[15838] in Perl-Users-Digest
Perl-Users Digest, Issue: 3251 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Jun 5 00:10:30 2000
Date: Sun, 4 Jun 2000 21:10:14 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <960178214-v9-i3251@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sun, 4 Jun 2000 Volume: 9 Number: 3251
Today's topics:
passing form data from cookie input <bill@billcampbell.com>
Re: passing form data from cookie input <tina@streetmail.com>
Re: Perl -VS- PHP (Tad McClellan)
Perl 5.5 Fails ipc_sysv tests 5 and 6 under Linux/390 pcqdyc1@my-deja.com
Re: Perl to write to a text file (Tad McClellan)
Re: Perl to write to a text file <tina@streetmail.com>
Re: Problem using command line arguments (Joe Smith)
Re: Problems with MakeMaker om Win32 (ActiveState) (Steve A. Taylor)
Re: RegExp Help, I Think <abe@ztreet.demon.nl>
Re: RegExp Help, I Think <scott@industrial-linux.org>
Re: REQ: bytewise string manipulation C style instead o <linc0000@sable.ox.ac.uk>
Re: Secure CGI session in Perl (Mark P.)
Re: Secure CGI session in Perl <maciek@treko.net.au>
Re: Secure CGI session in Perl <scott@industrial-linux.org>
Re: Secure CGI session in Perl <scott@industrial-linux.org>
Stopping perl CGI <ayjayr@my-deja.com>
Transposing classification numbers in SGML file <j.main2@sympatico.ca>
Re: Using Net::SMTP <scott@industrial-linux.org>
Variable Syntax in SQL in DBI <grichards@flashcom.net>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 05 Jun 2000 03:38:42 GMT
From: "Bill" <bill@billcampbell.com>
Subject: passing form data from cookie input
Message-Id: <6hF_4.158562$55.3287692@news2.rdc1.on.home.com>
I have a link on the main page of my web site that takes you
to a login page. This page collects form data and submits it
to a (somewhat) secure section of my site.
This section first checks to make sure the data was just
submitted from the login page (REFERRER) and then checks
the form data against a password file. Once all is this is done,
it then sends a cookie to the user with this info.
When the first script is called again, it detects the cookie and
then fills in the form with the data collected from the cookie so
the user doesn't have to type out the name/pass everytime they
visit the page. But they see this page and still have to hit the submit
button.
How would I bypass this page (as far as the user can tell) and
go straight to the section that looks for form data ?
I guess I'm looking for something along the lines of:
if (got_the_cookie_info) {
exec(<FORM method="POST" action="logincheck.pl">
<input type="hidden" name="account" value="$cookieaccount">
<input type="hidden" name="pass" value="$cookiepass">
<input type="hidden" name="submit">)
}
Oviously this won't work - but what is it I should be trying ?
------------------------------
Date: 5 Jun 2000 03:58:40 GMT
From: Tina Mueller <tina@streetmail.com>
Subject: Re: passing form data from cookie input
Message-Id: <8hf8hg$2qbcs$9@fu-berlin.de>
hi,
Bill <bill@billcampbell.com> wrote:
> I have a link on the main page of my web site that takes you
> to a login page. This page collects form data and submits it
> to a (somewhat) secure section of my site.
so how does this work?
if the user hits submit the first time, another
script is called, am i right?
so why don't you check the cookie data in this script, too?
then the first script can just do a redirect
to the second script.
> This section first checks to make sure the data was just
> submitted from the login page (REFERRER) and then checks
> the form data against a password file. Once all is this is done,
> it then sends a cookie to the user with this info.
note that it's not secure to check the HTTP_REFERER, because
this can be faked.
> When the first script is called again, it detects the cookie and
> then fills in the form with the data collected from the cookie so
> the user doesn't have to type out the name/pass everytime they
> visit the page. But they see this page and still have to hit the submit
> button.
> How would I bypass this page (as far as the user can tell) and
> go straight to the section that looks for form data ?
> I guess I'm looking for something along the lines of:
> if (got_the_cookie_info) {
> exec(<FORM method="POST" action="logincheck.pl">
> <input type="hidden" name="account" value="$cookieaccount">
> <input type="hidden" name="pass" value="$cookiepass">
> <input type="hidden" name="submit">)
> }
> Oviously this won't work - but what is it I should be trying ?
