#!/usr/bin/perl # PHP File Uploader with progress bar Version 1.43 # Copyright (C) Raditha Dissanyake 2003 # http://www.raditha.com # Licence: # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/MPL/ # # Software distributed under this License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Initial Developer of the Original Code is Raditha Dissanayake. # Portions created by Raditha are Copyright (C) 2003 # Raditha Dissanayake. All Rights Reserved. # # CHANGES: # As of version 1.00 cookies were abolished! # as of version 1.02 stdin is no longer set to non blocking. # 1.40 - POST is no longer required and processing is more efficient. # Please refer online docs for details. # 1.42 - The temporary locations were changed, to make it easier to # clean up afterwards. # 1.45. # Changed the way in which the file list is passed to the php handler #BEGIN { unshift @INC, 'Modules/' } use CGI; use Fcntl qw(:DEFAULT :flock); use File::Temp qw/ tempfile tempdir /; use CGI::Carp qw/fatalsToBrowser/; @qstring=split(/&/,$ENV{'QUERY_STRING'}); @p1 = split(/=/,$qstring[0]); $sessionid = $p1[1]; $sessionid =~ s/[^a-zA-Z0-9]//g; # sanitized as suggested by Terrence Johnson. @p2 = split(/=/,$qstring[1]); $max_upload = $p2[1]; $max_upload =~ s/[^0-9]//g; require("./header.cgi"); $content_type = $ENV{'CONTENT_TYPE'}; $len = $ENV{'CONTENT_LENGTH'}; $bRead=0; $|=1; sub bye_bye { $mes = shift; $url = $ENV{'HTTP_REFERER'}; if($url eq '') { print "Content-type: text/html\n\n"; print <<__ERROR__;

$mes

__ERROR__ exit; } else { $mes =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg; $url = substr($url,0,rindex($url,'/')).'/cross.php?redir=1&error='.$mes; print "Location: $url\n\n"; print "Content-type: text/html\n\n"; exit; print <<__ERROR__; __ERROR__ exit; } } sub redirect { $redirect_url = shift; print "Location: $redirect_url\n\n"; exit; print "Content-type: text/html\n\n"; print "
$redirect_url
\n"; print <<__ERROR__; __ERROR__ exit; } # see if we are within the allowed limit. if($len > $max_upload) { close (STDIN); bye_bye("The maximum upload size has been exceeded!"); } # # The thing to watch out for is file locking. Only # one thread may open a file for writing at any given time. # if (-e "$post_data_file") { unlink("$post_data_file"); } if (-e "$monitor_file") { unlink("$monitor_file"); } sysopen(FH, $monitor_file, O_RDWR | O_CREAT) or bye_bye("can't open numfile $monitor_file: $! (Please edit [\$tmp_dir='$tmp_dir'] in header.cgi)"); # autoflush FH $ofh = select(FH); $| = 1; select ($ofh); flock(FH, LOCK_EX) or bye_bye("can't write-lock numfile: $!"); seek(FH, 0, 0) or bye_bye("can't rewind numfile : $!"); print FH $len; close(FH); # initiate vars $loops=0; $maxspeed=0; $packet=1; $iTotal=$len; $dtstart=time; $iRead=0; $| = 1; # show the first progress bar with total size if($prog_mode eq 'syn') { print "Content-type: text/html\n\n"; print " "x256; &showStatus(); } else { #print "Content-type: text/html\n\n"; } $cgi_supports_upload_hook = $CGI::VERSION >= 3.03; #$cgi_supports_upload_hook = 0; # no hook support if(!$cgi_supports_upload_hook) { open(TMP,">","$post_data_file") or &bye_bye ("can't open temp file"); while (read (STDIN ,$LINE, 4096) && $bRead < $len ) { $iRead += length $LINE; select(undef, undef, undef,0.05); # sleep for 0.35 of a second. # Many thanx to Patrick Knoell who came up with the optimized value for # the duration of the sleep print TMP $LINE; hook('unknown',$LINE,length $LINE); } } # upload progress bar hooker sub hook { my ($filename, $buffer, $bytes_read, $data) = @_; #print length($buffer)."Read $bytes_read bytes of $filename\n"; if ($maxspeed > 0 && ($bytes_read > $speed*$packet*1024)) { #sleep(1); select(undef, undef, undef,1); $packet++; } $iRead += length($buffer); $| = 1 ; if($prog_mode eq 'syn' and $loops%5 eq 0) { &showStatus(); } if($prog_mode eq 'ajax' and $loops%5 eq 0) { writeContents($iRead.':'.