Why were you even using:
WSGIScriptAlias /wsgi-scripts/ /home/nitin/wsgi-scripts/index.py
in the first place?
What is significant about the /wsgi-scripts/ URL prefix?
Is that actually relied on by anything if so, how?
What else is in the /home/nitin/wsgi-scripts directory besides .py, .py~,
httpd.conf and the linked subdirectories?
This mix of file types and the fact that you had DocumentRoot set to that
directory meant you potentially have a huge security hole where your source
code could be downloaded by accessing the editor backup files. It would also
have been possible to download your httpd.conf and possibly whatever was in the
calimgs and fullcalendar-1.5.1 directories. Or do you also have some
requirement in the case of the subdirectories that they exist so static file
assets can be accessed from a browser?
There is one very very big reason why it is a good idea to use a web framework.
That is because the people who write them design them so they have good
security and follow best practices. Your setup with the way you have arranged
things and trying to use WSGI is opening yourself up to big security issues
were stuff isn't protected because you are putting it into a directory that
Apache serves up files from. I really don't know if I can guide you in fixing
those problems as it simply is a bad way of going about it.
Graham
On 23/01/2015, at 9:01 PM, nitin chandra <[email protected]> wrote:
> List of scripts in /home/nitin/wsgi-scripts
>
> addusers.py
> addusers.py~
> admin.py
> admin.py~
> calimgs --> Directory
> continuePh.py
> continuePh.py~
> continue.py
> continue.py~
> dateWiseList.py
> dateWiseList.py~
> editPatient.py
> editPatient.py~
> fullcalendar-1.5.1 --> Directory
> home.py
> home.py~
> httpd.conf
> index.py
> index.py~
> insertBasic.py
> insertNew.py
> insertNew.py~
> .... more (abridged list)
>
> flow of application
>
> when we enter healthcare.in browser, first page
>
> index.py --> enter username and password. As this is still in
> development, I enter my name and both. Same is set in DB too.
>
> when we login successfully
>
> home.py --> this page has links to other pages like, insertBasic.py,
> editPatient.py, dateWiseList.py, etc
>
> Please dont advice to use a frame work. I am VERY HAPPY with just mod_wsgi. :)
>
> my index.py and login.py are pasted below.
> ==============================================================
>
> index.py
> -----------
>
> #!/usr/bin/env python
>
> import os, re, sys
> from datetime import datetime
> from pymongo import MongoClient
>
> class Handler:
> def do(self, environ, start_response):
>
> html = """
> <html><head><title>Informatics</title>
> </head><body bgcolor=aquamarine>
> <form method="post" action="login.py">
> User Name :<input type="text" name="uname"><br><br>
> Password   :<input type="password" name="paswd1"><br><br>
> <input type="submit" Value="Log In">
> </form>
> </center>
> </body></html>"""
>
> output = html
> mimeType = "text/html"
>
> status = "200 OK"
> response_headers = [("Content-type", mimeType),
> ("Content-length", str(len(output)))]
>
> start_response(status, response_headers)
> return [output]
>
> # wsgi entry point
> def application(environ, start_response):
> handler = Handler()
> return handler.do(environ, start_response)
>
> =======================================
> login.py
> ------------
> #!/usr/bin/env python
>
> import os, sys, string
> import cgi, base64
> from pymongo import MongoClient
>
> class Handler:
> def do(self, environ, start_response):
> form = cgi.FieldStorage(fp=environ['wsgi.input'],
> environ=environ)
>
> html = """
> <html><head><title>Informatics</title>
> </head><body bgcolor=aquamarine>
> """
> uname = form.getvalue('uname').lower()
> paswdT = form.getvalue('paswd1').lower()
> paswd1 = base64.b64encode(paswdT)
>
> connection = MongoClient('localhost', 27017)
> db = connection.health
> tc = list(db.tb_users.find({'user' : uname}))[0] --> work