--
http://www.tinita.de \ enter__| |__the___ _ _ ___
tina's moviedatabase \ / _` / _ \/ _ \ '_(_-< of
search & add comments \ \ _,_\ __/\ __/_| /__/ perception
------------------------------
Date: Sun, 4 Jun 2000 19:01:40 -0500
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: Perl -VS- PHP
Message-Id: <slrn8jlrf4.s8.tadmc@maxim.metronet.com>
On Sun, 04 Jun 2000 17:11:00 GMT, jason <elephant@squirrelgroup.com> wrote:
>MC writes ..
>>Does anyone know what advantages PHP has over Perl, both in general and for
>>CGI/Database processing??
>
>I'll go on record .. none
It is better for golf, you save one character whenever you type
"PHP" instead of "Perl"...
... but PHP loses when pronounced out loud, three syllables to one.
... and I guess typing it isn't so great after all, PHP loses
six keypresses to five.
:-)
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Mon, 05 Jun 2000 02:45:41 GMT
From: pcqdyc1@my-deja.com
Subject: Perl 5.5 Fails ipc_sysv tests 5 and 6 under Linux/390
Message-Id: <8hf48m$ff0$1@nnrp2.deja.com>
I'm trying to build Perl 5.5 under Linux for S/390 (IBM mainframes). The
compiles complete successfully, but when I do the 'make test' and then run
the harness tests, I'm getting 'not ok' messages for subtests 5 and 6 of
lib/ipc_sysv.t. I can't find anything to indicate that this is something
that is relatively unimportant, so I wanted to ask here just what these tests
are doing, and whether it's important that they work, or not. If they are
important (and I pretty much believe that they are), then how can I figure
out in more detail what's wrong? I tried reading the FAQ, but it didn't get
into stuff like this too much.
Thanks in advance for any help.
Mark Post
Electronic Data Systems Corp.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 4 Jun 2000 19:04:01 -0500
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: Perl to write to a text file
Message-Id: <slrn8jlrjh.s8.tadmc@maxim.metronet.com>
On Sun, 04 Jun 2000 19:27:45 GMT, Rodney Engdahl <red_orc@my-deja.com> wrote:
>In article <slrn8jjgvr.ut.tadmc@maxim.metronet.com>,
> tadmc@metronet.com (Tad McClellan) wrote:
>> On Sat, 03 Jun 2000 18:32:04 GMT, Bob Walton
<bwalton@rochester.rr.com> wrote:
>> >Rodney Engdahl wrote:
>> >> In article <8hb325$d26$1@newssvr03-int.news.prodigy.com>,
>> >> "Navneet Behal" <navneetbehal@bigfoot.com> wrote:
>> >...
>> >> open (FH, "/full/path/to/file/text.txt") || die "Cannot open text file\n";
>>
>> >You need a > in front of the filename to open it for writing.
[snip]
>> ... and you need to leave the newline out of the diagnostic message.
>
>not true
>>
>> ... and you need to mention the name of the file in the diagnostic message.
>
>not if I only have one file :^)
I missed the part were the OP said there was only one file in his program.
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: 5 Jun 2000 01:22:02 GMT
From: Tina Mueller <tina@streetmail.com>
Subject: Re: Perl to write to a text file
Message-Id: <8hevbq$2qbcs$2@fu-berlin.de>
hi,
Rodney Engdahl <red_orc@my-deja.com> wrote:
> In article <slrn8jjgvr.ut.tadmc@maxim.metronet.com>,
> tadmc@metronet.com (Tad McClellan) wrote:
>> On Sat, 03 Jun 2000 18:32:04 GMT, Bob Walton <bwalton@rochester.rr.com> wrote:
>> >Rodney Engdahl wrote:
>> >>
>> >> In article <8hb325$d26$1@newssvr03-int.news.prodigy.com>,
>> >> "Navneet Behal" <navneetbehal@bigfoot.com> wrote:
>> >...
>> >> open (FH, "/full/path/to/file/text.txt") || die "Cannot open text file\n";
>>
>> ... and you need to leave the newline out of the diagnostic message.
> not true
that's right, you don't have to. but it's better to
leave the newline out to get more info.
perldoc -f die:
[...]
If the value of EXPR does not end in a newline, the current script line
number and input line number (if any) are also printed, and a newline
is supplied.
