[24332] in Perl-Users-Digest
Perl-Users Digest, Issue: 6521 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed May 5 06:05:39 2004
Date: Wed, 5 May 2004 03:05:08 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 5 May 2004 Volume: 10 Number: 6521
Today's topics:
Re: At wits end! LWP and IIS(?) <gnari@simnet.is>
Re: At wits end! LWP and IIS(?) <calvine.is.not@starhub.net.sg>
Re: Books online???? <cwilbur@mithril.chromatico.net>
Re: Chat Server and Time Delay <mark.clements@kcl.ac.uk>
Creating Dynamic variables from CGI.pm Param() <jds@nospantrumpetweb.co.uk>
Re: Email inbox to printer <usenet@morrow.me.uk>
Re: free source authentication script <gnari@simnet.is>
Re: free source authentication script <mark.clements@kcl.ac.uk>
Re: free source authentication script <tassilo.parseval@rwth-aachen.de>
Re: free source authentication script <gnari@simnet.is>
Re: free source authentication script <mark.clements@kcl.ac.uk>
Re: free source authentication script <tore@aursand.no>
Re: Help Needed Building Array Of Hashes From CSV <georgekinley@hotmail.com>
Re: Help Needed Building Array Of Hashes From CSV <tore@aursand.no>
Re: Help Needed Building Array Of Hashes From CSV <Joe.Smith@inwap.com>
Re: need help with security <gnari@simnet.is>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 5 May 2004 08:59:35 -0000
From: "gnari" <gnari@simnet.is>
Subject: Re: At wits end! LWP and IIS(?)
Message-Id: <c7aaap$uir$1@news.simnet.is>
"Calvine Chew" <calvine.is.not@starhub.net.sg> wrote in message
news:c79m4b$806$1@reader01.singnet.com.sg...
> I've been trying to get a script to post to another script for some time
now
> but to no avail! Sending the LWP POST request to the receiving script and
> printing out the request/results, I get the following:
>
> ###################
> POST http://llc.compsys.org/up.cgi Content-Length: 177 Content-Type:
> multipart/form-data; boundary=xYzZY --xYzZY Content-Disposition:
form-data;
> name="upload"; filename="success.txt" Content-Length: 36 Content-Type:
> text/plain IT WORKED!!! 5th May 2004 11:24am --xYzZY--
>
> It didn't work. 501 (Not Implemented) syntax error Content-Type:
text/plain
> Client-Date: Wed, 05 May 2004 03:37:10 GMT Client-Warning: Internal
response
> 501 syntax error
>
> 501 syntax error
> ###################
> Both sending and receiving scripts are on the same server. I'm a relative
> newbie to Perl so I desperately need help on this! Any URLs or FAQs I can
> refer to to get more info on my troubles? Is it a Perl problem or a
> webserver one?
this means that your original upload (from browser
to upload.cgi) worked, but the second one (from
upload.cgi to up.cgi) failed, probably because it
was not correctly done.
did you try to upload directly to the second script?
gnari
------------------------------
Date: Wed, 5 May 2004 17:41:29 +0800
From: "Calvine Chew" <calvine.is.not@starhub.net.sg>
Subject: Re: At wits end! LWP and IIS(?)
Message-Id: <c7abh8$kfm$1@reader01.singnet.com.sg>
"gnari" <gnari@simnet.is> wrote in message
news:c7aaap$uir$1@news.simnet.is...
> "Calvine Chew" <calvine.is.not@starhub.net.sg> wrote in message
> news:c79m4b$806$1@reader01.singnet.com.sg...
