|
Hey everyone, here's my problem:
I have a script to take information and put it in a
database, and also upload a resume. The entire thing works on my test
machine (Win98/Activeperl/Apache) but doesn't work on my actual machine (Digital
Unix/Perl5+/Apache).
I've attached the entire script, but the relevant
parts are copied here:
<code>
{
no strict; $resume = $cgi->upload('resume'); my ($buffer,$bytesread); open (OUTFILE, ">resumes/$newname")|| print "<h2>Cannot write resume!</h2>"; binmode OUTFILE; while($bytesread=read($resume,$buffer,1024) ){ print OUTFILE $buffer; } close(OUTFILE); }
</code>
"resume" is the name of the upload field, and
naturally, everything is done with CGI.pm. I only want people to upload
word documents, so I do every upload with binmode. $newname has the
desired filename, and I want it uploaded into the resumes folder.
Here are the things I've tried:
1) I have it in a 'no strict' block because the
CGI.pm docs said that Perl complains when using a string for a filehandle.
2) Using the $cgi->upload() also suggested in
the CGI.pm docs.
3) Changing the permissions of the resumes/ folder,
from 644, 744, 711, but I figured all it really needs is owner rwx, since the
script runs as me.
Could this be a server related thing? There
may be other issues with the script, (SECURITY) but for now, I just want
something functional. Any help would be appreciated.
Thanks,
Ryan
|
#!/usr/local/bin/perl5 -T
#Ryan Davis
#member database adder
use lib "/home/aitp/lib";
use Mail::Sendmail;
use DBI;
use CGI;
use LWP::Simple;
use strict;
my $version = "1.00";
my $cgi = new CGI;
my $dbh = connectDB();
my %terms = (
"Fall 2001" => "fa01" ,
"Spring 2002" => "sp02",
"Summer 2002" => "su02",
"Fall 2002" => "fa02",
"Spring 2003 and Beyond" => "sp03",
);
my @terms = ("<b> Fall 2001 </b><br>", "<b>Spring 2002</b><br>", "<b>Summer
2002</b><br>", "<b>Fall 2002</b><br>", "<b> Spring 2003 and Beyond</b><br>");
my $errors = "";
my ($fn, $ln, $grad, $email, $url, $gpa, $keywords, $page,$resume,$temp);
#get webpage template
my @html = split(/perlaitpinsert/, getTemplate("perlaitp.htm"));
my $state = $cgi->param('State');
$cgi->delete('State');
print $cgi->header(), $html[0], "<img src=\"../images/aitp\_introd.jpg\">", $html[1];
#SIDEBAR GOES HERE
print "<H2>AITP Member Database</H2><BR>";
print $cgi->start_form(-action=>"member-add.cgi");
print $cgi->submit("Submit","Add your Info");
print $cgi->end_form;
print $cgi->start_form(-action=>"member-view.cgi");
print $cgi->submit("Submit","View List");
print $cgi->end_form;
print "Version: $version";
#END SIDEBAR
print $html[2];
unless($state){
ADDENTRY:
print "<h2>Add your entry</h2>";
print "This form adds your information to our searchable database, and
includes you in our resume CD.<br>";
print "<font color=\"FF0000\"><b>";
print $errors;
print "</b></font>\n";
print $cgi -> start_multipart_form(-method=>"GET");
print "First Name: <br>";
print $cgi -> textfield("fn");
print "<br>";
print "<br>Last Name: <br>";
print $cgi -> textfield("ln");
print "<br>";
print "<br>E-mail Address: <br>";
print $cgi -> textfield("email");
print "<br>";
print "<br>What semester will you be graduating? <br>";
#display a scrolling list
print $cgi -> scrolling_list(
-NAME => "terms",
-VALUES => [keys %terms],
-LABELS => {\%terms},
-SIZE => 1,
-MULTIPLE => 0,
);
print "<br><br>Enter the URL where you professional website is
located:<br>http://";;
print $cgi -> textfield("url");
print "<br><br>Provide your GPA (optional): <br>";
print $cgi -> textfield(
-NAME => "gpa",
-MAXLENGTH => 4,
-SIZE => 4,
-DEFAULT => "N\/A"
);
print "<br><br>Enter any helpful keywords other than the information
<br>provided above in which you think I recruiter may use as a search term: <br>";
print $cgi ->textarea(
-NAME => "keywords",
-ROWS=> 10,
-COLUMNS => 30,
);
print "<br><br>Upload your resume, in MS Word format: (70KB limit)<br>";
print $cgi->filefield('resume','starting value',40,180);
print "<br><br>";
print '<input type="hidden" name="State" value="filled">';
print $cgi -> submit("Submit");
print $cgi -> end_form();
}elsif($state eq "filled"){
