Hi,

I'm new to CGI, so go easy on me... All I want to do is set a simple password on the admin.cgi - should be easy right? What am I doing wrong?

I initially found all the references to .htaccess files - so I learnt all bout them... eventually I worked out that the reason they weren't working was that my server doesn't support them... so I'm trying this.. but have fallen victim to what appears to be a rather odd paradox:

I am passing a password from an HTML form (using POST) to the admin.cgi script... it works, I know it does... I have this running perfectly:

#!/usr/local/bin/perl

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}

#===============================

if ($FORM{pwd} eq 'mrpants') {

print "Content-type: text/html\n\n";
print "<br><br><H1><center>Correct Password</center></H1>";
}

else
{
print "Content-type: text/html\n\n";
print "<br><br><H1><center>Access Denied</center></H1>";
}



Now all I need to do is insert the original admin.cgi script into the bit which would display "Correct Password"... You'd think! Doing this results in the server locking up and the eventual return of a timed-out error.

However, if the original admin.cgi script is left in here and I comment out the

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

line, replacing it with a line which 'artificially' assigns the $buffer variable... all works fine... The best way to describe this seems to be that it's a paradox... what's going on here... it all seems a bit odd (and excruciatingly frustrating) to me.



Many thanks for any help you can offer!

put:


right AFTER the shebang and BEFORE any other code in admin.cgi. don't touch anything else.

Philip
------------------
Limecat is not pleased.

Not this?


Cheers

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

the whole point of having qw/:standard/ in the use CGI part is to import the basic CGI functions into the "main" package and avoiding the need to create a CGI object.

Philip
------------------
Limecat is not pleased.

Thank you very much for your replies. Certainly that's a much simpler way to get the posted parameter. I wish I could say I got it to work first time, but I'm still struggling!

I got your code to work in the same way that mine was working - without the admin.cgi script (although I had to add a line - print "Content-type: text/html\n\n";)

but unfortunately it still ran into a time-out error when the main admin.cgi was added at the bottom.

I have discovered exactly which line in the admin.cgi code it is that is getting stuck:

%in = &parse_form;

If I stick in an exit break before this line it hits the break and the exits the program sweetly, if I put it after it dies a horrible death and eventually times out.

Any more ideas?

Thanks again for your help so far! Ben. (sorry, I didn't include my real name last time round)

there is no reason why that would cause the program to hang. all I can say is try inserting that code into a clean copy of admin.cgi making sure not to alter anything else. I'd test this out myself but I'm not going to have any time to install a copy of Links and fiddle around until Thursday. in the meantime, attach (do not post) your admin.cgi next time so we can have a look at it.

Philip
------------------
Limecat is not pleased.

OK - I have downloaded a fresh copy of links just to make sure that my admin.cgi is exactly as it is supposed to be. The I have added your code as stated (I hope! - see admin_1.cgi).

The result of this is that if I enter the password correctly I get a time-out, if I enter it incorrectly I get a CGI misbehaved by not returning a complete set of HTML headers error).

So I altered the code you gave me very slightly (not touching anything below the links code header/credits, obviously) I have attached that as admin_2.cgi. This doesn't do anything about the problem if the password is correct, but it does fix the error when the password is wrong.

For completeness I've attached the form I am using (index.htm).

I'm not sure if I should be glad that you say there is no reason it should hang there as it means it's something subtle enough that I'm not being completely stupid, or if this is going to turn out to be something embarrassingly basic! Either way it's still extremely frustrating.

Thanks again for all your help.

Ben

Right, I'm getting somewhere now. If you look in the db_utils.pl file there is a sub called parse_form inside here it looks at passed variables... it gets stuck inside the "elsif ($ENV{'REQUEST_METHOD'} eq 'POST'" code where it tries to read the posted variable. if I comment out the two lines inside here it *ALMOST* works - I get access denied if I put the wrong password in and get the main admin screen comes up fine when I get the password right... A MAJOR BREAKTHROUGH...

I just have a small problem remaining... some of the functions (such as confirming validation of links) cause the main frame (bottom left hand side) to be populated with the access denied message. I guess the script uses the POST method here, so I probably need a more subtle solution than just commenting out the code which deals with posted parameters... getting there, though!

OK - I'm still struggling with this one - although I'm learning lots (slowly) about CGI, so that's something!

I have now discovered about CGI sessions (and how much easier they are with ASP ) I'm trying the following that I've constructed from an article I've found on the web, but it's coming up with: CGI Error

The specified CGI application misbehaved by not returning a complete set of HTTP headers.







The standard admin.cgi follows this code.

Is anyone familiar with sessions? what am I doing wrong? I'm just trying to hold the "logged on" status so when admin.cgi is recalled it doesn't trip the password failed message. Should be pretty straight forward. This (combined with the slight alteration to the parse_form sub; which could be made more sofisticated if the session was working) should make a moderatly secure password system, I think - I can't see that I need any more security than this will provide.

Again... HELP, PLEASE!!!!!!!