[...]
tina
--
http://www.tinita.de \ enter__| |__the___ _ _ ___
tina's moviedatabase \ / _` / _ \/ _ \ '_(_-< of
search & add comments \ \ _,_\ __/\ __/_| /__/ perception
------------------------------
Date: 05 Jun 2000 01:59:59 GMT
From: inwap@best.com (Joe Smith)
Subject: Re: Problem using command line arguments
Message-Id: <393b099f$0$2988@nntp1.ba.best.com>
In article <_Ah_4.2180$2b4.140735@bgtnsc06-news.ops.worldnet.att.net>,
William Cardwell <wellhaven@worldnet.att.net> wrote:
>I'm trying to read from the first file and write to the second file on the
>command line, and supply a default file name when a command line file is
>absent. I can't get it to work right for the output file. My latest test is
>below. I'm thinking I shouldn't have to open the output file as I did below,
>but how do I specify the file I am writing to? Can anyone help?
>
># -----This doesn't work
>right-----------------------------------------------------
>$ARGV[0] = 'infile.txt' unless $ARGV[0];
>$ARGV[1] = '>outfile.txt' unless $ARGV[1];
>open OUTFILE, "$ARGV[1]" or die "Can't open file $ARGV[1] for output: $!\n";
>while(<>) {
> $i++;
> print OUTFILE "$i $_";
> if ($i >= 2000) {last;}
>}
>close OUTFILE;
push(@ARGV,'infile.txt') if scalar @ARGV == 0;
$outfile = (scalar @ARGV > 1) ? pop(@ARGV) : 'outfile.txt';
open OUTFILE,$outfile or die "Cannot open $outfile for output: $!\n";
while(<>) { # Read from all the files specified on the command line
...
}
The use "myprogram.pl inputfile1 inputfile2 inputfile3 outputfile" to
fully utilize the functionality of the while(<>){} statement.
-Joe
--
See http://www.inwap.com/ for PDP-10 and "ReBoot" pages.
------------------------------
Date: Mon, 05 Jun 2000 02:34:30 GMT
From: an400@freenet.carleton.ca (Steve A. Taylor)
Subject: Re: Problems with MakeMaker om Win32 (ActiveState)
Message-Id: <393b0fe6.11859058@news.ncf.carleton.ca>
On Thu, 01 Jun 2000 17:30:19 +0100, Greg Thomas
<Greg.Thomas@iname.com> wrote:
>Hi,
>
>To make sure the problem I'm seeing wasn't caused by a hosed
>installation, I've downloaded and installed from fresh the current
>version of Perl from ActiveState (Perl 5.6.0, ActiveState build 613
>plus the PPM fix on Windows 98SE). My problem is that for some reason,
>I can't get MakeMaker (v5.45) to work. Whenever I try
>
>C:\temp> perl makefile.pl
>
>on everything I've downloaded, the procedure fails to find the
>installation of Perl:
>
>Unable to find a perl 5 (by these names: C:\Perl\bin\Perl.exe miniperl
>perl perl5 perl5.6.0, in these dirs: C:\WINDOWS C:\WINDOWS\COMMAND
>C:\PERL\BIN C:\Perl\bin)
>
>Despite the fact that c:\perl\bin\perl.exe exists;
>
>C:\> c:\perl\bin\perl.exe -v
>
>This is perl, v5.6.0 built for MSWin32-x86-multi-thread
>(with 1 registered patch, see perl -V for more detail)
>...
>
>Has anyone seen this before? I can't say I've ever looked closely at
>MakeMaker before, just used it. Using the verbose option didn't give
>any more information relating to this problem, and setting PERL_SRC
>didn't make any difference. So, any ideas?
>
>TIA,
>
>Greg
>--
>This post represents the views of the author and does
>not necessarily accurately represent the views of BT.
I traced that to ExtUtils\MM_Win32.pm
It's a portability issue of system versus backtick. I changed line 163
# $val = `$abs -e "require $ver;" 2>&1`; #old
$val = system('$abs -e "require $ver;" 2>&1'); # new
(and perl finds itself)
Now a later error arises.
