Dream.In.Code > Programming Help > Perl and Python

Welcome to Dream.In.Code
	Become an Expert! Join 149,609 Programmers for FREE! Get instant access to thousands of experts, tutorials, code snippets, and more! There are 1,874 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a Expert

Need Help and suggestions for my perl program

Reply to this topic

Start new topic

Need Help and suggestions for my perl program, Need Help and suggestions for my perl program

daccman	25 Aug, 2007 - 09:06 AM Post #1
New D.I.C Head Joined: 25 Aug, 2007 Posts: 4 My Contributions	Hello I am new to programming in Perl. I am trying to build an application for helping me with server admin functions. I would like to try to build it up bit by bit, one function at a time. My first task is to try and build a module to add an ftp user to a mysql database. So far I have accomplished adding a ftp user to a mysql database with my perl program but I have tried to add some error checking to make sure they are adding the right information. Here is where I would like to know if some one can help me with my code. And before some one asks no this is not home work. This is for personal server. 1. clear the form after adding a user to make sure the user is not entered a second time. 2. Error checking to make sure the right information is in inputed. 3. To let the admin know that the ftp user has been entered successfully and or the ftp user is already in the database. Here is my code: CODE #!/usr/bin/perl -wT use DBI; use CGI; use CGI::Carp qw(warningsToBrowser fatalsToBrowser); use strict; #### main program ### DB Connect my $dbpath = "dbi:mysql:database=pureftpd;host=localhost:3306"; my $dbh = DBI->connect($dbpath, "user", "pass") or die "Can't open database: $DBI::errstr"; my $method = "Post"; my $action = "addftpuser.pl"; ###Any fileds may be used in the form as long as you define them below ex.($cgi->textfield('$whatever','value'); define below$ ###as my $whatever = $cgi->param('$Whatever'); my $cgi = CGI->new; print $cgi->header; &check_empty($cgi); print $cgi->start_html("Add FTP User"); print $cgi->startform($method,$action); print "<center><table border='0' cellpadding='0' cellspacing='0' width='100%' id='AutoNumber2'>\n"; print "<tr><td width='33%'>Enter a New FTP User Name:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$User',''); print "</td></tr>\n"; print "<br>\n"; print $cgi->hidden('$Status','1'); print "<tr><td width='33%'>Enter a Password For FTP User, The Password will be stared out:</td>\n"; print "<td width='67%'>\n"; print $cgi->password_field('$Password',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter FTP Home Dir ex.(/home/domainname):</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$Dir',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter FTP Users Bandwidth for Uploading:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$ULbandwidth',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter FTP Users Bandwidth for Downloading:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$DLbandwidth',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter any Comments for FTP Account:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$Comment',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter the Quota Size for FTP Storage Used:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$QuotaSize',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'>Enter the Quota For Files Amount of Files Allowed:</td>\n"; print "<td width='67%'>\n"; print $cgi->textfield('$QuotaFiles',''); print "</td></tr>\n"; print "<br>\n"; print "<tr><td width='33%'></td><td>\n"; print $cgi->submit('submit','Add Ftp User'); print "</td></tr>\n"; print "</table></center>\n"; print $cgi->endform; ###Colleting Configurable variables from the form. my $user = $cgi->param('$User'); my $password = $cgi->param('$Password'); my $status = $cgi->param('$Status'); my $dir = $cgi->param('$Dir'); my $ulband = $cgi->param('$ULbandwidth'); my $dlband = $cgi->param('$DLbandwidth'); my $comment = $cgi->param('$Comment'); my $size = $cgi->param('$QuotaSize'); my $files = $cgi->param('$QuotaFiles'); ###Define an array for checking empty fields my @field_list = ('$User','$Password','$Dir'); ###sub process_form { ###Define Mysql Query my $query = "INSERT INTO ftpd (User, Status, Password, Dir, ULBandwidth, DLBandwidth, Comment, QuotaSize, QuotaFiles) VALUES $ '$status',MD5('$password'),'$dir','$ulband','$dlband','$comment','$size','files')"; ###insert values into database $dbh->do($query) or die "$DBI::errstr"; ###Can't have empty Fields for User and Password ###Checking to see if they are empty sub check_empty { if ($cgi->param('$User') eq "" or $cgi->param('$Password') eq "" or $cgi->param('$Dir') eq ""){ &dienice ("Please Fill Out the Required Fields for FTP User, Ftp Password, and/or FTP Home Dir. The Other Fields are Option$ } } ###Die with error message. sub dienice { my($errmsg) = @_; print "<h2>Error</h2>\n"; print "<p>$errmsg</p>\n"; print $cgi->end_html; return; } exit 0; Can anyone help me with this perl program this is about my 5 perl program and is a bit more complex then just a simple "Hello World" script? Thanks in advance This post has been edited by daccman: 25 Aug, 2007 - 10:00 AM
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

