Redirecting via LWP

[Bigus]

Hi

I've written a script which performs some background authentication to
control access to a files directory on the web server. The final action in
the script, assuming the user authenticates correctly, is to take them to
the files directory. I do this with LWP.

However, when they then go to click on a file it looks for it in the
cgi-bin, which of course is not where it is! How can I make it so that the
browser thinks it's in the intended directory rather than the cgi-bin?

Thanks

Bigus

 

[Bigus]

Hi

I've written a script which performs some background authentication to
control access to a files directory on the web server. The final action in
the script, assuming the user authenticates correctly, is to take them to
the files directory. I do this with LWP.

However, when they then go to click on a file it looks for it in the
cgi-bin, which of course is not where it is! How can I make it so that the
browser thinks it's in the intended directory rather than the cgi-bin?

For info, here's the sub that does the redirect bit:

sub gotofilearea()
{
$url = "http://mydomain.com/files/$listname/";
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$req = HTTP::Request->new(GET => $url);
$req->authorization_basic("$listname", "password");
$resp = $ua->request($req);
$response = $resp->content;
print "Content-type:text/html\n\n";
print $response;
exit;
}

Bigus

 

[James Willmore]

For info, here's the sub that does the redirect bit:

sub gotofilearea()
{
$url = "http://mydomain.com/files/$listname/";
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$req = HTTP::Request->new(GET => $url);
$req->authorization_basic("$listname", "password");
$resp = $ua->request($req);
$response = $resp->content;
print "Content-type:text/html\n\n";
print $response;
exit;
}

Because you're _not_ storing a file - you're printing the results from
your 'GET'. So, you'll have to use a method that will store the
results. One method is to do the following (I don't recommend doing
it, though - read more about your web server and security).

==example & untested==
open(FILE, '/some/directory/filename')
or die "Can't open file\n"; #no "$!", because the use doesn't need
#to know why the file can not
#be written;
#see comment above
print FILE $result;
close FILE;
==example & untested==

Read some more about LWP, HTTP::Request, and your own web server,
because there are other ways to do it that are more secure and easier.

HTH

 

[James Willmore]

==example & untested==
open(FILE, '/some/directory/filename')
or die "Can't open file\n"; #no "$!", because the use doesn't

Should be:
or die "Can't open file\n"; #no "$!", because the user doesn't

And, after reading the OP a second time, you mention that the user is
being redirected back at some point to the cgi-bin directory. You're
geting a listing in the cgi-bin directory? If so ... _VERY_ bad.
Read some more about your web server and security. Users, on a
production system, should _not_ be able to see the directory contents
in the cgi-bin directory - EVER. It is a security risk that you
_should_ be unwilling to take.

HTH

 

[Bigus]

Because you're _not_ storing a file - you're printing the results from
your 'GET'. So, you'll have to use a method that will store the
results. One method is to do the following (I don't recommend doing
it, though - read more about your web server and security).

==example & untested==
open(FILE, '/some/directory/filename')
or die "Can't open file\n"; #no "$!", because the use doesn't need
#to know why the file can not
#be written;
#see comment above
print FILE $result;
close FILE;
==example & untested==

Read some more about LWP, HTTP::Request, and your own web server,
because there are other ways to do it that are more secure and easier.

I'm not storing a file, no.. the directory I want the user to end up in is
displayed via Apache's directory listing feature.. ie: there is no html page
in that directory. If I have to start creating & storing temp files then it
could be a bit of a pain. There are about a thousand directories that will
be handled by this script.

Can anyone give me any further pointers on what to search for?

Thanks

Bigus

 

[Bigus]

Should be:
or die "Can't open file\n"; #no "$!", because the user doesn't

And, after reading the OP a second time, you mention that the user is
being redirected back at some point to the cgi-bin directory. You're
geting a listing in the cgi-bin directory?

No, they are just getting "cannot find file" or words to that effect.

