Solved

Redirect control to another PERL script server-side, keeping CGI Params?

Posted on 2007-03-22
6
603 Views
Last Modified: 2013-12-25
Short:
What is the best way to forward control to another script, server-side, while keeping CGI query params (or passing new ones)?

Long:
I'm redesigning a webpage, and the new frontpage has a login form. In the past, different types of users would go to different pages to log in. EG customers to a "customer.cgi" script which would required login before allowing access, and administrators to a "admin.cgi" script which would do the same.

As part of the redesign, I'm centralizing the security part into a separata class, and all users now log in from the front page, to say "front.cgi". That script then calls the security module & verifies user is right to go, then should deliver them straight to the page they'd normally see when logging in via the old system (ie. into customer.cgi & admin.cgi).

How can I, after verifying the user in "front.cgi" then pass control to "admin.cgi" if the user is an admin, without doing a client-side redirect request (eg. print $cgi->redirect( 'http://www.server.com/admin.cgi?controlPage' ) ). I can do it like that of course since sessions & cookies are stored when "front.cgi" confirms identity, but it seems like it should be very easy to pass control to another process, and would be the cleanest way to do it to my mind.

To do that I would need to carry over the CGI params used in "front.cgi", or POST some new ones (don't need uid/pass again).

Seems strangely hard.

Apparently using $cgi->redirect() should work if you redirect to an absolute server path (such as /home/site/cgi-bin/admin.cgi) but doesn't seem to do what it claims .. at least on my dev machine. Same goes for LWP::UserAgent.

Comments & Ideas appreciated & welcomed.

If we can find a solution relatively quickly, I'll make the changes tonight & there will be more points available for the efforts; otherwise I'll use a client-side redirect in the interim.  :)

Thx!!
0
Comment
Question by:Glauron
  • 3
  • 3
6 Comments
 
LVL 84

Accepted Solution

by:
ozo earned 250 total points
ID: 18773423
do '/home/site/cgi-bin/admin.cgi';
0
 
LVL 1

Author Comment

by:Glauron
ID: 18776296
that has to be the simplest, & easiest solution to a problem I've ever posted :)

one small problem though...

admin.cgi reads all the same CGI params posted to the original script, but how can I pass it new info? ie. now that I know we need to redirect to admin.cgi after verifying the user, how can I add something like $cgi->param('action', 'showControl') to the POSTed list of params?

I have tried to manipulate STDIN & the $ENV variables but so far no luck.
0
 
LVL 1

Author Comment

by:Glauron
ID: 18776914
OK - found one solution ...

by using a 'system' call, instead of 'do', it passes on the changed environment variables since admin.cgi will be a child process to the currently running script. It doesn't seem to work that way with 'do'.

Still, I think I'd prefer redirecting client-side to the new script & check the session/cookie info then to verify the user. Seems cleaner & slightly more secure.. there'd have to be all sorts of taint checking

$ENV{REQUEST_METHOD} = 'GET';
$ENV{QUERY_STRING} = 'action=showControl';
$ENV{CONTENT_LENGTH} = length( $ENV{QUERY_STRING} );

my $path = $global->{CONF}->{RPATH} . 'cgi-bin/';
chdir $path;

system( 'perl admin.cgi' );
return;
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 84

Expert Comment

by:ozo
ID: 18777838
do should also see the changed environment variables
0
 
LVL 1

Author Comment

by:Glauron
ID: 18921822
using do din't allow me to see env vars unfortunately, but system got me out of trouble for a while.

Thanks for the help.
0
 
LVL 84

Expert Comment

by:ozo
ID: 18922429
What are you doing that you are unable to see env vars ?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

It is becoming increasingly popular to have a front-page slider on a web site. Nearly every TV website,  magazine or online news has one on their site, and even some e-commerce sites have one. Today you can use sliders with Joomla, WordPress or …
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to count occurrences of each item in an array.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now