?
Solved

Free CGI utilizing MKDIR allowing multiple users and login

Posted on 2004-10-15
13
Medium Priority
?
232 Views
Last Modified: 2013-12-25
We have a full-featured <a href="http://get.to/epray">church management software suite</a>, and are wanting to upgrade our customer's experience through personalization.  Any suggestions on the best free tools to make it happen?  We are thinking something along the lines of letting users make their own cgi subdirectories that list the freinds they have prayed for.  Is there free CGI tool that lets users create a directory/password like <a href="http://www.get.to/epray/church/management/software/USER1/index.htm">www.get.to/epray/church/management/software/USER1/index.htm</a>

with USER1 being the directory they have created.

Then they would have the ability to customize their prayer software experience, and see when prayers for friends were answered just by logging in to their directory.I think a CGI with MKDIR would be the best, but am concerned about the security.
0
Comment
Question by:mattpiercey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12331924
your description is a bit vage,
Do you just need a CGI which create the directory and a default index.html,
or should their be more .html files in that directory?
Also: how do you identify user1, user2 etc.? means how is this name computed (USER1)
0
 

Author Comment

by:mattpiercey
ID: 12340916
I see the ambiguity . . .
The way it would look from a new customer/user:

1. they fill out a form with these variables

[]username:_______
[]password:_______
[]email_address:_______
[]telephone_number:_______
[]user_variable1:_______
[]user_variable2:_______
[]user_variable3:_______
[]user_variable4:_______

[submit form button]

the cgi script checks to see if the email OR other info is duplicated [by reading a flat datafile] then if its a new user, it creates a directory named after their username. In that created directory, a default.htm file is placed, a default.cgi script, and their user variables they have entered that are now written to those default files. Possibly a new datafile is required in the folder that stores the user's variables.  So it is a combination of user authentication, writing to a flatfile, and making directories.  Checking the referrer for security is a must, and any other security measures would be a bonus.

Obviously if a non-member or non-customer called the script, they should be presented with a login page.  If login is successful, then the authenticated user is taken either to the default.htm page or the default.cgi page.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12351273
> Checking the referrer for security is a must,
opps: s/must/BS/
No offence, but SCNR ;-) checking referer is useless 'cause totally unreliable.

So, assuming user authentication works,and your default files reside in sample directory,following should be a starting point:

#!/usr/bin/perl
use CGI;
my $q = new CGI;
my $u = $q->param('username'); $u =~ s/[^a-zA-Z0-9_]//;
system("cp -r /path/to/sample /path/to/home/$u") if !-d $u;
# process your user_variable as you like
exit(0);

# quick&dirty, to be improved in many ways ...
0
Create CentOS 7 Newton Packstack Running Keystone

A bug was filed against RDO for the installation of Keystone v3. This guide is designed to walk you through the configuration for using Keystone v3 with Packstack. You will accomplish this using various repos and the Answers file.

 

Author Comment

by:mattpiercey
ID: 12408121
Could you include sample code for processing the user_variable? It looks now like it will make a directory titled new CGI, am I correct?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12408896
> ..  it will make a directory titled new CGI ..
no, except you gave "new CGI" as username
0
 

Author Comment

by:mattpiercey
ID: 12412493
I see how that makes the directory, but could you add the code for entering the user_variables into the created CGI?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12414490
the code is still where
or what are you expecting?
0
 

Author Comment

by:mattpiercey
ID: 12423000
As of right now, I can see how it will make a directory, but what I am looking for is a bit more code.  We can bring this to a close when perl makes the user_variables get entered into the newly created CGI.  I hope the definition of the objective is clear enough.  

You included the line:
# process your user_variable as you like

what I am looking for is for some code that will process those variables into the newly created CGI.  For example, suppose the user variable is "City".

The Newly created CGI has CITY embedded in it, and when the user calls the newly created CGI, they can see their CITY at the top of their CGI page.  
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12424131
# process your user_variable as you like
system("sed 's/__sample__/$q->param(user_variable)/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");

this is a quick&dirty solution, not very perlish
It assumes that you have a sample cgi in /path/to/sample.cgi which contains whatever you like, and
somewhere where "top" is the string  __sample__  which is replaced by the content of the variable user_variable
*Note* that I have not sanitized this variable (which is highly recommended)
0
 
LVL 5

Expert Comment

by:ITcrow
ID: 12431177
Simplest and robust approach will be to use .htaccess based authentication.

1. Create directory for new user.
2. Create .htaccess file in it, so only that user or super-user can browse the contents.
3. Use $ENV{'REMOTE_USER'} to identify user and do user specific things.
0
 

Author Comment

by:mattpiercey
ID: 12433315
ahoffmann said:
*Note* that I have not sanitized this variable (which is highly recommended)

Thank you, I could attempt to sanitize the variable, but I think it would take me 30-40 times as long as you.  Lets bring this to a close - include the sanitation in the code, and we'll call it a day:]
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 12439015
# process your user_variable as you like
my $v = $q->param('uservariable'); $v =~ s/[^a-zA-Z0-9_]//;
system("sed 's/__sample__/$v/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");
0
 

Author Comment

by:mattpiercey
ID: 12461175
Thanks ahoffman
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question