> in python prompt
> # tc = db.tb_users --> Old code
> #html = ''+ str(uname)+'<br><br>' --> Old code
> #userT = tc.find_one( { 'user' : uname } ) --> Old code
> user = str(tc.pop('user')) --> work in python prompt
> password = tc.pop('password') --> work in python prompt
>
> if all ( [ uname == user, paswd1 == password ] ):
>
> html = """
> <meta http-equiv="refresh"
> content="0;url=http://www.healthcare.in/home.py"; />
> """
> else:
> html = '<center><b><h3>User / Password dont
> match.</h3></b></center>'
> html += '<center><b><h3>Click on \'Back\' button on
> browser to try again.</h3></b></center>'
> html += """</center>
> </body></html>"""
>
> output = html
> mimeType = "text/html"
>
> status = "200 OK"
> response_headers = [("Content-type", mimeType),
> ("Content-length", str(len(output)))]
>
> start_response(status, response_headers)
> return [output]
>
> # wsgi entry point
> def application(environ, start_response):
> handler = Handler()
> return handler.do(environ, start_response)
> ================================================
> home.py
> ------------
>
> #!/usr/bin/env python
>
> import os, re, sys
> from pymongo import MongoClient
> import base64
>
> class Handler:
> def do(self, environ, start_response):
> connection = MongoClient('localhost', 27017)
> db = connection.health
> tc = db.tb_users
> tcT = db.tb_users.count()
> paswd = base64.b64encode('admin123')
> if tcT == 0 :
> tc.insert({'user' : 'admin', 'password' : paswd})
> else :
> pass
>
> html = """
> <html><head><title>Informatics</title></head><body
> bgcolor=aquamarine><body>
>
>          
> <A HREF="patient.py">New Patient</a>
>          
> <A HREF="intense.py">Intensive Phase</A>
>          
> <A HREF="continue.py">Continuation Phase</A><br><BR>
> <A HREF="admin.py">Admin
> Page</A>         
> <A HREF="patientInfo.py">Edit
> Patient</A>         
> <a href="reportsList.py">Reports</a><br><br><br>
> <A href="index.py">Log Out</a>
> </center>
> </body></html>"""
>
> output = html
> mimeType = "text/html"
>
> status = "200 OK"
> response_headers = [("Content-type", mimeType),
> ("Content-length", str(len(output)))]
>
> start_response(status, response_headers)
> return [output]
>
> # wsgi entry point
> def application(environ, start_response):
> handler = Handler()
> return handler.do(environ, start_response)
>
>
> On 23 January 2015 at 03:34, Graham Dumpleton
> <[email protected]> wrote:
>> What do you actually have in the directory:
>>
>> /home/nitin/wsgi-scripts
>>
>> Up till now you have given the impression you only have a single WSGI
>> application script file called index.py.
>>
>> You are now mentioning a home.py file, which suggests you have more than one
>> WSGI script file in that directory.
>>
>> Your prior description overall of what you expect to happen when you visit
>> different URLs therefore appears to be incomplete.
>>
>> So can you describe better how your overall WSGI application hangs together
>> and whether you are using one WSGI script file with some sort of framework
>> which does routing or whether you have separate WSGI script files for
>> different URLs.
>>
>> If you have multiple WSGI script files, then the configuration required
>> would be different.
>>
>> If you don't but you are not using a framework, then you are likely not
>> constructing relative links for access over resources in your application
>> correctly.
>>
>> Graham
>>
>> On 23/01/2015, at 6:54 AM, nitin chandra <[email protected]> wrote:
>>
>>> After saying Thank You, can I still ask for a way to resolve my issue ? :P
>>>
>>> The page is displayed, but the subsequent links to other page do not
>>> load those pages. The same page reloads or refreshes. Like Index /
>>> log-in page, after entering the username and password, remains the
>>> same.
>>>
>>> Renamed my home.py to index.py, which has more links, none of the
>>> linksp page opened. Same page, index.py / home.py, page renders.
