Wierdness

[callmetimmay]

Well... i admit, I am very new to this but i don't know what's going
on. I made a very UNSECURE login script and when I finised it, it
worked fine. But now, 5 days later, It does NOT list any of my realms.

Here's my index.cgi code:
-------------------------
#!/usr/bin/perl

print "Content-type:text/html\n\n";

$path="/var/www/cgi-bin/maint";

$files="$path/files";
$realm="$files/.realm.tmp";
#$login="$files/$location/login";

$command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");

system($command) or print "Error: $!";

print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
method=post><Table border=1 bgcolor=aqua><tr><td width=300
height=100><B><p align=center>Please enter Login Info:<table
border=0><tr><td>Login:<td><Input type=text
name=\"user\"><Tr><td>Password:<td><input type=password
name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";

open(INF,$realm) or print "Error: $!";
@realms=<INF>;
close INF;

foreach $entry (@realms) {
print "<option>$entry</option>";
}

print "</select></table><Center><input type=submit
value=\"Login\"></table></form>";

print "<p align=left><font color=white>Realms: @realms<BR>Last Entry in
Realms: $entry<BR><BR>Vars:<BR>Files: $files<BR>Realm File:
$realm<BR>Login: $login <BR><BR>Get Realm Command:
$command<BR><BR>Errors: $!";
-------------------------------------------------------------------
I put that last print in there to try to figure out what's goin on.

From what I can tell, it cannot do the directory listing... here is the

output from that error checking print line:

-----------------------------------
Realms:
Last Entry in Realms:

Vars:
Files: /var/www/cgi-bin/maint/files
Realm File: /var/www/cgi-bin/maint/files/.realm.tmp
Login:

Get Realm Command: /bin/rm -rf
/var/www/cgi-bin/maint/files/.realm.tmp;/bin/ls
/var/www/cgi-bin/maint/files > /var/www/cgi-bin/maint/files/.realm.tmp

Errors: Inappropriate ioctl for device
-------------------------------------------------------------------

All the directories in the /var/www/cgi-bin/maint/files should be
listed in Realms when the page loads. Now here's the kicker... When I
run the script from the linux prompt... IT WORKS!!! Why won't apache
run this anymore for me?!?! And yes, I've restarted httpd. What's goin
on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
open to new ways of doing things!


Thanks in advance!
-Tim

 

[Dave Weaver]

All non-trivial Perl code should start with

use warnings;
use strict;

print "Content-type:text/html\n\n";

if you:
use CGI;

then you can:
print header();
instead.

$path="/var/www/cgi-bin/maint";

my $path="/var/www/cgi-bin/maint";

$files="$path/files";

my $files="$path/files";

$realm="$files/.realm.tmp";
etc.

#$login="$files/$location/login";

$command=("/bin/rm -rf $realm;/bin/ls -w1 $files > $realm");

system($command) or print "Error: $!";

This will print "Error.." if the system command succeeds (system
returns 0 on success). Also, $! won't contain the correct error.
system($command) == 0 or die "system($command) failed: $?"

see perldoc -f system

print "<HTML><BR><BR><BR><BR><BR><body bgcolor=black><P
align=center><form name=login action=\"/cgi-bin/maint/login.cgi\"
method=post><Table border=1 bgcolor=aqua><tr><td width=300
height=100><B><p align=center>Please enter Login Info:<table
border=0><tr><td>Login:<td><Input type=text
name=\"user\"><Tr><td>Password:<td><input type=password
name=\"pass\"><tr><td>Realm:<td><select width=90 name=realm>";

Ick!
The CGI module provides some functions for outputting HTML in a
more readable (IMO) fashion.

perldoc CGI

open(INF,$realm) or print "Error: $!";
@realms=<INF>;
close INF;

So, @realms now contains the list of files in the directory "$files".
Why the convoluted way of getting that list?

opendir my $dir, $files or die "Can't opendir '$files' : $!";
# get list of all non hidden directory entries
my @realms = grep !/^\./, readdir $dir;
closedir $dir;

All the directories in the /var/www/cgi-bin/maint/files should be
listed in Realms when the page loads. Now here's the kicker... When I
run the script from the linux prompt... IT WORKS!!! Why won't apache
run this anymore for me?!?! And yes, I've restarted httpd. What's goin
on here?!?!? Any Ideas?!?! Suggestions in code?!? Self taught, so very
open to new ways of doing things!