Bigus

 

[James Willmore]

I'm not storing a file, no.. the directory I want the user to end up
in is displayed via Apache's directory listing feature.. ie: there
is no html page in that directory. If I have to start creating &
storing temp files then it could be a bit of a pain. There are about
a thousand directories that will be handled by this script.

Can anyone give me any further pointers on what to search for?

Why are you using LWP in a CGI script? If you are using Apache's
directory listing, what are you listing, if not files? What exactly
are you tring to do?

In your OP, you wanted to do redirection. Then why not
1) use the CGI module's redirect method
2) simply print the proper header (print "Location: <new URL>\n\n"

This way, all you need to concern yourself with is getting the user to
the right place - allowing Apache to do the authentication (as you
were trying to do with LWP).

I guess I'm at a loss to see exactly what you're trying to accomplish
if none of the above makes sense.

HTH

 

[Michael Budash]

For info, here's the sub that does the redirect bit:

sub gotofilearea()
{
$url = "http://mydomain.com/files/$listname/";
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$req = HTTP::Request->new(GET => $url);
$req->authorization_basic("$listname", "password");
$resp = $ua->request($req);
$response = $resp->content;
print "Content-type:text/html\n\n";
print $response;
exit;
}

Bigus

look into the <base href="..."> html tag, then do this:

$response = $resp->content;
$response =~
s{(</head>)}{<base href="http://mydomain.com/files/$listname/">$1}i;

it's what i do and it works like a champ.

 

[Bigus]

Why are you using LWP in a CGI script? If you are using Apache's
directory listing, what are you listing, if not files? What exactly
are you tring to do?

Well, you've solved it for me (see below), but just for the sake of
completeness, as I evidently didn't explain what I was doing very well -
basically, each directory is a file area associated with a Listserv mailing
list. The directory is password protected by an Apache htaccess file to stop
users typing a URL and getting there directly. My CGI script makes them log
into Listserv and checks to make sure they are a subscriber (or a site
administrator) to the mailing list that they are trying to access the file
area of. If they pass those checks the script takes them to the file area,
automatically dealing with the Apache authentication.

In your OP, you wanted to do redirection. Then why not
1) use the CGI module's redirect method
2) simply print the proper header (print "Location: <new URL>\n\n"

That worked! I love simple solutions, and that helped fill in a gap in my
knowledge of something that I should probably know by now

Many thanks

Bigus

 

[Bigus]

Well, you've solved it for me (see below), but just for the sake of
completeness, as I evidently didn't explain what I was doing very well -
basically, each directory is a file area associated with a Listserv mailing
list. The directory is password protected by an Apache htaccess file to stop
users typing a URL and getting there directly. My CGI script makes them log
into Listserv and checks to make sure they are a subscriber (or a site
administrator) to the mailing list that they are trying to access the file
area of. If they pass those checks the script takes them to the file area,
automatically dealing with the Apache authentication.


That worked!

Actually, it didn't work.. doh! The line:

print "Location: http://$listname:$password\@$host/files/$listname/\n\n";

Causes the Apache password dialog box to come up, even though $listname and
$password are absolutely definitely correct.

Any ideas?

Thanks

Bigus

 

[Bigus]

look into the <base href="..."> html tag, then do this:

$response = $resp->content;
$response =~
s{(</head>)}{<base href="http://mydomain.com/files/$listname/">$1}i;

it's what i do and it works like a champ.

Thanks.. this does work and is what I've employed for now, although it is a
browser dependant solution. Having said that, I checked a compatibility
chart and it seems <base href..> is supported by pretty much every browser
since the dawn of time

Regards
Bigus

 

[Michael Budash]

Thanks.. this does work and is what I've employed for now, although it is a
browser dependant solution. Having said that, I checked a compatibility
chart and it seems <base href..> is supported by pretty much every browser
since the dawn of time

glad it works for you. (btw - i wouldn't've suggested it as a solution
unless i was pretty darn sure it would work with most or all modern
browsers...)