Best way to upload files?

[jacQues]

I searched for topics, but they all involve FTP. Now, with FTP you need an username and password. The script that needs this will be widely used and I don't like the idea that people can use a simple sniffer to find those login details and then (ab)use that. So I'll probably need some form of anonymous upload thingy. So I wonder, for example, is there a way to upload files using http post with AutoIt? I'm quite fluent in PHP and can work it from that end. But for AutoIt I'm still learning.

jacQues

[nfwu]

I did mine the lazy way:

(Change the following: metisclient.sourceforge.net, file=stuffs.txt, and some other stuff)

$stuff = _URLEncode(FileRead(@ScriptDir&"\stuff.txt"), 1)
$payload = "action=save&file=stuffs.txt&text="&$stuff&"&Save=Save"
$send = "POST /file_reciever.php HTTP/1.1"&@CRLF& _
"Host: metisclient.sourceforge.net"&@CRLF& _
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"&@CRLF& _
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"&@CRLF& _
"Accept-Language: en-us,en;q=0.8,zh;q=0.5,ja;q=0.3"&@CRLF& _
"Accept-Encoding: gzip,deflate"&@CRLF& _
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"&@CRLF& _
"Keep-Alive: 300"&@CRLF& _
"Connection: keep-alive"&@CRLF& _
"Content-Type: application/x-www-form-urlencoded"&@CRLF& _
"Content-Length: "&Stringlen($payload)&@CRLF&@CRLF&$payload
$sock = TCPConnect(TCPNameToIP("metisclient.sourceforge.net"), 80)
If @error Then MsgBox(0, @error, @ScriptLineNumber)
TCPSend($sock, $send)
If @error Then MsgBox(0, @error, @ScriptLineNumber)
$stuff = ""
while Not @error
    $stuff &= TCPRecv($sock, 1000000)
WEnd
TCPShutdown()
If @error Then MsgBox(0, @error, @ScriptLineNumber)
MsgBox(0, "Please Check for any errors:", StringLeft($stuff, 1000))
MsgBox(0, "", "Complete")

And the PHP code is sth like this:

<?php
$file = str_replace ('"', '', $_REQUEST['file']);
$action = str_replace ('"', '', $_REQUEST['action']);
if($action == '') $action = "edit";
if($file == '')   $file = "stuffs.txt";
echo "<title>Nfwu's Online File Editor - ";
echo $file;
echo '</title>';
if ($action == "save"){
    if (strpos($file, "..")) die("can't open file");
    $fh = fopen("./".$file, 'w') or die("can't open file");
    fwrite($fh, $_REQUEST['text']);
    fclose($fh);
    echo '<b>File Saved.</b><br>';
}
$handle = fopen($file, "r");
$contents = fread($handle, filesize($file));
fclose($handle);
echo '<form method="post" action="oe.php" enctype="application/x-www-form-urlencoded">';
echo '<input type="hidden" name="action" value="save" />';
echo 'File: '.$file;
echo '<input type="hidden" name="file" value="';
echo $file;
echo '"  />';
echo '<textarea name="text"  rows="20" cols="65" wrap="virtual" style="width:100%">';
echo $contents;
echo '</textarea>';
echo '<input type="submit" name="Save" value="Save" />';
echo "</form>";

Note: If you're going to send something other than text files you should convert them to hex or something first, then convert them back at the other end.

#)