Home > Archive > PERL Miscellaneous > September 2005 > Wierdness
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| callmetimmay@comcast.net 2005-09-27, 9:56 pm |
| Well... i admit, I am very new to this but i don't know what's going
on. I made a very UNSECURE login script and when I finised it, it
worked fine. But now, 5 days later, It does NOT list any of my realms.
Here's my index.cgi code:
-------------------------
#!/usr/bin/perl
print "Content-type:text/html\n\n";
$path="/var/www/cgi-bin/maint";
$files="$path/files";
$realm="$files/.realm.tmp";
#$login="$files/$location/login";
$command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");
system($command) or print "Error: $!";
print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
method=post><Table border=1 bgcolor=aqua><tr><td width=300
height=100><B><p align=center>Please enter Login Info:<table
border=0><tr><td>Login:<td><Input type=text
name=\"user\"><Tr><td>Password:<td><input type=password
name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";
open(INF,$realm) or print "Error: $!";
@realms=<INF>;
close INF;
foreach $entry (@realms) {
print "<option>$entry</option>";
}
print "</select></table><Center><input type=submit
value=\"Login\"></table></form>";
print "<p align=left><font color=white>Realms: @realms<BR>Last Entry in
Realms: $entry<BR><BR>Vars:<BR>Files: $files<BR>Realm File:
$realm<BR>Login: $login <BR><BR>Get Realm Command:
$command<BR><BR>Errors: $!";
-------------------------------------------------------------------
I put that last print in there to try to figure out what's goin on.
>From what I can tell, it cannot do the directory listing... here is the
output from that error checking print line:
-----------------------------------
Realms:
Last Entry in Realms:
Vars:
Files: /var/www/cgi-bin/maint/files
Realm File: /var/www/cgi-bin/maint/files/.realm.tmp
Login:
Get Realm Command: /bin/rm -rf
/var/www/cgi-bin/maint/files/.realm.tmp;/bin/ls
/var/www/cgi-bin/maint/files > /var/www/cgi-bin/maint/files/.realm.tmp
Errors: Inappropriate ioctl for device
-------------------------------------------------------------------
All the directories in the /var/www/cgi-bin/maint/files should be
listed in Realms when the page loads. Now here's the kicker... When I
run the script from the linux prompt... IT WORKS!!! Why won't apache
run this anymore for me?!?! And yes, I've restarted httpd. What's goin
on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
open to new ways of doing things!
Thanks in advance!
-Tim
| |
| Dave Weaver 2005-09-28, 3:58 am |
| callmetimmay@comcast.net <callmetimmay@comcast.net> wrote:
> -------------------------
> #!/usr/bin/perl
All non-trivial Perl code should start with
use warnings;
use strict;
> print "Content-type:text/html\n\n";
if you:
use CGI;
then you can:
print header();
instead.
> $path="/var/www/cgi-bin/maint";
my $path="/var/www/cgi-bin/maint";
> $files="$path/files";
my $files="$path/files";
> $realm="$files/.realm.tmp";
etc.
> #$login="$files/$location/login";
>
> $command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");
>
> system($command) or print "Error: $!";
This will print "Error.." if the system command succeeds (system
returns 0 on success). Also, $! won't contain the correct error.
system($command) == 0 or die "system($command) failed: $?"
see perldoc -f system
> print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
> align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
> method=post><Table border=1 bgcolor=aqua><tr><td width=300
> height=100><B><p align=center>Please enter Login Info:<table
> border=0><tr><td>Login:<td><Input type=text
> name=\"user\"><Tr><td>Password:<td><input type=password
> name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";
Ick!
The CGI module provides some functions for outputting HTML in a
more readable (IMO) fashion.
perldoc CGI
> open(INF,$realm) or print "Error: $!";
> @realms=<INF>;
> close INF;
So, @realms now contains the list of files in the directory "$files".
Why the convoluted way of getting that list?
opendir my $dir, $files or die "Can't opendir '$files' : $!";
# get list of all non hidden directory entries
my @realms = grep !/^\./, readdir $dir;
closedir $dir;
> All the directories in the /var/www/cgi-bin/maint/files should be
> listed in Realms when the page loads. Now here's the kicker... When I
> run the script from the linux prompt... IT WORKS!!! Why won't apache
> run this anymore for me?!?! And yes, I've restarted httpd. What's goin
> on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
> open to new ways of doing things!
If it works from the prompt as one user, but fails from apache (which
probably runs as a different user) it's probably a filesystem
permissions problem.
Either the apache user can't read /var/www/cgi-bin/maint/files or
can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
imagine.
| |
| TiMMaY!!! 2005-09-28, 6:58 pm |
| At the end of your message, you wrote:
>If it works from the prompt as one user, but fails from apache (which
>probably runs as a different user) it's probably a filesystem
>permissions problem.