> > I've been trying to get a script to post to another script for some time
> now
> > but to no avail! Sending the LWP POST request to the receiving script
and
> > printing out the request/results, I get the following:
> >
> > ###################
> > POST http://llc.compsys.org/up.cgi Content-Length: 177 Content-Type:
> > multipart/form-data; boundary=xYzZY --xYzZY Content-Disposition:
> form-data;
> > name="upload"; filename="success.txt" Content-Length: 36 Content-Type:
> > text/plain IT WORKED!!! 5th May 2004 11:24am --xYzZY--
> >
> > It didn't work. 501 (Not Implemented) syntax error Content-Type:
> text/plain
> > Client-Date: Wed, 05 May 2004 03:37:10 GMT Client-Warning: Internal
> response
> > 501 syntax error
> >
> > 501 syntax error
> > ###################
> > Both sending and receiving scripts are on the same server. I'm a
relative
> > newbie to Perl so I desperately need help on this! Any URLs or FAQs I
can
> > refer to to get more info on my troubles? Is it a Perl problem or a
> > webserver one?
>
>
> this means that your original upload (from browser
> to upload.cgi) worked, but the second one (from
> upload.cgi to up.cgi) failed, probably because it
> was not correctly done.
>
> did you try to upload directly to the second script?
> gnari
>
Yes indeed. The 2nd script (up.cgi) works perfectly and is able to save the
file (I verified this via a multipart/form-data html form to up.cgi). I
checked the server log and there is no reference to any 501 errors or even
requests to up.cgi!!
I conclude that this means the request is not even going out. I understand
that the header Client-Warning is inserted by LWP. Could this mean that the
script is failing at upload.cgi (1st script)?
------------------------------
Date: Wed, 05 May 2004 07:29:16 GMT
From: Charlton Wilbur <cwilbur@mithril.chromatico.net>
Subject: Re: Books online????
Message-Id: <871xlzjq0z.fsf@mithril.chromatico.net>
>>>>> "HW" == Henry Williams <***************> writes:
HW> About 3 years ago I used to read comp.lang.c everyday and
HW> people were always flaming others for their novice posts, and
HW> it seemed such a silly (Talk about silly) waste of energy.
HW> Isn't it better to ignore if you've nothing helpful to say?
HW> And if your intent is to be helpful isn't it better to be kind
HW> than to be a…. bastard?
Frankly, no. The people in comp.lang.c are experts in their field,
and they want a forum where they can discuss things that matter to
them. If they simply ignored every newbie post, then Joe Newbie would
post a basic question, Jane Newbie would answer it incorrectly, Fred
Newbie would correct it but make another mistake, and the whole thing
would go into the archives. And there would be so many newbies that
comp.lang.c would be unusable for the gurus and experts.
Surprisingly enough, most of this applies to comp.lang.perl.misc as
well. There are gurus and experts here, and if they took the time to
answer every basic question that shows up -- especially the ones that
are already answered in the docs or the FAQ -- they would have little
time to do anything else. In the long run, it does the newbie more
good to be shoved into reading the FAQ than to be handed the answer on
a platter, even if it's not as comfortable for the newbie.
HW> I figure if the poster gets ignored, it will encourage them to
HW> lurk more, read the posts of others who do get helpful replies
HW> and then began to understand how to post.
Lurk a while and watch. A poster who gets ignored -- not corrected --
asks the question again; and it's far more likely that a basic
question will get a wrong answer if it's ignored by the gurus.
To you it looks like the experts are being bastards. To the experts,
it looks like they're doing the newbies a favor in the long run. Look
at the amount of energy that's been expended recently on Robin, for
instance: the exasperation is starting to show, because he seems
unwilling or incapable of learning from the advice that he's given,
but if the goal were merely to be a bastard, he would have gotten far
less help than he has.
Charlton
--
cwilbur at chromatico dot net
cwilbur at mac dot com
------------------------------
Date: Wed, 05 May 2004 10:58:26 +0100
From: Mark Clements <mark.clements@kcl.ac.uk>
Subject: Re: Chat Server and Time Delay
Message-Id: <4098bab7$1@news.kcl.ac.uk>
Brian wrote:
> First one sits on a server and runs without being called
> from a browser. It's job is to check the time, and if
> the time = X then do Y. basically I want a script that
> is going to clear a MySQL Db at 4 am every day
use cron, or the equivalent on windows (Scheduled Tasks?). This will automatically execute a
specified command according to whatever schedule you set.
