%USERACL Is Empty?!

[A. Sinan Unur]

I tried the following on the command line:

echo $ENV{HTTP_Cookie}
/local/home/mk_murex/.kshrc{HTTP_Cookie}
echo $ENV{HTTP_COOKIE}
/local/home/mk_murex/.kshrc{HTTP_COOKIE}

However, in .kshrc, there is no entry as
HTTP_Cookie or HTTP_COOKIE.

If I were to add the line
export HTTP_Cookie=[x]

in .kshrc, what is the correct value for HTTP_Cookie?
(Or should I add export HTTP_COOKIE instead?)
....

I agree. I now need to know how to set the cookie in .kshrc.

It looks like you do not have the faintest idea how CGI and cookies
work. I would recommend that you stop for a little bit, and figure that
stuff (which is off-topic) out first.

Write a simple script that tries to set a cookie, and another one that
attempts to retrieve it. Play with your browser's cookie settings to see
what happens. Etc etc.

Oh, by the way, please choose better subject lines when you come back.

Sinan

 

[Jürgen Exner]

I now need to know how to set the cookie in .kshrc.

Why would you possibly want to do that?
Cookies are either backed or a web page sets them in a browser. Neither of
which has anything to do with Perl.

At least for all definitions of cookie that I know of the notion "setting a
cookie in .kshrc" is meaningless.

jue

 

[Paul Lalli]

I tried the following on the command line:

echo $ENV{HTTP_Cookie}
/local/home/mk_murex/.kshrc{HTTP_Cookie}
echo $ENV{HTTP_COOKIE}
/local/home/mk_murex/.kshrc{HTTP_COOKIE}

I have no idea what you think this would accomplish. $ENV{foo} is the
Perl way to refer to the environment variable $foo.

Setting environment variables outside of a Perl script has nothing to
do with Perl, of course.

However, in .kshrc, there is no entry as
HTTP_Cookie or HTTP_COOKIE.

If I were to add the line
export HTTP_Cookie=[x]

in .kshrc, what is the correct value for HTTP_Cookie?
(Or should I add export HTTP_COOKIE instead?)

How the heck should we know what your cookie should be?

I think you have a severe lack of understanding of Cookies in general.
Probably time for you to read some documentations and tutorials.
Perhaps apache's website might be a good place to start. I don't know,
as it has nothing to do with Perl.

I agree. I now need to know how to set the cookie in .kshrc.

For any purposes other than testing and debugging, I can't imagine how
this could possibly make any sense. Regardless, it definately has
nothing to do with Perl. Allow me to suggest a group that deals in
either Unix or CGI.

Paul Lalli

 

[William]

I tried the following on the command line:

echo $ENV{HTTP_Cookie}
/local/home/mk_murex/.kshrc{HTTP_Cookie}
echo $ENV{HTTP_COOKIE}
/local/home/mk_murex/.kshrc{HTTP_COOKIE}

However, in .kshrc, there is no entry as
HTTP_Cookie or HTTP_COOKIE.

If I were to add the line
export HTTP_Cookie=[x]

in .kshrc, what is the correct value for HTTP_Cookie?
(Or should I add export HTTP_COOKIE instead?)
...

I agree. I now need to know how to set the cookie in .kshrc.

It looks like you do not have the faintest idea how CGI and cookies
work. I would recommend that you stop for a little bit, and figure that
stuff (which is off-topic) out first.

Write a simple script that tries to set a cookie, and another one that
attempts to retrieve it. Play with your browser's cookie settings to see
what happens. Etc etc.

I have successfully set the cookie MXRT_USERACL to contain the following
information:

HTTP_COOKIE=LOGGED OUT; MXRT_USERACL=LOGGED%20OUT
COOKIE:
MXRT_USERACL=Name&william%20Leung&Status&1&Macros&1&IsAdmin&1&FileMgr&1&LoginID&LEUNGW5&Email&william.leung%40uwaterloo.com&PnL&%5B%5D&Servers&1&Group&BO&MacroList&%5BAEP_MACROS%5D&Lists&1&EditPnL&%5B%5D&BO&&Password&XEdq1YTUaOFwo&Logs&1&Eod&1;
path=/cgi/; expires=Tue, 13-Dec-2005 21:00:44 GMT

USERACL...

