Re: [SLUG] HTTP_REFERER not found [Repost]

2003-10-01 Thread Del 

That's exactly how I found my way onto this list.  :)
And I do agree whole-heartedly about: 
there is a difference between how do i do XYZ and please teach me how
to write a dynamic web application,
Yup, fair cop.

Note that my post on why I won't answer this sort of question
on the SLUG list was more philosophical.  I guess I had two
main points: (a) I reserve the right to charge for doing
work that I think I should be able to charge for, while
still answering questions that are simple and easy and about
doing XYZ, and (b) Louis (Hi Louis!) is going to be in serious
danger if he proceeds down the passing-variables-via-GET method
of web programming and probably needs some more serious help
than can be provided in a 2 minute QA session on SLUG.
There is also only so much you can learn by asking [relatively] simple
questions 
like those passed around here (some are not quite so simple, but the
majority are)
The rest we'll have to dig deeper...
Agreed, and I guess this was one of my points.

Louis:  It might be reasonably easy to get your HTTP variables
passed around by the method you're talking about but you're
going to at least need to find a good book on CGI and perl and
read a bit about web security to find out why it's a really
bad idea to try to do what you're doing, except for very
trivial applications.
i.e. you might get a simple answer to a simple problem here,
but I think you're going to end up with the right answer to
the wrong problem.
Unrelated web programming add-on:  There is a Sydney PHP
user group meeting on tomorrow (Thursday 2nd October) at
UTS.  Details here:
http://sydney.ug.php.net/

sydney.ug.php.net is not associated with SLUG, or the folks
who make PHP (but they let us use an A record in their domain).
--
Del
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

RE: [SLUG] HTTP_REFERER not found [Repost]

2003-10-01 Thread Jared Pritchard 
Louis (Hi Louis!) is going to be in serious
danger if he proceeds down the passing-variables-via-GET method
of web programming

lol  :P

POST is better - but only coz it's invisible to the human
eye. Session variables are better still, but use in moderation...
Also a good dose of SSL won't hurt  ;)

And I love databases! Very satsifying to see all your
data saved efficiently and cleanly - with easy access later.

But I leave that up to you Louis...  check out some different methods,
or maybe get some professional help :)


-Jazza

-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-30 Thread Del 
[EMAIL PROTECTED] wrote:
Hi Sluggers:

I subscribed with a new email address. So I am reposting my query on this.

Setup:
Url comes to site like this
http://www.yourdomain.com/index.html?hop=some_data

Q1. If I click on a link to go to another HTML page say name.html, I lose
the hop=some_data part. How do I make the hop=some_data go with the
name.html with the a tag from an HTML document ? Is this possible or a
script can do this only ?
Q2. The order page calls a Perl script say orderpage.pl, I want the
script to capture the hop=some_data. I got the script to print the whole
%ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would show the
url that called orderpage.pl with the hop=some_data . But if I cannot
see HTTP_REFERER, then how do I get the script to capture the
hop=some_data ?
OK, read this answer as more philosophical than anything else.

Firstly:  Hi education (or whatever your name is).  I run a company
that does web design and programming in a Linux environment.  We know
all of the answers to all of your problems.  We do HTML, Perl, CGI,
PHP, and even Cold Fusion if we have to.  Our rates are very reasonable.
Our web site is here:  http://www.babel.com.au/  You can find our
contact details there.
end of plug.

Now for the philosophical bit.

I could answer your question.  I won't.  The reason I won't do so
on the SLUG list is primarily because I'd be undercutting my own
business doing so.  It sounds like you are either writing or getting
written or modifying a commercial web application of some kind here, of
the type that accepts orders, has people pay money, and earns you
some kind of profit.
Not that I have a problem with that.  It's good that Linux gets
used in this sort of environment and I think you'll find that one
of Linux's great strengths is the stability and robustness of the
code base that goes into such products as Apache, PHP, mod_ssl,
the kernel, Perl, etc, that make your kind of project possible.
I am quite happy to help even the most casual interlopers on the
SLUG list that are playing with web site programming perhaps as
a hobby, perhaps for a uni project (but I won't do your homework
for you), or perhaps for their school fete or church fair.  I
think, however, that offering free advice on design and programming
of what _sounds a lot_ like a commercial project (not saying it is,
just it sounds a lot like one, and if it isn't perhaps you should
give us some more information) is moderately unfair.  It's unfair
to the companies (like mine) that try to employ people making a
living out of this sort of thing, and unfair to the people who do
the development of free software that aren't getting the pay back
from work like yours that they might get if it were channelled
through companies like mine, Anthony's, or even IBM (I know I
contribute modestly in a financial sense to free software, IBM
does extensively, and I guess Everything Linux does to some extent
somewhere along the supply chain too).
So.

Are you following this so far?

Yes, I'd be happy to help.  It sounds like you're out of your
depth a bit.  More importantly, it sounds like you're trying to
pass around HTTP GET variables between web pages, something
that is inherently unsafe and extremely vulnerable to external
attack.  It sounds like you need some professional assistance,
and I suggest you get some.  You need to find someone who knows
all about session management, session encryption probably, web
based authentication methodologies, and safe data encapsulation
in session code.  You are certain to find people here that will
help you short or long term, and even more certain to find people
on [EMAIL PROTECTED] that will do likewise.
End of philosophical bit.

Start of SLUG committee / mailing list management bit.

Spam wars aside, is there an official SLUG policy on this sort
of thing on the SLUG list?  I know there are mumbled-in-beard
words about not-using-the-list-for-commercial-purposes from time
to time, but what's the official published policy?  Should there
be one?
Back to your regularly scheduled flame war.  Hey, at least we're
not arguing about distros at the moment.
--
Del
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-30 Thread Benno 
On Tue Sep 30, 2003 at 18:24:09 +1000, Del wrote:
[EMAIL PROTECTED] wrote:
Hi Sluggers:

I subscribed with a new email address. So I am reposting my query on this.

Setup:
Url comes to site like this

http://www.yourdomain.com/index.html?hop=some_data

Q1. If I click on a link to go to another HTML page say name.html, I lose
the hop=some_data part. How do I make the hop=some_data go with the
name.html with the a tag from an HTML document ? Is this possible or a
script can do this only ?

Q2. The order page calls a Perl script say orderpage.pl, I want the
script to capture the hop=some_data. I got the script to print the whole
%ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would show the
url that called orderpage.pl with the hop=some_data . But if I cannot
see HTTP_REFERER, then how do I get the script to capture the
hop=some_data ?

OK, read this answer as more philosophical than anything else.


Back to your regularly scheduled flame war.  Hey, at least we're
not arguing about distros at the moment.

-- snip --

I think a lot of people who are posting here are probably having problem
running linux in their business and come to slug for help. I don't see
this as a problem at all. I think the only difference here is in degrees,
there is a difference between how do i do XYZ and please teach me how
to write a dynamic web application, but i think in general, if the slug
list can't help those using linux at work, then what is the point?!

Benno
(not speaking on behalf of the committee)
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-30 Thread umug 
Del [EMAIL PROTECTED] writes:

 [EMAIL PROTECTED] wrote:

Your email address makes my skin crawl :)

 Hi Sluggers:
 see HTTP_REFERER, then how do I get the script to capture the
 hop=some_data ?

 OK, read this answer as more philosophical than anything else.

One of the strengths of FOSS is its community and support. That support
comes in many flavours, there's commercial support, web sites, news and
mailing list archives, books (online and dead tree) and live news groups
and mailing lists.

One of the most important skills to learn is how to find and use the
support that's available. If you only use one of the available support
options, you're not utilising of one FOSS's strengths to your advantage.

Unless there is some reason to write your web site from scratch in perl,
there might be better alternatives. embperl and html-mason come to mind
for perl options, they might have the features you're trying to write
already built in and well tested. They both have strong communities that
have been there, done that. Zope and php are another alternative to
perl, php in particular has a very strong community and all of the
features you want already built. There's a lot of knowledge about
building web sites within the php community, even if you don't want to
use php, you can learn a lot about designing web sites (and programs in
general) from them.

And there's probably stacks of open source shopping cart, etc,
applications kicking around. A good thing to do is research what other
people are using and how they are using them, and popularity should also
be taken in to account (but shouldn't be the only thing to look at).


