RE: AuthCookieDBI and authen/authz handler debugging...

2002-01-25 Thread Charles Day 

Can you post your relevant httpd.conf?  Assuming you're using the default
login.pl, it's executable, and in the right location per httpd.conf.  Also,
have you tested the connectivity to your db?  I got this error a couple
times, but it was always a DBD:Pg issue if I remember right.  

Charles




-Original Message-
From: Jim Lambert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 24, 2002 6:55 PM
To: modperl
Subject: AuthCookieDBI and authen/authz handler debugging...



2.  I'm trying to use AuthCookieDBI, and I keep getting the following
error: 
"configuration error:  couldn't check user.  No user file?: /LOGIN"

RE: Perl and Microsoft Excel?

2001-11-29 Thread Charles Day 

If you couldn't convince the bosses to db this, you could use .cvs (tab
delimited) instead of .xls, ftp it to your webserver every (cron) and have
perl parse it out.   People love their xls and access files don't they:)
How about dumping the data into MS-SQL and have your db write the .xls file
every (schedule).  Then you can query your db any way you like from your
website, and they can have their nice little xls file too:)

Charles



-Original Message-
From: Ian [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 5:31 PM
To: [EMAIL PROTECTED]
Subject: Perl and Microsoft Excel?
Sensitivity: Private


 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In the wide and wonderful world of Microsoft and Linux, I'm in the
need of an interesting soloution.

I'm presenting this to the list because I've ran out of good ideas.

The campus phone system has a 911 database that is in Microsoft Excel
format, and they want to be able to take that information, and show
it on a webpage, either via a search form, or in one big table.  The
problem is, they want to do it dynamically...the web server needs to
yank it down from a samba share (or ftp), parse it, show it, and
terminate.  

I'm really **really** new at anything perl wise...so I haven't the
foggiest clue as to where I should start.  

I've finally gotten Apache/Mod Perl/Mod SSL installed, and working
properly.  Are there any modules for pulling information from an
excel sheet?  How about modules that keep the overworked admin from
insanity?

Ian


- 
- From RFC 1925: "(3)  With sufficient thrust, pigs fly just fine.
However, this is not necessarily a good idea. It is hard to be sure
where they are going to land, and it could be dangerous sitting under
them as they fly overhead."


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPAa3NHRiiq+WL4fKEQKsRACgutpROPjPllax3Nvfat2R7YERlSQAn35Q
0vwYEFLgdzsz4Dfu98dUJzBy
=Qs9B
-END PGP SIGNATURE-

RE: Cookie authentication

2001-11-15 Thread Charles Day 



John,
 
We 
rolled out cookie authentication (Auth::Cookie) for our secured support 
website around Jan 2001 and we never received one complaint (and our people 
complain about everything:)
 
It 
seems you can't do anything online without having cookies turned on ( yahoo, 
bankone, huntington, ebay, etrade ) and I think internet users have accepted 
this.
 
Although Microsoft is doing it's best to screw this 
up:
 
http://abcnews.go.com/sections/scitech/TechTV/TechTV_IEflaw011109.html

fix:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp
 
Charles
 
 
 
 

  -Original Message-From: John Michael 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, November 15, 2001 3:02 
  PMTo: [EMAIL PROTECTED]Subject: Cookie 
  authentication
  This may seem off subject but, If you bare with 
  me, I don't think it is.  I am interested in using the cookie based 
  system referred to in the programming the apache api book but oftend wonder 
  this.
  Can you count on everyone to use cookies.  
  It seems that some surfers are afraid of cookes are that maybe some browsers 
  don't even handle them.  I wrote a mod perl script to do member traking 
  in my members site to see what pages were being viewed the most and used 
  cookies also to make sure that more than one person was not using a particular 
  username and find that some people either arn't using a browser that uses 
  cookies or do not have them turned on.
  What are your thoughts on this because I thought 
  of implementing the token cookie system but did not because I was afraid I 
  would loose members that did not have or use this feature.
  Can you legimately require surfers to have 
  cookies turned on and do you know of many sites that do this successfully 
  without loosing members.
  Thanks
   
  John Michael
   

RE: fork/CGI/Apache problem

2001-11-02 Thread Charles Day 

You script only printed once for me.

Here's a shortened version I use:

parent stuff above

defined($pid = fork) or die "cannot fork: $!\n";
exit if $pid;
close (STDOUT);

...child stuff below





-Original Message-
From: Marco Kleefman [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 8:30 AM
To: [EMAIL PROTECTED]
Subject: fork/CGI/Apache problem


Hello everybody,

I am new to the list. I have a question I hope you can help me with. It is
not a modperl question, just a normal perl question related to Apache/CGI.