EditPnL=[]
BO=
Name=william Leung
Password=XEdq1YTUaOFwo
Status=1
Logs=1
IsAdmin=1
Macros=1
LoginID=LEUNGW5
FileMgr=1
Eod=1
[email protected]
Servers=1
PnL=[]
Group=BO
MacroList=[AEP_MACROS]
Lists=1

I am getting the following error message when I clicked on the weblink
that in turn run the perl script test.pl:

Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator,
(e-mail address removed) and inform them of the time the error
occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error
log.



--------------------------------------------------------------------------------

Apache/1.3.31 Server at [servername] Port 80


Source code for the web link, which calls test.pl:
<li><img src=../images/mnuspc.gif><a
href="/cgi/upload_repo/test.pl">Upload Repos</a></li>

When I clicked on the link, the link calls test.pl.
Source code for test.pl as follows:

#!/usr/bin/perl -w

use strict;
use CGI;

require "./mxrt_auth.pl";

# $query stores a CGI object
my $query = new CGI;

# %USERACL has 0 items because mxrt_auth.pl::initAuthMgr returns an empty
cookie
# i.e. the list of cookie names for AUTHQ is empty
my %USERACL = initAuthMgr($query); # see the next part of my post

# supposed to print contents of %USERACL, but prints nothing
while ( (my $key, my $value) = each %USERACL) {
print "$key = $value\n";
}
1;

now the source code for mxrt_auth.pl::initAuthMgr:


#!/usr/bin/perl -w

require "./mxrt_vars.pl";

# we need this because perl CGI reference the environment variable
HTTP_COOKIE
# but vqsvr set the variable HTTP_Cookie (note the case!)
$ENV{'HTTP_COOKIE'}=$ENV{'HTTP_Cookie'};

use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Time::Local;

my $AUTHQ;
my %AUTH_INFO;
1;

#-------------------------------------------------------------------------------
# This function retuns the cookie for this session (hash format)
#-------------------------------------------------------------------------------
sub initAuthMgr {
($AUTHQ) = @_;
# need to pick up the cookie 'MXRT_USERACL' to fill the hash %AUTH_INFO
%AUTH_INFO = $AUTHQ->cookie('MXRT_USERACL');
my $num_keys = keys %AUTH_INFO;
# print "$num_keys\n"; # problem found - %AUTH_INFO has 0 keys
my @cookies = $AUTHQ->cookie();
my $num_cookies = @cookies;
print "number of cookies: $num_cookies\n";
foreach my $cookie ( @cookies ) {
print "current cookie: $cookie\n";
}
foreach (keys %AUTH_INFO) {
print $AUTH_INFO{$_}."<br>";
}
return %AUTH_INFO;
}


I was previously asked how the cookie MXRT_USERACL was set. Here is how -
when the user logs in to my homepage, the following subroutine was called,
which set the cookie MXRT_USERACL:

sub tryLogin {
my $userid = uc $query->param('userid');
$USERID=$userid;
my $password = encrypt_password($query->param('pass1'));
my $user_info = ();

# setup empty cookie in case we return without success.
$COOKIE = $query->cookie(-name=>'MXRT_USERACL',
-value=>$user_info,
-expires=>'+1d');

if ($userid eq "") {
return "";
}

if (!$userid && !$password) {
return "Please enter USERID and PASSWORD.";
}

if (! exists $USERS{$userid}) {
return "Invalid USERID ($userid). Please try again.";
}

if ($USERS{$userid}{Password} ne $password) {
return "Invalid PASSWORD. Please try again.";
}

#create the actual cookie
$user_info = $USERS{$userid};
$COOKIE = $query->cookie(-name=>'MXRT_USERACL',
-value=>$user_info,
-expires=>'+1d');

# notify that the login was successful and set the user ACL. We set
the
# user ACL because the one obtained from the original cookie may now
be out
# of date.
$ACTION="login_ok";
%USERACL = %$user_info;

authLog("Login successful", \%USERACL);
#authLog($query->cookie('MXRT_USERACL'), \%USERACL);

return "";
}



Now after the successful login, the cookie MXRT_USERACL was set.
I got the error message (as quoted above)
when I clicked on the following link as I described above.

