twigs schrieb:
>
> Hey Pi3-users,
>
> how do you get Pi3Web setup so you can have ex. twigs-bbs.dyn.ml.org/upload/
> as an upload area?
^^
Hi Erich,
send you a document from the Pi3-HowTo project (under development)
where upload is explained. If you have further questions call me back.
>
> Later,
>
> Erich/Twigs
> Owner of TW Computers twigs@compusmart.ab.ca
> Founder of TwigsNet twigs@edmonton.crosswinds.net
> BBSWorldMagazineNet AB Host http://start.at/tw_computers/
> http://come.to/twigsnet/
> www.nl2k.ab.ca/~onoway/
>
> TAGLINE: I'll take *AREA 51 PHOTOGRAPHY* for $200 Alex...
--
with regards
Holger
---------------------------------------------------------
Holger 'Zimpel' Zimmermann Contact me:
---------------------------------------------------------
Wendishain tel./fax company: on demand
Germany tel./fax private: on demand
---------------------------------------------------------
homepage: http://home.t-online.de/home/zimpel/
web server: surf to it from my homepage (online every
Sunday 20:00-24:00 GMT, start shifted again)
e-Mail: zimpel@t-online.de
--------------------------------------------------------
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Implementation of PUT request handler
The standard Pi3Web server configuration raises a 501 error if request methods handled by the default handler (passed the CGI- and ISAPI-handlers) are other than methods GET or HEAD.
CheckType Condition="¬(&or(&cmpi($m,GET),&cmpi($m,HEAD)))" \
StatusCode StatusCode="501"
The task is to build a handler for the PUT request method and to redirect PUT requests to this handler. It is possible to build this handler as a true server plugin with C++ using calls to the Pi3API functions but I tried a CGI as a Perl script.
#!/usr/bin/perl
if ((-e @ARGV[0]) && !(-w @ARGV[0])) {
print "Content-type: text/plain\n\nPermission denied.";
}
else {
open(FILE, "+>@ARGV[0]") || die "Can't open!";
binmode FILE;
binmode STDIN;
read(STDIN,$in,$ENV{CONTENT_LENGTH});
print FILE $in || die "Can't write!";
close(FILE) || die "Can't close!";
print "Content-type: text/plain\n\nUpload success.";
};
This script is really simple. The stumble stone is not to forget to switch the file handles into binary mode if you are under windows. Otherwise the STDIN is only read until the first EOF char occurs and the server resets the connection due to this incomplete read. A preference is to give the name of the file in the first command line line argument.
The changes in the configuration are 2 new objects:
Some changes are tomake in the mapping configuration to make PUT requests secure with authentication and in the http dispatcher configuration to raise the handler. The description of the in existence objects is abbreviated. The PutCGI object has comments for some configuration options.
<Object>
Name Start
Class FlexibleHandlerClass
...
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/upload/" To="Upload\" \
Action="&dbreplace(response,string,AuthenticationRealm,User)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/cgi-bin/" To="Cgi-Bin\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/icons/" To="Icons\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/" To="Webroot\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
...
# Default Mappings
</Object>
<Object>
Name HTTPLogicObject
Class HTTPDispatcherClass
...
Handlers Start Scripts WinScripts FastCGIScripts ISAPI Put Default
...
</Object>
<Object>
Name Put
Class FlexibleHandlerClass
CheckAuth Authenticate
CheckAuth ReturnCode ReturnCode=COMPLETED
# No path checking 'cause also non existing files can be PUTted
CheckPath ReturnCode ReturnCode=COMPLETED
# Here I could place an additional filter to allow
# only URL's beginning with allowed path
# CheckType Condition="¬(®exp('/upload/*',$z))" \
# StatusCode StatusCode="403"
CheckType ReturnCode ReturnCode=COMPLETED
CheckAccess ReturnCode ReturnCode="COMPLETED"
# No access checking since fail for non existing files
# CheckAccess AccessByFile RequirePermissions="W"
Condition "&cmpi($m,PUT)"
Handle PutCGI
</Object>
<Object>
Name PutCGI
Class CGIClass
...
DefaultCommandLine "perl c:\\pi3web\\cgi-bin\\put.pl %p%q"
...
</Object>
The current problem is that in existence mappings are not filtered for the request method. I corrected this very simple with adding a conditional mapping if request method is PUT and an authentication for this case.
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/upload/" To="Upload\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/cgi-bin/" To="Cgi-Bin\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/icons/" To="Icons\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/" To="Webroot\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
To be sure to allow uploads only in 1 directory remove comments from the following lines from the Put object:
# CheckType Condition="¬(®exp('/upload/*',$z))" \
# StatusCode StatusCode="403"
A current problem is the access checking for write access rights. The RefuseFileByMask and CheckAccess functions could not be used since the upload of not existing files isn't allowed then. Besides this the mechanisms of the operating system are working if the target file is read only etc.
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Form uploads
It is possible to create a HTML upload form and to send the form data in the following multipart message form to the server:
-----------------------------2224084169055 Content-Disposition: form-data; name="upfile"; filename="c:\rfc\rfc2068.html" Content-Type: text/html . . . -----------------------------2224084169055 Content-Disposition: form-data; name="note" Annotation -----------------------------2224084169055--
A CGI program has to take the data and to write it again in a correct file.
With the follwing form Netscape sends a multipart message of the above format to the server when you submit the form.
<form method='POST' enctype='multipart/form-data' action='/cgi-bin/fupload.pl'> File to upload: <input type=file name=upfile><br> Notes about the file: <input type=text name=note><br> <br> <input type=submit value=Press> to upload the file! </form>
The CGI program I wrote handles supplementary the following tasks:
Contact the author for the upload form CGI script
Since you can redirect the uploads to a directory the security risk is small. The .note files give the webmaster a history information of all uploads.
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Kiev content administrator
The Kiev content administrator can be downloaded from the Pi3Web developer area: http://www.johnroy.com/pi3/pi3web/files/devel/P3C-0629.exe After installation you should add a new content administration object for your Pi3Web server. If your server runs different hosts you can either setup a cont ent administrator object for each host or one object for all your virtual hosts.
Before using the content administrator the first time you must install and setup the KIEV.PL program in the /cgi-bin/ directory of your Pi3Web server. Setup the following script variables:
The base64 encoded username and password you can read from config.pi3 if you has prepared a user account for the web administration level or you can use /cgi-bin/base64.exe to encode a new user name and password.
When you have started your content administrator object and try to expand the tree node of your host you've to enter usernam and password and when accepted you'll see the contents of the webroot directory of your host. You can do the following operation with it:
The content administrator is in an early test stadium now. Be carefull, delete operations are started without confirmation.
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler