/* This is our simple query decoding function. Should be improved but for now
* it works...
*/
static int
mapserver_decode_args (apr_pool_t *p, char *args,
char ***ParamNames, char ***ParamValues)
{
char **argv = NULL;
int i;
int n;
int argc = 0;
char *sep;
/* alloc the name/value pointer list */
argv = (char**) apr_pcalloc (p, (WMS_MAX_ARGS + 1) * 2 * sizeof (char*));
*ParamNames = argv;
*ParamValues = argv + WMS_MAX_ARGS + 1;
/* No arguments? Then we're done */
if (!args) return 0;
argv [0] = args;
/* separate the arguments */
for (i = 1, n = 0; args [n] && (i < WMS_MAX_ARGS); n++)
if (args [n] == '&') {
argv [i++] = args + n + 1;
args [n ] = '\0';
}
/* eleminate empty args */
for (n = 0, i = 0; argv [i]; i++)
if (*(argv [i]) != '\0')
argv [n++] = argv [i];
else
argv [i ] = NULL;
/* argument count is the number of non-zero arguments! */
argc = n;
/* split the name/value pairs */
for (i = 0; argv [i]; i++) {
sep = strchr (argv [i], '=');
if (!sep) continue;
*sep = '\0';
argv [i + WMS_MAX_ARGS + 1] = (char*) apr_pstrdup (p, sep + 1);
if (ap_unescape_url (argv [i + WMS_MAX_ARGS + 1]) == HTTP_BAD_REQUEST) {
ap_log_error (APLOG_MARK, APLOG_ERR, 0, NULL,
"%s: malformed URI, couldn't unescape parm %s",
__func__, argv [i]);
argv [i + WMS_MAX_ARGS + 1] = NULL;
} else {
plustospace (argv [i + WMS_MAX_ARGS + 1]);
}
}
return argc;
}
main(int argc, char *argv[]) {
entry entries[10000];
register int x,m=0;
char *cl;
printf("Content-type: text/html%c%c",10,10);
if(strcmp(getenv("REQUEST_METHOD"),"GET")) {
printf("This script should be referenced with a METHOD of GET.\n");
printf("If you don't understand this, see this ");
printf("<A HREF=\"http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html\">forms overview</A>.%c",10);
exit(1);
}
cl = getenv("QUERY_STRING");
if(cl == NULL) {
printf("No query information to decode.\n");
exit(1);
}
for(x=0;cl[0] != '\0';x++) {
m=x;
getword(entries[x].val,cl,'&');
plustospace(entries[x].val);
unescape_url(entries[x].val);
getword(entries[x].name,entries[x].val,'=');
}
printf("<H1>Query Results</H1>");
printf("You submitted the following name/value pairs:<p>%c",10);
printf("<ul>%c",10);
for(x=0; x <= m; x++)
printf("<li> <code>%s = %s</code>%c",entries[x].name,
entries[x].val,10);
printf("</ul>%c",10);
}
main(int argc, char *argv[]) {
entry entries[MAX_ENTRIES];
register int x,m=0;
int cl;
printf("Content-type: text/html%c%c",10,10);
if(strcmp(getenv("REQUEST_METHOD"),"POST")) {
printf("This script should be referenced with a METHOD of POST.\n");
printf("If you don't understand this, see this ");
printf("<A HREF=\"http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html\">forms overview</A>.%c",10);
exit(1);
}
if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) {
printf("This script can only be used to decode form results. \n");
exit(1);
}
cl = atoi(getenv("CONTENT_LENGTH"));
for(x=0;cl && (!feof(stdin));x++) {
m=x;
entries[x].val = fmakeword(stdin,'&',&cl);
plustospace(entries[x].val);
unescape_url(entries[x].val);
entries[x].name = makeword(entries[x].val,'=');
}
printf("<H1>Query Results</H1>");
printf("You submitted the following name/value pairs:<p>%c",10);
printf("<ul>%c",10);
for(x=0; x <= m; x++)
printf("<li> <code>%s : %s</code>%c",entries[x].name,
entries[x].val,10);
printf("</ul>%c",10);
}
int getEntries( inStruct Sentries ) {
register int x;
char *stquery, *tmpq, *tmpStr, *tmpStr1, *tmpPtr;
char reqMethod[100];
int msgLength;
char contentType[100];
char boundary[MAX_TOKEN];
int i;
putenv( "HOME=/" );