Source code for the web link:
<li><img src=../images/mnuspc.gif><a
href="/cgi/upload_repo/test.pl">Upload Repos</a></li>


My question: why the error message?
and what is the fix?

 

[William]

I think you have a severe lack of understanding of Cookies in general.
Probably time for you to read some documentations and tutorials.
Perhaps apache's website might be a good place to start. I don't know,
as it has nothing to do with Perl.

I have successfully set the cookie MXRT_USERACL to contain the following
information:

HTTP_COOKIE=LOGGED OUT; MXRT_USERACL=LOGGED%20OUT
COOKIE:
MXRT_USERACL=Name&william%20Leung&Status&1&Macros&1&IsAdmin&1&FileMgr&1&LoginID&LEUNGW5&Email&william.leung%40uwaterloo.com&PnL&%5B%5D&Servers&1&Group&BO&Ma$
path=/cgi/; expires=Tue, 13-Dec-2005 21:00:44 GMT

USERACL...

EditPnL=[]
BO=
Name=william Leung
Password=XEdq1YTUaOFwo
Status=1
Logs=1
IsAdmin=1
Macros=1
LoginID=LEUNGW5
FileMgr=1
Eod=1
[email protected]
Servers=1
PnL=[]
Group=BO
MacroList=[AEP_MACROS]
Lists=1

I am getting the following error message when I clicked on the weblink
that in turn run the perl script test.pl:

Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator,
(e-mail address removed) and inform them of the time the error
occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error
log.



--------------------------------------------------------------------------------

Apache/1.3.31 Server at [servername] Port 80


Source code for the web link:
<li><img src=../images/mnuspc.gif><a
href="/cgi/upload_repo/test.pl">Upload Repos</a></li>

When I clicked on the link, the link calls test.pl.
Source code for test.pl as follows:

#!/usr/bin/perl -w

use strict;
use CGI;

require "./mxrt_auth.pl";

# $query stores a CGI object
my $query = new CGI;

# %USERACL has 0 items because mxrt_auth.pl::initAuthMgr returns an empty
cookie
# i.e. the list of cookie names for AUTHQ is empty
my %USERACL = initAuthMgr($query); # see the next part of my post

# supposed to print contents of %USERACL, but prints nothing
while ( (my $key, my $value) = each %USERACL) {
print "$key = $value\n";
}
1;

now the source code for mxrt_auth.pl::initAuthMgr:


#!/usr/bin/perl -w

require "./mxrt_vars.pl";

# we need this because perl CGI reference the environment variable
HTTP_COOKIE

# but vqsvr set the variable HTTP_Cookie (note the case!)
$ENV{'HTTP_COOKIE'}=$ENV{'HTTP_Cookie'};

use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Time::Local;

my $AUTHQ;
my %AUTH_INFO;
1;

#-------------------------------------------------------------------------------
# This function retuns the cookie for this session (hash format)
#-------------------------------------------------------------------------------
sub initAuthMgr {
($AUTHQ) = @_;
# need to pick up the cookie 'MXRT_USERACL' to fill the hash %AUTH_INFO
%AUTH_INFO = $AUTHQ->cookie('MXRT_USERACL');
my $num_keys = keys %AUTH_INFO;
# print "$num_keys\n"; # problem found - %AUTH_INFO has 0 keys
my @cookies = $AUTHQ->cookie();
my $num_cookies = @cookies;
print "number of cookies: $num_cookies\n";
foreach my $cookie ( @cookies ) {
print "current cookie: $cookie\n";
}
foreach (keys %AUTH_INFO) {
print $AUTH_INFO{$_}."<br>";
}
return %AUTH_INFO;
}


I was previously asked how the cookie MXRT_USERACL was set. Here is how -
when the user logs in to my homepage, the following subroutine was called,
which set the cookie MXRT_USERACL:

sub tryLogin {
my $userid = uc $query->param('userid');
$USERID=$userid;
my $password = encrypt_password($query->param('pass1'));
my $user_info = ();

