A long while ago, a teacher contacted me wondering how he could upload files to the XS. He had a Mac, so I set him up with an XS login and a dir in /var/www/html and he used CyberDuck to scp the files. But what if it had been a teacher who only had access to one of the school's XP machines? The IT policy is so strict you can't install anything. While a few teachers might be OK with scping files from an XO, most might not.<br>
<br>Now, I know Moodle handles file uploads, but some folks don't use it. Or they might prefer to upload certain things outside of Moodle where Apache can serve it.<br><br>Aside from security concerns, and the vain hope that your users aren't careless idiots, this is extremely easy to set up.<br>
<br>Obviously, take care if your XS faces the outside world. On my test XS, I put upload.html in /var/www/html/clubhouse, which is password protected with .htaccess. Seriously, this is all it takes to make the form:<br>
<br> <form enctype="multipart/form-data" action="../upload.php" method="POST"><br> Please choose a file: <input name="uploaded" type="file" /><br /><br> <input type="submit" value="Upload" /><br>
</form> <br><br>In /var/www/html, I created upload.php which says where to upload the file (the target).<br><br><?php <br> $target = "deaddrop/"; <br> $target = $target . basename( $_FILES['uploaded']['name']) ; <br>
$ok=1; <br><br> { <br> if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) <br> { <br> echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; <br>
} <br> else <br> { <br> echo "Sorry, there was a problem uploading your file."; <br> } <br> } <br> ?> <br><br>The last step was to create /var/www/html/deaddrop and set the permissions:<br><br>chown -R apache:apache deaddrop<br>
<br>So now all the user needs to do is go to <a href="http://schoolserver/clubhouse/upload.html">http://schoolserver/clubhouse/upload.html</a>, enter the login credentials if you've set that up, upload a file from their local drive, then go to <a href="http://schoolserver/deaddrop">http://schoolserver/deaddrop</a> to see it listed in the index.<br>
<br>Users can't delete files, of course. Root needs to log in to take care of that. Which means if a careless idiot accidentally uploads, ahem, "home movies," that will be up there for all to see until someone with root access can take care of it.<br>
<br>And there's nothing that would keep you from setting up a password protected "teachers lounge" with individual upload.html files that point to individual teacher's web directories.<br><br>As always, comments, suggestions, and criticism welcome.<br>
<br>Anna Schoolfield<br>Birmingham<br>