if ( getenv( "CONTENT_TYPE" ) != NULL ) {
strcpy( contentType, getenv( "CONTENT_TYPE" ) );
}
else {
strcpy( contentType, "" );
}
if ( getenv( "REQUEST_METHOD" ) != NULL ) {
strcpy( reqMethod, getenv( "REQUEST_METHOD" ) );
}
else {
strcpy( reqMethod, "" );
}
if ( getenv( "HTTP_COOKIE" ) != NULL ) {
strcpy( Sentries->cookieStr, getenv( "HTTP_COOKIE" ) );
}
else {
strcpy( Sentries->cookieStr, "" );
}
if ( strstr( Sentries->cookieStr, "*" ) != NULL ||
strstr( Sentries->cookieStr, ".." ) != NULL ||
strstr( Sentries->cookieStr, "?" ) != NULL ||
strstr( Sentries->cookieStr, "/" ) != NULL ||
strstr( Sentries->cookieStr, "\\" ) != NULL ) {
Sentries->op = -1;
return 1;
}
if ( !strcmp( reqMethod, "POST" ) || !strcmp( reqMethod, "post" ) ) {
msgLength = atoi( getenv( "CONTENT_LENGTH" ) ) + 10;
stquery = malloc( msgLength );
if ( fread( stquery, 1, msgLength, stdin ) != ( msgLength - 10 ) ) {
webErrorExit( "short fread", 0 );
}
stquery[msgLength] = '\0';
}
else {
stquery = malloc( QSIZE );
if ( getenv( "QUERY_STRING" ) != NULL ) {
strcpy( stquery, getenv( "QUERY_STRING" ) );
}
else {
strcpy( stquery, "" );
}
}
if ( strstr( contentType, "multipart/form-data" ) != NULL ) {
i = msgLength - 10;
getBoundary( &stquery, boundary );
/*** printf("Boundary:**%s**<BR>\n",boundary);fflush(stdout); ***/
for ( x = 0; *stquery != '\0'; x++ ) {
if ( x == MAX_ENTRIES ) {
webErrorExit( "MaxEntries Exceeded", x );
}
Sentries->m = x;
/*** printf("GettingX:%i....\n",x);fflush(stdout); ***/
tmpPtr = stquery;
if ( getmultipartword( &Sentries->entries[x], &stquery, boundary, i ) != 0 ) {
break;
}
i -= stquery - tmpPtr;
/*** printf("%i:%s=%s<BR>\n",entries[x].size,entries[x].name,entries[x].val);fflush(stdout);***/
}
Sentries->m--;
}
else {
/** the following is to take care of the
home col. name bad length pb Linux on RedHat7 *******/
fixstr1 = malloc( 10 );
free( fixstr1 );
/******************************************************/
for ( x = 0; stquery[0] != '\0'; x++ ) {
if ( x == MAX_ENTRIES ) {
webErrorExit( "MaxEntries Exceeded", x );
}
Sentries->m = x;
Sentries->entries[x].val = malloc( HUGE_STRING );
getword( Sentries->entries[x].val, stquery, '&' );
plustospace( Sentries->entries[x].val );
unescape_url( Sentries->entries[x].val );
char* wd = ( char * ) makeword( Sentries->entries[x].val, '=' ); // JMC cppcheck - leak
sprintf( Sentries->entries[x].name, wd );
free( wd ); // JMC cppcheck - leak
}
}
return 0;
}
int loadParams(cgiRequestObj *request,
char* (*getenv2)(const char*, void* thread_context),
char *raw_post_data,
ms_uint32 raw_post_data_length,
void* thread_context)
{
register int x,m=0;
char *s, *queryString = NULL, *httpCookie = NULL;
int debuglevel;
int maxParams = MS_DEFAULT_CGI_PARAMS;
if (getenv2==NULL)
getenv2 = &msGetEnv;
if(getenv2("REQUEST_METHOD", thread_context)==NULL) {
msIO_printf("This script can only be used to decode form results and \n");
msIO_printf("should be initiated as a CGI process via a httpd server.\n");
return -1;
}
debuglevel = (int)msGetGlobalDebugLevel();
if(strcmp(getenv2("REQUEST_METHOD", thread_context),"POST") == 0) { /* we've got a post from a form */
char *post_data;
int data_len;
request->type = MS_POST_REQUEST;
s = getenv2("CONTENT_TYPE", thread_context);
if (s != NULL)
request->contenttype = msStrdup(s);
/* we've to set default Content-Type which is
* application/octet-stream according to
* W3 RFC 2626 section 7.2.1 */
else request->contenttype = msStrdup("application/octet-stream");
if (raw_post_data) {
post_data = msStrdup(raw_post_data);