>>>
>>> ===============================================
>>>
>>> Below is from apache error.log
>>>
>>> [Fri Jan 23 00:50:22.963557 2015] [core:notice] [pid 11649] AH00094:
>>> Command line: '/usr/sbin/apache2'
>>> [Fri Jan 23 01:07:28.628276 2015] [mpm_prefork:notice] [pid 11649]
>>> AH00169: caught SIGTERM, shutting down
>>> [Fri Jan 23 01:07:29.807991 2015] [mpm_prefork:notice] [pid 11945]
>>> AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.5 mod_wsgi/3.4
>>> Python/2.7.6 configured -- resuming normal operations
>>> [Fri Jan 23 01:07:29.808091 2015] [core:notice] [pid 11945] AH00094:
>>> Command line: '/usr/sbin/apache2'
>>> [Fri Jan 23 01:11:31.669262 2015] [mpm_prefork:notice] [pid 11945]
>>> AH00169: caught SIGTERM, shutting down
>>> [Fri Jan 23 01:11:32.740238 2015] [mpm_prefork:notice] [pid 12162]
>>> AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.5 mod_wsgi/3.4
>>> Python/2.7.6 configured -- resuming normal operations
>>> [Fri Jan 23 01:11:32.740330 2015] [core:notice] [pid 12162] AH00094:
>>> Command line: '/usr/sbin/apache2'
>>>
>>> =====================================================
>>> Mongodb logs
>>>
>>> 2015-01-23T00:50:44.031+0530 [clientcursormon] connections:3
>>> 2015-01-23T00:50:44.128+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:46995 #12 (4 connections now open)
>>> 2015-01-23T00:50:44.129+0530 [conn12] end connection 127.0.0.1:46995
>>> (3 connections now open)
>>> 2015-01-23T00:50:44.240+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:46996 #13 (4 connections now open)
>>> 2015-01-23T00:50:44.241+0530 [conn13] end connection 127.0.0.1:46996
>>> (3 connections now open)
>>> 2015-01-23T00:50:45.675+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:46997 #14 (4 connections now open)
>>> 2015-01-23T00:50:45.676+0530 [conn14] end connection 127.0.0.1:46997
>>> (3 connections now open)
>>> 2015-01-23T00:50:45.707+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:46998 #15 (4 connections now open)
>>> 2015-01-23T00:50:45.711+0530 [conn15] end connection 127.0.0.1:46998
>>> (3 connections now open)
>>> 2015-01-23T00:52:42.450+0530 [PeriodicTaskRunner] task:
>>> DBConnectionPool-cleaner took: 11ms
>>> 2015-01-23T00:52:42.544+0530 [PeriodicTaskRunner] task:
>>> WriteBackManager::cleaner took: 45ms
>>> 2015-01-23T00:53:44.070+0530 [clientcursormon] mem (MB) res:15 virt:1193
>>> 2015-01-23T00:53:44.070+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T00:53:44.070+0530 [clientcursormon] connections:3
>>> 2015-01-23T00:55:56.630+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:47029 #16 (4 connections now open)
>>> 2015-01-23T00:55:57.141+0530 [conn16] end connection 127.0.0.1:47029
>>> (3 connections now open)
>>> 2015-01-23T00:55:57.710+0530 [initandlisten] connection accepted from
>>> 127.0.0.1:47030 #17 (4 connections now open)
>>> 2015-01-23T00:55:57.712+0530 [conn17] end connection 127.0.0.1:47030
>>> (3 connections now open)
>>> 2015-01-23T00:58:44.088+0530 [clientcursormon] mem (MB) res:14 virt:1193
>>> 2015-01-23T00:58:44.088+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T00:58:44.088+0530 [clientcursormon] connections:3
>>> 2015-01-23T01:03:44.106+0530 [clientcursormon] mem (MB) res:14 virt:1193
>>> 2015-01-23T01:03:44.106+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T01:03:44.106+0530 [clientcursormon] connections:3
>>> 2015-01-23T01:08:44.125+0530 [clientcursormon] mem (MB) res:14 virt:1193
>>> 2015-01-23T01:08:44.125+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T01:08:44.125+0530 [clientcursormon] connections:3
>>> 2015-01-23T01:13:44.143+0530 [clientcursormon] mem (MB) res:14 virt:1193
>>> 2015-01-23T01:13:44.144+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T01:13:44.144+0530 [clientcursormon] connections:3
>>> 2015-01-23T01:18:44.162+0530 [clientcursormon] mem (MB) res:14 virt:1193
>>> 2015-01-23T01:18:44.162+0530 [clientcursormon] mapped (incl journal
>>> view):992
>>> 2015-01-23T01:18:44.162+0530 [clientcursormon] connections:3
>>>
>>>
>>>
>>>
>>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/modwsgi.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
