Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Free CGI utilizing MKDIR allowing multiple users and login

We have a full-featured <a href="http://get.to/epray">church management software suite</a>, and are wanting to upgrade our customer's experience through personalization.  Any suggestions on the best free tools to make it happen?  We are thinking something along the lines of letting users make their own cgi subdirectories that list the freinds they have prayed for.  Is there free CGI tool that lets users create a directory/password like <a href="http://www.get.to/epray/church/management/software/USER1/index.htm">www.get.to/epray/church/management/software/USER1/index.htm</a>

with USER1 being the directory they have created.

Then they would have the ability to customize their prayer software experience, and see when prayers for friends were answered just by logging in to their directory.I think a CGI with MKDIR would be the best, but am concerned about the security.
0
mattpiercey
Asked:
mattpiercey
  • 6
  • 6
1 Solution
 
ahoffmannCommented:
your description is a bit vage,
Do you just need a CGI which create the directory and a default index.html,
or should their be more .html files in that directory?
Also: how do you identify user1, user2 etc.? means how is this name computed (USER1)
0
 
mattpierceyAuthor Commented:
I see the ambiguity . . .
The way it would look from a new customer/user:

1. they fill out a form with these variables

[]username:_______
[]password:_______
[]email_address:_______
[]telephone_number:_______
[]user_variable1:_______
[]user_variable2:_______
[]user_variable3:_______
[]user_variable4:_______

[submit form button]

the cgi script checks to see if the email OR other info is duplicated [by reading a flat datafile] then if its a new user, it creates a directory named after their username. In that created directory, a default.htm file is placed, a default.cgi script, and their user variables they have entered that are now written to those default files. Possibly a new datafile is required in the folder that stores the user's variables.  So it is a combination of user authentication, writing to a flatfile, and making directories.  Checking the referrer for security is a must, and any other security measures would be a bonus.

Obviously if a non-member or non-customer called the script, they should be presented with a login page.  If login is successful, then the authenticated user is taken either to the default.htm page or the default.cgi page.

0
 
ahoffmannCommented:
> Checking the referrer for security is a must,
opps: s/must/BS/
No offence, but SCNR ;-) checking referer is useless 'cause totally unreliable.

So, assuming user authentication works,and your default files reside in sample directory,following should be a starting point:

#!/usr/bin/perl
use CGI;
my $q = new CGI;
my $u = $q->param('username'); $u =~ s/[^a-zA-Z0-9_]//;
system("cp -r /path/to/sample /path/to/home/$u") if !-d $u;
# process your user_variable as you like
exit(0);

# quick&dirty, to be improved in many ways ...
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
mattpierceyAuthor Commented:
Could you include sample code for processing the user_variable? It looks now like it will make a directory titled new CGI, am I correct?
0
 
ahoffmannCommented:
> ..  it will make a directory titled new CGI ..
no, except you gave "new CGI" as username
0
 
mattpierceyAuthor Commented:
I see how that makes the directory, but could you add the code for entering the user_variables into the created CGI?
0
 
ahoffmannCommented:
the code is still where
or what are you expecting?
0
 
mattpierceyAuthor Commented:
As of right now, I can see how it will make a directory, but what I am looking for is a bit more code.  We can bring this to a close when perl makes the user_variables get entered into the newly created CGI.  I hope the definition of the objective is clear enough.  

You included the line:
# process your user_variable as you like

what I am looking for is for some code that will process those variables into the newly created CGI.  For example, suppose the user variable is "City".

The Newly created CGI has CITY embedded in it, and when the user calls the newly created CGI, they can see their CITY at the top of their CGI page.  
0
 
ahoffmannCommented:
# process your user_variable as you like
system("sed 's/__sample__/$q->param(user_variable)/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");

this is a quick&dirty solution, not very perlish
It assumes that you have a sample cgi in /path/to/sample.cgi which contains whatever you like, and
somewhere where "top" is the string  __sample__  which is replaced by the content of the variable user_variable
*Note* that I have not sanitized this variable (which is highly recommended)
0
 
ITcrowCommented:
Simplest and robust approach will be to use .htaccess based authentication.

1. Create directory for new user.
2. Create .htaccess file in it, so only that user or super-user can browse the contents.
3. Use $ENV{'REMOTE_USER'} to identify user and do user specific things.
0
 
mattpierceyAuthor Commented:
ahoffmann said:
*Note* that I have not sanitized this variable (which is highly recommended)

Thank you, I could attempt to sanitize the variable, but I think it would take me 30-40 times as long as you.  Lets bring this to a close - include the sanitation in the code, and we'll call it a day:]
0
 
ahoffmannCommented:
# process your user_variable as you like
my $v = $q->param('uservariable'); $v =~ s/[^a-zA-Z0-9_]//;
system("sed 's/__sample__/$v/' /path/to/sample.cgi > /path/to/home/$u/sample.cgi");
0
 
mattpierceyAuthor Commented:
Thanks ahoffman
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now