>
> The second is way over my head, in short I need
> what is going to work like a chat server. The idea
<snip description of how client/server chat system works>
> I have found a script on the net at
> http://hotwired.lycos.com/webmonkey/97/18/index2a.html?tw=programming
> but can't get it to work and don't really understand it.
If you don't understand it then you're probably biting off more than you can chew. A quick look
at it shows that it seems to cover the main points quite well, though I haven't tested it. There
is a similar example in one of the books, though can't remember if it's the cookbook or
Programming Perl (they're at home).
Mark
------------------------------
Date: Wed, 5 May 2004 10:57:10 +0100
From: "Julia deSilva" <jds@nospantrumpetweb.co.uk>
Subject: Creating Dynamic variables from CGI.pm Param()
Message-Id: <FP2mc.9963$9X6.7627@pathologist.blueyonder.net>
Hello All.
I use something like this to process form elements
my $field;
foreach $field ($q->param()) {
${$field} = $q->param($field);
.....
.....
}
to retreive data from a dynamically created webpage where I do not know
either the number or names of the form elements.
The above can't work under strict.
www.domain.com/cgi-bin/mail_test.cgi?XXX=1
>>> Can't use string ("XXX") as a SCALAR ref while "strict refs" in use at
mail_test.cgi
Some pointers would be very gratefully received.
Thanks
------------------------------
Date: Wed, 5 May 2004 07:36:54 +0000 (UTC)
From: Ben Morrow <usenet@morrow.me.uk>
Subject: Re: Email inbox to printer
Message-Id: <c7a5im$s4t$1@wisteria.csv.warwick.ac.uk>
Quoth google@d-kaff.co.uk (Aki):
>
> I am currently using fetchmail to retrieve mail from a POP server
> every couple of minutes, and it is delivering it to the standard
> /var/spool/mail/$user
>
> I need a script to monitor this users new mail when fetchmail has
> retrieved one, and make an audible alert to alert everyone of its
> arrival and also to print out the new email to the default printer.
Fetchmail in its usual setup doesn't deliver to the user's mailbox
itself, but rather hands the mail off to the local MTA for delivery. If
this is the case, then it's probably easiest to arrange for this user's
mail to be forwarded to a script which does what you want with it. Some
setup like this should work (depending on MTA &c):
/home/$user/.forward:
|procmail -Y
This arranges for the mail to be fed through procmail.
/home/$user/.procmailrc:
:0f:
header=|formail -YczX From: -X To: -X Subject: -X Date:
:0bc:
|/home/$user/printmail "$header"
This extracts the listed headers, feeds a copy of the body of the mail
through the script, then delivers it to the default destination
(/var/spool/mail/$user).
/home/$user/printmail:
#!/bin/sh
cd
sox mailsound.wav -t ossdsp /dev/sound/dsp
(echo $1; echo; cat) | lpr
exit 0
This makes a noise (adjust as appropriate) and then sends the header, a
blank line and the body to the printer.
Ben
--
The cosmos, at best, is like a rubbish heap scattered at random.
- Heraclitus
ben@morrow.me.uk
------------------------------
Date: Wed, 5 May 2004 07:58:59 -0000
From: "gnari" <gnari@simnet.is>
Subject: Re: free source authentication script
Message-Id: <c7a6p5$u6q$1@news.simnet.is>
"Robin" <webmaster @ infusedlight . net> wrote in message
news:c7a18h$pk7$2@reader2.nmix.net...
> www.infusedlight.net/robin/temp/auth.txt
>
[snip bragging about very weak security feature]
> ... At least now my site won't be
> defaced in this form, anyway.
is this an invitation ?
gnari
------------------------------
Date: Wed, 05 May 2004 09:27:50 +0100
From: Mark Clements <mark.clements@kcl.ac.uk>
Subject: Re: free source authentication script
Message-Id: <4098a57b$1@news.kcl.ac.uk>
Tassilo v. Parseval wrote:
> in as long as at least one person is already authenticated. Doing
> authentication based on a cookie is a very bad idea as well, as cookies
> reside on the client machine and anybody could create such a thing
> manually.
