Solved

Free CGI utilizing MKDIR allowing multiple users and login

Posted on 2004-10-15
13
221 Views
Last Modified: 2013-12-25
We have a full-featured <a href="http://get.to/epray">church management software suite</a>, and are wanting to upgrade our customer's experience through personalization.  Any suggestions on the best free tools to make it happen?  We are thinking something along the lines of letting users make their own cgi subdirectories that list the freinds they have prayed for.  Is there free CGI tool that lets users create a directory/password like <a href="http://www.get.to/epray/church/management/software/USER1/index.htm">www.get.to/epray/church/management/software/USER1/index.htm</a>

with USER1 being the directory they have created.

Then they would have the ability to customize their prayer software experience, and see when prayers for friends were answered just by logging in to their directory.I think a CGI with MKDIR would be the best, but am concerned about the security.
0
Comment
Question by:mattpiercey
  • 6
  • 6
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
your description is a bit vage,
Do you just need a CGI which create the directory and a default index.html,
or should their be more .html files in that directory?
Also: how do you identify user1, user2 etc.? means how is this name computed (USER1)
0
 

Author Comment

by:mattpiercey
Comment Utility
I see the ambiguity . . .
The way it would look from a new customer/user:

1. they fill out a form with these variables

[]username:_______
[]password:_______
[]email_address:_______
[]telephone_number:_______
[]user_variable1:_______
[]user_variable2:_______
[]user_variable3:_______
[]user_variable4:_______

[submit form button]

the cgi script checks to see if the email OR other info is duplicated [by reading a flat datafile] then if its a new user, it creates a directory named after their username. In that created directory, a default.htm file is placed, a default.cgi script, and their user variables they have entered that are now written to those default files. Possibly a new datafile is required in the folder that stores the user's variables.  So it is a combination of user authentication, writing to a flatfile, and making directories.  Checking the referrer for security is a must, and any other security measures would be a bonus.

Obviously if a non-member or non-customer called the script, they should be presented with a login page.  If login is successful, then the authenticated user is taken either to the default.htm page or the default.cgi page.

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> Checking the referrer for security is a must,
opps: s/must/BS/
No offence, but SCNR ;-) checking referer is useless 'cause totally unreliable.

So, assuming user authentication works,and your default files reside in sample directory,following should be a starting point:

#!/usr/bin/perl
use CGI;
my $q = new CGI;
my $u = $q->param('username'); $u =~ s/[^a-zA-Z0-9_]//;
system("cp -r /path/to/sample /path/to/home/$u") if !-d $u;
# process your user_variable as you like
exit(0);

# quick&dirty, to be improved in many ways ...
0
 

Author Comment

by:mattpiercey
Comment Utility
Could you include sample code for processing the user_variable? It looks now like it will make a directory titled new CGI, am I correct?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> ..  it will make a directory titled new CGI ..
no, except you gave "new CGI" as username
0
 

Author Comment

by:mattpiercey
Comment Utility
I see how that makes the directory, but could you add the code for entering the user_variables into the created CGI?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
the code is still where
or what are you expecting?
0
 

Author Comment

by:mattpiercey
Comment Utility
As of right now, I can see how it will make a directory, but what I am looking for is a bit more code.  We can bring this to a close when perl makes the user_variables get entered into the newly created CGI.  I hope the definition of the objective is clear enough.  

You included the line:
# process your user_variable as you like

what I am looking for is for some code that will process those variables into the newly created CGI.  For example, suppose the user variable is "City".

The Newly created CGI has CITY embedded in it, and when the user calls the newly created CGI, they can see their CITY at the top of their CGI page.  
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
# process your user_variable as you like
system("sed 's/__sample__/$q->param(user_variable)/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");

this is a quick&dirty solution, not very perlish
It assumes that you have a sample cgi in /path/to/sample.cgi which contains whatever you like, and
somewhere where "top" is the string  __sample__  which is replaced by the content of the variable user_variable
*Note* that I have not sanitized this variable (which is highly recommended)
0
 
LVL 5

Expert Comment

by:ITcrow
Comment Utility
Simplest and robust approach will be to use .htaccess based authentication.

1. Create directory for new user.
2. Create .htaccess file in it, so only that user or super-user can browse the contents.
3. Use $ENV{'REMOTE_USER'} to identify user and do user specific things.
0
 

Author Comment

by:mattpiercey
Comment Utility
ahoffmann said:
*Note* that I have not sanitized this variable (which is highly recommended)

Thank you, I could attempt to sanitize the variable, but I think it would take me 30-40 times as long as you.  Lets bring this to a close - include the sanitation in the code, and we'll call it a day:]
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
Comment Utility
# process your user_variable as you like
my $v = $q->param('uservariable'); $v =~ s/[^a-zA-Z0-9_]//;
system("sed 's/__sample__/$v/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");
0
 

Author Comment

by:mattpiercey
Comment Utility
Thanks ahoffman
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now