cancel
Showing results for 
Search instead for 
Did you mean: 

Need help with setting up file uploader in cgi-bin

N/A

Need help with setting up file uploader in cgi-bin

can anyone help me with setting up the correct paths for a file uploader script that i would like to use for my web site. as usual i find the readme file and f9 descriptions of the paths for uploading files etc difficult to follow. this is the first time i've used the cgi-bin so i'm a little unsure of the correct paths. i have managed to get ftp access to it though so i should be able to upload the files and chmod them to the correct settings.

this is an extract of the paths i need help with:

#!/usr/bin/perl

use CGI;
use DBI;

# ..:: Define Variables Start ::.. #

#### Where to Save put the files ####
# Change this for the LITERAL PATH to save the files to. Do not forget the ending / #
$upload_dir = "/<path to save script files on cgi-bin?>/"; (need help with this line)


#### How to Save the Data ####

$storein = "0"; # 0=Txt File 1=MySQL


#### If you have chossen Txt File above then set the settings below ####

# Change this for the LITERAL PATH for the datafile. Do not forget the ending / #
$data_dir = "/<path to save datafile on cgi-bin>/"; (need help with this line)

# Set the file name to be used for saving the upload infomation in #
$datafile = "uploaded.txt";




#### If you have chossen MySQL above then set the settings below ####

$host = "db.domain.com"; # Database host url or IP
$dbname = "myname"; # Name of MySQL Database
$table = "fupload"; # Name of table to use
$usrname = "YourUserName"; # Username to access table
$passwrd = "YourPassword"; # Password for table

#### Send notifaction email to Admin ####

$adminemailaddress = "admin@mydomain.com"; # You must put the before the @
$sendadminemail = '0'; # 0 = Do not Send alert, 1 = Send Alert Message to Admin
$mailprog = '/sendmail/usr/sbin/sendmail -i -t'; # Path to Sendmail

#### Custom form fields change the second part to be the name of the input in your form ####
#### $f1 = "upload map" ####

$f1 = "map_name";
$f2 = "email_address";
$f3 = "file";
$f4 = "map_type";
$f5 = "map_description";
$f6 = "url_to_map";

########### Don't Change anything below here ###########
########## Unless you know what you are doing ##########

here are the details from f9 regarding cgi script paths:

5.Where do I put the files?
You should access the CGI server using ftp (port 21) or telnet (port 23) to cgi.username.force9.co.uk .
The files should be placed in the /files/homex/username/folder where x is a number between 1 and 3 which
is specific to your account. Note that "username" is your account username.

any help would be most appreciated.

Keeshna
4 REPLIES
N/A

Need help with setting up file uploader in cgi-bin

Your "home" directory is actually /files/home/keeshna, which means the cgi-bin directory in the space allocated for your use has the full path: /files/home/keeshna/cgi-bin.

Your application seems to be giving you the facility for uploading two different types of file -- scripts and text files -- to your space. The scripts are placed in the directory specified by $upload_dir and text files in the directory specified by $data_dir.

You might consider creating a new directory (eg "uploads") in your home directory and then create two subdirectories in this, "scripts" and "textfiles", which would then give you:
    $upload_dir = "/files/home/keeshna/uploads/scripts/";
    $data_dir = "/files/home/keeshna/uploads/textfiles/";
You should set the permissions of the "uploads" directory to 705 and the permissions of the two subdirectories to 707.

Personally, I'd be very wary about allowing people to upload files to my space, and extremely wary about script files. I'd want to know what scripts are going to do before there's any chance whatsoever of their being executed.
N/A

Need help with setting up file uploader in cgi-bin

i was intending to use a folder called "uploads" to hold the script & txt files.

it's a script to allow visitors to my site to upload map files for counter strike. do u think that this would be a bad idea? maybe i would be better to drop the idea.

thank's for your help. very much appreciated.

Keeshna
N/A

Need help with setting up file uploader in cgi-bin

I'm unfamiliar with "map files" and Counter Strike -- does "map file" mean "map" in the sense of depicting a geographic area (eg the battlefield)? In other words, it's simply data, and not an executable program?

I think if you want to provide this upload facility, you shouldn't be put off, but you should be aware of the dangers, because there are some people around who would use it to try to gain unauthorised access to the server for their own purposes. Your intention may be that it should be used for uploading "map files" which I assume are quite harmless and innocuous, but malicious people would see it as an opportunity to get their own code onto the machine, with the possibility of executing it as their next step.

Until you've checked it out, you should treat anything which has been uploaded as suspicious, so the upload area should really be a holding area for files awaiting your checks; only make them "live and available for use" once you're satisfied they're what they're supposed to be, and nothing more.
N/A

Need help with setting up file uploader in cgi-bin

the map files for counter strike are mainly files that the game uses, i.e. *.bsp, *.wav, *.tga, *.txt & *.spr files. they would be held in the upload area until they were checked over by me. i think the script allows u to set the type of files that are allowed to be uploaded. *.exe files would not be permitted.

from what u have said though has given me second thoughts and i will consider the matter carefully before i finally decide whether or not to go ahead with this idea.

i really appreciate your help with this matter.