You seem to have two questions here.

1. How do I stop my hard drive from filling up when someone posts some data that I save to a file?
2. How do I password protect a page?

These are two completely separate issues. It appears that you have a problem (don't want your hard drive filled up) and you are asking how to implement your solution. That's kind of like asking how to peel potatos with a cheese grater. You can do it, but it's not really what you're looking for :)

Question 1: you can use CGI::Safe to conveniently set a max post size for your uploads (you'll want to read the documentation on how to allow uploads). Then, when you save the file, you'll want to check that the file size plus the current directory size doesn't exceed the max directory size that you have set. From "CGI Programming with Perl", 2nd Edition (by O'Reilly):

use constant MAX_DIR_SIZE => 100 * 1_048_576; # max of 100 MB
use constant UPLOAD_DIR   => "/path/to/upload/dir";

# later

if ( dir_size( UPLOAD_DIR ) + $ENV{CONTENT_LENGTH} > MAX_DIR_SIZE ) {
    # don't allow the upload
}

# later

sub dir_size {
    my $dir = shift;
    my $dir_size = 0;

    opendir DIR, $dir or die "Unable to open $dir: $!";
    while ( readdir DIR ) {
        $dir_size += -s "$dir/$_";
    }
    return $dir_size;
}
[download]

As for password protecting your pages, there are many ways to do this. You could use .htaccess files (but those don't allow a timeout), but make sure you use them over an encrypted connection. There are other ways, too. I'm sure some other monks can help you here. I need to get back to work :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Thanks Ovid, I'll definetly look into CGI::Safe. I guess I included size of the upload problem as a reason for the password protection. I will only give passwords to the few people I want uploading to my computer.

I'll also look into the .htaccess files. Didn't even know they existed :)

"The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol." -- Larry Wall

I humbly submit the following idea for your consideration:

1. Click on link to go to form, and they go to a page asking for username/password (or other authenticating tokens) (and advises that the site uses cookes you'll see why in a moment.
2. Submitting username/password form checks against a database (be it full-blown database, or text file, or whatever).
3. Set a cookie in their browser if successful, then refer/redirect them to the form page.
4. If cookie is set, display form; otherwise, display an "access unavailable" message.
5. Optionally, update the/another cookie with the number of times they have submitted, which can be checked against the maximum number of times you wish to allow them to submit.

I am sure there are more experienced monks here who may offer better/easier solutions. Good luck with your project.

I run a password-protected Wiki clone under Apache, using something like the following .htaccess

  Options Includes ExecCGI
  AuthType Basic
  AuthName "Conference Forum"
  AuthUserFile /usr/home/dws/.htpasswd
  ErrorDocument 401 /aye/noauth.html
  <Files ~ "\.cgi$">
    <Limit GET>
      require valid-user
    </Limit>
  </Files>
[download]

  Order deny,allow
  Deny from all
[download]

Look at http://twiki.org. It might be what you are looking for. And for simplest wiki (but without protection), look at www.seedwiki.com, where you can start your own wiki for free.

pmas
To make errors is human. But to make million errors per second, you need a computer.