#READ IN ALL THE VALUES
$fn = $cgi -> param("fn");
$ln = $cgi -> param("ln");
$grad = $cgi -> param("terms");
$email = $cgi -> param("email");
$url = $cgi -> param("url");
$gpa = $cgi -> param("gpa");
$keywords = $cgi -> param("keywords");
$resume = $cgi->param("resume");
chomp(($fn,$ln,$grad,$email,$url,$gpa,$keywords,$resume));
$url =~ s#http://##;
my $newname = "";
#MAKE SURE ALL INFO WAS PROVIDED
$errors = "";
if($fn eq ""){$errors .= "Please enter a valid first name.<BR>";}
if($ln eq ""){$errors .= "Please enter a valid last name.<BR>";}
unless($email =~ /^\w+([\.-]?\w+)*@\w+([\.]?\w+)*(\.\w{2,3})+$/){
$errors .= "Please enter a valid email address.<BR>";
}
unless($gpa eq "N/A"){
unless(($gpa =~ /[0-9](\.[0-9]*|)/)&&($gpa <= 4.0)&&($gpa >
0)){$errors .= "Please enter a valid GPA.<BR>";}
}
unless($url eq ""){
unless($url =~ /\S/){$errors .= "Please enter a valid URL.<BR>";}
$page = get("http://$url";);
unless($page){$errors .= "That website is inaccessible. Please check
the spelling.<BR>";}
}
if($resume eq ""){
$errors .= "Please upload a resume.<br>";
}else{
$newname = $resume;
$newname =~ s/.*(\....$)/$1/;
unless($newname eq ".doc"){$errors .= "Please upload a Word
document.<br>"}
}
unless($errors eq ""){goto ADDENTRY;}
$newname = $resume;
$newname =~ s/.*(\....$)/$1/;
$temp = $fn;
$temp =~ s/^(..).*/$1/;
$newname = $ln.$temp.$newname;
#untaint
if ($newname =~ /^([-\@\w.]+)$/) {$newname = $1;}
{
no strict;
$resume = $cgi->upload('resume');
my ($buffer,$bytesread);
open (OUTFILE, ">resumes/$newname")|| print "<h2>Cannot write resume!</h2>";
binmode OUTFILE;
while($bytesread=read($resume,$buffer,1024) ){
print OUTFILE $buffer;
print "<br>$bytesread";
}
close(OUTFILE);
}
#insert values into database
my $sth = $dbh->prepare(q{insert into members
(firstname,lastname,graddate,
email,website,gpa,keywords,resume)
values
(?,?,?,?,?,?,?,?)
});
$sth->execute($fn, $ln, $terms{$grad}, $email, $url, $gpa, $keywords,
$newname) || dienice($DBI::errstr);
print "<h2>Your information has been added.</h2><br>";
print "You will be recieving an email shortly confirming your information.";
print "<br><br>AITP reserves the right to remove any entry for any reason.";
#SEND AN E-MAIL TO [EMAIL PROTECTED]
my $message = "Name= $fn $ln\nEmail= $email\nURL= $url\nGPA= $gpa\nKeywords=
$keywords\nFile= $resume\n";
my %mail = ( "To" => '[EMAIL PROTECTED]',
"From" => 'AITP-Member-CGI <[EMAIL PROTECTED]>',
"Subject" => "\"$fn $ln\" has added to list",
"Message" => $message);
sendmail(%mail) or print $Mail::Sendmail::error;
#SEND AN EMAIL TO THE PERSON THAT ADDED
$message = "You have just been added to the AITP Member database.\nIf this
information is not correct, immediately reply or email
aitp\@grove.ufl.edu.\n\n".$message;
%mail = ( "To" => $email,
"From" => 'AITP-Member-CGI <[EMAIL PROTECTED]>',
"Subject" => "You have been added as \"$fn $ln\"",
"Message" => $message);
sendmail(%mail) or print $Mail::Sendmail::error;
}
print $html[3];
$dbh->disconnect;
#---------------Connect to the palm.grove database-----------------
sub connectDB(){
my $dbname = 'aitp';
my $dbhost = 'localhost';
my $dsn = "DBI:mysql:database=$dbname;host=$dbhost";
my $dbh2=DBI->connect($dsn,'aitp',"worlando");
if (!defined($dbh2)) {
print header;
print "\nerror: There is a problem connecting to the MySQL database:\n";
print "-" x 25;
exit;
}
$dbh2->{RaiseError} = 1; # do this, or check every call for errors
return $dbh2;
}
#---------------Get the HTML template from an .htm file-----------------
sub getTemplate(){
my $t = $_[0];
my $template = "";
open(AITP, $t) || dienice("Unable to process HTML templates.");
while(<AITP>){$template .= $_;}
close(AITP);
return $template;
}
#---------------------exit gracefully---------------------------------
sub dienice(){
my $msg = shift;
print "There has been an error. Please log out and try again.<BR>", $msg,
$html[3];
#other log-out code.
$dbh->disconnect;
exit;
}
#---------------------print to a table---------------------------------
sub table(){
foreach $_ (@_){
print "<td>$_</td>";
}
}
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