I have this script which forks off a process which does something. I already
encountered the problem of my browser waiting for the child to be finished.
I solved it by closing STDIN/OUT/ERR. But I still have another problem...
Somehow all print statements in my script which occur before the fork-part
of the script are printed twice! I have tried to unbuffer STDOUT, but no
luck until now...

Here's my script:

#! /usr/bin/perl
print "start: pid=$$\n"; # this line gets printed twice!
print "Content-type: text/html\n\n"; # this line gets printed twice!

if (!defined ($pid = fork))
{
die "Unable to fork: $!\n";
}
elsif (! $pid)
{
warn "child: pid=$$\n";

# this is the branch for the child process
close(STDIN); close(STDOUT); close(STDERR);
sleep(60); # pause for 1 minute
 exit; # terminate the child process
}
else
{   # this is the branch for the parent
warn "parent: pid=$$ (child=$pid)\n";
...print some HTML code
exit; # terminate the parent process
}

Best regards,

Marco
The Netherlands

PS I have searched 30 pages of old messages related to forking, but no luck
there! Still I have the feeling that my problem is something trivial... :(

AuthCookie solution

2000-11-15 Thread Charles Day 

Works perfectly.  Excellent idea.  Thank you very much Bill!


# added args to login.pl so we can redirect URL's with arguments during
initial authentication.
my $args = $r->prev->args;

# add the ?
$args = "?".$args if $args;

# put this in the form next to $uri.




# We added the line below to AuthCookie.pm

# original way.
#$r->header_out("Location" => $args{'destination'});

# this works, but is sloppy.
#$r->header_out("Location" => $ENV{HTTP_REFERER});

# best way.
$r->header_out("Location" => $args{'destination'}.$args{'args'});



-Original Message-
From: Bill Moseley [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 03, 2000 5:30 PM
To: Charles Day; '[EMAIL PROTECTED]'
Subject: Re: AuthCookie


At 03:30 PM 11/03/00 -0500, Charles Day wrote:
>The follow also holds true:
>
>http://www.mydomain.com/index.cgi?a=blablabla&b=blablabla
>
>gets redirected to:
>
>http://www.mydomain.com/index.cgi 

If I remember, that's just due to the example in the AuthCookie POD that
uses 
$r->prev->uri to set the destination parameter in the Login script.  uri()
doesn't include the query string, IIRC.

>I've replaced the following line in AuthCookie.pm 
>
>$r->header_out("Location" => "$args{'destination'}");
>
>with:
>
>$r->header_out("Location" => "$ENV{HTTP_REFERER}");

I wouldn't do that as it's client dependent (and in quotes ;).

>And we don't loose the data.  Is there a better mod_perlish way to do this
>and are there buffer overflow risks involved?  

Use a mod_perl handler or Apache::Registry script for the login script, and
include $r->prev->args.  There's probably better ways to get the full URL,
but I just put uri() and args() together.

I suppose if your login.pl script could just place the current fields
passed in on the POST to the destination parameter passed to AuthCookie.
Then your script would get the parameters, they would just be a GET instead
of a POST.  Can be kind of ugly.



Bill Moseley
mailto:[EMAIL PROTECTED]

AuthCookie

2000-11-03 Thread Charles Day 

It's been addressed under LIMITATIONS that if the first unauthenticated
request is a POST, that POSTed data will be lost.

The follow also holds true:

http://www.mydomain.com/index.cgi?a=blablabla&b=blablabla

gets redirected to:

http://www.mydomain.com/index.cgi 

if it's the first unauthenticated request, the POSTed data is indeed lost.

I've replaced the following line in AuthCookie.pm 

$r->header_out("Location" => "$args{'destination'}");

with:

$r->header_out("Location" => "$ENV{HTTP_REFERER}");

And we don't loose the data.  Is there a better mod_perlish way to do this
and are there buffer overflow risks involved?  

Hidden POST data still gets lost, but this will fix my current problem of my
Marketing people sending these broken links around town.  

Thanks,

Charles

RE: maintaining state securely for authentication

2000-10-19 Thread Charles Day 

The best form based login uses Auth::Cookie.  Since you're running MySQL,
you'll want to grab AuthCookieDBI.pm too.  It depends how much account
information the user has.  I have a page that a user can access that
displays his access levels and explains the different access levels.  The
page grabs an ENV variable call TICKET, which I put into space when the user
is authenticated.  If the user has lots of information, you'll want to make
the page a cgi script, have the directory secured, grab the
ENV{REMOTE_USER}, then run another query to get and display his info.
AuthCookie works similar to this instead of the popup window:

https://trading.etrade.com/cgi-bin/gx.cgi/AppLogic+Loginpage

But you don't need all of this to do what you're trying to do.  Just write a
cgi script, have the user put in who he is from a form, query the database,
returning the results to the webpage.  Or, secure the directory, and grab
the ENV{REMOTE_USER} automatically, query the database, and display the
results to the webpage.

Hope this helps.

Charles Day
IT
Symix Systems, Inc.



-Original Message-
From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 12:46 PM
To: Charles Day
Cc: '[EMAIL PROTECTED]'
Subject: RE: maintaining state securely for authentication


Thanks for the tip, true $ENV{REMOTE_USER} is not set unless authenticated
:>

As for the Apache authentication, is there an alternative method of making
this happen other than the pop-up window?  ie can I authenticate w/ Apache
through a form?

I thought of the form login so the script would login the individual, then
output a page with the user's account info.  Can I make the Apache
authentication point to a CGI script which takes these args (index.html with
a redirect to CGI?).  A form-based login would enable picking up user
information for custom post-login pages.

Thanks

..Tom

> -Original Message-
> From: Charles Day [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 12:16 PM
> To: 'Kralidis, Tom'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: maintaining state securely for authentication
> 
> 
> 1.  Apache Authentication, using MySQL to authenticate, and 
> use form based
> webpage with perl backend to query MySQL.  
> 
> 2.  Once the directory is secured, you know who they are at 
> all times by
> calling $ENV{REMOTE_USER}
> 
> Charles Day
> IT
> Symix Systems, Inc.
> 
> 
> 
> -Original Message-
> From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 19, 2000 11:52 AM
> To: '[EMAIL PROTECTED]'
> Subject: maintaining state securely for authentication
> 
> 
> Hi,
> 
> I'm new to the group, and wonder if anyone would have a 
> mod_perl (or even
> CGI) suggestion:
> 
> I am writing an online application enabling users to create 
> accounts, store
> information, and having the ability to edit/update 
> information, provided it
> is under their username.
> 
> All information (users, groups, data) will be stored via MySQL.  The
> database is interfaced through a web application, using 
> mod_perl and CGI
> (Perl).
> 
> All users would initially have to login to the system to authenticate
> themselves.  All updates, etc. done by the users would follow 
> the login, so
> the username/password info would need to be maintain state 
> throughout their
> session, while not giving away the information for potential abusers.
> 
> Question 1: Apache authentication vs. form-based 
> username/password query to
> MySQL?  Pros/cons?
> 
> Question 2: How can I enable users to updata/edit records in 
> the system,
> through the web, while still knowing who they are (as per 
> username/password
> login), over multiple pages throughout a session?
> 
> I have found scenarios such as hotmail or monster.com good 
> examples of what
> I want to accomplish.
> 
> If anyone has some info, online explanations or suggestions 
> to this, it
> would appreciated.  
> 
> Thanks alot
> 
> ..Tom
>

RE: maintaining state securely for authentication

2000-10-19 Thread Charles Day 

1.  Apache Authentication, using MySQL to authenticate, and use form based
webpage with perl backend to query MySQL.  

2.  Once the directory is secured, you know who they are at all times by
calling $ENV{REMOTE_USER}

Charles Day
IT
Symix Systems, Inc.



-Original Message-
From: Kralidis, Tom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 11:52 AM
To: '[EMAIL PROTECTED]'
Subject: maintaining state securely for authentication


Hi,

I'm new to the group, and wonder if anyone would have a mod_perl (or even
CGI) suggestion:

I am writing an online application enabling users to create accounts, store
information, and having the ability to edit/update information, provided it
is under their username.

All information (users, groups, data) will be stored via MySQL.  The
database is interfaced through a web application, using mod_perl and CGI
(Perl).

All users would initially have to login to the system to authenticate
themselves.  All updates, etc. done by the users would follow the login, so
the username/password info would need to be maintain state throughout their
session, while not giving away the information for potential abusers.

Question 1: Apache authentication vs. form-based username/password query to
MySQL?  Pros/cons?

Question 2: How can I enable users to updata/edit records in the system,
through the web, while still knowing who they are (as per username/password
login), over multiple pages throughout a session?

I have found scenarios such as hotmail or monster.com good examples of what
I want to accomplish.

If anyone has some info, online explanations or suggestions to this, it
would appreciated.  

