Solved

Free CGI utilizing MKDIR allowing multiple users and login

Posted on 2004-10-15
13
226 Views
Last Modified: 2013-12-25
We have a full-featured <a href="http://get.to/epray">church management software suite</a>, and are wanting to upgrade our customer's experience through personalization.  Any suggestions on the best free tools to make it happen?  We are thinking something along the lines of letting users make their own cgi subdirectories that list the freinds they have prayed for.  Is there free CGI tool that lets users create a directory/password like <a href="http://www.get.to/epray/church/management/software/USER1/index.htm">www.get.to/epray/church/management/software/USER1/index.htm</a>

with USER1 being the directory they have created.

Then they would have the ability to customize their prayer software experience, and see when prayers for friends were answered just by logging in to their directory.I think a CGI with MKDIR would be the best, but am concerned about the security.
0
Comment
Question by:mattpiercey
  • 6
  • 6
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12331924
your description is a bit vage,
Do you just need a CGI which create the directory and a default index.html,
or should their be more .html files in that directory?
Also: how do you identify user1, user2 etc.? means how is this name computed (USER1)
0
 

Author Comment

by:mattpiercey
ID: 12340916
I see the ambiguity . . .
The way it would look from a new customer/user:

1. they fill out a form with these variables

[]username:_______
[]password:_______
[]email_address:_______
[]telephone_number:_______
[]user_variable1:_______
[]user_variable2:_______
[]user_variable3:_______
[]user_variable4:_______

[submit form button]

the cgi script checks to see if the email OR other info is duplicated [by reading a flat datafile] then if its a new user, it creates a directory named after their username. In that created directory, a default.htm file is placed, a default.cgi script, and their user variables they have entered that are now written to those default files. Possibly a new datafile is required in the folder that stores the user's variables.  So it is a combination of user authentication, writing to a flatfile, and making directories.  Checking the referrer for security is a must, and any other security measures would be a bonus.

Obviously if a non-member or non-customer called the script, they should be presented with a login page.  If login is successful, then the authenticated user is taken either to the default.htm page or the default.cgi page.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12351273
> Checking the referrer for security is a must,
opps: s/must/BS/
No offence, but SCNR ;-) checking referer is useless 'cause totally unreliable.

So, assuming user authentication works,and your default files reside in sample directory,following should be a starting point:

#!/usr/bin/perl
use CGI;
my $q = new CGI;
my $u = $q->param('username'); $u =~ s/[^a-zA-Z0-9_]//;
system("cp -r /path/to/sample /path/to/home/$u") if !-d $u;
# process your user_variable as you like
exit(0);

# quick&dirty, to be improved in many ways ...
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:mattpiercey
ID: 12408121
Could you include sample code for processing the user_variable? It looks now like it will make a directory titled new CGI, am I correct?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12408896
> ..  it will make a directory titled new CGI ..
no, except you gave "new CGI" as username
0
 

Author Comment

by:mattpiercey
ID: 12412493
I see how that makes the directory, but could you add the code for entering the user_variables into the created CGI?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12414490
the code is still where
or what are you expecting?
0
 

Author Comment

by:mattpiercey
ID: 12423000
As of right now, I can see how it will make a directory, but what I am looking for is a bit more code.  We can bring this to a close when perl makes the user_variables get entered into the newly created CGI.  I hope the definition of the objective is clear enough.  

You included the line:
# process your user_variable as you like

what I am looking for is for some code that will process those variables into the newly created CGI.  For example, suppose the user variable is "City".

The Newly created CGI has CITY embedded in it, and when the user calls the newly created CGI, they can see their CITY at the top of their CGI page.  
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12424131
# process your user_variable as you like
system("sed 's/__sample__/$q->param(user_variable)/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");

this is a quick&dirty solution, not very perlish
It assumes that you have a sample cgi in /path/to/sample.cgi which contains whatever you like, and
somewhere where "top" is the string  __sample__  which is replaced by the content of the variable user_variable
*Note* that I have not sanitized this variable (which is highly recommended)
0
 
LVL 5

Expert Comment

by:ITcrow
ID: 12431177
Simplest and robust approach will be to use .htaccess based authentication.

1. Create directory for new user.
2. Create .htaccess file in it, so only that user or super-user can browse the contents.
3. Use $ENV{'REMOTE_USER'} to identify user and do user specific things.
0
 

Author Comment

by:mattpiercey
ID: 12433315
ahoffmann said:
*Note* that I have not sanitized this variable (which is highly recommended)

Thank you, I could attempt to sanitize the variable, but I think it would take me 30-40 times as long as you.  Lets bring this to a close - include the sanitation in the code, and we'll call it a day:]
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 12439015
# process your user_variable as you like
my $v = $q->param('uservariable'); $v =~ s/[^a-zA-Z0-9_]//;
system("sed 's/__sample__/$v/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");
0
 

Author Comment

by:mattpiercey
ID: 12461175
Thanks ahoffman
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question