Phorm v3.5.2
Copyright © 2005 Holotech Enterprises.

File Upload:
[This feature is available only to registered users]

      Phorm can accept uploaded files. The files can then be saved on your system and/or attached to the email message sent to you. If you are saving the file, the directory you save it in must be world-writeable unless Phorm is running under your user ID. In order to send a file, your FORM tag needs the ENCTYPE attribute set to multipart/form-data: 
   <FORM METHOD=POST ACTION="phorm.php" ENCTYPE="multipart/form-data">
File Upload Form Fields
      In your form, create a FILE tag named PHORM_FILE##, where ## is a number from 01 to 99. 
   <INPUT TYPE=FILE NAME="PHORM_FILE01">
      If you wish to upload more than one file, create additional PHORM_FILE## tags: 
   <INPUT TYPE=FILE NAME="PHORM_FILE01">
   <INPUT TYPE=FILE NAME="PHORM_FILE02">
      Note that there must be two digits - numbers less than 10 must begin with a zero. Also, don't forget that these fields must be declared in your configuration file! If you're wondering where your file went, don't forget to check that.

File Name Collision Mode
      There is another variable related to uploads, which you should set in your config file. The name of it is $PHORM_CMODE##; the ##, again is a number from 01 to 99, and corresponds to the numbers of your PHORM_FILE## fields. $PHORM_CMODE## dictates what to do in the event of a name collision. If there is already a file in the upload directory with the same name as the file being uploaded, Phorm needs to know what to do. It can overwrite the existing file, discard the file being uploaded, rename the file being uploaded to a unique name, or rename the existing file to a unique name. The values for $PHORM_CMODE## are ph_OVERWRITE, ph_DISCARD, ph_MAKEUNIQUE and ph_RENAME. Examples: 
   $PHORM_CMODE01 = ph_OVERWRITE;  [Overwrite the existing file]
   $PHORM_CMODE01 = ph_DISCARD;    [Discard the existing file]
   $PHORM_CMODE01 = ph_MAKEUNIQUE; [Rename the uploaded file]
   $PHORM_CMODE01 = ph_RENAME;     [Rename the existing file]
Note that there is no dollar sign or quotes around the values. If you do not specify a collision mode for a file field, the default is ph_MAKEUNIQUE.

Attaching an Uploaded File
      To attach an uploaded file to the email message sent to you, simply enclose the field name in double curly braces, just like any other variable, for example {{PHORM_FILE01}} causes the file from that field to be attached. To access the name of the file, use {{PHORM_FILE##_name}} for the name of the file as uploaded by the visitor, or {{PHORM_FILE##_saved}} for the name of the file as it was saved on your system. These two will be the same unless there is a name collision and you have specified ph_MAKEUNIQUE for the file field. These two variables are also available for text and database logging.

Security Considerations
      It is possible to create a substantial security hole with the file upload function. This would occur if you permit the uploading of files with executable extensions (e.g. .php, .cgi, etc.) and your upload directory is web-accessible and not protected, and a person is able to guess the path to it.

      One solution would be to put your template directory (and thus your uploads directory) outside the web tree, using $PHORM_NAME and/or $PHORM_BASE. See the File Locations section for details. Another solution would be to password-protect the uploads directory.

0101000001101000011011110111001001101101010010010111001101000011011011110110111101101100