data_len = raw_post_data_length;
} else {
if(MS_SUCCESS != readPostBody( request, &post_data ))
return -1;
data_len = strlen(post_data);
}
/* if the content_type is application/x-www-form-urlencoded,
we have to parse it like the QUERY_STRING variable */
if(strncmp(request->contenttype, "application/x-www-form-urlencoded", strlen("application/x-www-form-urlencoded")) == 0) {
while( data_len > 0 && isspace(post_data[data_len-1]) )
post_data[--data_len] = '\0';
while( post_data[0] ) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(post_data,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
free( post_data );
} else
request->postrequest = post_data;
/* check the QUERY_STRING even in the post request since it can contain
information. Eg a wfs request with */
s = getenv2("QUERY_STRING", thread_context);
if(s) {
if (debuglevel >= MS_DEBUGLEVEL_DEBUG)
msDebug("loadParams() QUERY_STRING: %s\n", s);
queryString = msStrdup(s);
for(x=0; queryString[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(queryString,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
}
} else {
if(strcmp(getenv2("REQUEST_METHOD", thread_context),"GET") == 0) { /* we've got a get request */
request->type = MS_GET_REQUEST;
s = getenv2("QUERY_STRING", thread_context);
if(s == NULL) {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("No query information to decode. QUERY_STRING not set.\n");
return -1;
}
if (debuglevel >= MS_DEBUGLEVEL_DEBUG)
msDebug("loadParams() QUERY_STRING: %s\n", s);
if(strlen(s)==0) {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("No query information to decode. QUERY_STRING is set, but empty.\n");
return -1;
}
/* don't modify the string returned by getenv2 */
queryString = msStrdup(s);
for(x=0; queryString[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(queryString,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
} else {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("This script should be referenced with a METHOD of GET or METHOD of POST.\n");
return -1;
}
}
/* check for any available cookies */
s = getenv2("HTTP_COOKIE", thread_context);
if(s != NULL) {
httpCookie = msStrdup(s);
request->httpcookiedata = msStrdup(s);
for(x=0; httpCookie[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(httpCookie,';');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword_skip(request->ParamValues[m],'=',' ');
m++;
}
}
if (queryString)
free(queryString);
if (httpCookie)
free(httpCookie);
return(m);
}
main(int argc, char *argv[]) {
register int x,m=0;
char *cl;
char w[256];
char tfile[L_tmpnam];
int subs,slims,sides,drinks,allow;
char name[32];
char phone[10];
char address[64];
FILE *tfp,*order;
printf("Content-type: text/html%c%c",LF,LF);
cl=getenv("QUERY_STRING");
if((!cl) || (!cl[0]))
dump_form();
tmpnam(tfile);
if(!(tfp=fopen(tfile,"w"))) {
printf("<TITLE>Server Error</TITLE>%c",LF);
printf("<H1>Server Error</H1>%c",LF);
printf("Server unable to get a temporary file. Please try again later.<P>%c",LF);
exit(1);
}
subs=0;slims=0;sides=0;drinks=0;allow=0;
name[0]='\0';
phone[0]='\0';
address[0]='\0';
for(x=0;cl[0] != '\0'; x++) {
m=x;
getword(w,cl,'=');
plustospace(w);
unescape_url(w);
if(!strcmp(w,"pwd")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
allow=(strcmp(w,PASSWORD) ? 0 : 1);
}
if(!strcmp(w,"sub")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
subs |= (1 << atoi(w));
}
else if(!strcmp(w,"slj")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
slims |= (1 << atoi(w));
}
else if(!strcmp(w,"sde")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