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

RE: [SLUG] HTTP_REFERER not found [Repost]

2003-09-30 Thread Learner 
Hi Sluggers:

Did not realise that this post would cause
an issue. I never read the mailing list 
rules.

Anyway I have sorted out my problem.

Thanks to those who gave suggestions.

Del:
I do have a name. It's Louis. I'll keep your business 
url should I need business assistance. I don't know 
the list rules but isn't that a way of spamming the 
list by mentioning business urls in the list ??

Cheers.



-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-30 Thread Jared Pritchard 
I think a lot of people who are posting here are probably having problem
running linux in their business and come to slug for help. I don't see
this as a problem at all. I think the only difference here is in degrees,
there is a difference between how do i do XYZ and please teach me how
to write a dynamic web application, but i think in general, if the slug
list can't help those using linux at work, then what is the point?!

10-4

That's exactly how I found my way onto this list.  :)
And I do agree whole-heartedly about: 
there is a difference between how do i do XYZ and please teach me how
to write a dynamic web application,

I have learnt a lot between this list  the perl list I'm subscribed to as
well -
There is also only so much you can learn by asking [relatively] simple
questions 
like those passed around here (some are not quite so simple, but the
majority are)
The rest we'll have to dig deeper...

But we'll also have to respect the businesses, so yeah. I think it would be
silly
to ask something like:
eg. I need a script to manage my customer database and handle all my
orders
But I see no problem in the questions so far where the need is smaller:
eg. I can't find an appropriate module to connect to a database using perl
-
 can anyone point me in the right direction?

We're all here to learn.

(I'm sure you know what I mean...):)

--
Jared
attachment: winmail.dat-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-29 Thread John Clarke 
On Tue, Sep 30, 2003 at 10:19:01AM +1000, [EMAIL PROTECTED] wrote:

 Q2. The order page calls a Perl script say orderpage.pl, I want the
 script to capture the hop=some_data. I got the script to print the whole
 %ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would show the

That's because it's not the referrer.  The referrer is the page
containing the link that was used to get to your page.  The stuff after
the '?' is QUERY_STRING.

To pick a random example, http://www.slug.org.au/index.html contains
this link:

a href=about.htmlSydney Linux Users Group (SLUG)/a

If I follow the link to load about.html, HTTP_REFERER will be
http://www.slug.org.au/index.html; and QUERY_STRING will be empty.

To pick another random example, slug's events page contains this link:

a href=detail.html?id=91

If I follow that link, HTTP_REFERER will be
http://www.slug.org.au/events/; and QUERY_STRING will be id=91.


Cheers,

John
-- 
whois [EMAIL PROTECTED]
GPG key id: 0xD59C360F
http://kirriwa.net/john/
-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] HTTP_REFERER not found [Repost]

2003-09-29 Thread Nicholas Wilcox 
 Q1. If I click on a link to go to another HTML page say name.html, I
 lose the hop=some_data part. How do I make the hop=some_data go with
 the name.html with the a tag from an HTML document ? Is this
 possible or a script can do this only ?

This is not how a relative link works. Everything after the last '/' is
lost. However with enough creativity anything can be made possible in
Javascript.


 Q2. The order page calls a Perl script say orderpage.pl, I want the
 script to capture the hop=some_data. I got the script to print the
 whole %ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would
 show the url that called orderpage.pl with the hop=some_data . But
 if I cannot see HTTP_REFERER, then how do I get the script to capture
 the
 hop=some_data ?

You should be seeing the previouse URL in the environment variable
HTTP_REFERER. Contrary to what someone else said it will contain the query
data. It might not exists because the browser is not sending it. Look at
the HTTP traffic with a sniffer to verify the browser is sending it. Some
more information about what web server you're using will help fix the
problem too.

-- 
Cult - A sociotype of an auto-toxic meme-complex, composed of membots
and/or memeoids.

Memetic Lexicon : http://pespmc1.vub.ac.be/MEMLEX.html


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

RE: [SLUG] HTTP_REFERER not found [Repost]

2003-09-29 Thread Jared Pritchard 
Q1. If I click on a link to go to another HTML page say name.html, I lose
the hop=some_data part. How do I make the hop=some_data go with the
name.html with the a tag from an HTML document ? Is this possible or a
script can do this only ?

there are a couple ways -
one way is to add the hop=some_data to the href itself, IF it is a static
string...  ie:   a href=http://www.domain.com/name.html?hop=some_data;
otherwise, you can implement a simple CGI/Perl script to generate the
index page from a template...