KevinADC	RE: Need Help And Suggestions For My Perl Program 25 Aug, 2007 - 10:38 PM Post #2
D.I.C Head Joined: 23 Jan, 2007 Posts: 238 Thanked: 6 times Dream Kudos: 50 My Contributions	QUOTE 1. clear the form after adding a user to make sure the user is not entered a second time. This is documented in the CGI module documentation. QUOTE 2. Error checking to make sure the right information is in inputed. Hard to help when we don't know what the input should be or should not be. QUOTE 3. To let the admin know that the ftp user has been entered successfully and or the ftp user is already in the database. Let the admin know how? By email? By fax? By text message? Your naming convention is very unusual: CODE $cgi->textfield('$User',''); At first glance this appears to be a syntax error since you have what appears to be a perl scalar wrapped in single-quotes: '$User' But I guess that is the name of the form field. I suggest you don't continue on like this, drop the "$" symbol from your form field names. This just seems like a very bad idea.
	This Post Was Helpful!

daccman	RE: Need Help And Suggestions For My Perl Program 26 Aug, 2007 - 07:02 AM Post #3
New D.I.C Head Joined: 25 Aug, 2007 Posts: 4 My Contributions	Hey Thanks for the reply. I must have missed clearing a form in the documentation. I will have a look again. First off the input I want to make sure is inputed is the user name and password as well as the home dir. these would be required fields. As you can see from my code I have tried to do this I believe this is working but wanted to make sure of the syntax and maybe there is an easier way of doing this. With checking if the ftp user is in the database I know you should count the rows or something like that to see if the user is already in the database, just not sure of the code. As far as my textfield naming convention I was using some examples from some code snippets from the book I have. If this seems like a bad idea maybe you could give me an example of code that you would use in this case. For the letting admin know it was successfull A normal html page that has checked to see if the ftp user has been entered into the database. I may have to rewrite some of my code but I would rather have it done right. Any help with this would be great. I don't mind doing the work but some code examples do help me in my understanding how to put it all together. I am still learning perl so I rather do it right. Thanks again for your reply and your input. Daccman This post has been edited by daccman: 26 Aug, 2007 - 07:06 AM
	This Post Was Helpful!

KevinADC	RE: Need Help And Suggestions For My Perl Program 26 Aug, 2007 - 12:38 PM Post #4
D.I.C Head Joined: 23 Jan, 2007 Posts: 238 Thanked: 6 times Dream Kudos: 50 My Contributions	You said in your fist post: QUOTE "2. Error checking to make sure the right information is in inputed." In your next post you said: QUOTE "First off the input I want to make sure is inputed is the user name and password as well as the home dir. these would be required fields. As you can see from my code I have tried to do this I believe this is working but wanted to make sure of the syntax and maybe there is an easier way of doing this." Your code is only checking that the required form fields are not empty. That is the most basic type of user input validation you can do. If that is all you want to do then your code is OK. But the user could enter all spaces or some other useless (or dangerous) information in the form field and your script will accpet it and try and process it. The first rule of CGi programming is: Never trust user input the second rule is: Treat user input like poison the third rule is: All user input is bad the forth rule is...... I think you get the picture by now You must validate all input from a form. If you only expect numbers from a form field make sure there are no non-numbers: CODE if (/\D/) { "danger danger!" } this also applies to your hidden form fields. Think about what the input should be then write some regexps that validate the expected input. Reject anything that is unexpected. Validating the directory is especially important. You don't want the user entering the name/path of just any directory otherwise you will be hacked in no time by a malicious user. (Damned those users anyway!) As far as naming your form fileds, drop the "$" in the names, thats all you need to do. If you have: CODE <input type="text" name="$User"> change it to: CODE <input type="text" name="User"> in your perl code remove the "$" in the names: CODE print $cgi->textfield('User',''); my $user = $cgi->param('User'); Don't use the '-w' switch on the shebang line CODE #!/usr/bin/perl -wT use the warnings pragma instead: CODE #!/usr/bin/perl -T use warnings; This is much more flexible. You can then use: CODE no warnings; in your code to turn off warnings in blocks of code where the warnings are a nuisance instead of any real value to help debug code or alert you to potential problems. QUOTE For the letting admin know it was successfull A normal html page that has checked to see if the ftp user has been entered into the database. Then you have to write an html file and add the information the admin wants to see: user Joe Blow was addedd succesfully on August, 25th, 2007 at 12:00 or whatever is appropriate. But there are a few ways you could go about doing something like this. Writing an html page is easy but not very flexible or scalable for future revisions. QUOTE With checking if the ftp user is in the database I know you should count the rows or something like that to see if the user is already in the database, just not sure of the code. Unfortunately, I am so rusty with database stuff I can't help you there. Counting rows does not sound like the way to go though. Hopefully someone else will read this thread and have a suggestion. This post has been edited by KevinADC: 26 Aug, 2007 - 12:39 PM
	This Post Was Helpful!

