|I'd like to learn. anyone want to help me get started?|
I'm wanting to learn the basics of scripting for use on my sites and client sites. I am doing ok with the basic stuff like getting through form code, etc... but only on the site side. I am not able to figure out what has to happen on the server side and what needs to go where. I am gathering there are some potential security problems, etc and that not all hosts will allow scripting. Fantastic.
I don't plan to even try to become an expert in any way, just want to be able to meet my client's needs as they arise. It would be great if they all hosted with small independent hosting services that had reliable and accessible tech support that I could work with, but they generally don't.:(
Can anyone answer some basics for me? Like.. what has to go on the server side (CGI-BIN I *think*) to handle form code? Is this a security issue? Do you generally need special permission to use form scripts?
A little basic help would be much appreciated. thanks
the cgi-bin ist basically just a directory where scripts and programs go. everything inside a cgi-bin is treated as an executable and will be executed when requested via http, so you cannot put images in there and see them with your browser. CGI-Scripts _can_ go there but they don't have to. With most providers it's enough to name the file script.pl or script.cgi to get it treated as a cgi-script.
To handle the forms the browser submits, you need a cgi-script. There are quite a few out there for your everyday needs but it's not too hard to learn basic skills to send emails or write infos into a text file.
Wether security issues arise depends on the script itself. The basic idea to get a secure script: never trust the users. Don't use a variable the user sends to you as a filename, he could put malicious data in and read or write important files etc.
You'll not need special permissions to use cgi-scripts (a form handler is just one of many uses), but your host has to support it. When there's a cgi-bin, they usually do.
If you want to test, remember: all cgi-scripts have to be made executable, so set permissions of 755 on them (look for the CHMOD command in your ftp client).
Omgosh.... thank you! The 755 was a mystery to me. I had asked a client's hosting service about permissions and they simply said 755 without any extra info. Amen.
This is awesome help.
The scripts don't look too scary, just unfamiliar syntax and stuff. I write hand code xhtml and css anyway. It just seems that most people offering scripts for free assume people seeking them already know the "dummies" questions.
when you say to not use a variable a user sends as a filename... what do you mean? How would that show up... or what would that scenario look like? I mean... suppose I have a form up and it's working as it should. User comes in and fills in the form info... where would they be putting the variable you are mentioning? How would it show up to me or my client in what we would see?
thanks so much for the help,,,
I am getting lost :(
I can't find a reliable script that I can make work.... that's me, not the script, i'm sure.
Ok.. so I am using cyberduck. Anyone know how to find and set this 755 permission thing? I don't know what CHMOD means...
An example of insecure use of a user supplied variable would be if you'd save the form data to a file and used the filename from a hidden field in the form. Someone could just bogus filenames in that field.
To set permissions with cyberduck, see this help page [webmaster.iu.edu]
Maybe I can help--been in the boat (I still wear a lifejacket though). First, does your server allow you to run cgi/pl files(scripts)..that is, do you have permission to run such a program. You should be able to find this information out from your webhost.
Next, what kind of script did you want to run? If it is something simple like a form processing script which emails you the results I can put one together for you in pretty quick time. If more than that and you are using a downloaded script maybe I can get you squared away also.
Seeing as how you write your own html and css pages you are probably already familiar with ftp programs. As far as CHMOD is concerned, you should be able to get info on that in your ftp help files. Usually all you have to do is right click a file (one that is already on the server) and often the word CHMOD comes up(with mine it is under properties).
If you already have things under control that is good also. Good luck.