>
>Either the apache user can't read /var/www/cgi-bin/maint/files or
>can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
>imagine.
I've chmod'd 777 just for testing purposes and even did a chown and
chgrp for apache to every directory under that...
Thanks for your help... as soon as i get home and out of the office, I
will give this a try!
| |
| TiMMaY!!! 2005-09-28, 6:58 pm |
| OH!
and also, the file .realm.tmp gets created, but it is an empty file.
that's what gave me the idea to try changing permissions around.
| |
| Paul Lalli 2005-09-28, 6:58 pm |
| TiMMaY!!! wrote:
> At the end of your message, you wrote:
>
>
> I've chmod'd 777 just for testing purposes and even did a chown and
> chgrp for apache to every directory under that...
I will never understand why people think this is a good or even helpful
idea. apache may well be configured to specifically disallow a CGI
script from being executed if it has world-writable permissions set.
(I know the primary CGI-enabled apache server I use is configured this
way).
Don't guess at the problem, and randomly throw switches until it works.
Figure out what the actual error is, and then solve it.
(This is, of course, wholly unrelated to anything on-topic in
comp.lang.perl.misc).
Paul Lalli
| |
| TiMMaY!!! 2005-09-28, 9:56 pm |
| well... perl is the basis of cgi... there is no specific group for cgi
alone, so that's why i posted here. and if you would look closely, i
said for testing purposes. of course this is not permanent... DUH. I
understand the dangers of doing this.
btw - what switches? this is a permissions problem i believe...........
DUH again. apache doesn't care if it is writable or not. as long as it
has an executable attribute, this should work. :-P
if it did once, why not again?!
don't be bashin.... groups are a way of exchanging HELPFUL information,
not to "dis" people globally!!!
| |
| TiMMaY!!! 2005-09-28, 9:56 pm |
| Thank you so much for you help, your opendir helps me!!! do you have
any suggestions on sites for better learning of cgi? i used cgi101.com,
but you can see how far i got with that!
| |
| A. Sinan Unur 2005-09-29, 3:56 am |
| "TiMMaY!!!" <callmetimmay@comcast.net> wrote in
news:1127960978.607658.207980@o13g2000cwo.googlegroups.com:
> well... perl is the basis of cgi
No. http://cgi-spec.golux.com/
> there is no specific group for cgi
Wrong again. comp.infosystems.www.authoring.cgi.
> alone, so that's why i posted here. and if you would look closely, i
> said for testing purposes. of course this is not permanent... DUH.
....
> DUH again.
....
> apache doesn't care if it is writable or not. as long as it
> has an executable attribute, this should work. :-P
apache is off topic here.
> if it did once, why not again?!
???
> don't be bashin.... groups are a way of exchanging HELPFUL
> information, not to "dis" people globally!!!
Too bad I won't be reading your "pearls" again.
Sinan
--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(reverse each component and remove .invalid for email address)
comp.lang.perl.misc guidelines on the WWW:
http://mail.augustmail.com/~tadmc/c...guidelines.html
| |
| Scott Bryce 2005-09-29, 3:56 am |
| TiMMaY!!! wrote:
> well... perl is the basis of cgi...
No, it isn't. Perl is a language that is often used to write CGI
scripts. CGI scripts can be written in just about any language.
> there is no specific group for cgi alone,
comp.infosystems.www.authoring.cgi
> don't be bashin.... groups are a way of exchanging HELPFUL
> information, not to "dis" people globally!!!
Paul did not bash you. He gave you a perfectly good response to your
post. If you do not understand why Paul's response was perfectly valid
and helpful, perhaps CGI programming isn't for you.
| |
| Paul Lalli 2005-09-29, 7:56 am |
| TiMMaY!!! wrote, without quoting any context:
> well... perl is the basis of cgi...
False.
> there is no specific group for cgi alone
Also False.
, so that's why i posted here. and if you would look closely, i
> said for testing purposes. of course this is not permanent... DUH. I
> understand the dangers of doing this.
No, clearly you don't.
> btw - what switches?
"randomly throwing switches" means just trying different attempts at
"making it work" with no real effort to understand the problem, or
how/why your attempt would solve it. That's what you did by chmod'ing
to 777.
> this is a permissions problem i believe...........
> DUH again. apache doesn't care if it is writable or not.
You have clearly missed the point. apache can, in fact, be configured
to "care" if a script is world-writable. By chmod'ing to 777, you may
actually be *PREVENTING* the script from being executed, not making it
more likely to be executed.
> as long as it
> has an executable attribute, this should work. :-P
More falseness.
> if it did once, why not again?!
Because you, or a system administrator, changed something. Whether you
think you did or not, you did.
> don't be bashin.... groups are a way of exchanging HELPFUL information,
> not to "dis" people globally!!!
My post was extremely helpful, and I never once "dissed" you.
Paul Lalli
|
|
|
|
|