How can my CGI program access non-browseable files?
Posted
by Zerobu
on Stack Overflow
See other posts from Stack Overflow
or by Zerobu
Published on 2010-03-16T01:46:43Z
Indexed on
2010/03/16
13:36 UTC
Read the original article
Hit count: 304
I was wondering if it was possible to read a text file that was located in a directory called "/home/user/files"
I wanted to read it from my cgi-bin which is located in /home/user/cgi-bi/ Below is my code,
#!/usr/bin/perl
use strict;
use CGI;
#Virtual Directory
#Steffan Harris
eval
{
use constant PASSWORD => 'perl';
use constant UPLOAD_DIR => '/home/sharris2/files';
sub mapToFile
{
print chdir UPLOAD_DIR;
}
#This function will list all files in a directory.
sub listDirectoryFiles
{
chdir UPLOAD_DIR;
my @files = <*>;
mapToFile;
print<<LIST;
<h2>Current Files</h2>
<ul>
LIST
if(!$files[0])
{
print" </ul>\n<em>No files in directory</em>";
}
foreach(@files)
{
print" <li>$_</li>";
}
print " </ul>\n";
}
#This function generates a 404 Not Found error
sub generate404
{
print<<RESPONSE;
Status: 404 Not Found
Content-Type: text/html
<html>
<head><title>404 Not Found</title></head>
<body>
<p>
<h1>404 - Not Found</h1>
</p>
The requested URL <b>$ENV{"HTTP_HOST"}$ENV{"REQUEST_URI"}</b> was not found on the server.
</body>
</html>
RESPONSE
exit;
}
#This function checks the path info to see if it matches a file in the UPLOAD_DIR directory, If it does not, then it returns a 404 error
sub checkExsistence
{
if($ENV{"PATH_INFO"})
{
chdir UPLOAD_DIR;
my @files = <*>;
if(!$files[0] and $ENV{"PATH_INFO"} eq "/")
{
return;
}
foreach(@files)
{
if($ENV{"PATH_INFO"} eq "/".$_ || $ENV{"PATH_INFO"} eq "/")
{
print "yes";
return;
}
}
generate404;
}
}
sub checkPassword
{
my ($password, $cgi);
$cgi = new CGI;
$password = $cgi->param('passwd');
unless($password eq PASSWORD)
{
print<<RESPONSE;
Status: 200 OK
Content-Type: text/html
<html>
<head>
<title>Incorrect Password</title>
</head>
<body>
<h1>Invalid password entered.</h1>
<h3><a href="/~sharris2/cgi-bin/files/">Go Back</a></h3>
</body>
RESPONSE
exit;
}
}
sub upLoadFile
{
checkPassword;
my ($uploadfile, $cgi);
$cgi = new CGI;
$uploadfile = $cgi->upload('uploadfile');
chdir UPLOAD_DIR;
$uploadfile
or die "Did not receive a file to upload";
open my $FILE, '>', UPLOAD_DIR."/$uploadfile" or
die "$!";
while(<$uploadfile>)
{
print $FILE $_;
}
}
#Start of main part of program
my $cgi = new CGI;
if(!$ENV{"PATH_INFO"})
{
print $cgi->redirect('/~sharris2/cgi-bin/files/');
}
checkExsistence;
if($ENV{"REQUEST_METHOD"} eq "POST")
{
upLoadFile;
}
print <<"HEADERS";
Status: 200 OK
Content-Type: text/html
HEADERS
print <<"HTML";
<html>
<head>
<title>Virtual Directory</title>
</head>
<body>
HTML
listDirectoryFiles;
print<<HTML;
<h2>Upload a new file</h2>
<form method = "POST" enctype = "multipart/form-data" action = "/~sharris2/cgi-bin/files/" />
File:<input type = "file" name="uploadfile"/>
<p>Password:
<input type = "password" name ="passwd"/></p>
<p><input type = "submit" value= "Submit File" /></p>
</form>
</body>
</html>
HTML
};
© Stack Overflow or respective owner