Hello All, Sandro
> hi all
>
> i asked myself, why there is no web-based admin tool for LRP which allows
> the admin to ENTER something. weblet is great but just a viewer.
> i first tried to use weblet for HTML forms with post or get method. i found
> out, that weblet don't support any methods.
>
The weblet does accept input,. I used in my webbased shorewall
configuration.
If you use the original weblet, than you know that by clicking on the
pictures you get another information.
In the shorewall configuration weblet, I also used a bash script that
runs as a result of sending the form.
This is a security risk, the other problem is that to change
something essential at the configuration ( firewall etc) the weblet
has to be run with root rights .
I didn't updated the configuration tool, for 2 reasons, got not much
time, and no response at all, so I assumed that nobody was
interested.
> BUT thttpd does! then i tried how to get form entries parsed with bash. i
> wrote a script which parses the entries from the user by GET method. result
> is:
> $[fieldname]=[string by user]
>
> it runs with more than one form field....
>
> i'm not the bash guru, can someone have a look at my script and tell me, if
> there is a better way to do that (w/o writing to a temp file).
>
I'm sorry I didn't have time to try out the script, but I can tell you
about my experience with this.
I used in my first version a pipe at several places
data is processed | now the second proces take place
and found out that for a reason I couldn't detect this didn't work out
every time.
the version
data is processed > Written_to_tempfile
do something with tempfile
however worked.
As you usually don't have lot's of users configurating your box ;)
the loss of speed with a temp file located in Ram won't be a
problem IMHO
> i hope this example is useful for those who want to develop some html forms
> which allows to admin a LRP box through browser. i know that this is a
> potential security whole but perhaps someone knows how to protect webpages
> with a password in thttpd
> (.htaccess !?)
>
If there are more people interested, we could join our efforts :=)
> greetings
> Sandro Minola
> (Script at the bottom)
>
> Example Script:
>
> #!/bin/sh
> STRINGS=`echo $QUERY_STRING|cut -d'&' -f*`
> for STRING in $STRINGS ; do
> echo $STRING >> /var/tmp/wwwget.tmp
> done ; unset STRING ; unset STRINGS
>
> . /var/tmp/wwwget.tmp
>
> cat <<- /HTML-DATA
> Content-type: text/html
>
> <HTML><HEAD><TITLE>HTML Form TEST Page</TITLE></HEAD>
>
> $(echo $NAMEOFFIELD1)
> $(echo $NAMEOFFIELD2)
> $(echo $NAMEOFFIELD?)
>
> $(rm /var/tmp/wwwget.tmp)
> </BODY></HTML>
> /HTML-DATA
>
back again ;)
Eric Wolzak
http://leaf.sourceforge.net/devel/ericw
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