------------------------------
Date: Mon, 05 Jun 2000 00:51:22 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: RegExp Help, I Think
Message-Id: <l8nljsc56vgpphc5c84l2jkachvm5gvuq8@4ax.com>
On Sun, 4 Jun 2000 14:30:48 -0700, "Gabe" <grichards@flashcom.net>
wrote:
> I have a string that will look like:
>
> drive:\path\to\file.ext
>
> I want just the "file.ext", how can I do this?
You might want to read the documentation for File::Basename
perldoc File::Basename
--
Good luck,
Abe
------------------------------
Date: Sun, 04 Jun 2000 22:08:30 -0600
From: "scott thomason" <scott@industrial-linux.org>
Subject: Re: RegExp Help, I Think
Message-Id: <OQE_4.1695$gZ4.636223@feed.centuryinter.net>
..or you could just do this:
$path =~ /\\(.*?)$/;
my $file = $1;
...or maybe:
my @chunk = split(/\\/, $path);
my $file = $chunk[$#chunk];
...seems like importing a module would be a bit much for what you need.
---scott
------------------------------
Date: Mon, 05 Jun 2000 01:39:42 +0100
From: Steve Jessop <linc0000@sable.ox.ac.uk>
Subject: Re: REQ: bytewise string manipulation C style instead of substr
Message-Id: <393AF6CE.766A@sable.ox.ac.uk>
Jan Bessels wrote:
> Any pointers to info how to do bytewise string manipulation in Perl.
The function 'vec' in your favourite Perl reference.
'Fighting the language'. Tchah. You can't fight Perl.
Steve.
------------------------------
Date: Sun, 04 Jun 2000 23:58:25 GMT
From: perl@imchat.com (Mark P.)
Subject: Re: Secure CGI session in Perl
Message-Id: <393aeb5f.133045819@news.ionet.net>
>What is wrong with good old fashioned simple webserver authentication?
>On a secure server like this all web traffic would be encrypted.
>
Absolutely nothing. Just a different perspective on the
problem of protecting directories. As we all know, nothing is safe
from IE anyway with its ability to remember username/password combo's.
Most users don't know better than to turn this off so it is now a
reality everyone has to think about.
As for proxies all being able to run the same IP and access
the diirectory. If you really want totally secure, at least as best
you can get it, go with basic authentication. You still run the risk
of someone else accessing from the history of IE.
Myself I don't have a use for a password protected area. If
its that important it resides somewhere other than public domain.<G>
MP
------------------------------
Date: Mon, 05 Jun 2000 10:54:49 +0800
From: Maciej Mastalarczuk <maciek@treko.net.au>
Subject: Re: Secure CGI session in Perl
Message-Id: <393B1679.AA225497@treko.net.au>
> Absolutely nothing. Just a different perspective on the
> problem of protecting directories. As we all know, nothing is safe
> from IE anyway with its ability to remember username/password combo's.
> Most users don't know better than to turn this off so it is now a
> reality everyone has to think about.
> As for proxies all being able to run the same IP and access
> the diirectory. If you really want totally secure, at least as best
> you can get it, go with basic authentication. You still run the risk
> of someone else accessing from the history of IE.
> Myself I don't have a use for a password protected area. If
> its that important it resides somewhere other than public domain.<G>
>
> MP
Thanks a lot for the reply. Certainly I tried to use .htaccess. The problem
is that I am not sure whether this transmission is SSL secured. The user is
propted to type in the password before the browser reports secure
connection.
Am I wrong?
Is there any way to diable caching of the page? I mean in the page (or
CGI) source, not the browser of course.
Cheers and regards,
--
Maciej Mastalarczuk
maciek@treko.net.au
------------------------------
Date: Sun, 04 Jun 2000 22:30:56 -0600
From: "scott thomason" <scott@industrial-linux.org>
Subject: Re: Secure CGI session in Perl
Message-Id: <Q9F_4.1699$gZ4.636889@feed.centuryinter.net>
In article <393a5595.94699841@news.ionet.net>, perl@imchat.com (Mark P.)
wrote:
> Order deny,allow Deny from all Allow from none Allow from
> 206.171.###.### Allow from 206.172.###.###
This is such a terrible idea that I had to comment on it. Good lord, there are better
ways than programmatically allowing arbitrary IP addresses in via config changes.
------------------------------
Date: Sun, 04 Jun 2000 22:47:05 -0600
From: "scott thomason" <scott@industrial-linux.org>
Subject: Re: Secure CGI session in Perl
Message-Id: <YoF_4.1701$gZ4.637244@feed.centuryinter.net>
Here's how you can do it without relying on HTTP BASIC authentication (which,
as a previous reply pointed out, is pointless if the browser caches passwords).