There are ways of doing it securely: the eagle book has a good example, which basically includes
a checksum of the cookie's data (eg username,date,ipaddress) combined with a secret. The
integrity of the cookie can thus be verified when it is resubmitted to the server.
Mark
------------------------------
Date: Wed, 5 May 2004 10:55:33 +0200
From: "Tassilo v. Parseval" <tassilo.parseval@rwth-aachen.de>
Subject: Re: free source authentication script
Message-Id: <c7aa67$1gsv1$1@ID-231055.news.uni-berlin.de>
Also sprach Mark Clements:
> Tassilo v. Parseval wrote:
>
>> in as long as at least one person is already authenticated. Doing
>> authentication based on a cookie is a very bad idea as well, as cookies
>> reside on the client machine and anybody could create such a thing
>> manually.
> There are ways of doing it securely: the eagle book has a good example, which basically includes
> a checksum of the cookie's data (eg username,date,ipaddress) combined with a secret. The
> integrity of the cookie can thus be verified when it is resubmitted to the server.
Well, naturally it can be done via some digest-mechanisms. However, does
this also work with the constant cookie
cookie (-name=>'Log', -value=>'', -path=>'./');
that Robin uses?
:-)
Tassilo
--
$_=q#",}])!JAPH!qq(tsuJ[{@"tnirp}3..0}_$;//::niam/s~=)]3[))_$-3(rellac(=_$({
pam{rekcahbus})(rekcah{lrePbus})(lreP{rehtonabus})!JAPH!qq(rehtona{tsuJbus#;
$_=reverse,s+(?<=sub).+q#q!'"qq.\t$&."'!#+sexisexiixesixeseg;y~\n~~dddd;eval
------------------------------
Date: Wed, 5 May 2004 09:00:30 -0000
From: "gnari" <gnari@simnet.is>
Subject: Re: free source authentication script
Message-Id: <c7aacf$uj1$1@news.simnet.is>
"Mark Clements" <mark.clements@kcl.ac.uk> wrote in message
news:4098a57b$1@news.kcl.ac.uk...
> Tassilo v. Parseval wrote:
>
> > in as long as at least one person is already authenticated. Doing
> > authentication based on a cookie is a very bad idea as well, as cookies
> > reside on the client machine and anybody could create such a thing
> > manually.
> There are ways of doing it securely: the eagle book has a good example,
which basically includes
> a checksum of the cookie's data (eg username,date,ipaddress) combined with
a secret. The
> integrity of the cookie can thus be verified when it is resubmitted to the
server.
yes, but that is definitively not the case here!
gnari
------------------------------
Date: Wed, 05 May 2004 10:12:36 +0100
From: Mark Clements <mark.clements@kcl.ac.uk>
Subject: Re: free source authentication script
Message-Id: <4098affa$1@news.kcl.ac.uk>
Tassilo v. Parseval wrote:
> Well, naturally it can be done via some digest-mechanisms. However, does
> this also work with the constant cookie
>
> cookie (-name=>'Log', -value=>'', -path=>'./');
>
> that Robin uses?
>
> :-)
Er, as stands, no. I'm not really bothering to read his code anymore as it makes my ears bleed
and my comments tend to be rather repetitive. I thought it would be more helpful to lead him
towards doing cookie authentication properly rather than just saying "it's a bad idea". If you
like we can take bets on the chances of him implementing it properly :)
Mark
------------------------------
Date: Wed, 05 May 2004 11:49:07 +0200
From: Tore Aursand <tore@aursand.no>
Subject: Re: free source authentication script
Message-Id: <pan.2004.05.05.09.47.28.929692@aursand.no>
On Tue, 04 May 2004 22:22:45 -0800, Robin wrote:
> www.infusedlight.net/robin/temp/auth.txt
A short summary:
* You're _still_ not indenting your code properly.