sides |= (1 << atoi(w));
}
else if(!strcmp(w,"pop")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
drinks |= (1 << atoi(w));
}
else if(!strcmp(w,"name")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(name,w);
}
else if(!strcmp(w,"phone")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(phone,w);
}
else if(!strcmp(w,"adr")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(address,w);
}
}
if(!name[0]) print_error("you didn't give your name");
if(!address[0]) print_error("you didn't give your address");
if(!phone[0]) print_error("you didn't give your phone number");
if((!subs) && (!slims) && (!sides) && (!drinks)) print_error("you didn't order anything");
if(allow) {
char t[256];
sprintf(t,"/bin/mail %s",JJ_FAX);
if(!(order=popen(t,"w")))
print_error("the server was unable to open a pipe to mail");
printf("<TITLE>Order Sent</TITLE>%c",LF);
printf("<H1>Order Sent</H1>%c",LF);
printf("Your order has been sent to the UIUC e-mail to FAX gateway.<P>%c",LF);
} else {
printf("<TITLE>Your Order</TITLE>%c",LF);
printf("<H1>Your Order</H1>%c",LF);
printf("This is how your order would have looked if it had been sent.<P><PLAINTEXT>%c",LF);
order=stdout;
}
fprintf(order,"My name is %s, and I would like to have the following%c",
name,LF);
fprintf(order,"order delivered to %s:%c%c",address,LF,LF);
for(x=0;x<12;x++)
if(subs & (1 << x))
fprintf(order,"\t(1) %s%c",sublist[x],LF);
for(x=0;x<6;x++)
if(slims & (1 << x))
fprintf(order,"\t(1) %s Slim Jim%c",slimlist[x],LF);
for(x=0;x<2;x++)
if(sides & (1 << x))
fprintf(order,"\t(1) %s%c",sidelist[x],LF);
for(x=0;x<4;x++)
if(drinks & (1 << x))
fprintf(order,"\t(1) %s%c",poplist[x],LF);
fprintf(order,"%cPlease feel free to call me at %s if there is any%c",LF,
phone,LF);
fprintf(order,"problem. Thank you.%c%c.%c",LF,LF,LF);
fclose(order);
exit(0);
}
void decode_url(char *url)
{
plustospace(url);
unescape_url(url);
unpercent_url(url);
}
int main(int argc, char *argv[])
{
pentry entries[MAXPOSTVARS];
entry gentries[MAXGETVARS];
char *gcl;
register int i;
int cl=0;
ConnectDb();
if(getenv("REMOTE_ADDR")!=NULL)
sprintf(gcHost,"%.99s",getenv("REMOTE_ADDR"));
if(getenv("HTTP_USER_AGENT")!=NULL)
{
if(strstr(getenv("HTTP_USER_AGENT"),"Firefox"))
guBrowserFirefox=1;
}
#if defined(Linux)
gethostname(gcHostname, 98);
#else
//Solaris
sysinfo(SI_HOSTNAME, gcHostname, 98);
#endif
if(strcmp(getenv("REQUEST_METHOD"),"POST"))
{
//Get
//SSLCookieLogin();
gcl = getenv("QUERY_STRING");
for(i=0;gcl[0] != '\0' && i<MAXGETVARS;i++)
{
getword(gentries[i].val,gcl,'&');
plustospace(gentries[i].val);
unescape_url(gentries[i].val);
getword(gentries[i].name,gentries[i].val,'=');
if(!strcmp(gentries[i].name,"gcFunction"))
sprintf(gcFunction,"%.99s",gentries[i].val);
else if(!strcmp(gentries[i].name,"gcPage"))
sprintf(gcPage,"%.99s",gentries[i].val);
}
if(gcPage[0])
{
if(!strcmp(gcPage,"MyAccount"))
MyAccountGetHook(gentries,i);
}
}
else
{
//Post
cl = atoi(getenv("CONTENT_LENGTH"));
for(i=0;cl && (!feof(stdin)) && i<MAXPOSTVARS ;i++)
{
entries[i].val = fmakeword(stdin,'&',&cl);
plustospace(entries[i].val);
unescape_url(entries[i].val);
entries[i].name = makeword(entries[i].val,'=');
if(!strcmp(entries[i].name,"gcFunction"))
sprintf(gcFunction,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcPage"))
sprintf(gcPage,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcLogin"))
sprintf(gcLogin,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcPasswd"))
sprintf(gcPasswd,"%.99s",entries[i].val);
}
}
//Not required to be logged in gcFunction section
if(gcFunction[0])
{
if(!strncmp(gcFunction,"Logout",5))
{
printf("Set-Cookie: iRadiusLogin=; expires=\"Mon, 01-Jan-1971 00:10:10 GMT\"\n");
printf("Set-Cookie: iRadiusPasswd=; expires=\"Mon, 01-Jan-1971 00:10:10 GMT\"\n");
guPermLevel=0;
gcUser[0]=0;
guLoginClient=0;
htmlLogin();
}
}
/*if(!strcmp(gcFunction,"Login")) SetLogin();
if(!guPermLevel || !gcUser[0] || !guLoginClient)
SSLCookieLogin()¨;
//First page after valid login
if(!strcmp(gcFunction,"Login"))
htmlMyAccountd();*/
//Per page command tree
MyAccountCommands(entries,i);
//default logged in page
htmlMyAccount();
return(0);
}//end of main()
main(int argc, char *argv[])
{
entry entries[MAXENTRIES];
register int x, m = 0;
int cl, invalid = 0, didroot = 0, didhtml = 0;
char protocol;
if (strcmp(getenv("REQUEST_METHOD"), "POST")) {
printf("We can't do much with a blank subscription card, ");
printf("can we?\n");
exit(1);
}
if (strcmp(getenv("CONTENT_TYPE"),
"application/x-www-form-urlencoded")) {
printf("This script can only be used to decode form ");
printf("results.\n");
exit(1);
}
cl = atoi(getenv("CONTENT_LENGTH"));
sprintf(command, "%s ", GETSTATS);
for(x = 0; cl && (!feof(stdin)); x++) {
m = x;
entries[x].val = fmakeword(stdin, '&', &cl);
plustospace(entries[x].val);
unescape_url(entries[x].val);
entries[x].name = makeword(entries[x].val,'=');
if (!strcmp(entries[x].name, "protocol")) {
protocol = entries[x].val[0];
if (protocol == 'G')
sprintf(command, "%s -G %s", command);
else if (protocol == 'N')
sprintf(command, "%s -N %s", command);
else if (protocol == 'C')
sprintf(command, "%s -C %s", command);
else if (protocol == 'P')
sprintf(command, "%s -P %s", command);
else if (protocol == 'M')
sprintf(command, "%s -A %s", command);
else if (protocol == 'U')
sprintf(command, "%s -O %s", command);
}
if (!didroot) {
sprintf(command, "%s -dr %s", command, ROOTDIR);
didroot = 1;
}
if (!strcmp(entries[x].name, "logfilename"))
if (strlen(entries[x].val))
sprintf(command, "%s -l %s", command,
entries[x].val);
else
sprintf(command, "%s -l %s", command, LOGFILE);
if (!strcmp(entries[x].name, "common") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -M", command);
if (!strcmp(entries[x].name, "concise") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -c", command);
if (!strcmp(entries[x].name, "toplines") &&
strlen(entries[x].val))
sprintf(command, "%s -t %s ", command, entries[x].val);
if (!strcmp(entries[x].name, "all") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -a ", command);
if (!strcmp(entries[x].name, "monthly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -m ", command);
if (!strcmp(entries[x].name, "weekly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -w ", command);
if (!strcmp(entries[x].name, "daysweek") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -ds ", command);
if (!strcmp(entries[x].name, "daily") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -d ", command);
if (!strcmp(entries[x].name, "hoursday") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -hs ", command);
if (!strcmp(entries[x].name, "hourly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -h ", command);
if (!strcmp(entries[x].name, "full-hostname") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -f ", command);
if (!strcmp(entries[x].name, "full-access") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fa ", command);
if (!strcmp(entries[x].name, "full-lastaccess") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fd ", command);