Build your login screen. Serve it up via HTTPS so it's impractical to sniff the password.
In the backend app, build a table that stores two cols: a session ID and a session key.
Whenever someone logs in and their password is valid, the backend CGI app assigns
a new session ID (can be the next ascending number or ?). Then make an MD5 hash
out of some suitable random noise (you may also wish to look at /dev/random or /dev/urandom),
perhaps like this (in Perl);
=============
#!/usr/bin/perl -w
use Digest::MD5 ('md5_hex');
my $sesskey = md5_hex(`ps aux; date; ls -l /var/log`);
print "$sesskey\n";
=============
In the backend app, attach that SID/SKEY to the user in the DB. Now everytime you generate
HTML via your app, include the UID/SID/SKEY as hidden form vars (or even as query vars in the url).
The first step in every backend process is to verify that the SID is indeed assigned to that UID, and that the
SKEY is valid for that SID. This essentially gives you a one-time password for the UID. Make sure that
you expire the SID/SKEY combo after a reasonable amount of time has elapsed.
---scott
------------------------------
Date: Sun, 04 Jun 2000 23:58:11 GMT
From: AyJay <ayjayr@my-deja.com>
Subject: Stopping perl CGI
Message-Id: <8heqec$usb$1@nnrp1.deja.com>
G'day,
I have a perl CGI that displays information from a log file, while that
file is being appended to. The approach taken was to check the size of
the log file and if it has increased send those lines to the browser.
This all works fine and dandy, any improvement suggestions would be
appreciated however.
The problem is that if the user presses the 'Stop' or 'back' buttons on
their browser or even closes their browser the perl keeps running until
the log file size no longer changes. How can I tell when any of these
events happen?
---
TIA
AJ
AyJayR_at_Yahoo.com.au
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 05 Jun 2000 03:22:01 GMT
From: Jim Main <j.main2@sympatico.ca>
Subject: Transposing classification numbers in SGML file
Message-Id: <Vhw7OXOrOJUgBEMcX8oVPLB62Tde@4ax.com>
Hello Perlers,
I have to write a program that searches an SGML file for an element
containing a three-level classification number in the form:
uc Roman.Arabic.lc Roman
The program then maps the old number to a new classification scheme in
the same form. For example,
II.13.iii becomes I.5.i
The new number is then inserted into the SGML document in a new
element. The old scheme is represented in a text file in the form:
@Actions
@_I. Level 1 title
@__1. Level 2 title
@__2. Level 2 title
@__3. Level 2 title
@__4. Level 2 title
@_II. Level 1 title
@__1. Level 2 title
@__2. Level 2 title
@__3. Level 2 title
@__i. Level 3 title
@__ii. Level 3 title
@__iii. Level 3 title
@__4. Level 1 title
The new representation will probably be represented in a similar
file (I think this file was created for an Omnimark routine).
Does anyone have any suggestions about how to map the old number to
the new, generally speaking? My programming experience is limited, but
I have faith in Perl.
TIA,
Jim
------------------------------
Date: Sun, 04 Jun 2000 22:48:26 -0600
From: "scott thomason" <scott@industrial-linux.org>
Subject: Re: Using Net::SMTP
Message-Id: <cqF_4.1702$gZ4.637244@feed.centuryinter.net>
SMTP doesn't require a password. The one you've specified in your mail client is for
POP3.
---scott
------------------------------
Date: Sun, 4 Jun 2000 20:00:56 -0700
From: "Gabe" <grichards@flashcom.net>
Subject: Variable Syntax in SQL in DBI
Message-Id: <sjm5q6af5ri55@corp.supernews.com>
How do I pass a variable to the SQL in a statement handle in DBI?
$get = $dbh->prepare("SELECT picid FROM pics LIMIT $start, 5");
generates:
"You have an error in your SQL syntax near ' 5' at line 1 at images.cgi line
34. "
$start contains an integer >= 0.
I've also tried:
my $query = qq{SELECT picid FROM pics WHERE eventid = ? LIMIT $start, 5};
$get = $dbh->prepare($query);
Same error. Please help.
Gabe
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3251
**************************************
