html.pl
##############################

sub html_home 
-----------------------------------------------
... typical home links to add modify view etc ...

<FORM ENCTYPE="multipart/form-data" ACTION="$db_script_url" METHOD="POST" NAME="upForm">
Upload File <INPUT TYPE="FILE" NAME="Filename" SIZE="15" CLASS="b">
<INPUT TYPE="submit" NAME="validate_upload" VALUE="Add Record from File" CLASS="b">
</FORM>


db.cgi
##############################

sub main
------------------------------------------------
elsif ($in{'validate_upload'}) { if ($per_add) { &validate_upload; }  else { &html_unauth; } }




sub validate_upload {
# --------------------------------------------------------
#### Changed "$db_key" to "uid"
  my ($filekey,$filename,$newfilename,$extlength,$filehandle,$totalbytes,$buffer,$bytes,@extensions,@ext);

  $| = 1; 

  $filekey = $query->param("Filename");
  $newfilename = $in{'uid'};

  if (!(-e $SAVE_DIRECTORY)) {
    return "The directory doesn't exist. Make sure that this directory is a complete path name,<BR>
	        not a URL or something similar. It should look similar to<BR>
		    /home/username/public_html/uploads";
  }
  if (!(-W $SAVE_DIRECTORY)) {
    return "The directory isn't writable. Make sure that this directory is writable by all users.<BR>
	        At your UNIX command prompt, type chmod 777 $SAVE_DIRECTORY";
  }
  if (!(-d $SAVE_DIRECTORY)) {
    return "The directory you specified isn't really a directory.<BR>
	        Make sure that this is indeed a directory and not a file.";
  }

  if ($filekey =~ /([^\/\\]+)$/) {
    $filename = $1;
    $extlength = length($filename) - index($filename,".");
    $filename = $newfilename . lc(substr($filename,-$extlength,$extlength));
    unless ($filename =~ /$ALLOWED_EXT/) {
      $ALLOWED_EXT =~ s/\\//g;
      $ALLOWED_EXT =~ s/\$//g;
      @ext = split (/\Q|\E/o,$ALLOWED_EXT);
      $ALLOWED_EXT = join(" or ",@ext);
      return "Only files with the following extension(s) are allowed: $ALLOWED_EXT";
    }
  } 
  else {
    return "You attempted to upload <B>$filekey</B> that isn't properly formatted. Please rename the file
    on your computer, and attempt to upload it again. Files may not have forward or backward slashes in
    their names. Also, they may not be prefixed with one (or more) periods.";
  }

  opendir (GRAPHIC, "$SAVE_DIRECTORY") or &cgierr("unable to open directory in delete records: $SAVE_DIRECTORY. Reason: $!");
    @files = readdir(GRAPHIC);
  closedir (GRAPHIC);
  $file_test = $in{'uid'} . ".";
  foreach $file (@files) {
    if ($file =~ /^$file_test/) {
      unlink ("$SAVE_DIRECTORY/$file");
    }
  }
  if (!open(OUTFILE, ">$SAVE_DIRECTORY\/$filename")) {
    return "There was an error opening '$SAVE_DIRECTORY\/$filename' for Writing.\n";
  }

  binmode(OUTFILE); # This is needed to work on Windows/NT platforms.

  while ($bytes = read($filekey,$buffer,1024)) {
    $totalbytes += $bytes;
    print OUTFILE $buffer;
  }

  close($filekey);
  close(OUTFILE);

  chmod (0666, "$SAVE_DIRECTORY\/$filename");

  if ($totalbytes > $MAXIMUM_UPLOAD && $MAXIMUM_UPLOAD > 0) {
    unlink "$SAVE_DIRECTORY\/$filename";
    return "Filename<BR>
            You have reached your upload limit.<BR> 
            Your file contains <B>$BytesRead $totalbytes</B> bytes.<BR>
            This exceeds the maximum limit of <B>$MAXIMUM_UPLOAD</B> bytes.<BR>
            Your file was not saved.<BR>
            Please try again.";
  }

  return "ok";
}