# setup empty cookie in case we return without success.
$COOKIE = $query->cookie(-name=>'MXRT_USERACL',
-value=>$user_info,
-expires=>'+1d');

if ($userid eq "") {
return "";
}

if (!$userid && !$password) {
return "Please enter USERID and PASSWORD.";
}

if (! exists $USERS{$userid}) {
return "Invalid USERID ($userid). Please try again.";
}

if ($USERS{$userid}{Password} ne $password) {
return "Invalid PASSWORD. Please try again.";
}

#create the actual cookie
$user_info = $USERS{$userid};
$COOKIE = $query->cookie(-name=>'MXRT_USERACL',
-value=>$user_info,
-expires=>'+1d');

# notify that the login was successful and set the user ACL. We set
the
# user ACL because the one obtained from the original cookie may now
be out
# of date.
$ACTION="login_ok";
%USERACL = %$user_info;

authLog("Login successful", \%USERACL);
#authLog($query->cookie('MXRT_USERACL'), \%USERACL);

return "";
}



Now after the successful login, I got the error message (as quoted above)
when I clicked on the following link as I quoted above.

Source code for the web link:
<li><img src=../images/mnuspc.gif><a
href="/cgi/upload_repo/test.pl">Upload Repos</a></li>


My question: why the error message?
and what is the fix?

 

[A. Sinan Unur]

I am getting the following error message when I clicked on the weblink
that in turn run the perl script test.pl:
....

More information about this error may be available in the server error
log.

Please read the server error log for the error message.

Sinan

 

[William]

Please read the server error log for the error message.

no explaination was provided about the error in the server error log.
content of server error log:

12-12-2005 16:42:28 | LEUNGW5 | | xx.xx.xxx.xxx | /cgi/accmgr on |
Login
successful
12-12-2005 16:51:52 | LEUNGW5 | | xx.xx.xxx.xxx | /cgi/accmgr on |
Logout successful

 

[J. Gleixner]

I am getting the following error message when I clicked on the weblink
that in turn run the perl script test.pl:

Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator,
(e-mail address removed) and inform them of the time the error
occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error
log.



--------------------------------------------------------------------------------

Apache/1.3.31 Server at [servername] Port 80


Source code for the web link, which calls test.pl:
<li><img src=../images/mnuspc.gif><a
href="/cgi/upload_repo/test.pl">Upload Repos</a></li>

When I clicked on the link, the link calls test.pl.
Source code for test.pl as follows:

#!/usr/bin/perl -w

use strict;
use CGI;

require "./mxrt_auth.pl";

# $query stores a CGI object
my $query = new CGI;

# %USERACL has 0 items because mxrt_auth.pl::initAuthMgr returns an empty
cookie
# i.e. the list of cookie names for AUTHQ is empty
my %USERACL = initAuthMgr($query); # see the next part of my post

# supposed to print contents of %USERACL, but prints nothing
while ( (my $key, my $value) = each %USERACL) {
print "$key = $value\n";
}
1;

You need to print the HTTP header before you print anything.

# $query stores a CGI object
my $query = new CGI;

print $query->header;

Read up on some CGI How to's.

 

[William]

You need to print the HTTP header before you print anything.


print $query->header;

I have added "print $query->header;" in test.pl as follows:

#!/usr/bin/perl -w

use strict;
use CGI;

require "./mxrt_auth.pl";

my $query = new CGI;

# %USERACL has 0 items because initAuthMgr returns an empty cookie
# i.e. the list of cookie names for AUTHQ is empty
my %USERACL = initAuthMgr($query); # see below

print $query->header;
print "is admin: $USERACL{IsAdmin}\n"; # prints "is admin:"

while ( (my $key, my $value) = each %USERACL) {
print "$key = $value\n";
}


Once again, mxrt_auth.pl is as follows:
#!/usr/bin/perl -w

require "./mxrt_vars.pl";

# we need this because perl CGI reference the environment variable
HTTP_COOKIE
# but vqsvr set the variable HTTP_Cookie (note the case!)
$ENV{'HTTP_COOKIE'}=$ENV{'HTTP_Cookie'};

use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Time::Local;

my $AUTHQ;
my %AUTH_INFO;
1;


#-------------------------------------------------------------------------------
# Sub-routines
#-------------------------------------------------------------------------------