if (!strcmp(entries[x].name, "full-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fb ", command);
if (!strcmp(entries[x].name, "request-name") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -r ", command);
if (!strcmp(entries[x].name, "request-accesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -ra ", command);
if (!strcmp(entries[x].name, "request-lastaccesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rd ", command);
if (!strcmp(entries[x].name, "request-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rb ", command);
if (!strcmp(entries[x].name, "request-filesize") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rf ", command);
if (!strcmp(entries[x].name, "domain-name") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dn ", command);
if (!strcmp(entries[x].name, "domain-requests") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -da ", command);
if (!strcmp(entries[x].name, "domain-lastaccesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dd ", command);
if (!strcmp(entries[x].name, "domain-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -db ", command);
if (!strcmp(entries[x].name, "domain-sub") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -du ", command);
if (!strcmp(entries[x].name, "filetree") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dt ", command);
if (!strcmp(entries[x].name, "error") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -e ", command);
if (!strcmp(entries[x].name, "samask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sa \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "ssmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -ss \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "srmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sr \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "spmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sp \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "sdmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sd \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "shmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sh \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "swmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sw \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "mailme") &&
strlen(entries[x].val) != 0) {
sprintf(command, "%s | /usr/ucb/mail -s \"%s\" %s",
command, SUBJECT, entries[x].val);
printf("Content-type: text/html\n\n");
printf("<title>It's in the mail...</title>\n<p>\n");
printf("<h1>Your log request is being mailed to ");
printf("you.</h1>\n");
printf("The following command was executed:\n");
printf("<p>\n<code>%s</code>\n", command);
}
else if (!strcmp(entries[x].name, "mailme") &&
strlen(entries[x].val) == 0 && !didhtml) {
sprintf(command, "%s -ht", command);
didhtml = 1;
}
}
sprintf(command, "%s &\n", command);
system(command);
exit(0);
}
void
cgi_init( int *result ) {
int cl, i, in_multipart_headers, which_entry, length_gotten;
char * boundary;
/* Default, no errors, no name/value pairs ("entries"): */
cgi_errno = CGIERR_NONE;
cgi_num_entries = 0;
length_gotten = 0;
/* Check for REQUEST_METHOD (set by HTTP server): */
if (getenv("REQUEST_METHOD") == NULL)
{
/* None set? Assume the user is invoking the CGI from a shell prompt
(for debugging): */
cgi_request_method = CGIREQ_NONE;
}
else
{
/* Determine the exact request method, and grab the data (if any)
in the appropriate manner: */
if (strcmp(getenv("REQUEST_METHOD"), "POST") == 0)
{
/* Post method (data is sent to us via "stdin"): */
