Solved

Free CGI utilizing MKDIR allowing multiple users and login

Posted on 2004-10-15
13
231 Views
Last Modified: 2013-12-25
We have a full-featured <a href="http://get.to/epray">church management software suite</a>, and are wanting to upgrade our customer's experience through personalization.  Any suggestions on the best free tools to make it happen?  We are thinking something along the lines of letting users make their own cgi subdirectories that list the freinds they have prayed for.  Is there free CGI tool that lets users create a directory/password like <a href="http://www.get.to/epray/church/management/software/USER1/index.htm">www.get.to/epray/church/management/software/USER1/index.htm</a>

with USER1 being the directory they have created.

Then they would have the ability to customize their prayer software experience, and see when prayers for friends were answered just by logging in to their directory.I think a CGI with MKDIR would be the best, but am concerned about the security.
0
Comment
Question by:mattpiercey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12331924
your description is a bit vage,
Do you just need a CGI which create the directory and a default index.html,
or should their be more .html files in that directory?
Also: how do you identify user1, user2 etc.? means how is this name computed (USER1)
0
 

Author Comment

by:mattpiercey
ID: 12340916
I see the ambiguity . . .
The way it would look from a new customer/user:

1. they fill out a form with these variables

[]username:_______
[]password:_______
[]email_address:_______
[]telephone_number:_______
[]user_variable1:_______
[]user_variable2:_______
[]user_variable3:_______
[]user_variable4:_______

[submit form button]

the cgi script checks to see if the email OR other info is duplicated [by reading a flat datafile] then if its a new user, it creates a directory named after their username. In that created directory, a default.htm file is placed, a default.cgi script, and their user variables they have entered that are now written to those default files. Possibly a new datafile is required in the folder that stores the user's variables.  So it is a combination of user authentication, writing to a flatfile, and making directories.  Checking the referrer for security is a must, and any other security measures would be a bonus.

Obviously if a non-member or non-customer called the script, they should be presented with a login page.  If login is successful, then the authenticated user is taken either to the default.htm page or the default.cgi page.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12351273
> Checking the referrer for security is a must,
opps: s/must/BS/
No offence, but SCNR ;-) checking referer is useless 'cause totally unreliable.

So, assuming user authentication works,and your default files reside in sample directory,following should be a starting point:

#!/usr/bin/perl
use CGI;
my $q = new CGI;
my $u = $q->param('username'); $u =~ s/[^a-zA-Z0-9_]//;
system("cp -r /path/to/sample /path/to/home/$u") if !-d $u;
# process your user_variable as you like
exit(0);

# quick&dirty, to be improved in many ways ...
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:mattpiercey
ID: 12408121
Could you include sample code for processing the user_variable? It looks now like it will make a directory titled new CGI, am I correct?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12408896
> ..  it will make a directory titled new CGI ..
no, except you gave "new CGI" as username
0
 

Author Comment

by:mattpiercey
ID: 12412493
I see how that makes the directory, but could you add the code for entering the user_variables into the created CGI?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12414490
the code is still where
or what are you expecting?
0
 

Author Comment

by:mattpiercey
ID: 12423000
As of right now, I can see how it will make a directory, but what I am looking for is a bit more code.  We can bring this to a close when perl makes the user_variables get entered into the newly created CGI.  I hope the definition of the objective is clear enough.  

You included the line:
# process your user_variable as you like

what I am looking for is for some code that will process those variables into the newly created CGI.  For example, suppose the user variable is "City".

The Newly created CGI has CITY embedded in it, and when the user calls the newly created CGI, they can see their CITY at the top of their CGI page.  
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12424131
# process your user_variable as you like
system("sed 's/__sample__/$q->param(user_variable)/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");

this is a quick&dirty solution, not very perlish
It assumes that you have a sample cgi in /path/to/sample.cgi which contains whatever you like, and
somewhere where "top" is the string  __sample__  which is replaced by the content of the variable user_variable
*Note* that I have not sanitized this variable (which is highly recommended)
0
 
LVL 5

Expert Comment

by:ITcrow
ID: 12431177
Simplest and robust approach will be to use .htaccess based authentication.

1. Create directory for new user.
2. Create .htaccess file in it, so only that user or super-user can browse the contents.
3. Use $ENV{'REMOTE_USER'} to identify user and do user specific things.
0
 

Author Comment

by:mattpiercey
ID: 12433315
ahoffmann said:
*Note* that I have not sanitized this variable (which is highly recommended)

Thank you, I could attempt to sanitize the variable, but I think it would take me 30-40 times as long as you.  Lets bring this to a close - include the sanitation in the code, and we'll call it a day:]
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 12439015
# process your user_variable as you like
my $v = $q->param('uservariable'); $v =~ s/[^a-zA-Z0-9_]//;
system("sed 's/__sample__/$v/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");
0
 

Author Comment

by:mattpiercey
ID: 12461175
Thanks ahoffman
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question