Listing 5: for Uploading files

#!/usr/bin/perl -w
use strict;
use diagnostics;
use CGI;
# Define some fairly constants
my %PASSWORD = ();
$PASSWORD{"A"} = "passA";
$PASSWORD{"B"} = "passB";
$PASSWORD{"C"} = "passC";
# What is the root of our Web site?
my $web_root =
my $query = new CGI;
print $query->header("text/html");
# Make sure we were invoked via POST
&log_and_die("Please invoke with POST!")
   unless ($query->request_method eq "POST");
# Get the information from the user, and indicate
# if one or more elements was not filled out
my $userfile = $query->param("userfile");
&log_and_die("Please enter a filename to upload!")
   unless $userfile;
my $filename = $query->param("filename");
&log_and_die("Please enter the destination name!")
   unless $filename;
# Remove slashes from the filename for added
# security
$filename =~ s|/||g;
my $section = $query->param("section");
&log_and_die("Please indicate a section name.")
   unless $section;
my $password = $query->param("password");
&log_and_die("You didn't enter a password.")
   unless $password;
# Check the password
&log_and_die("Incorrect password")
   unless ($PASSWORD{$section} eq $password);
# Save the contents to the correct place
my $save_name = "$web_root/$section/$filename";
open (FILE, ">$save_name") ||
   &log_and_die("Can't write to $save_name: $! ");
while (<$userfile>)
   print FILE;
close (FILE);
# Return a note to the user indicating
# that it was successful, as well as printing
# a directory listing for easier site maintenance.
print $query->start_html(-title => "Done");
print "<H1>File successfully uploaded</H1>\n";
print "<P>\"$section/$filename\" uploaded.</P>\n";
print "<P>Other files in this directory:</P>\n";
opendir (DIR, "$web_root/$section");
my <\@>allfiles = readdir(DIR);
<\@>allfiles = grep(!/^..?$/, <\@>allfiles);
my $filename = "";
foreach $filename (sort <\@>allfiles)
    my @stats = stat $filename;
    my $mtime = localtime ($stats[9]);
    my $ctime = localtime ($stats[10]);

    print "<P><a href=\"/$section/$filename\">";
    print "$filename</a></P>\n";
closedir (DIR);
print $query->end_html;
# Log a message to the error log (or whatever is
# set up to accept STDERR), present a message to
# the user, and die.
sub log_and_die
    my $message = shift;
    print $query->start_html(-title => "Error!");
    print "<H1>Error uploading a file</H1>\n";
    print "<P>$message</P>\n";
    print $query->end_html;
    die $message;