$filename); } $loops++; } # sub routine to write progress info to file sub writeContents { my ($bytes_read) = @_; sysopen(FH, $progress_file, O_RDWR | O_CREAT) or die "can't open progress_file: $!"; # autoflush FH $ofh = select(FH); $| = 1; select ($ofh); flock(FH, LOCK_EX) or die "can't write-lock progress_file: $!"; seek(FH, 0, 0) or die "can't rewind numfile : $!"; print FH $bytes_read; close(FH); } # # We don't want to decode the post data ourselves. That's like # reinventing the wheel. If we handle the post data with the perl # CGI module that means the PHP script does not get access to the # files, but there is a way around this. # # We can ask the CGI module to save the files, then we can pass # these filenames to the PHP script. In other words instead of # giving the raw post data (which contains the 'bodies' of the # files), we just send a list of file names. # # if syn mode, hook in CGI moudlue if($cgi_supports_upload_hook) { $cg = CGI->new(\&hook); } else { open(STDIN,"$post_data_file") or die "can't open temp file$post_data_file"; $cg = new CGI(); } $qstring=""; %vars = $cg->Vars; $i=1; while(($key,$value) = each %vars) { $file_upload = $cg->param($key); if(defined $value && $value ne '') { my $fh = $cg->upload($key); if(defined $fh) { $tmp_filename="$post_data_file"."_$i"; open(tmp_fh,">",$tmp_filename) or &bye_bye ("can't open temp file"); # work on windows for binary file binmode tmp_fh; while(<$fh>) { print tmp_fh $_; } close(tmp_fh); chmod (0777, $tmp_filename); $fsize =(-s $tmp_filename); $fh =~ s/([^a-zA-Z0-9_\-.])/uc sprintf("%%%02x",ord($1))/eg; $tmp_filename =~ s/([^a-zA-Z0-9_\-.])/uc sprintf("%%%02x",ord($1))/eg; $qstring .= "file[name][$j]=$fh&file[size][$j]=$fsize&"; $qstring .= "file[tmp_name][$j]=$tmp_filename&"; $i++; } else { $value =~ s/([^a-zA-Z0-9_\-.])/uc sprintf("%%%02x",ord($1))/eg; $qstring .= "$key=$value&" ; } } } # last value of progress bar! if($prog_mode eq 'syn') { $iRead=$iTotal; &showStatus(); } else { writeContents($iRead); } $php_uploader = $cg->param('phpuploadscript'); $returnurl = $cg->param('returnurl'); if($php_uploader eq '') {$php_uploader='../uploading.php';} #if($returnurl eq '') {bye_bye("no return url passed!");} #my $url = $returnurl . "?sessionid=$sessionid&uploadmode=1&url=$php_uploader&IP_CGI=".$ENV{'REMOTE_ADDR'}; my $url = $php_uploader . "?sessionid=$sessionid&uploadmode=1&IP_CGI=".$ENV{'REMOTE_ADDR'}."&returnurl=".$returnurl; open (SIGNAL,">", $signal_file); print SIGNAL "\n"; close (SIGNAL); open (QSTR,">", "$qstring_file"); print QSTR $qstring; close (QSTR); $qstring =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg; $url = $url . "&qstring=$qstring"; #bye_bye($url); # make html redirection redirect($url); sub showStatus #($iTotal,$iRead,$dtstart) { ## # Elapsed time # Calculate elapsed time and format for display ## $dtnow=time; $dtelapsed = $dtnow - $dtstart; $dtelapsed_sec = ($dtelapsed % 60); # gets number of seconds $dtelapsed_min = ((($dtelapsed - $dtelapsed_sec) % 3600) / 60); # gets number of minutes $dtelapsed_hours = (((($dtelapsed - $dtelapsed_sec) - ($dtelapsed_min * 60)) % 86400) / 3600); # gets number of hours; assuming that we won't be going into days! if ($dtelapsed_sec < 10) { $dtelapsed_sec = "0$dtelapsed_sec"; } # append leading zero if ($dtelapsed_min < 10) { $dtelapsed_min = "0$dtelapsed_min"; } # append leading zero if ($dtelapsed_hours < 10) { $dtelapsed_hours = "0$dtelapsed_hours"; } # append leading zero $dtelapsedf = "$dtelapsed_hours:$dtelapsed_min:$dtelapsed_sec"; # display as 00:00:00 ## # Upload speed ## $bSpeed = $iRead; # if not yet determined if ($dtelapsed > 0) # avoid divide by zero errors { $bSpeed = $iRead / $dtelapsed; # Bytes uploaded / Seconds elapsed = Bytes/Second speed $bitSpeed = $bSpeed * 8; # bps $kbitSpeed = $bSpeed; # Kbps } else { $kbitSpeed = $bSpeed; # just pass the zero value } $bSpeedf = sprintf("%d",$kbitSpeed); # remove decimals ## # Est remaining time # Calculate remaining time based on upload speed so far ## $bRemaining = $iTotal - $iRead; # Total size - amount uploaded = amount remaining $dtRemaining = 0; if ($bSpeed > 0) { # Bytes remaining / Bytes/Second = Seconds $dtRemaining = $bRemaining / $bSpeed; } $dtRemaining = sprintf("%d",$dtRemaining); # remove decimals $dtRemaining_sec = ($dtRemaining % 60); # gets number of seconds $dtRemaining_min = ((($dtRemaining - $dtRemaining_sec) % 3600) / 60); # gets number of minutes $dtRemaining_hours = (((($dtRemaining - $dtRemaining_sec) - ($dtRemaining_min * 60)) % 86400) / 3600); # gets number of hours; assuming that we won't be going into days! if ($dtRemaining_sec < 10) { # append leading zero $dtRemaining_sec = "0$dtRemaining_sec"; } if ($dtRemaining_min < 10) { # append leading zero $dtRemaining_min = "0$dtRemaining_min"; } if ($dtRemaining_hours < 10) { # append leading zero $dtRemaining_hours = "0$dtRemaining_hours"; } $dtRemainingf = "$dtRemaining_hours:$dtRemaining_min:$dtRemaining_sec"; # display as 00:00:00 $percent = ($iRead * 100 / $iTotal); $percent = sprintf("%d",$percent ); # remove decimals #flush(); print ""; }