Solved

Redirect control to another PERL script server-side, keeping CGI Params?

Posted on 2007-03-22
6
604 Views
Last Modified: 2013-12-25
Short:
What is the best way to forward control to another script, server-side, while keeping CGI query params (or passing new ones)?

Long:
I'm redesigning a webpage, and the new frontpage has a login form. In the past, different types of users would go to different pages to log in. EG customers to a "customer.cgi" script which would required login before allowing access, and administrators to a "admin.cgi" script which would do the same.

As part of the redesign, I'm centralizing the security part into a separata class, and all users now log in from the front page, to say "front.cgi". That script then calls the security module & verifies user is right to go, then should deliver them straight to the page they'd normally see when logging in via the old system (ie. into customer.cgi & admin.cgi).

How can I, after verifying the user in "front.cgi" then pass control to "admin.cgi" if the user is an admin, without doing a client-side redirect request (eg. print $cgi->redirect( 'http://www.server.com/admin.cgi?controlPage' ) ). I can do it like that of course since sessions & cookies are stored when "front.cgi" confirms identity, but it seems like it should be very easy to pass control to another process, and would be the cleanest way to do it to my mind.

To do that I would need to carry over the CGI params used in "front.cgi", or POST some new ones (don't need uid/pass again).

Seems strangely hard.

Apparently using $cgi->redirect() should work if you redirect to an absolute server path (such as /home/site/cgi-bin/admin.cgi) but doesn't seem to do what it claims .. at least on my dev machine. Same goes for LWP::UserAgent.

Comments & Ideas appreciated & welcomed.

If we can find a solution relatively quickly, I'll make the changes tonight & there will be more points available for the efforts; otherwise I'll use a client-side redirect in the interim.  :)

Thx!!
0
Comment
Question by:Glauron
  • 3
  • 3
6 Comments
 
LVL 84

Accepted Solution

by:
ozo earned 250 total points
ID: 18773423
do '/home/site/cgi-bin/admin.cgi';
0
 
LVL 1

Author Comment

by:Glauron
ID: 18776296
that has to be the simplest, & easiest solution to a problem I've ever posted :)

one small problem though...

admin.cgi reads all the same CGI params posted to the original script, but how can I pass it new info? ie. now that I know we need to redirect to admin.cgi after verifying the user, how can I add something like $cgi->param('action', 'showControl') to the POSTed list of params?

I have tried to manipulate STDIN & the $ENV variables but so far no luck.
0
 
LVL 1

Author Comment

by:Glauron
ID: 18776914
OK - found one solution ...

by using a 'system' call, instead of 'do', it passes on the changed environment variables since admin.cgi will be a child process to the currently running script. It doesn't seem to work that way with 'do'.

Still, I think I'd prefer redirecting client-side to the new script & check the session/cookie info then to verify the user. Seems cleaner & slightly more secure.. there'd have to be all sorts of taint checking

$ENV{REQUEST_METHOD} = 'GET';
$ENV{QUERY_STRING} = 'action=showControl';
$ENV{CONTENT_LENGTH} = length( $ENV{QUERY_STRING} );

my $path = $global->{CONF}->{RPATH} . 'cgi-bin/';
chdir $path;

system( 'perl admin.cgi' );
return;
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 84

Expert Comment

by:ozo
ID: 18777838
do should also see the changed environment variables
0
 
LVL 1

Author Comment

by:Glauron
ID: 18921822
using do din't allow me to see env vars unfortunately, but system got me out of trouble for a while.

Thanks for the help.
0
 
LVL 84

Expert Comment

by:ozo
ID: 18922429
What are you doing that you are unable to see env vars ?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now