Wierdness

Discussion in 'Perl Misc' started by callmetimmay@comcast.net, Sep 28, 2005.

  1. Guest

    Well... i admit, I am very new to this but i don't know what's going
    on. I made a very UNSECURE login script and when I finised it, it
    worked fine. But now, 5 days later, It does NOT list any of my realms.

    Here's my index.cgi code:
    -------------------------
    #!/usr/bin/perl

    print "Content-type:text/html\n\n";

    $path="/var/www/cgi-bin/maint";

    $files="$path/files";
    $realm="$files/.realm.tmp";
    #$login="$files/$location/login";

    $command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");

    system($command) or print "Error: $!";

    print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
    align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
    method=post><Table border=1 bgcolor=aqua><tr><td width=300
    height=100><B><p align=center>Please enter Login Info:<table
    border=0><tr><td>Login:<td><Input type=text
    name=\"user\"><Tr><td>Password:<td><input type=password
    name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";

    open(INF,$realm) or print "Error: $!";
    @realms=<INF>;
    close INF;

    foreach $entry (@realms) {
    print "<option>$entry</option>";
    }

    print "</select></table><Center><input type=submit
    value=\"Login\"></table></form>";

    print "<p align=left><font color=white>Realms: @realms<BR>Last Entry in
    Realms: $entry<BR><BR>Vars:<BR>Files: $files<BR>Realm File:
    $realm<BR>Login: $login <BR><BR>Get Realm Command:
    $command<BR><BR>Errors: $!";
    -------------------------------------------------------------------
    I put that last print in there to try to figure out what's goin on.
    >From what I can tell, it cannot do the directory listing... here is the

    output from that error checking print line:

    -----------------------------------
    Realms:
    Last Entry in Realms:

    Vars:
    Files: /var/www/cgi-bin/maint/files
    Realm File: /var/www/cgi-bin/maint/files/.realm.tmp
    Login:

    Get Realm Command: /bin/rm -rf
    /var/www/cgi-bin/maint/files/.realm.tmp;/bin/ls
    /var/www/cgi-bin/maint/files > /var/www/cgi-bin/maint/files/.realm.tmp

    Errors: Inappropriate ioctl for device
    -------------------------------------------------------------------

    All the directories in the /var/www/cgi-bin/maint/files should be
    listed in Realms when the page loads. Now here's the kicker... When I
    run the script from the linux prompt... IT WORKS!!! Why won't apache
    run this anymore for me?!?! And yes, I've restarted httpd. What's goin
    on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
    open to new ways of doing things!


    Thanks in advance!
    -Tim
    , Sep 28, 2005
    #1
    1. Advertising

  2. Dave Weaver Guest

    <> wrote:
    > -------------------------
    > #!/usr/bin/perl


    All non-trivial Perl code should start with

    use warnings;
    use strict;

    > print "Content-type:text/html\n\n";


    if you:
    use CGI;

    then you can:
    print header();
    instead.

    > $path="/var/www/cgi-bin/maint";


    my $path="/var/www/cgi-bin/maint";

    > $files="$path/files";


    my $files="$path/files";

    > $realm="$files/.realm.tmp";


    etc.

    > #$login="$files/$location/login";
    >
    > $command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");
    >
    > system($command) or print "Error: $!";


    This will print "Error.." if the system command succeeds (system
    returns 0 on success). Also, $! won't contain the correct error.
    system($command) == 0 or die "system($command) failed: $?"

    see perldoc -f system


    > print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
    > align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
    > method=post><Table border=1 bgcolor=aqua><tr><td width=300
    > height=100><B><p align=center>Please enter Login Info:<table
    > border=0><tr><td>Login:<td><Input type=text
    > name=\"user\"><Tr><td>Password:<td><input type=password
    > name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";


    Ick!
    The CGI module provides some functions for outputting HTML in a
    more readable (IMO) fashion.

    perldoc CGI

    > open(INF,$realm) or print "Error: $!";
    > @realms=<INF>;
    > close INF;


    So, @realms now contains the list of files in the directory "$files".
    Why the convoluted way of getting that list?

    opendir my $dir, $files or die "Can't opendir '$files' : $!";
    # get list of all non hidden directory entries
    my @realms = grep !/^\./, readdir $dir;
    closedir $dir;


    > All the directories in the /var/www/cgi-bin/maint/files should be
    > listed in Realms when the page loads. Now here's the kicker... When I
    > run the script from the linux prompt... IT WORKS!!! Why won't apache
    > run this anymore for me?!?! And yes, I've restarted httpd. What's goin
    > on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
    > open to new ways of doing things!


    If it works from the prompt as one user, but fails from apache (which
    probably runs as a different user) it's probably a filesystem
    permissions problem.

    Either the apache user can't read /var/www/cgi-bin/maint/files or
    can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
    imagine.
    Dave Weaver, Sep 28, 2005
    #2
    1. Advertising

  3. TiMMaY!!! Guest

    At the end of your message, you wrote:
    >If it works from the prompt as one user, but fails from apache (which
    >probably runs as a different user) it's probably a filesystem
    >permissions problem.
    >
    >Either the apache user can't read /var/www/cgi-bin/maint/files or
    >can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
    >imagine.



    I've chmod'd 777 just for testing purposes and even did a chown and
    chgrp for apache to every directory under that...

