how to rewrite to a POST

2000-04-26 Thread David Hajoglou 

I asked a similar question eariler with no response.  So, I shall change
my aproach.

I have figured that I need to use PerlTransHandler for my module, but I
still do not know how to turn a GET request into a POST.

I can rewrite the filename to the correct file:

$r->filename($r->document_root . '/index.php3'); #from /auth?k=...

but, how do I make it a post?  Can I respecificy the $r->content?  It
would seem that I can't by the docs:

=== $r->content from perldoc Apache
*NOTE*: you can only ask for this once, as the entire body is read from
the client.
===

so, is it possible to take a GET request and rewrite the uri into a POST
request and if so how?

Re: how to rewrite to a POST

2000-04-27 Thread Ken Y. Clark 

On Wed, 26 Apr 2000, David Hajoglou wrote:

> so, is it possible to take a GET request and rewrite the uri into a POST
> request and if so how?

i'm not sure if that's really necessary.  you could just put the GET args
into $r->pnotes, perhaps like so:

sub handler {
my $r = shift;
return DECLINED unless $r->is_main();

my $apr= Apache::Request->new($r);
my @params = $apr->param;
my %args   = ();
$args{$_}  = $apr->param($_) for @params;
$r->pnotes('args', %args);
return OK;
}

ky

RE: how to rewrite to a POST

2000-04-27 Thread Geoffrey Young 



> -Original Message-
> From: Ken Y. Clark [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 27, 2000 9:06 AM
> To: [EMAIL PROTECTED]
> Subject: Re: how to rewrite to a POST
> 
> 
> On Wed, 26 Apr 2000, David Hajoglou wrote:
> 
> > so, is it possible to take a GET request and rewrite the 
> uri into a POST
> > request and if so how?
> 
> i'm not sure if that's really necessary.  you could just put 
> the GET args
> into $r->pnotes, perhaps like so:
> 
> sub handler {
> my $r = shift;
> return DECLINED unless $r->is_main();
> 
> my $apr= Apache::Request->new($r);
> my @params = $apr->param;
> my %args   = ();
> $args{$_}  = $apr->param($_) for @params;
> $r->pnotes('args', %args);
> return OK;
> }

or just use Apache::RequestNotes, which does all that for you (and parses
your cookies, if any, while it's at it...)

--Geoff

> 
> ky
>

Re: how to rewrite to a POST

2000-04-27 Thread J. J. Horner 

On Thu, 27 Apr 2000, Ken Y. Clark wrote:

> On Wed, 26 Apr 2000, David Hajoglou wrote:
> 
> > so, is it possible to take a GET request and rewrite the uri into a POST
> > request and if so how?
> 
> i'm not sure if that's really necessary.  you could just put the GET args
> into $r->pnotes, perhaps like so:
> 
> sub handler {
> my $r = shift;
> return DECLINED unless $r->is_main();
> 
> my $apr= Apache::Request->new($r);
> my @params = $apr->param;
> my %args   = ();
> $args{$_}  = $apr->param($_) for @params;
> $r->pnotes('args', %args);
> return OK;
> }
> 

In my situation, we sometimes have developers who try to send uids and
passwords across using a get.  This puts uids and passwords in the
logfile.  Is there a way to rewrite the GET to a POST before logging so as
to remove the uid/password data pairs?

Jon

-- 
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/

Re: how to rewrite to a POST

2000-04-27 Thread Kip Cranford 

On: Thu, 27 Apr 2000 09:06:24 EDT "Ken Y. Clark" wrote:

>On Wed, 26 Apr 2000, David Hajoglou wrote:
>
>> so, is it possible to take a GET request and rewrite the uri into a POST
>> request and if so how?
>
>i'm not sure if that's really necessary.  you could just put the GET args
>into $r->pnotes, perhaps like so:
>
[ snip ]

This approach works, or you could use something like Apache::RequestNotes.
However, you still need to deal with file uploads potentially, which I don't
believe the RequestNotes does.

In my situation, file uploads are important, as is authentication.  I check
authentication credentials on every request, and redirect to a login page
immediately when the check fails.  In this case, posted information (including
the file upload information) would be lost, which isn't good if the user uploaded
a big file.  I work around this by doing a simple client-side authentication
check (I use cookies to hold a username, so just check to see if it exists),
which launches a sub-window allowing the user to authenticate if their cookie
has expired.  Not the most elegant, but the best I could come up with right now.  

I also store all the request information in pnotes like RequestNotes.  However,
I also store a refrence to the file upload information (if any) along with
information on where the file contents are located.

If there are better solutions out there, I'm all ears!


--kip

Re: how to rewrite to a POST

2000-04-27 Thread David Hajoglou 

Ok, looking at all the posts I need to spell all of it out.  I am using
the database through the backend to prevend any passwords from being
transmited and possibally cached in a browser.  Here is how it works:

Our user, lets call him John, loggs into our portal.  This is a microsoft
environment (www.asksimon.com).  He authenticates on an MS server.  At
that time, the microsoft server generates a random key with a time stamp,
which is | delineated, adds the user name and base64 encodes it. Then all
links for the user to check his e-mail are writen as:

http://twig.asksimon.org/auth?k=b64_encoded_sequence">email

When I get the request my handler, which is triggered to fly when
/auth is requested, looks at the key, queries the MsSql database and
checks the random key and time stamp.  If all checks out, the request is
rewriten into a post like so:

twig.asksimon.org/index.php3 [log_name => "name" log_passwd => "passwd"].

I get the passwd from the .org server thereby keeping any passwords from
being transmitted between the microsoft environment and the linux
environment.

I need to use the post, because that is what php3 is expecting.  If
anybody can think of any better way I would like to hear it.  If not, then
is it possible to translate a GET uri into a POST uri with a
PerlTransHandler (or any other handler for that matter)??

I would like to use pnotes (that would have been easy) but I am going
from mod_perl to mod_php thereby nullifyiing all of the mod_perl gadgets.


Thanks
David

Re: how to rewrite to a POST

2000-04-27 Thread Jim Winstead 

On Apr 27, David Hajoglou wrote:
> I need to use the post, because that is what php3 is expecting.  If
> anybody can think of any better way I would like to hear it.  If not, then
> is it possible to translate a GET uri into a POST uri with a
> PerlTransHandler (or any other handler for that matter)??

Does TWIG really care whether the request comes in via GET or POST?
PHP generally does not make a distinction between the two. They
would have had to have gone out of their way to make this a
requirement.  (And one that is probably easily fixed by a search&replace
of HTTP_POST_VARS with HTTP_GET_VARS.)

But I've never used TWIG, so I may be missing the problem.

You could write your own (very limited) "proxy" on the mod_perl
side that used LWP::UserAgent to actually make the request to the
backend. Not quite as easy as just leveraging mod_proxy, but I
don't think it would be terribly difficult, either.

Jim

RequestNotes and file uploads [was how to rewrite to a POST ]

2000-04-27 Thread Geoffrey Young 

I was looking at Apache::Request file uploads again.  IIRC, I decided to
prohibit file uploads early on in RequestNotes because at that time
RequestNotes was parsing the request and storing it in a hash and putting
that in pnotes and some suggested that blindly storing files in memory was a
bad idea.  Now, pnotes just holds the Apache::Table object created by
Apache::Request->parms(), though.

I think that creating a third pnotes entry containing Apache::Upload
arrayref works.  I tested it a bit and it seems ok using the $apr->upload
array.  I tried to pass an upload object back and access multiple files
using next(), but I couldn't get it to work (probably because I wasn't
calling something right).

anyway, since I don't ever deal with file uploads in real life, could those
of you who can test the following patch?  Sorry it's so lengthy...

TIA

--Geoff

--- RequestNotes.pm.old Thu Apr 27 13:36:02 2000
+++ RequestNotes.pm Thu Apr 27 14:48:36 2000
@@ -16,7 +16,7 @@
 use Apache::Request;
 use strict;
 
-$Apache::RequestNotes::VERSION = '0.03';
+$Apache::RequestNotes::VERSION = '0.04';
 
 # set debug level
 #  0 - messages at info or debug log levels
@@ -28,12 +28,13 @@
 # initialize request object and variables
 #-
   
-  my $r   = shift;
-  my $log = $r->server->log;
+  my $r = shift;
+  my $log   = $r->server->log;
 
-  my $maxsize = $r->dir_config('MaxPostSize') || 1024;
+  my $maxsize   = $r->dir_config('MaxPostSize') || 1024;
+  my $uploads   = $r->dir_config('DisableUploads') =~ m/Off/i ? 0 : 1;
 
-  my %cookies = (); # hash for cookie names and values
+  my %cookies   = ();   # hash for cookie names and values
 
 #-
 # do some preliminary stuff...
@@ -47,7 +48,7 @@
 
   # this routine works for either a get or post request
   my $apr = Apache::Request->new($r, POST_MAX => $maxsize,
- DISABLE_UPLOADS => 1);
+ DISABLE_UPLOADS => $uploads);
   my $status = $apr->parse;
 
   if ($status) {
@@ -73,6 +74,12 @@
   }
   
 #-
+# create an array of all Apache::Upload objects
+#-
+
+  my @uploads = $apr->upload;
+
+#-
 # grab the cookies
 #-
 
@@ -92,6 +99,7 @@
 #-
 
   $r->pnotes(INPUT => $input);
+  $r->pnotes(UPLOADS => \@uploads);
   $r->pnotes(COOKIES => \%cookies) if %cookies;
 
 #-
@@ -118,8 +126,10 @@
 
 PerlInitHandler Apache::RequestNotes
 PerlSetVar MaxPostSize 1024
+PerlSetVar DisableUploads On
 
   MaxUploadSize is in bytes and defaults to 1024, thus is optional.
+  DisableUploads defaults to On, and likewise is optional.
 
 =head1 DESCRIPTION
 
@@ -134,11 +144,17 @@
   some Perl*Handler or Registry script:
 
 my $input  = $r->pnotes('INPUT');
+my $uploads= $r->pnotes('UPLOADS');
 my $cookies= $r->pnotes('COOKIES');

 # GET and POST data
 my $foo= $input->get('foo');
  
+# uploaded files
+foreach my $upload (@$uploads) {
+  print $upload->name;
+} 
+
 # cookie data
 my $bar= $cookies->{'bar'};  # one way
 
@@ -154,7 +170,9 @@
   the names and values of all cookies sent back to your domain and
   path.  $input contains a reference to an Apache::Table object and
   can be accessed via Apache::Table methods.  If a form contains
-  both GET and POST data, both are available via $input.
+  both GET and POST data, both are available via $input. $uploads
+  contains a reference to an array containing all the Apache::Upload
+  objects for the request, which can be used to access uploaded files.
 
   Once the request is past the PerlInit phase, all other phases can
   have access to form input and cookie data without parsing it
@@ -162,10 +180,6 @@
   POST data is required by numerous handlers along the way.
 
 =head1 NOTES
-
-  Apache::RequestNotes does not allow for file uploads. If either a 
-  file upload was attempted, or the POST data exceeds MaxPostSize,
-  rather than return SERVER_ERROR it sets $Apache::RequestNotes::err.
 
   Verbose debugging is enabled by setting the variable
   $Apache::RequestNotes::DEBUG=1 to or greater. To turn off all debug




> -Original Message-
> From: Kip Cranford [mailto:[EMAIL PROTECT