cgi_request_method = CGIREQ_POST;
if (getenv("CONTENT_TYPE") == NULL)
{
/* Content type is not set! */
cgi_errno = CGIERR_INCORRECT_TYPE;
cgi_content_type = CGITYPE_UNKNOWN;
CGI_RETURN(cgi_errno);
}
else if (strcmp(getenv("CONTENT_TYPE"),
"application/x-www-form-urlencoded") == 0)
{
cgi_content_type = CGITYPE_APPLICATION_X_WWW_FORM_URLENCODED;
/* How much data do we expect? */
if (getenv("CONTENT_LENGTH") == NULL ||
sscanf(getenv("CONTENT_LENGTH"), "%d", &cl) != 1)
{
cgi_errno = CGIERR_BAD_CONTENT_LENGTH;
CGI_RETURN(cgi_errno);
}
/* Create space for it: */
cgi_query = malloc(cl + 1);
/* 2.0.1 - Tadek Orlowski ([email protected]) ... "+1" */
if (cgi_query == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Read it in: */
fgets(cgi_query, cl + 1, stdin);
/* Verify that we got as much data as we expected: */
if (strlen(cgi_query) != cl)
cgi_errno = CGIERR_CONTENT_LENGTH_DISCREPANCY;
}
else if (strstr(getenv("CONTENT_TYPE"),
"multipart/form-data") == getenv("CONTENT_TYPE"))
{
cgi_content_type = CGITYPE_MULTIPART_FORM_DATA;
cgi_query = malloc(2050);
if (cgi_query == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Determine the boundary string: */
if (strstr(getenv("CONTENT_TYPE"),
"boundary=") == NULL)
{
cgi_errno = CGIERR_NO_BOUNDARY;
CGI_RETURN(cgi_errno);
}
boundary = strdup(strstr(getenv("CONTENT_TYPE"),
"boundary=") + 9);
debug("boundary", boundary);
/* Read in until there's no more: */
in_multipart_headers = 0;
which_entry = -1;
do
{
length_gotten = lineread(stdin, cgi_query, 2048);
debug("cgi_query", cgi_query);
if (length_gotten > 0)
{
if (strstr(cgi_query, boundary) == cgi_query + 2 &&
cgi_query[0] == '-' && cgi_query[1] == '-')
{
/* We got a boundary! */
in_multipart_headers = 1;
which_entry = -1;
}
else /* (Not a boundary) */
{
if (in_multipart_headers == 1)
{
/* We had just got a boundary, read headers: */
if (cgi_query[0] == '\r' || cgi_query[0] == '\n')
{
/* Blank line, end of headers: */
in_multipart_headers = 0;
}
else /* (Not a blank line) */
{
/* What kind of header is it? */
if (strstr(cgi_query,
"Content-Disposition: ") ==
cgi_query)
{
/* Content-disposition: */
/* For now, just look for "name=": */
if (strstr(cgi_query, "name=\"") != NULL)
{
/* Add a new entry: */
which_entry = cgi_num_entries;
cgi_num_entries++;
/* Make more room: */
cgi_entries =
realloc(cgi_entries,
sizeof(cgi_entry_type) *
cgi_num_entries);
if (cgi_entries == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Fill in the name slot: */
cgi_entries[which_entry].name =
strdup(strstr(cgi_query,
"name=\"") +
6);
/* Truncate after quote: */
if (strchr(cgi_entries[which_entry].
name, '\"') != NULL)
{
strcpy(strchr(cgi_entries
[which_entry].name,
'\"'), "\0");
}
/* Set default content-type: */
cgi_entries[which_entry].
content_type =
"application/octet-stream";
/* Set default content-length: */
cgi_entries[which_entry].
content_length = 0;
/* Set default value: */
cgi_entries[which_entry].val =
strdup("");
debug("entry.name",
cgi_entries[which_entry].name);
}
}
else if (strstr(cgi_query,
"Content-Type: ") ==
cgi_query)
{
/* Content-type: */
cgi_entries[which_entry].content_type =
strdup(strstr(cgi_query,
"Content-Type: ") +
14);
debug("entry.content_type",
cgi_entries[which_entry].
content_type);
}
}
}
else /* in_multipart_headers == 0 */
{
/* If we're recording into a particular
entry, copy the data: */
if (which_entry != -1)
{
/* Make more room: */
cgi_entries[which_entry].val =
realloc(cgi_entries[which_entry].val,
strlen(cgi_entries[which_entry].
