Solved

Execute a shell script from an html link - Passing varables back and forth?

Posted on 2010-11-16
15
402 Views
Last Modified: 2013-12-25
Still need some help this this:

Think I am missing something fundamental here; the submit button works even without entering in the name.

Also how do I pass the name to myscript.sh ???
One other option I would like to log with the name is the Users IP address to be passed to myscript.sh.


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<div style="margin: 10px;">

<h2 class='specialT'> To restart environment </h2><div class='display'>
<h2 class='specialT'>Please Enter your name:</h2><div class='display'>

</p>
<form name="input" action="/cgi-bin/myscript.sh" method="get">
<input type="hidden" name="MANDATORY" value="UserName">
<pre>
          <input type="text" name="UserName"> <input type="submit" value="Submit" />
</pre>
</form>
<p>
0
Comment
Question by:hdaz
  • 10
  • 5
15 Comments
 
LVL 16

Expert Comment

by:jmatix
Comment Utility
1. To make the UserName mandatory add an onsubmit handler to your form as:

<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="ret = this.UserName.replace(/^\s+/, '') != ''; if (!ret) alert('Name is mandatory'); return ret;">

If you want to

2. UserName will be automatically passed to user shell script when you submit. You shell script can access it in environment variable named $QUERY_STRING.

3. User's hostname and IP address will be available in environment variables $REMOTE_HOST and $REMOTE_ADDR respectively.
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
So doing the following in myscript.sh

echo "$QUERY_STRING $REMOTE_HOST $REMOTE_ADDR"

should give me the UserName and Remote host and Remote address but nothing is shown???
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
I thought $QUERY_STRING was just for php?
0
 
LVL 16

Expert Comment

by:jmatix
Comment Utility
QUERY_STRING is a CGI env variable set by the web server. Did you print an HTTP header? Try this:

echo -e "Content-type: text/html\n\n"
echo "<html><head></head><body>"

echo $QUERY_STRING
echo $REMOTE_ADDR

echo "</body></html>"

exit 0
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
I added the following:

<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="ret = this.UserName.replace(/^\s+/, '') != ''; if (!ret) alert('Name is mandatory'); return ret;">

I saw it working and was happy not touched anything as far as I know and its stopped working

hmmm
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<div style="margin: 10px;">

<h2 class='specialT'> To restart environment </h2><div class='display'>
<h2 class='specialT'>Please Enter your name:</h2><div class='display'>

</p>


<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="ret = this.UserName.replace(/^\s+/, '') != ''; if (!ret) alert('Name is mandatory'); return ret;">
<input type="hidden" name="MANDATORY" value="UserName">
<pre>
          <input type="text" name="UserName"> <input type="submit" value="Submit" />
</pre>
</form>
<p>
0
 
LVL 16

Expert Comment

by:jmatix
Comment Utility
Not sure why it stopped working. Put it in a separate JS function as:

<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="return checkData(this);">


Then define  checkData() in your <script> block in <head> section as:

<script>
function checkData(frm)
{
   var ret = frm.UserName.replace(/^\s+/, '') != '';
   if (!ret)
        alert('Name is mandatory');
   return ret;
}
</script>
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Author Comment

by:hdaz
Comment Utility
Iv tried but nothing displays

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">

<div style="margin: 10px;">

<h2 class='specialT'> To restart environment </h2><div class='display'>
<h2 class='specialT'>Please Enter your name:</h2><div class='display'>

</p>

<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="return checkData(this);">

<input type="hidden" name="MANDATORY" value="UserName">
<pre>
          <input type="text" name="UserName"> <input type="submit" value="Submit" />
</pre>
</form>
<p>


<script>
function checkData(frm)
{
   var ret = frm.UserName.replace(/^\s+/, '') != '';
   if (!ret)
        alert('Name is mandatory');
   return ret;
}
</script>
0
 
LVL 16

Expert Comment

by:jmatix
Comment Utility
My bad. Forgot to say frm.UserName.value. Try this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<script type="text/javascript">

function checkData(frm)

{

   var ret = frm.UserName.value.replace(/^\s+/, '') != '';

   if (!ret)

        alert('Name is mandatory');

   return false;

}

</script>

</head>

<body>

<div style="margin: 10px;">



<h2 class='specialT'> To restart environment </h2><div class='display'>

<h2 class='specialT'>Please Enter your name:</h2><div class='display'>



<p>



<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="return checkData(this);">



<input type="hidden" name="MANDATORY" value="UserName">

<pre>

          <input type="text" name="UserName"> <input type="submit" value="Submit" />

</pre>

</form>

<p>



</body>

</html>

Open in new window

0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
Thanks just tried the above still pressing submit without entering name or any data allows the script to be run...

0
 
LVL 16

Accepted Solution

by:
jmatix earned 500 total points
Comment Utility
I just realized that there is another problem. It should be:

   return ret;

I tested the following HTML and it works for me.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<script type="text/javascript">

function checkData(frm)

{

   var ret = frm.UserName.value.replace(/^\s+/, '') != '';

   if (!ret)

        alert('Name is mandatory');

   return ret;

}

</script>

</head>

<body>

<div style="margin: 10px;">



<h2 class='specialT'> To restart environment </h2><div class='display'>

<h2 class='specialT'>Please Enter your name:</h2><div class='display'>



<p>



<form name="input" action="/cgi-bin/myscript.sh" method="get" onsubmit="return checkData(this);">



<input type="hidden" name="MANDATORY" value="UserName">

<pre>

          <input type="text" name="UserName"> <input type="submit" value="Submit" />

</pre>

</form>

<p>



</body>

</html>

Open in new window

0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
Interesting what are you using to do your testing ?? as it still allowed me to use the submit button

I am using CentOS 5.5 and Apache httpd-2.2.3-31.el5.centos.4

At this moment in time I am using w3m to test, i'll recheck again at but that wont be for a couple of days.
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
I have tested with IE Firefox and Chrome as browsers...
0
 
LVL 1

Author Comment

by:hdaz
Comment Utility
Sorry jmatix: I must apologize, I was giving false information....

i was testing the wrong script..... :)

Many thanks for your help and time.

hdaz
0
 
LVL 1

Author Closing Comment

by:hdaz
Comment Utility
Thanks for all the help and time and please except my apologize for any confusion yesterday was a really long day.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now