Kernel_Killer
July 7th, 2004, 14:51
Does anyone know any tags, or maybe another language to make an upload to the web server possible? Also, with the function, a way to point to which directory to go to instead of the PWD. I'm wanting to be able to upload files from school, since they don't allow anything but HTTP access.

frisco
July 7th, 2004, 15:41
<form method=post enctype=multipart/form-data action=yourscript>
<input type=file name=whatever>
<input type=submit value=upload>
</form>

You'll need to write up yourscript to handle the input and make sure everything is secure.

If school's restriction is not via proxy but simply blocking all but port 80/443, then you could set up a server to listen on that port. If it is being filtered then there are some programs that will tunnel over http. Sometimes before i go on vacation i run sshd on port 80 or 443 in case i reach a place that only allows those ports through but isn't proxying them (like the internet cafe i was at in Bangkok airport back in November). Can also be useful for places that bandwidth throttle based on port not service.

Kernel_Killer
July 7th, 2004, 16:18
Thanx Frisco!

Well, I meant in regards to IRC, SSH, and anything else not running on 80/443. I think even FTP is blocked.

bmw
July 7th, 2004, 20:58
Do you have some control over the web server? If so enable WebDAV. IIS supports it natively, and Apache has mod_dav. There are quite a few WebDAV clients for *BSD. The Mac can mount WebDAV shares in the finder and your Winblows can see WebDAV data through Explorer.

WebDAV allows you to upload files, rename & delete files, and quite a few other things.

Kernel_Killer
July 7th, 2004, 21:01
I don't need any control. I just needed to be able to upload my notes rather than relying on a floppy. That, and I don't have enough spare $$$ to buy a flashdrive.

bmw
July 7th, 2004, 21:05
I only meant did you have any adminstrative control, ie: can you tweak the httpd.conf file on the server in question? 'Cause if you can enable WebDAV on the server, it's like poor-man's NFS as far as uploading your notes go. It's like having the data on the web server mounted as a folder on your client workstation. it's really the bees knees! :-)

Kernel_Killer
July 7th, 2004, 22:08
Right on! That's sounds like a good idea! Think I'll check that out tomorrow.

I'm still stuck on this one though. I'd like to know how to finish it. I guess the script is all I have left. Any suggestions, or actually a plan of action for the script?

bmw
July 8th, 2004, 07:30
Script-wise, use PHP. See

http://www.php.net/manual/en/features.file-upload.php

But consider the security implications too! You will open a hole for anyone to upload crap, possibly overwriting things on the server. Creating a safe file upload is non-trivial.

Kernel_Killer
July 8th, 2004, 19:29
I forgot to post back on this.

Security was my main consern. I put it behind my SSL, then made the page to even get to the upload password protected. Then where the files go are a seperate directory just for upload files. I was using a CGI script to do it, but still haven't got the CGI fully working on Apache. I guess I can set the umask on the upload directory to keep any uploads from being executed.

Is there any reason to use PHP over CGI?

bmw
July 8th, 2004, 19:42
I'm suggesting using PHP code to implement your CGI. mod_php is trivial to add into Apache, the language itself is quite clean, very C-like, so it's very easy to learn, and most of the necessary work to support file uploads is nicely done for you in PHP itself. Using .php files instead of .html or .shtml or .cgi means you can intermix all manner of HTML and active code in a very clear way.

I used to write lots of CGIs using good old /bin/sh [1], with lots of
echo "<html> ... </html>"
kinds of things, but no longer. PHP all the way.

--
[1] I created a whole corporate information system including travel request forms etc. with /bin/sh CGIs -- ask Krusty, he used it :-)