rahulbatra	RE: Need Help And Suggestions For My Perl Program 27 Aug, 2007 - 04:31 AM Post #5
D.I.C Head Joined: 28 Dec, 2005 Posts: 165 Dream Kudos: 275 My Contributions	The simplest way to check if the user already exists in the database would be to check if the user name is already present in the DB, provided we assume the usernames are unique in all cases. CODE my $lookup_sth = $dbh->prepare( "SELECT * FROM user_table where test_key='".$user_name."'" ); $lookup_sth->execute(); if (@data = $lookup_sth->fetchrow_array()) { // The user already exists in the DB, disallow dupes } else { // Go ahead with the insert operation } Note that the above method would sequentially go through the rows to check if the user with the same name exists. Since this can be costly for very large databases, you may want to create an index for the username coloumn. See if your DBMS supports the same.
	This Post Was Helpful!

daccman	RE: Need Help And Suggestions For My Perl Program 28 Aug, 2007 - 06:35 AM Post #6
New D.I.C Head Joined: 25 Aug, 2007 Posts: 4 My Contributions	Hello Thanks for your suggestions. I have changed my code to reflect some of your suggestions. But I also would like to understand why it is a bad idea to have values like CODE '$User' instead of CODE 'User' without the dollar sign. I just know at this point that some person that knows perl has told me that it is a bad idea. Do you see my point. I do appreciate your help with this. I do apologize for any confusion in my posts I am trying to be as clear as I can be. Yes the user input fields for -User, Password, Home Dir- checks to see if they are empty but I also trying to figure out how to implement some sort of validation for it so like you had mentioned, people don't try and to fill in blanks spaces. Here is another question. I was thinking about what you had said about QUOTE Validating the directory is especially important. You don't want the user entering the name/path of just any directory otherwise you will be hacked in no time by a malicious user. (Damned those users anyway!) is there maybe a way that when the user is created it automatically creates the home directory for them from there user name. That would be easier then them entering a home directory and solve the security issue? I can't thank you people enough for the help. I do appreciate it. Daccman
	This Post Was Helpful!

KevinADC	RE: Need Help And Suggestions For My Perl Program 28 Aug, 2007 - 10:21 AM Post #7
D.I.C Head Joined: 23 Jan, 2007 Posts: 238 Thanked: 6 times Dream Kudos: 50 My Contributions	QUOTE(daccman @ 28 Aug, 2007 - 07:35 AM) Hello Thanks for your suggestions. I have changed my code to reflect some of your suggestions. But I also would like to understand why it is a bad idea to have values like CODE '$User' instead of CODE 'User' without the dollar sign. I just know at this point that some person that knows perl has told me that it is a bad idea. Do you see my point. If you really want to use the dollar sign you can. But I think any experienced perl code would advise against it. As long as you understand the difference between $User and "$User" and '$User' you can get away with this ill-advised naming scheme. But since $User looks like a perl scalar, and is a perl scalar except when wrapped in single-quotes, there is no benefit to using such a naming convention and it's obvious it can lead to problems. QUOTE(daccman @ 28 Aug, 2007 - 07:35 AM) I was thinking about what you had said about QUOTE Validating the directory is especially important. You don't want the user entering the name/path of just any directory otherwise you will be hacked in no time by a malicious user. (Damned those users anyway!) is there maybe a way that when the user is created it automatically creates the home directory for them from there user name. That would be easier then them entering a home directory and solve the security issue? Yes, that can be done. You define a path to were the user directories will be stored: my $user_dirs '/path/to/users'; the user enters a name to use and you validate the name, make sure it is not too short or too long, remove any characters that do not conform to a strict set of rules for usernames, like there can be no dots in usernames, best to stick with a restricted character class: [a-zA-Z0-9_-] with a minimum of 6 characters (must include at least one leading alpha character) and a maximum of maybe 20 to 30 characters.
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 1/8/09 12:08AM

Invision Power Board v2.1.7 © 2009 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | Linux Tutorials | PHP Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials | ASP.NET Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36
Server: secure2

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Be Social

Live Help!

Tutorials

Programming

Web Development

Reference Sheets

Code Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month