NAME upload - stores a client file at a host location on the server and returns
appropriate response messages. SYNOPSIS <FORM METHOD='POST' ACTION='/cgi-bin/upload[?[<filename>]+[options]+[<subdirectory>]]'
ENCTYPE='MULTIPART/FORM-DATA'>
<INPUT TYPE='file' NAME='source'>
<INPUT TYPE='submit' NAME='submit' VALUE='...'>
</FORM> where <filename> is a custom HTML file name composed of any alphanumeric,
- (hyphen), or . (period) characters, where 'options' includes any order
of the characters [+almnopsw], and where <subdirectory> is a valid
path starting from the current host location (the location of the request
form). Brackets [] are used in this document to denote optional values
and are not used in the actual syntax. AVAILABILITY
http://www.eiu.edu • http://www.ux1.eiu.edu • http://www.research.eiu.edu
DESCRIPTION The script transfers a file from the client's computer to a host location
on the server and then displays either a generic or owner-supplied response
page. The uploaded file will be placed in the same directory (folder)
as the HTML web page that displays the form to do the upload, unless a
modifying<subdirectory> is specified as an option. The script can
also control password-protected access to the upload destination and the
subsequent ability to download files from this location. Use of the script
requires the client to use a browser that supports the <INPUT TYPE='file'...'>
feature. OPTIONS Any combination of options is prefixed by a single '+' and includes any
order of the following case-sensitive letters.
++ |
Display the current documentation and
disable all other actions of the script. |
+a |
Alias the owner of the host location
with '+m' or '+w' options. The form must include either...
<INPUT TYPE='hidden' NAME='owner' VALUE='alias'>
or
<INPUT TYPE='hidden' NAME='owner' VALUE='alias@hostname'>
where 'owner' and 'alias' are valid account (login) names. The
'owner' refers to the account name where the form is located, whereas
the 'alias' is the destination of the e-mail message. A default
hostname of @eiu.edu will be appended to the alias unless another
hostname is specified. Any user-defined alias must be used in conjunction
with the '+m' or '+w' options. |
+l |
Log successful file uploads in '<filename>.access'.
at the current host location. Each record line in the log file will
contain the following formatted information, as described below
for the '+s' option.
target:size:host:date:client:user
|
+m |
Mail a message to the owner of the
account when the current user's record is saved to the host location.
A default hostname of @eiu.edu will be assumed unless changed by
the '+a' option. The message will use a default subject of '<filename>
@ ' followed by the address for the location of the uploaded file
(e.g., table.data @ http://www.eiu.edu/itsus/contact/survey/). To
specify a user-defined subject, the form should include the following
(optional) tag...
<INPUT TYPE='hidden' NAME='subject' VALUE='Your Subject...'>
where the NAME attribute is case-sensitive and the VALUE attribute
can have any of the following
\ \-\.\/0-9\:\@A-Z_a-z characters for the user-defined message.
Any user-defined subject must be used in conjunction with the '+m'
(or '+w') option. |
+n |
Nobody (meaning everyone) has access to
the uploaded file. The default prevents any subsequent web browser
access to the uploaded file. |
+o |
Overwrite an existing file at the host
location with a newer version. The default prevents anyone from uploading
of a file that already exists at the host location. |
+p |
Password protected access to the host
location. Files cannot be uploaded without the client providing
a username and password for verification with those stored in '<filename>.passwd'.
To specify a username and password for access verification, the
form should include the following additional tags...
<INPUT TYPE='text' NAME='username'>
<INPUT TYPE='password' NAME='password'>
where the NAME attributes are case-sensitive. The access file
'<filename>.passwd' must be in the same directory as the HTML
request form that uses the access file. Usernames and their passwords
are delimited by a ':' character in the access file, as shown in
the following example for three different clients.
username1:password1
username2:password2
username3:password3
|
+s |
Substitute case-sensitive <!--META
NAME--> tags in '<filename>.html' with VALUE before displaying
response file. The following 'NAME' values are available to the
developer of the response page.
NAME |
DESCRIPTION |
source |
the file name selected by the client |
client |
the username of the client (if password protected) |
user |
the remote host(address) of the client |
date |
the date-time stamp of the upload |
host |
the host location web address |
size |
the file size in bytes |
target |
the file name used at the host location |
|
+w |
Warn the owner of the host location via
e-mail that a critical error has occurred during use of the form.