Thanks alot

..Tom

AuthCookie

2000-10-17 Thread Charles Day 

I'm thinking of adding a "locked out" functionality to
AuthCookie/AuthCookieDBI and was wondering if anyone has already attempted
or started this.  It should function much like NT domain authentication.   

Thanks, 

Charles Day
IT
Symix Systems, Inc.

Function Sequence Error

2000-03-31 Thread Charles Day 

Has anyone run into this yet?   

DBI->connect failed: [iODBC][Driver Manager]Function sequence error
(SQL-S1010)(DBD: dbd_db_login/SQLSetConnectOption err=-1) at test.cgi line 8
Died at test.cgi line 8.

Line 8...

$conn = DBI->connect("dbi:ODBC:somedatabase") || die;

Traces show a connect, then error.  Function sequence error may mean I have
handles still open, but even after reinstalling everything?

I'm using DBD:ODBC on a RedHat 6.1 box to connect to a SQL database on NT 4.
It worked for 3 months, but now can't even connect.  I've
installed/reinstalled the following relevant...

NT 4 SP 5
SQL 7
perl 5.6
mod_perl 1.22
DBD:ODBC 0.28
iODBC libiodbc 2.50.3
DBI 1.13
ApacheDBI 0.87
ilinux60
OpenRDA Server 4.00.12

Only thing left is the kernel and RH 6.1

I can still connect to our PostgreSQL databases using Pg...

$conn = DBI->connect("dbi:Pg:somedatabase") || die;

I really really really don't want to write ASP's with IIS *smile*

RE: perl 5.6/mod_perl 1.22/apache 1.3.12

2000-03-29 Thread Charles Day 

Success!  after 4 days.  3 full pages of warnings during the 1.22 Makefile,
I guess I never tried installing mod_perl after this, I kept trying 1.21
with 5.6 and 1.3.12, a,   moron.  

Thanks Doug for taking the blinders off me.

Charles


-Original Message-
From: Doug MacEachern [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 29, 2000 12:27 AM
To: Charles Day
Cc: '[EMAIL PROTECTED]'
Subject: Re: perl 5.6/mod_perl 1.22/apache 1.3.12


On Mon, 27 Mar 2000, Charles Day wrote:

> Just spent half the day trying marry these 3.  mod_perl doesn't build.
> DSO/apxs errors as described by others.

these errors were just warnings, try cvs if you want to get rid of them.
did you have other problems too?

RE: perl 5.6/mod_perl 1.22/apache 1.3.12

2000-03-28 Thread Charles Day 

H, I removed .../apache/src/modules and it failed "couldn't find
.../apache/src/modules/standard directory"

Here was my apache configure script...

./configure \
--prefix=/usr/local/apache \
--activate-module=src/modules/perl/libperl.a

There is no libperl.a and here's the ole error message...

mod_perl.c: In function `perl_handler':
mod_perl.c:783: `PL_siggv' undeclared (first use in this function)
mod_perl.c:783: (Each undeclared identifier is reported only once
mod_perl.c:783: for each function it appears in.)
make[4]: *** [mod_perl.o] Error 1
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/usr/src/apache_1.3.12/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/src/apache_1.3.12'
make: *** [build] Error 2

There is a libperl.module, so I tried agian, with...

--acitvate-module=src/modules/perl/libperl.module

and low an behold, I get an error message "coundn't find libperl.a"

LOL

It installs fine without this --activate-module line, but I think I need
this.

I'm trying AddModule modules/perl/libperl.a into Configuration now.



apache 1.3.12
mod_perl 1.21 
perl 5.6

> 
> -Original Message-
> From: Jim Serio [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 27, 2000 4:08 PM
> To: Charles Day
> Cc: [EMAIL PROTECTED]
> Subject: Re: perl 5.6/mod_perl 1.22/apache 1.3.12
> 
> 
> > Just spent half the day trying marry these 3.  mod_perl doesn't build.
> > DSO/apxs errors as described by others.  Went back to 1.21, apache
doesn't
> > build, PL_siggv errors as described by others.  Don't know what to do
with
> > the modperl 2.0XXX.  I think I'll head back to Mr. stable 5.00503.  Sure
> > wish I knew C.
> 
> I had initial problems with Apache 1.3.12 and mod_perl 1.21
> but after removing the perl modules dir and installing
> mod_perl 1.22 things compiled without any problems. I
> suggest you try a clean Apache and mod_perl source tree.
> 
> Jim
> 


-- 
Jim Serio - [EMAIL PROTECTED]
Producer, World of Coasters