If it works from the prompt as one user, but fails from apache (which
probably runs as a different user) it's probably a filesystem
permissions problem.

Either the apache user can't read /var/www/cgi-bin/maint/files or
can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
imagine.

 

[TiMMaY!!!]

If it works from the prompt as one user, but fails from apache (which
probably runs as a different user) it's probably a filesystem
permissions problem.

Either the apache user can't read /var/www/cgi-bin/maint/files or
can't write to /var/www/cgi-bin/maint/files/.realm.tmp, I would
imagine.

I've chmod'd 777 just for testing purposes and even did a chown and
chgrp for apache to every directory under that...

Thanks for your help... as soon as i get home and out of the office, I
will give this a try!

 

[TiMMaY!!!]

OH!

and also, the file .realm.tmp gets created, but it is an empty file.
that's what gave me the idea to try changing permissions around.

 

[Paul Lalli]

I've chmod'd 777 just for testing purposes and even did a chown and
chgrp for apache to every directory under that...

I will never understand why people think this is a good or even helpful
idea. Apache may well be configured to specifically disallow a CGI
script from being executed if it has world-writable permissions set.
(I know the primary CGI-enabled Apache server I use is configured this
way).

Don't guess at the problem, and randomly throw switches until it works.
Figure out what the actual error is, and then solve it.

(This is, of course, wholly unrelated to anything on-topic in
comp.lang.perl.misc).

Paul Lalli

 

[TiMMaY!!!]

well... perl is the basis of cgi... there is no specific group for cgi
alone, so that's why i posted here. and if you would look closely, i
said for testing purposes. of course this is not permanent... DUH. I
understand the dangers of doing this.

btw - what switches? this is a permissions problem i believe...........
DUH again. apache doesn't care if it is writable or not. as long as it
has an executable attribute, this should work.

if it did once, why not again?!

don't be bashin.... groups are a way of exchanging HELPFUL information,
not to "dis" people globally!!!

 

[TiMMaY!!!]

Thank you so much for you help, your opendir helps me!!! do you have
any suggestions on sites for better learning of cgi? i used cgi101.com,
but you can see how far i got with that!

 

[A. Sinan Unur]

well... perl is the basis of cgi

No. http://cgi-spec.golux.com/

there is no specific group for cgi

Wrong again. comp.infosystems.www.authoring.cgi.

alone, so that's why i posted here. and if you would look closely, i
said for testing purposes. of course this is not permanent... DUH.
....

DUH again.
....

apache doesn't care if it is writable or not. as long as it
has an executable attribute, this should work.

apache is off topic here.

if it did once, why not again?!
???

don't be bashin.... groups are a way of exchanging HELPFUL
information, not to "dis" people globally!!!

Too bad I won't be reading your "pearls" again.

Sinan

 

[Scott Bryce]

well... perl is the basis of cgi...

No, it isn't. Perl is a language that is often used to write CGI
scripts. CGI scripts can be written in just about any language.

there is no specific group for cgi alone,
comp.infosystems.www.authoring.cgi

don't be bashin.... groups are a way of exchanging HELPFUL
information, not to "dis" people globally!!!

Paul did not bash you. He gave you a perfectly good response to your
post. If you do not understand why Paul's response was perfectly valid
and helpful, perhaps CGI programming isn't for you.

 

[Paul Lalli]

TiMMaY!!! wrote, without quoting any context:

well... perl is the basis of cgi...
False.

there is no specific group for cgi alone

Also False.

, so that's why i posted here. and if you would look closely, i

said for testing purposes. of course this is not permanent... DUH. I
understand the dangers of doing this.

No, clearly you don't.

btw - what switches?

"randomly throwing switches" means just trying different attempts at
"making it work" with no real effort to understand the problem, or
how/why your attempt would solve it. That's what you did by chmod'ing
to 777.

this is a permissions problem i believe...........
DUH again. apache doesn't care if it is writable or not.

You have clearly missed the point. Apache can, in fact, be configured
to "care" if a script is world-writable. By chmod'ing to 777, you may
actually be *PREVENTING* the script from being executed, not making it
more likely to be executed.

as long as it
has an executable attribute, this should work.

More falseness.

if it did once, why not again?!

Because you, or a system administrator, changed something. Whether you
think you did or not, you did.

don't be bashin.... groups are a way of exchanging HELPFUL information,
not to "dis" people globally!!!

My post was extremely helpful, and I never once "dissed" you.

Paul Lalli