Difference between revisions of "Trillex - programming in perl with cgi and dbi"
| Line 9: | Line 9: | ||
== The Script == | == The Script == | ||
| + | <nowiki> | ||
| + | #!/usr/bin/perl | ||
| + | use strict; | ||
| + | use warnings; | ||
| + | use CGI; | ||
| + | use DBI; | ||
| + | use CGI::Carp qw(fatalsToBrowser); | ||
| + | |||
| + | print CGI::header(); | ||
| + | |||
| + | my $username = dbquote(CGI::param('user')); | ||
| + | my $status = dbquote(CGI::param('status')); | ||
| + | my $password = dbquote(CGI::param('password')); | ||
| + | my $uid = dbquote(CGI::param('uid')); | ||
| + | my $gid = dbquote(CGI::param('gid')); | ||
| + | my $dir = dbquote(CGI::param('dir')); | ||
| + | my $upload = dbquote(CGI::param('upload')); | ||
| + | my $download = dbquote(CGI::param('download')); | ||
| + | my $comment = dbquote(CGI::param('comment')); | ||
| + | my $ipaccess = dbquote(CGI::param('ipaccess')); | ||
| + | my $quotasize = dbquote(CGI::param('quotasize')); | ||
| + | my $quotafiles = dbquote(CGI::param('quotafiles')); | ||
| + | |||
| + | unless($username) { | ||
| + | print <<PAGE; | ||
| + | <h1>Add a FTP account</h1> | ||
| + | <form action=testadddatabase.pl method=post> | ||
| + | Username: <input type=text name=user><br> | ||
| + | Status: <input type=text name=status><br> | ||
| + | Password: <input type=text name=password><br> | ||
| + | User ID: <input type=text name=uid><br> | ||
| + | Group ID: <input type=text name=gid><br> | ||
| + | Home Dir: <input type=text name=dir><br> | ||
| + | Upload Limit: <input type=text name=upload><br> | ||
| + | Download Limit: <input type=text name=download><br> | ||
| + | Comment: <input type=text name=comment><br> | ||
| + | IP Access: <input type=text name=ipaccess><br> | ||
| + | Quota Size: <input type=text name=quotasize><br> | ||
| + | Quota Files: <input type=text name=quotafiles><br> | ||
| + | <input type=submit value="Add an FTP account"> | ||
| + | </form> | ||
| + | PAGE | ||
| + | |||
| + | exit; | ||
| + | } | ||
| + | |||
| + | my $dbh = DBI->connect("dbi:mysql:pureftpd:localhost", "user", "password"); | ||
| + | |||
| + | my $sth = $dbh->prepare("insert into ftpd(User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, Quotafiles) values('$username', '$status', '$password', '$uid', '$gid', '$dir', '$upload', '$download', '$comment', '$ipaccess', '$quotasize', '$quotafiles')"); | ||
| + | |||
| + | $sth->execute(); | ||
| + | |||
| + | print <<PAGE; | ||
| + | <h1>Account added</h1> | ||
| + | The account $username was just added. want to <a href=testadddatabase.pl>add another</a>? | ||
| + | PAGE | ||
| + | |||
| + | sub dbquote { | ||
| + | my ($str) = @_; | ||
| + | |||
| + | $str =~ s/”/\\”/g; | ||
| + | $str =~ s/\\/\\\\/g; | ||
| + | $str =~ s/’/\\’/g; | ||
| + | |||
| + | return $str; | ||
| + | } | ||
| + | </nowiki> | ||
| + | |||
| + | === Breaking it Down === | ||
Revision as of 12:11, 21 September 2009
Contents
Programming: Perl with Webinterface and Database Injections
Introduction
As a final project in Perl, I decided to make a script that could be useful as a linux adminstrator. The script is very situational, however, since it makes use of a specific setup.
The idea of the script can be changed and used for many situation, especially when you just need to inject simple things into a table. It certainly beats having to do it manually through that cursed client or through other means like phpmyadmin etc.
What the script does, is add a new user to the database "pureftpd" in the table "ftpd". This is in a MySQL database. The only situation you'd need to do this, is when you have set your FTP daemon up for virtual users, i.e. the user accessing the FTP does not have access to the server itself through SSH, like it would normally if we create another user on most UNIX systems.
The Script
#!/usr/bin/perl use strict; use warnings; use CGI; use DBI; use CGI::Carp qw(fatalsToBrowser); print CGI::header(); my $username = dbquote(CGI::param('user')); my $status = dbquote(CGI::param('status')); my $password = dbquote(CGI::param('password')); my $uid = dbquote(CGI::param('uid')); my $gid = dbquote(CGI::param('gid')); my $dir = dbquote(CGI::param('dir')); my $upload = dbquote(CGI::param('upload')); my $download = dbquote(CGI::param('download')); my $comment = dbquote(CGI::param('comment')); my $ipaccess = dbquote(CGI::param('ipaccess')); my $quotasize = dbquote(CGI::param('quotasize')); my $quotafiles = dbquote(CGI::param('quotafiles')); unless($username) { print <<PAGE; <h1>Add a FTP account</h1> <form action=testadddatabase.pl method=post> Username: <input type=text name=user><br> Status: <input type=text name=status><br> Password: <input type=text name=password><br> User ID: <input type=text name=uid><br> Group ID: <input type=text name=gid><br> Home Dir: <input type=text name=dir><br> Upload Limit: <input type=text name=upload><br> Download Limit: <input type=text name=download><br> Comment: <input type=text name=comment><br> IP Access: <input type=text name=ipaccess><br> Quota Size: <input type=text name=quotasize><br> Quota Files: <input type=text name=quotafiles><br> <input type=submit value="Add an FTP account"> </form> PAGE exit; } my $dbh = DBI->connect("dbi:mysql:pureftpd:localhost", "user", "password"); my $sth = $dbh->prepare("insert into ftpd(User, status, Password, Uid, Gid, Dir, ULBandwidth, DLBandwidth, comment, ipaccess, QuotaSize, Quotafiles) values('$username', '$status', '$password', '$uid', '$gid', '$dir', '$upload', '$download', '$comment', '$ipaccess', '$quotasize', '$quotafiles')"); $sth->execute(); print <<PAGE; <h1>Account added</h1> The account $username was just added. want to <a href=testadddatabase.pl>add another</a>? PAGE sub dbquote { my ($str) = @_; $str =~ s/”/\\”/g; $str =~ s/\\/\\\\/g; $str =~ s/’/\\’/g; return $str; }