    Thanks for your help... as soon as i get home and out of the office, I
    will give this a try!
    TiMMaY!!!, Sep 28, 2005
    #3
  4. TiMMaY!!! Guest

    OH!

    and also, the file .realm.tmp gets created, but it is an empty file.
    that's what gave me the idea to try changing permissions around.
    TiMMaY!!!, Sep 28, 2005
    #4
  5. Paul Lalli Guest

    TiMMaY!!! wrote:
    > At the end of your message, you wrote:
    > >If it works from the prompt as one user, but fails from apache (which
    > >probably runs as a different user) it's probably a filesystem
    > >permissions problem.
    > >
    > >Either the apache user can't read /var/www/cgi-bin/maint/files or
    > >can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
    > >imagine.

    >
    >
    > I've chmod'd 777 just for testing purposes and even did a chown and
    > chgrp for apache to every directory under that...


    I will never understand why people think this is a good or even helpful
    idea. Apache may well be configured to specifically disallow a CGI
    script from being executed if it has world-writable permissions set.
    (I know the primary CGI-enabled Apache server I use is configured this
    way).

    Don't guess at the problem, and randomly throw switches until it works.
    Figure out what the actual error is, and then solve it.

    (This is, of course, wholly unrelated to anything on-topic in
    comp.lang.perl.misc).

    Paul Lalli
    Paul Lalli, Sep 28, 2005
    #5
  6. TiMMaY!!! Guest

    well... perl is the basis of cgi... there is no specific group for cgi
    alone, so that's why i posted here. and if you would look closely, i
    said for testing purposes. of course this is not permanent... DUH. I
    understand the dangers of doing this.

    btw - what switches? this is a permissions problem i believe...........
    DUH again. apache doesn't care if it is writable or not. as long as it
    has an executable attribute, this should work. :p

    if it did once, why not again?!

    don't be bashin.... groups are a way of exchanging HELPFUL information,
    not to "dis" people globally!!!
    TiMMaY!!!, Sep 29, 2005
    #6
  7. TiMMaY!!! Guest

    Thank you so much for you help, your opendir helps me!!! do you have
    any suggestions on sites for better learning of cgi? i used cgi101.com,
    but you can see how far i got with that!
    TiMMaY!!!, Sep 29, 2005
    #7
  8. "TiMMaY!!!" <> wrote in
    news::

    > well... perl is the basis of cgi


    No. http://cgi-spec.golux.com/

    > there is no specific group for cgi


    Wrong again. comp.infosystems.www.authoring.cgi.

    > alone, so that's why i posted here. and if you would look closely, i
    > said for testing purposes. of course this is not permanent... DUH.


    ....

    > DUH again.


    ....

    > apache doesn't care if it is writable or not. as long as it
    > has an executable attribute, this should work. :p


    apache is off topic here.

    > if it did once, why not again?!


    ???

    > don't be bashin.... groups are a way of exchanging HELPFUL
    > information, not to "dis" people globally!!!


    Too bad I won't be reading your "pearls" again.

    Sinan
    --
    A. Sinan Unur <>
    (reverse each component and remove .invalid for email address)

    comp.lang.perl.misc guidelines on the WWW:
    http://mail.augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html
    A. Sinan Unur, Sep 29, 2005
    #8
  9. Scott Bryce Guest

    TiMMaY!!! wrote:
    > well... perl is the basis of cgi...


    No, it isn't. Perl is a language that is often used to write CGI
    scripts. CGI scripts can be written in just about any language.

    > there is no specific group for cgi alone,


    comp.infosystems.www.authoring.cgi

    > don't be bashin.... groups are a way of exchanging HELPFUL
    > information, not to "dis" people globally!!!


    Paul did not bash you. He gave you a perfectly good response to your
    post. If you do not understand why Paul's response was perfectly valid
    and helpful, perhaps CGI programming isn't for you.
    Scott Bryce, Sep 29, 2005
    #9
  10. Paul Lalli Guest

    TiMMaY!!! wrote, without quoting any context:
    > well... perl is the basis of cgi...


    False.

    > there is no specific group for cgi alone


    Also False.

    , so that's why i posted here. and if you would look closely, i
    > said for testing purposes. of course this is not permanent... DUH. I
    > understand the dangers of doing this.


    No, clearly you don't.

    > btw - what switches?


    "randomly throwing switches" means just trying different attempts at
    "making it work" with no real effort to understand the problem, or
    how/why your attempt would solve it. That's what you did by chmod'ing
    to 777.

    > this is a permissions problem i believe...........
    > DUH again. apache doesn't care if it is writable or not.


    You have clearly missed the point. Apache can, in fact, be configured
    to "care" if a script is world-writable. By chmod'ing to 777, you may
    actually be *PREVENTING* the script from being executed, not making it
    more likely to be executed.

    > as long as it
    > has an executable attribute, this should work. :p


    More falseness.

    > if it did once, why not again?!


    Because you, or a system administrator, changed something. Whether you
    think you did or not, you did.

    > don't be bashin.... groups are a way of exchanging HELPFUL information,
    > not to "dis" people globally!!!


    My post was extremely helpful, and I never once "dissed" you.

    Paul Lalli
    Paul Lalli, Sep 29, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Terry Olsen

    Datagrid Cell Spacing Wierdness

    Terry Olsen, Mar 28, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    556
    Terry Olsen
    Mar 29, 2005
  2. danthman

    Wierdness with "Imports" statement

    danthman, Dec 16, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    1,181
    danthman
    Dec 16, 2005
  3. Larry
    Replies:
    0
    Views:
    393
    Larry
    Feb 17, 2006
  4. VisionSet
    Replies:
    0
    Views:
    381
    VisionSet
    Aug 29, 2004
  5. Tim Slattery

    Re: Date wierdness

    Tim Slattery, Oct 24, 2005, in forum: Java
    Replies:
    2
    Views:
    409
    Roedy Green
    Oct 25, 2005
Loading...

Share This Page