#-------------------------------------------------------------------------------
# This function retuns the cookie for this session (hash format)
#-------------------------------------------------------------------------------
sub initAuthMgr {
($AUTHQ) = @_;
# need to pick up the cookie 'MXRT_USERACL' to fill the hash
%AUTH_INFO
%AUTH_INFO = $AUTHQ->cookie('MXRT_USERACL');
my $num_keys = keys %AUTH_INFO;
# print "$num_keys\n"; # problem found - %AUTH_INFO has 0 keys
print $AUTHQ->header;
my @cookies = $AUTHQ->cookie();
my $num_cookies = @cookies;
print "number of cookies: $num_cookies\n";
foreach my $cookie ( @cookies ) {
print "current cookie: $cookie\n";
}
foreach (keys %AUTH_INFO) {
print $AUTH_INFO{$_}."<br>";
}
return %AUTH_INFO;
}

Output I got from running test.pl:

number of cookies: 0 Content-Type: text/html is admin:


It is apparent that %USERACL is empty. But when the user logs in, I have
set the cookie MXRT_USERACL to the following:
HTTP_COOKIE=LOGGED OUT; MXRT_USERACL=LOGGED%20OUT
COOKIE:
MXRT_USERACL=Name&william%20Leung&Status&1&Macros&1&IsAdmin&1&FileMgr&1&LoginID&LEUNGW5&Email&william.leung%40uwaterloo.com&PnL&%5B%5D&Servers&1&Group&BO&Ma$
path=/cgi/; expires=Tue, 13-Dec-2005 21:00:44 GMT

USERACL...

EditPnL=[]
BO=
Name=william Leung
Password=XEdq1YTUaOFwo
Status=1
Logs=1
IsAdmin=1
Macros=1
LoginID=LEUNGW5
FileMgr=1
Eod=1
[email protected]
Servers=1
PnL=[]
Group=BO
MacroList=[AEP_MACROS]
Lists=1

Note that IsAdmin=1, therefore $USERACL{IsAdmin} should print "1".

How the cookie was set:
when the user logs in to my homepage, the following subroutine was called,
which set the cookie MXRT_USERACL:

sub tryLogin {

// ....


#create the actual cookie
$user_info = $USERS{$userid};
$COOKIE = $query->cookie(-name=>'MXRT_USERACL',
-value=>$user_info,
-expires=>'+1d');

# notify that the login was successful and set the user ACL. We set
the
# user ACL because the one obtained from the original cookie may now
be out
# of date.
$ACTION="login_ok";
%USERACL = %$user_info;

authLog("Login successful", \%USERACL);
#authLog($query->cookie('MXRT_USERACL'), \%USERACL);

return "";
}


Going back to mxrt_auth.pl::initAuthMgr from the top of this reply, the
cookie was retrieved using the following:

%AUTH_INFO = $AUTHQ->cookie('MXRT_USERACL');

I then made the following method call in test.pl which (supposed to) pick
up the cookie MXRT_USERACL:

my $query = new CGI;
# %USERACL has 0 items because initAuthMgr returns an empty cookie
my %USERACL = initAuthMgr($query);

(%USERACL was set to the value of %AUTH_INFO)


Question: I already set the cookie MXRT_USERACL. Why is
$USERACL{IsAdmin} (and %USERACL, for that matter) empty?

 

[A. Sinan Unur]

HTTP_COOKIE=LOGGED OUT; MXRT_USERACL=LOGGED%20OUT

Here is the deal: You do not know what you are doing. Now, there is
nothing wrong with not knowing. However, one has to admit ignorance to
be able to learn.

It looks like you are trying to store a user's logged in status in a
client side cookie and use that. That is foolish. Cookies can be
manufactured with little effort, and this is not secure.

You seem to think that trying stuff until what you see matches your
expectations is a good way to program. It isn't.

You have to start with the simplest case. Forget about whatever platform
you are trying to graft this stuff onto. Start from scratch with a
simple script that sends and reads a cookie.

Then, look into session management. Use a session on the server side to
store the status of users.

When you understand the mechanism, CGI, cookies, and session management,
then you can tackle the particular problem you trying to solve now.

In the mean time, I am leaving this thread.

Sinan

PS: Since you seem to be C.S. student, I am sure there are people around
who may be able to help you. Do ask for their help.