#/usr/bin/python2.1

uploaddir="/tmp/upload"

import cgi
import sys
from pyPgSQL.PgSQL import *

print "Content-Type: text/plain\n"

def error_nouid():
    print "-ERR No UID"
    
def error_nosid():
    print "-ERR No SID"

def error_nofile():
    print "-ERR No File"

def error_db():
    print "-ERR DB Connect"

def error_baddsession():
    print "-ERR Bad session"

form = cgi.FieldStorage()

if not form.has_key('user'):
    error_nouid()
    sys.exit()

user = form['user']

if not form.has_key('session'):
    error_nosid()
    sys.exit()

session = form['session']

if not form.has_key('file'):
    error_nofile()
    sys.exit()

fl = form['file']

if not fl.file:
    error_nofile()
    sys.exit()

try:
    db = connect(database="joshmckee")
except DatabaseError:
    error_db()
    sys.exit()

curs = db.cursor()

curs.execute("""select sessionkey from sessions where userid='%s'""" % user);

try:
    session = curs.fetchall()[0][0];
except:
    session = None

if session != user:
    error_badsession()
    sys.exit()

curs.close()
db.close()

fout = file (os.path.join(uploaddir, fl.filename), 'wb')
while 1:
    chunk = fl.file.read(100000)
    if not chunk: break
    fout.write (chunk)
    fout.close()

print "+OK ", os.path.join(uploaddir, fl.filename)