val) + length_gotten + 1);
if (cgi_entries[which_entry].val == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Append the data: */
memcpy(cgi_entries[which_entry].val +
(cgi_entries[which_entry].
content_length),
cgi_query, length_gotten);
cgi_entries[which_entry].content_length =
(cgi_entries[which_entry].content_length +
length_gotten);
}
}
}
}
}
while (length_gotten > 0);
free(cgi_query);
}
else
{
/* Content type is unrecognized! */
cgi_errno = CGIERR_INCORRECT_TYPE;
cgi_content_type = CGITYPE_UNKNOWN;
CGI_RETURN(cgi_errno);
}
}
else if (strcmp(getenv("REQUEST_METHOD"), "GET") == 0)
{
/* For now, assume Content Type of
"application/x-www-form-urlencoded"
(Is this a bad assumption?) */
cgi_content_type = CGITYPE_APPLICATION_X_WWW_FORM_URLENCODED;
/* GET method (data sent via "QUERY_STRING" env. variable): */
cgi_request_method = CGIREQ_GET;
/* Get a pointer to the data: */
cgi_query = getenv("QUERY_STRING");
if (cgi_query == NULL)
{
/* Does the "QUERY_STRING" env. variable not exist!? */
cgi_errno = CGIERR_NULL_QUERY_STRING;
CGI_RETURN(cgi_errno);
}
else
{
/* Determine the content length by seeing how big the
string is: */
cl = strlen(cgi_query);
}
}
else
{
/* Something else? We can't handle it! */
cgi_request_method = CGIREQ_UNKNOWN;
cgi_errno = CGIERR_UNKNOWN_METHOD;
cgi_num_entries = 0;
CGI_RETURN(cgi_errno);
}
if (cgi_content_type != CGITYPE_MULTIPART_FORM_DATA)
{
/* How many entries (name/value pairs) do we need to
allocate space for? (They should be separated by "&"'s) */
cgi_num_entries = 0;
for (i = 0; i <= cl; i++)
if (cgi_query[i] == '&' || cgi_query[i] == '\0')
cgi_num_entries++;
/* Allocate the space for that many structures: */
cgi_entries = malloc(sizeof(cgi_entry_type) * cgi_num_entries);
if (cgi_entries == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Grab each name/value pair: */
cgi_num_entries = 0;
/* (Begin with the first half of the first pair): */
if (cgi_query[0] != '\0' && cgi_query[0] != '&')
{
cgi_entries[0].name = cgi_query;
cgi_entries[0].content_type = "text/html";
}
/* Go through the entire string of characters: */
for (i = 0; i <= cl; i++)
{
if (cgi_query[i] == '&')
{
/* "&" represents the end of a name/value pair: */
cgi_entries[cgi_num_entries].name = cgi_query + i + 1;
cgi_entries[cgi_num_entries].content_type = "text/html";
cgi_query[i] = '\0';
}
else if (cgi_query[i] == '=')
{
/* "=" is the end of the name half of a name/value pair: */
cgi_entries[cgi_num_entries].val = cgi_query + i + 1;
/* plustospace(cgi_entries[cgi_num_entries].val);
unescape_url(cgi_entries[cgi_num_entries].val); */
cgi_num_entries++;
cgi_query[i] = '\0';
}
}
for (i = 0; i < cgi_num_entries; i++)
{
plustospace(cgi_entries[i].val);
unescape_url(cgi_entries[i].val);
}
}
/* Fix any NULL strings to be empty strings */
/* 2.0.4 - MJ Pomraning ([email protected]) */
for (i = 0; i < cgi_num_entries; i++)
{
if (cgi_entries[i].name == NULL)
cgi_entries[i].name = "";
if (cgi_entries[i].val == NULL)
cgi_entries[i].val = "";
}
}
CGI_RETURN(CGIERR_NONE);
}
