Here is the code: photo-upload.cgi.
My first demo requires a sign-in (using Apache's Authentication of Userid and Password) which is by-invitation-only -- it is useless for anyone except those few people whom I've given userids. Will Milne may be adding such an uploader to the Nativeorchid.Org website. Another demo is open-to-the-public but discards whatever is uploaded; it demonstrates the uploader in action.
Apache's User-Authentication sounds at first glance to be only for the situation where the webmaster does user-creation, however it can also be used with an online registration facilty as explained in www.cgi101.com/class/password, which gives examples in Perl. There's an important tidbit in FAQ#12 of httpd.apache.org/docs/1.3/misc/FAQ-F.html.