Welcome to WebmasterWorld Guest from

Forum Moderators: mack

Message Too Old, No Replies

a simple upload page ?

simple upload page

3:55 pm on Aug 12, 2008 (gmt 0)

New User

5+ Year Member

joined:July 29, 2008
posts: 11
votes: 0


I'd like to create a simple file upload page, ideally utilizing FTP under the hood ('cause some files transmitted might be large).
Something that'll throw the incoming file into /public_ftp/incoming/.

Any suggestions as to approaches (cgi? php? cPanel widget?), tutorials & sample pages most welcome.

As well, if there are any 'built-ins' in cPanel that I can leverage, I'd appreciate knowing about that. Similarly, if anyone has a sample script that shows how to take advantage of the cPanel's FTP administration, that'd be splendid.

Thanks kindly.

- Richard

11:18 pm on Aug 12, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
votes: 0

I'd like to create a simple file upload page, ideally utilizing FTP under the hood ('cause some files transmitted might be large).

I've been doing file uploads from the web for quite some time, and while I'm sure there's a way, I just have never heard of it. If you upload files from a web page, it's going to be via http protocol, not FTP.

The way it works is you start with a multipart form:

<form method="post" enctype="multipart/form-data" action="yourscript.cgi/php/asp">

The enctype is normally left out, but it's required for a file upload. It tells the browser to send the data indistinct parts, normal encoded data and multiple parts for the files, which are transmitted in binary. The tool is the file element:

<input type="file" name="picture_1" id="picture_1">

Which includes a non-editable text area and browse button. It cannot be populated, this is a security feature.

Then your script parses out the multiple parts into plain key/value pairs and the binary data associated with each file element's uploaded contents. Be aware this is something you want to screen and screen accurately - anyone could upload "imivirus.exe", even with a .jpg extension, then request it from the browser.

For this reason, the method I'm most comfortable with is perl, using the CGI module to manage the file upload. It makes it very easy, and CGI.pm is now part of the distribution of perl.

If these uploads involve images, I like to use the module ImageMagick to work with the files. You can use ImageMagick to do all sorts of cool stuff, the most important being resizing images (so your uploaders don't hog up your disk space and break your layouts with huge pics) and in this case, checking the file for a valid image type. You can read in uploaded images with ImageMagick and it will tell you any number of attributes, including color space (RGB, CMYK, etc.) It can read pretty much any file format - TIFF, EPS, jpg, gif, PNG, targa, etc. It it's not a valid image file, delete it and error out.

Because sometimes an extension is just not enough. :-)