See the '+m' option for more details about the e-mail message |
USAGE To allow for the PUBLIC and UNRESTRICTED exchange (unknown clients upload
and download) of files to at current host-account location, create a form
with the following information. Please note the case of the letters in
the values for the <...ACTION='/cgi-bin/upload'> and <INPUT TYPE='...'>
tags.
<FORM METHOD='POST' ACTION='/cgi-bin/upload?custom+amnw' ENCTYPE='MULTIPART/FORM-DATA'>
<INPUT TYPE='hidden' NAME='itsus' VALUE='itsus@www.eiu.edu'>
<INPUT TYPE='file' NAME='source'>
<INPUT TYPE='submit' NAME='submit' VALUE='UPLOAD'>
</FORM>
The Browse... button, which allows the user to select an existing file,
indicates that the upload feature is available on the client's browser.
The uploaded files will be saved in the same location as the HTML request
form because there is no modifying <subdirectory> option in this
example. The 'custom' <filename> option in the ACTION part of the
form indicates that, after a file has been successfully uploaded, the
client will see a web page named 'custom.html' instead of the generic
(default) response page. The <INPUT TYPE='hidden'...> tag in the
form is needed to work with the 'a' alias option, which works with the
'm' (mail) and 'w' (warn) options, to redirect all messages to a new address.
To allow for the PRIVATE and RESTRICTED transfer (known clients upload
only) of files to a 'private' <subdirectory> at your current host
account location, create a form with the following information. Again,
note the case-sensitive NAME attributes in the <INPUT TYPE='...'>
tags.
<FORM METHOD='POST' ACTION='/cgi-bin/upload?access+ampw+private/'
ENCTYPE='MULTIPART/FORM-DATA'>
<INPUT TYPE='hidden' NAME='itsus' VALUE='itsus@www.eiu.edu'>
<INPUT TYPE='text' NAME='username'> Username
<INPUT TYPE='password' NAME='password'> Password
<INPUT TYPE='file' NAME='source'>
<INPUT TYPE='submit' NAME='submit' VALUE='UPLOAD'>
</FORM>
Client access to upload files will be verified from entries in the 'access.passwd'
file located in the current host location. Any uploaded files will be
saved in the 'private' subdirectory of the current host location because
of the subdirectory option in the ACTION part of form. The 'access' filename
option in the ACTION part of the form also indicates that, after a file
has been successfully uploaded, the client will see a web page named 'access.html'
instead of the generic (default) response page. Additional working examples
of these features and more are listed in the SEE ALSO section of this
documentation. FILES An uploaded file will be created with the name specified by the client's
computer. Any spaces in the client's file name will be replaced with periods
at the host location. For example, a file named 'My New Report' will be
saved at the host location as 'My.New.Report'. Files must be named with
the following \-\.0-9A-Z\_a-z characters (any non-alphanumeric is preceded
by a '\' in this list). To display a custom response page, place a '<filename>.html'
in the same directory as the HTML page that presents the form and specify
the <filename> in the ACTION part of the form. To store the file
in an existing subdirectory from the current host location, specify the
<subdirectory> option in the ACTION part of the form. Any specified
<subdirectory> option will always begin without a slash (/) and
will always end with a slash (/). SEE ALSO
CGI Suite (Collection of General Purpose Scripts)
DIAGNOSTICS upload was developed to handle all types of user-, owner-, and server-related
errors. The script will send back to the client various well-behaved error
messages that will diagnose problems in creating the application form.
WARNINGS Permissions (600) for the '<filename>.passwd' and '<filename>.access'
files are only read/write accessible by the owner of the account. Permissions
(600) for and any uploaded files are only read/write accessible by the
owner of the account, unless modified by the '+n' option (604), which
allows for the subsequent downloading of files to a client's web browser. NOTES upload has been tested without problem on Windows NT Workstations with
Netscape Communicator 3.x and Microsoft Internet Explorer 5.x web browsers.
Other versions of these and other browsers may not support the upload
capability of this script. This is a limitation of the browser and not
of the script. Older versions of these and other browsers that do not
support JavaScript and Cascading Style Sheets will not display the response
messages and documentation as fully designed. This browser limitation,
however, has no effect on the function of the script. BUGS There are no known bugs in the current version. AUTHOR Gerald Charles Wagner. Version 3.0 (Release September 1999). |
