*********************************************** Do NOT Install This Version Of The CGI Script! We will give you the URL of an updated version of this CGI script before the Publius Live Trial Begins. ********************************************** #! /usr/local/bin/perl -w # publius_cgi_script.pl # Copyright 1999, 2000 New York University # Written By Marc Waldman # Publius Project Home Page - http://www.cs.nyu.edu/waldman/publius # E-mail address - publius@cs.nyu.edu use strict; use CGI; use HTTP::Status; use Cwd; my $publiusFileDir="/home/user/public_html/cgi-bin/publius_content"; sub returnErrorCode{ my ($errorCode,$explanation)=@_; print "Status: $errorCode $explanation\n\n"; exit 0; } sub publish{ my ($query,$directory)=@_; my $share=$query->param("share"); my $password=$query->param("password"); my $file=$query->param("file"); if ((!$share) || (!$password) || (!$file)) { returnErrorCode(RC_BAD_REQUEST,"Incomplete Request"); } $directory="$publiusFileDir/$directory"; if (chdir($directory)){ # can't write into existing directory, only Publius Update can returnErrorCode(RC_UNAUTHORIZED,"Directory Already Exists"); } mkdir($directory,0700) || returnErrorCode(RC_UNAUTHORIZED,"Couldn't Create Directory"); chdir($directory) || returnErrorCode(RC_UNAUTHORIZED,"Couldn't Write In Directory"); open (OUT,">share"); print OUT $share; close OUT; open (OUT,">password"); print OUT $password; close OUT; open (OUT,">file"); print OUT $file; close OUT; returnErrorCode(RC_OK,"Published"); } sub readFileIntoString{ my $fileName=shift @_; my $fileContents; open (FILE, $fileName) || return (-1,\("Could Not Open File ".$fileName."\n")); local $/; # clear input separator $fileContents=; return (0,\$fileContents); } sub update{ my ($query,$directory)=@_; my $updateURL=$query->param("updateURL"); my $password=$query->param("password"); $directory="$publiusFileDir/" . $directory; chdir($directory) || returnErrorCode(RC_BAD_REQUEST,"Directory Does Not Exist"); my ($errorCode,$storedPasswordRef)=readFileIntoString("password"); if ($errorCode<0){ returnErrorCode(RC_UNAUTHORIZED,"Couldn't Read Password File"); } if ($password ne $$storedPasswordRef){ returnErrorCode(RC_UNAUTHORIZED,"Incorrect Password"); } else{ open(OUT,">update"); print OUT $updateURL; close(OUT); returnErrorCode(RC_OK,"Updated"); } } sub del{ my ($query,$directory)=@_; my $password=$query->param("password"); my $fullpath="$publiusFileDir/$directory"; chdir($fullpath) || returnErrorCode(RC_BAD_REQUEST,"Directory Does Not Exist"); my ($errorCode,$storedPasswordRef)=readFileIntoString("password"); if ($errorCode<0){ returnErrorCode(RC_UNAUTHORIZED,"Couldn't Read Password File"); } if ($password ne $$storedPasswordRef){ returnErrorCode(RC_UNAUTHORIZED,"Incorrect Password"); } else{ unlink("file","share","password","update") || returnErrorCode(RC_BAD_REQUEST,"unlink failed"); chdir("..") || returnErrorCode(RC_BAD_REQUEST,"Couldn't Leave Directory"); rmdir($directory) || returnErrorCode(RC_UNAUTHORIZED,"Deleted Files, Unable to Delete Directory"); returnErrorCode(RC_OK,"Deleted"); } } sub retrieve{ my ($query,$directory,$file_or_share)=@_; chdir ("$publiusFileDir/$directory") || returnErrorCode(RC_BAD_REQUEST,"Directory Does Not Exist"); if (-e "update"){ print $query->header(-type=>'application/octet-stream', -status=>'200 OK', 'update'=>'1', ); open(FH,"update"); while($_=){ print $_; } close(FH); } elsif ($file_or_share eq "S"){ # retrieve a share print $query->header(-type=>'application/octet-stream', -status=>'200 OK', 'update'=>'0', ); open(FH,"share"); while($_=){ print $_; } close(FH); } else{ # send the encrypted file print $query->header(-type=>'application/octet-stream', -status=>'200 OK', 'update'=>'0', ); open(FH,"file"); while($_=){ print $_; } close(FH); } } sub main{ my $query=CGI::new(); my $command=$query->param("command"); my $directory=$query->param("directory"); if ((!$command) || (!$directory)){ returnErrorCode(RC_BAD_REQUEST,"Incomplete Request"); } elsif ($directory =~ /[^\dA-Fa-f]/){ returnErrorCode(RC_BAD_REQUEST,"Illegal Directory Name"); } else{ if ($command eq "PUBLISH"){ publish($query,$directory); } elsif ($command eq "DELETE"){ del($query,$directory); } elsif ($command eq "UPDATE"){ update($query,$directory); } elsif ($command eq "RETRIEVE_S"){ # retrieve a share retrieve($query,$directory,"S"); } elsif ($command eq "RETRIEVE_F"){ # retrieve a file retrieve($query,$directory,"F"); } } } main()