* You're _still_ not using 'strict' (or 'warnings').
* You're _still_ not checking the outcome of 'open()'.
* Yoy're _still_ using 'exit' where it's inappropriate.
* You're _still_ calling subroutines with '&', without
knowing really why (obviously).
* You're _still_ mixing HTML and Perl code.
* You're _still_ not validating the data you are using
throughout the script.
* You're _still_ not listening to the people in this
group. Why do you bother at all? You don't want to
learn anything, obviously!?
As for this particular script:
* Do you know how cookies work? You're definitely not
using cookies the way they should (...) be used.
* It is possible to access (and download) the "private"
files you are using. How secure is that?
Could you _please_ do something with _all_ of my comments before you post
another useless [1] script?
[1] Not really, as it works as a reminder on how to _not_ to things, but
you should state so in your postings and scripts;
"This code most probably doesn't work as expected and has been
written to demonstrate on how _not_ to do things in Perl."
Thanks.
--
Tore Aursand <tore@aursand.no>
"The pure and simple truth is rarely pure and never simple." (Oscar
Wilde)
------------------------------
Date: Wed, 05 May 2004 07:07:19 GMT
From: "George Kinley" <georgekinley@hotmail.com>
Subject: Re: Help Needed Building Array Of Hashes From CSV
Message-Id: <Ho0mc.15488$k4.315105@news1.nokia.com>
Not asking to piss you off but just curious
Why did you thought of using Hash?
"Tim Sheets" <tsheetspublic@insightbb.com> wrote in message
news:%iYlc.24520$TD4.3466652@attbi_s01...
> Hello group,
>
> I am rather new to Perl (and programming in general) and am having a
> problem building a hash. I have read several tutorials, examples, etc..
> but nothing touches on exactly what I am trying to do.
>
> I am trying to read data in from a CSV file (Excel export) and store the
> information in an array of hashes. The first line of the file contains
> field names, and the following lines contain data.
>
> So, I am reading the first line into an array, splitting on the commas,
> to use as the hash keys. Then all subsequent lines are read into
> another array, splitting on the commas to be used as the values.
>
> Then I am trying to build another array, and combine the 'keys' and
> 'values' from the first two arrays as a hash.
>
> Here is the code I am trying to use:
>
> # Begin reading csv dump
> open (REFERENCEFILE,"$ARGV[1]") ;
>
> $count=0;
>
> while (<REFERENCEFILE>) {
> if ($count == 0) {
> @refdatakeys = split(/,/, $_);
> $numelements = scalar (@refdatakeys);
> } else {
> @refdatavalues = split(/,/, $_);
> for ($i=0; $i < $numelements; $i++) {
> @arrefdata = ({$refdatakeys[$i] => '$refdatavalues[$i]'});
> }
> }
>
> print ("SITE ID is: $arrefdata[$count]{'SITE ID'}\n");
> $count++;
> }
>
> If I put print statements to test the values in @refdatakeys and
> @refdatavalues, everything is stored in those two arrays. But, I can't
> figure out what I am doing wrong when trying to store those values as
> key/value pairs in @arrefdata. Or, I guess it's possible that values
> are stored, but I am not correctly accessing that data in my print
> statement.
>
> If anyone can figure out what I am doing wrong, I sure would appreciate
> some help.
>
> Thanks all!!