Q2. The order page calls a Perl script say orderpage.pl, I want the
script to capture the hop=some_data. I got the script to print the whole
%ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would show the
url that called orderpage.pl with the hop=some_data . But if I cannot
see HTTP_REFERER, then how do I get the script to capture the
hop=some_data ?

The ENV variable you are looking for is definitely the QUERY_STRING...
or use STDIN to retrieve POST data...

If you are using perl (looks like you are using a hash there - %ENV) then
you can
either use the CGI module to retrieve the query strings, in which case you
don't
have to worry about that at all, or you can do something like this -


my %formData;

read STDIN, $_, $ENV{'CONTENT_LENGTH'};  #Read in STDIN to default
variable...
%formData = split/|=/;  #Place separate keys/values into
'formData' hash, split by '' and '='
if (!%formData)  #- If we didn't get anything
from POST method,
{
   $_ = $ENV{'QUERY_STRING'};#  try retrieving it from
QUERY_STRING (GET method)
   %formData = split/|=/;   #  and split like before.
}


Then to access the data, you would go:
my $hop = $formData{'hop'};

This is a quick hack - CGI module is much better  more efficient
 eg. what happens when you get a number of values from select multiple in
this code?


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

RE: [SLUG] HTTP_REFERER not found [Repost]

2003-09-29 Thread education 
Q1. If I click on a link to go to another HTML page say name.html, I
 lose the hop=some_data part. How do I make the hop=some_data go
 with the name.html with the a tag from an HTML document ? Is this
 possible or a script can do this only ?

 there are a couple ways -
 one way is to add the hop=some_data to the href itself, IF it is a
 static string...  ie:   a
 href=http://www.domain.com/name.html?hop=some_data; otherwise, you can
 implement a simple CGI/Perl script to generate the index page from a
 template...

Well the hop=some_data is dynamic. Looks like a script is required to do
this then, and pass it dynamically to all a tag on the page being viewed
so that when a new page is clicked on, the hop=some_data is preserved.



Q2. The order page calls a Perl script say orderpage.pl, I want the
 script to capture the hop=some_data. I got the script to print the
 whole %ENV, and I see no HTTP_REFERER. I thought HTTP_REFERER would
 show the url that called orderpage.pl with the hop=some_data . But
 if I cannot see HTTP_REFERER, then how do I get the script to capture
 the
hop=some_data ?

 The ENV variable you are looking for is definitely the QUERY_STRING...
 or use STDIN to retrieve POST data...

Well from the page

http://www.yourdomain.com/index.html?hop=some_data

I clicked on a link for the order page which has this

a
href=http://www.yourdomain.com/cgi-bin/orderpage.pl?value=some_data_the_order_script_uses;

This shows QUERY_STRING as

value=some_data_the_order_script_uses

It looks like I need to somehow parse the hop=some_data dynamically to
the orderpage.pl scripts so that when clicked it has this

href=http://www.yourdomain.com/cgi-bin/orderpage.pl?value=some_data_the_order_script_useshop=some_data;

Any other way I can do this ?


 If you are using perl (looks like you are using a hash there - %ENV)
 then you can
 either use the CGI module to retrieve the query strings, in which case
 you don't
 have to worry about that at all, or you can do something like this -


 my %formData;

 read STDIN, $_, $ENV{'CONTENT_LENGTH'};  #Read in STDIN to default
 variable...
 %formData = split/|=/;  #Place separate keys/values
 into 'formData' hash, split by '' and '='
 if (!%formData)  #- If we didn't get
 anything from POST method,
 {
$_ = $ENV{'QUERY_STRING'};#  try retrieving it from
 QUERY_STRING (GET method)
%formData = split/|=/;   #  and split like before.
 }


 Then to access the data, you would go:
 my $hop = $formData{'hop'};

 This is a quick hack - CGI module is much better  more efficient
  eg. what happens when you get a number of values from select multiple
 in
 this code?


Thanks for this piece of code. I already have a read_input() sub doing
something similar.


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug