How can my CGI program access non-browseable files?

Posted by Zerobu on Stack Overflow See other posts from Stack Overflow or by Zerobu
Published on 2010-03-16T01:46:43Z Indexed on 2010/03/16 13:36 UTC
Read the original article Hit count: 304

Filed under:
|

I was wondering if it was possible to read a text file that was located in a directory called "/home/user/files"

I wanted to read it from my cgi-bin which is located in /home/user/cgi-bi/ Below is my code,

#!/usr/bin/perl
use strict;
use CGI;


#Virtual Directory
#Steffan Harris

eval
{


use constant PASSWORD => 'perl';
use constant UPLOAD_DIR => '/home/sharris2/files';

sub mapToFile
{
   print chdir UPLOAD_DIR;

}

#This function will list all files in a directory.
sub  listDirectoryFiles
{
    chdir UPLOAD_DIR;

    my @files = <*>;

    mapToFile;
    print<<LIST;
    <h2>Current Files</h2>
      <ul>
LIST
     if(!$files[0])
     {
     print" </ul>\n<em>No files in directory</em>";
     }

    foreach(@files)
    {


    print"      <li>$_</li>";

    }
    print "     </ul>\n";


}
#This function generates a 404 Not Found error
sub generate404
{

print<<RESPONSE;
Status: 404 Not Found
Content-Type: text/html


      <html>
          <head><title>404 Not Found</title></head>
      <body>
        <p>
          <h1>404 - Not Found</h1>
        </p>
        The requested URL <b>$ENV{"HTTP_HOST"}$ENV{"REQUEST_URI"}</b> was not found on the server.
      </body>
      </html>


RESPONSE
exit;

}
#This function checks the path info to see if it matches a file in the UPLOAD_DIR directory, If it does not, then it returns a 404 error
sub checkExsistence
{

    if($ENV{"PATH_INFO"})
    {


    chdir UPLOAD_DIR;

    my @files = <*>;

    if(!$files[0] and $ENV{"PATH_INFO"} eq "/")
    {
        return;
    }


    foreach(@files)
    {


        if($ENV{"PATH_INFO"} eq "/".$_ || $ENV{"PATH_INFO"} eq "/")
        {
        print "yes";
        return;
        }


    }


    generate404;

    }


}

sub checkPassword
{
    my ($password, $cgi);
    $cgi = new CGI;

    $password = $cgi->param('passwd');

    unless($password eq PASSWORD)
    {

    print<<RESPONSE;
Status: 200 OK
Content-Type: text/html

     <html>
       <head>
         <title>Incorrect Password</title>
       </head>
       <body>
         <h1>Invalid password entered.</h1>
     <h3><a href="/~sharris2/cgi-bin/files/">Go Back</a></h3>
       </body>


RESPONSE

    exit;

    }

}


sub upLoadFile
{
    checkPassword;
    my ($uploadfile, $cgi);
    $cgi = new CGI;
    $uploadfile = $cgi->upload('uploadfile');


    chdir UPLOAD_DIR;

    $uploadfile
    or die "Did not receive a file to upload";

    open my $FILE, '>', UPLOAD_DIR."/$uploadfile" or
    die "$!";


    while(<$uploadfile>)
    {
    print $FILE $_;
    }

}

#Start of main  part of program

my $cgi = new CGI;

if(!$ENV{"PATH_INFO"})
{
    print $cgi->redirect('/~sharris2/cgi-bin/files/');
}

checkExsistence;

if($ENV{"REQUEST_METHOD"} eq "POST")
{

    upLoadFile;

}

print <<"HEADERS";
Status: 200 OK
Content-Type: text/html

HEADERS
    print <<"HTML";
<html>
    <head>
       <title>Virtual Directory</title> 
    </head>
    <body>

HTML

    listDirectoryFiles;

  print<<HTML;
       <h2>Upload a new file</h2>
      <form method = "POST" enctype = "multipart/form-data" action = "/~sharris2/cgi-bin/files/" />


          File:<input type = "file" name="uploadfile"/>



             <p>Password:
              <input type = "password" name ="passwd"/></p>
             <p><input type = "submit" value= "Submit File" /></p>


       </form>

    </body>


</html>

HTML



};

© Stack Overflow or respective owner

Related posts about perl

Related posts about cgi