1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Help with Net::FTP

Discussion in 'Perl' started by Rakish, Aug 14, 2006.

  1. Rakish

    Rakish New Member

    Hello all,

    we want to let the users upload files from their local machine to our file server using the perl module Net::FTP

    the problem is when i upload a file from the development server i.e., the file in /var/www/html folder, its working fine, which i access using ssh.

    but when i upload a file fom a webpage, the script doesn't find the file.

    Help of any kind would deeply be appreciated.

    Rakesh Gupta
     
  2. pradeep

    pradeep Team Leader

    Here's how to upload the POSTed file to a FTP server.

    Code:
    #!/usr/bin/perl
      
      use CGI;
      use CGI::Carp qw/fatalsToBrowser warningsToBrowser/;
      use Net::FTP;
      
      my $q = new CGI;
      
      print "Content-Type: text/html\n\n";
      
      if($q->param("File"))
      {
          #
          my $h = $q->upload("File");
          open UP,">/tmp/$h";
          binmode UP;
          while(<$h>)
          {
              print UP;
          }
          close UP;
      
          $ftp = Net::FTP->new("ftpserver.com", Debug => 0)   or die "Cannot connect to ftpserver.com: $@"; # connect
          $ftp->login("ftpuser",'ftppassword')  or die "Cannot login ", $ftp->message; # login
          $ftp->cwd("/pub") or die "Cannot change working directory ", $ftp->message; # change dir if required
          $ftp->binary(); # change the mode to binary
          $ftp->put("/tmp/$h","$h"); # upload the file
          $ftp->quit(); # close the control connection
      
      
      }
      else
      {
          print<<HTML;
          <form method="post" enctype="multipart/form-data">
              <input type="file" name="File">
      
              <input type="submit">
          </form>
      HTML
      
      }
     
  3. Rakish

    Rakish New Member

    Thankyou so much Pradeep,

    You are the best problem solver.

    -Rakesh
     
  4. Rakish

    Rakish New Member

    Hi pradeep,
    I tried this with taint mode on and perl says:

    Software error:
    Insecure dependency in open while running with -T switch at /var/www/cgi-bin/netftp.pl line 15.
     
  5. pradeep

    pradeep Team Leader

    Freeware CGI Scripts are available for download all over the Web. But how many of them are really secure? When you download a script do you check all the logic to make sure it is secure? Do you read through each line of code and anticipate all the ramifications? Most of the time the answer is "no". After all, the whole point of downloading software is to get it and run it for free WITHOUT having to do a lot of work.

    I'm writing this to tell you that there isn't any free lunch out there. The more complicated a CGI script is, the more likely you will want to find someone else who has already programmed it and avoid doing the work yourself.

    The problem is that regardless of how good the author is, every large program has a good probability of having bugs -- some of them may be security bugs.

    One very good way to lock out security bugs in Perl code is to turn on TAINT mode. TAINT mode puts a Perl script into "PARANOID" mode and treats ALL user supplied input as tainted and bad unless the programmer explicitly "OKs" the data.

    I guess here you are writing your own program, so you needn't use taint mode.
     
  6. Rakish

    Rakish New Member

    Thanks for the suggestion,

    Now i have also becomea lil more PARANOID towards free downloads.

    Thanks,
    Rakesh :)
     
  7. bob82604

    bob82604 New Member

    I also have a question about using Net::FTP

    I am transfering large files from 1 server to another. When sending the files the webpage times out.
    How can I display a progress meter for each file being trensfered?
     
  8. pradeep

    pradeep Team Leader

    You can refresh the page to check for completion status or you can use Ajax.
     

Share This Page