>
> Tim
>
------------------------------
Date: Wed, 05 May 2004 09:53:48 +0200
From: Tore Aursand <tore@aursand.no>
Subject: Re: Help Needed Building Array Of Hashes From CSV
Message-Id: <pan.2004.05.05.07.46.00.896251@aursand.no>
On Wed, 05 May 2004 02:28:11 +0000, Tim Sheets wrote:
> open (REFERENCEFILE,"$ARGV[1]") ;
Always check the outcome of an 'open()', and drop those unneeded double
quotes;
open( REFERENCEFILE, '<', $ARGV[1] ) or die "$!\n";
> $count=0;
You're not using 'strict' (and possible not 'warnings' either). Make sure
your script starts with (something like):
#!/usr/bin/perl
#
use strict;
use warnings;
When using 'strict', you need to declare your variables for the current
scope before you use them. Example;
my $count = 0;
> while (<REFERENCEFILE>) {
> if ($count == 0) {
> @refdatakeys = split(/,/, $_);
> $numelements = scalar (@refdatakeys);
> } else {
> @refdatavalues = split(/,/, $_);
> for ($i=0; $i < $numelements; $i++) {
> @arrefdata = ({$refdatakeys[$i] => '$refdatavalues[$i]'});
> }
> }
> print ("SITE ID is: $arrefdata[$count]{'SITE ID'}\n");
> $count++;
> }
Instead of using your own routine to parse CSV, you should consider one of
the CSV modules on CPAN - <http://www.cpan.org/> - or Text::ParseWords
(which comes with Perl).
If you want to study a regular expression example which does the job in a
major of the cases, see 'perldoc -q split'.
No need to use the 'scalar()' function. Using an array in a scalar
context will return its "length";
my $length = @array;
Consider comparing the "length" of @refdatakeys and @refdatavalues in the
code above, and consider doing something "smart" when there's a "length"
mismatch.
--
Tore Aursand <tore@aursand.no>
"When you love someone, all your saved-up wishes start coming out."
(Elizabeth Bowen)
------------------------------
Date: Wed, 05 May 2004 09:34:15 GMT
From: Joe Smith <Joe.Smith@inwap.com>
Subject: Re: Help Needed Building Array Of Hashes From CSV
Message-Id: <ry2mc.36743$I%1.2277661@attbi_s51>
Tim Sheets wrote:
> for ($i=0; $i < $numelements; $i++) {
> @arrefdata = ({$refdatakeys[$i] => '$refdatavalues[$i]'});
> }
I expect that you meant
$arrefdata[$count] = { key1,val1, key2,val2, key3,val3, ...}
You ought to create dummy column labels if any row has more items than
the first row of the file. Use map{}() to build a list of key/value pairs.
my @temp = map { ( ($_ < @refdatakeys ? $refdatakeys[$_] : "unknown $_"),
$refdatavalues[$_] ) } foreach (0 .. $#refdatavalues);
$arrefdata[$count] = { @temp };
-Joe
------------------------------
Date: Wed, 5 May 2004 08:01:12 -0000
From: "gnari" <gnari@simnet.is>
Subject: Re: need help with security
Message-Id: <c7a6tb$u72$1@news.simnet.is>
"Robin" <webmaster @ infusedlight . net> wrote in message
news:c7a1c4$pk8$1@reader2.nmix.net...
>
> "Matt Garrish" <matthew.garrish@sympatico.ca> wrote in message
> news:QBElc.20892$3Q4.485920@news20.bellglobal.com...
> >
> > "Robin" <robin @ infusedlight.net> wrote in message
> > news:c74eqt$opc$1@news.f.de.plusline.net...
> > > "gnari" <gnari@simnet.is> wrote in message
> > > news:c742sf$6gh$1@news.simnet.is...
> > >
> > > > of course, it is your auth.pl that is the weakest link.
> > > >
> > >
> > > agreed, thanks... I'll set it up to use cookies...
> > >
> >
> > Please enlighten me as to how the use of cookies will make your scripts
> any
> > more secure? If you really understood what they are how they work, you'd
> > know that they provide *no security* in and of themselves.
> >
>
> see my latest post and read the source code for auth.pl up to the bottom
two
> subs and then read the source code for the bottom two subs as related to
> being in another script that auth.pl goes to.
in other words you do not really understand how cookies work.
gnari
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 6521
***************************************
