scripts to work for me. Now I must warn you that I know a very litle about Perl but well knowledgable in PHP.

This is what I want:

upload form. The form will allow 2 files to be inputed. Before the submit button can be pressed javascript will check the inputs firstly for invalid extensions. I know this can be bypassed but it an aditional measure to stop the attepmt of files being uploaded with wrong file extensions. (I can code all this part)

Once passed the form and submitted a popup window uploads the files with a progress meter. This popup should be in perl. The perl script should check for obvious no no's for extensions eg php asp etc Also in the perl script should be an upload size limit.

IF passes the checks again then the files being uploaded just be renamed to a random name and also have the extension .tmp added to the end. eg mypicture.jpg -> g8sh475h.jpg.tmp Once stored in an upload directory the popup closes and tell the original upload form (php page) that the file upload has finished and give the results back to that page to be then proccessed. from there further checks will be done on the file. Further file extension checks and filesize checks with possibly mine type checks. ( I can do that part)

Can any one recomend a perl upload script out there that would be able to achieve such thing with a slight modification? many the scripts Ive come across have loads of files when realisticly I want one file form the upload form and processing and one file which displays the upload progress.

Thanks

[Nico]

I'm moving this to script requests...

[curbview.com]

A file upload script of this nature is not hard to put together. I do suggest that you include A LOT MORE security checks than described... Checking extensions is only the beginning. Your upload script should verify that the file uploaded is indeed THAT file type. In other words, your Perl script should use some of the built in features to verify that a jpg file is really a photo. Word Docs are really Word docs... Etc., etc.

I highly suggest developing a customized uploader in Perl rather than depending on what is available at CPAN.org, but there are Perl modules that will accomplish what it is you want. (File renaming, temp directories, etc.)

The many modules that I have studied over the years have *problems* but they require a person who is really out to get you to exploit.

Your script should also verify that ONLY people you have given permission to (registered users, IP ADDRESS based, etc.) are allowed to upload anything.

Your script should only allow file names of say tr/a-zA-Z_0-9./

Your script should limit the number of characters in the file name.

Your script should not allow uploaded files to be viewed/hot-linked by outsiders.

Your script should be able to send you an email when a user uploads a file (Or at least keep a log of usage.

There are a few Major security checks but it borders *unethical* practices...

[scott2500uk]

curbview.com thanks for replying but I am awear of the security risks and know what action is to be taken.

Firstly I said that I would do the checks with php all I what the perl script to do is upload rename and put the file in a folder so that the php can do the nessary checks on the file. The file will be going in to a folder that will have the deney all set to the folder. So firstly if a hacker did figure out the renamed file he wouldnt be able to access it. Secondly the file will have the extension .tmp added so the server wouldnt be able to run it and 3rdly the folder the file is being placed in will not be allowed script access so basically if a php file uploaded it wouldnt be able to run.

I hope now you understand I just want a simple perl script that will upload and rename and place in a folder and then report to my php script of its location and name.

[scott2500uk]

any one...