[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uploading to an area...



twigs schrieb:
> 
> Hey Pi3-users,
> 
>    how do you get Pi3Web setup so you can have ex.  twigs-bbs.dyn.ml.org/upload/
> as an upload area?
^^
Hi Erich,
send you a document from the Pi3-HowTo project (under development)
where upload is explained. If you have further questions call me back.

> 
>  Later,
> 
> Erich/Twigs
> Owner of TW Computers           twigs@compusmart.ab.ca
> Founder of TwigsNet             twigs@edmonton.crosswinds.net
> BBSWorldMagazineNet AB Host     http://start.at/tw_computers/
>                                 http://come.to/twigsnet/
>                                 www.nl2k.ab.ca/~onoway/
> 
> TAGLINE: I'll take *AREA 51 PHOTOGRAPHY* for $200 Alex...

-- 
with regards
Holger

---------------------------------------------------------
Holger 'Zimpel' Zimmermann    Contact me:
---------------------------------------------------------
Wendishain                    tel./fax company: on demand
Germany                       tel./fax private: on demand
---------------------------------------------------------
homepage: http://home.t-online.de/home/zimpel/
web server: surf to it from my homepage (online every
            Sunday 20:00-24:00 GMT, start shifted again)
e-Mail:     zimpel@t-online.de
--------------------------------------------------------
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Implementation of PUT request handler
Next Previous Contents

1. Implementation of PUT request handler

The standard Pi3Web server configuration raises a 501 error if request methods handled by the default handler (passed the CGI- and ISAPI-handlers) are other than methods GET or HEAD.


CheckType Condition="&not(&or(&cmpi($m,GET),&cmpi($m,HEAD)))" \ 
        StatusCode StatusCode="501"

The task is to build a handler for the PUT request method and to redirect PUT requests to this handler. It is possible to build this handler as a true server plugin with C++ using calls to the Pi3API functions but I tried a CGI as a Perl script.

1.1 CGI program


#!/usr/bin/perl
if ((-e @ARGV[0]) && !(-w @ARGV[0])) {
   print "Content-type: text/plain\n\nPermission denied.";
}
else {
   open(FILE, "+>@ARGV[0]") || die "Can't open!";
   binmode FILE;
   binmode STDIN;
   read(STDIN,$in,$ENV{CONTENT_LENGTH});
   print FILE $in || die "Can't write!";
   close(FILE) || die "Can't close!";
   print "Content-type: text/plain\n\nUpload success.";
}; 

This script is really simple. The stumble stone is not to forget to switch the file handles into binary mode if you are under windows. Otherwise the STDIN is only read until the first EOF char occurs and the server resets the connection due to this incomplete read. A preference is to give the name of the file in the first command line line argument.

1.2 Configuration changes

The changes in the configuration are 2 new objects:

  1. A flexible handler object named Put
  2. A CGIClass object named PutCGI

Some changes are tomake in the mapping configuration to make PUT requests secure with authentication and in the http dispatcher configuration to raise the handler. The description of the in existence objects is abbreviated. The PutCGI object has comments for some configuration options.


<Object> 
        Name Start
        Class FlexibleHandlerClass
        ...
        Mapping Condition="&cmpi($m,PUT)" \
        PathMapper From="/upload/" To="Upload\" \
Action="&dbreplace(response,string,AuthenticationRealm,User)"
        Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/cgi-bin/" To="Cgi-Bin\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
        Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/icons/" To="Icons\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
       Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/" To="Webroot\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
        ...
        # Default Mappings
</Object>

<Object>
        Name HTTPLogicObject
        Class HTTPDispatcherClass
       ...
       Handlers Start Scripts WinScripts FastCGIScripts ISAPI Put Default
       ...
 </Object>

<Object>
        Name Put
        Class FlexibleHandlerClass
        CheckAuth Authenticate
        CheckAuth ReturnCode ReturnCode=COMPLETED
        # No path checking 'cause also non existing files can be PUTted
        CheckPath ReturnCode ReturnCode=COMPLETED
        # Here I could place an additional filter to allow
        # only URL's beginning with allowed path 
        # CheckType Condition="&not(&regexp('/upload/*',$z))" \
        # StatusCode StatusCode="403"
        CheckType ReturnCode ReturnCode=COMPLETED
        CheckAccess ReturnCode ReturnCode="COMPLETED"
        # No access checking since fail for non existing files
        # CheckAccess AccessByFile RequirePermissions="W"
        Condition "&cmpi($m,PUT)"
        Handle PutCGI
</Object>

<Object>
       Name PutCGI
       Class CGIClass
       ...
       DefaultCommandLine "perl c:\\pi3web\\cgi-bin\\put.pl %p%q"
       ...
</Object> 

1.3 Security

The current problem is that in existence mappings are not filtered for the request method. I corrected this very simple with adding a conditional mapping if request method is PUT and an authentication for this case.


        Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/upload/" To="Upload\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
        Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/cgi-bin/" To="Cgi-Bin\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
       Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/icons/" To="Icons\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"
       Mapping Condition="&cmpi($m,PUT)" \
PathMapper From="/" To="Webroot\" \
Action="&dbreplace(response,string,AuthenticationRealm,Administration)"

To be sure to allow uploads only in 1 directory remove comments from the following lines from the Put object:


# CheckType Condition="&not(&regexp('/upload/*',$z))" \
#   StatusCode StatusCode="403"

A current problem is the access checking for write access rights. The RefuseFileByMask and CheckAccess functions could not be used since the upload of not existing files isn't allowed then. Besides this the mechanisms of the operating system are working if the target file is read only etc.


Next Previous Contents
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Form uploads
Next Previous Contents

2. Form uploads

It is possible to create a HTML upload form and to send the form data in the following multipart message form to the server:


-----------------------------2224084169055
Content-Disposition: form-data; name="upfile"; filename="c:\rfc\rfc2068.html"
Content-Type: text/html
. . .
-----------------------------2224084169055
Content-Disposition: form-data; name="note"


Annotation
-----------------------------2224084169055--

A CGI program has to take the data and to write it again in a correct file.

2.1 HTML upload form

With the follwing form Netscape sends a multipart message of the above format to the server when you submit the form.


<form method='POST' enctype='multipart/form-data' action='/cgi-bin/fupload.pl'>
File to upload: <input type=file name=upfile><br>
Notes about the file: <input type=text name=note><br>
<br>
<input type=submit value=Press> to upload the file!
</form>

2.2 CGI program

The CGI program I wrote handles supplementary the following tasks:

  1. write the destination file
  2. write a .note file with remarks to the upload (date, source, destination, remote host, annotation, errors)
  3. write the annotations into the .desc file for the Pi3Web directory indexes
  4. redirect the upload data to a directory
  5. check for write permissions for the file

Contact the author for the upload form CGI script

2.3 Security

Since you can redirect the uploads to a directory the security risk is small. The .note files give the webmaster a history information of all uploads.


Next Previous Contents
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler: Kiev content administrator
Next Previous Contents

3. Kiev content administrator

3.1 Introduction

The Kiev content administrator can be downloaded from the Pi3Web developer area: http://www.johnroy.com/pi3/pi3web/files/devel/P3C-0629.exe After installation you should add a new content administration object for your Pi3Web server. If your server runs different hosts you can either setup a cont ent administrator object for each host or one object for all your virtual hosts.

3.2 Setup

Before using the content administrator the first time you must install and setup the KIEV.PL program in the /cgi-bin/ directory of your Pi3Web server. Setup the following script variables:

The base64 encoded username and password you can read from config.pi3 if you has prepared a user account for the web administration level or you can use /cgi-bin/base64.exe to encode a new user name and password.

3.3 Operation

When you have started your content administrator object and try to expand the tree node of your host you've to enter usernam and password and when accepted you'll see the contents of the webroot directory of your host. You can do the following operation with it:

3.4 Development state

The content administrator is in an early test stadium now. Be carefull, delete operations are started without confirmation.


Next Previous Contents
Title: Pi規eb - HowTo Implement a PUT request/Upload form handler
Next Previous Contents

Pi規eb - HowTo Implement a PUT request/Upload form handler

Holger Zimmermann (zimpel@t-online.de)

V1.1 18 July 1998, replaces document from 22 June 1998


Implementation of PUT handler. How-To make form uploads. Kiev content administratrion

1. Implementation of PUT request handler

2. Form uploads

3. Kiev content administrator


Next Previous Contents