Re: Making script called from image tags

Replies are listed 'Best First'.
Re^2: Making script called from image tags by Anonymous Monk on May 06, 2005 at 11:31 UTC
Its a good practice to improve the old concepts,codes, not all people can this. It's always pleasant to give a new life to an old approved scripts.. About taking the logs from hosting provider--not convenient for millions webmasters. Have got some helpful advices concerning the logfile paths, thanks. Can the logfiles and hostfiles be placed in www directory,not in cg-bin(as specified in script source)?? Since they must be writable for everyone. Now about difficulties: what be the right way to implement calling this script from image tags, not from SSI? Please accompany your advice with a concrete code. ------------------------------------------------------- Concerning the another script: need help to exclude own IP from logging. #!/usr/bin/perl $sendmail_path='/usr/lib/sendmail'; $to_address='email@domain.com'; #DONT CHANGE ANYTHING BELOW THIS LINE if (length($ENV{HTTP_X_FORWARDED_FOR})>1) { $xf=$ENV{HTTP_X_FORWARDED_ +FOR}; } else { $xf='NULL'; } $ra=$ENV{REMOTE_ADDR}; @numbs=split(/\./, $ra); $address=pack("C4", @numbs); $gothostbyaddr=gethostbyaddr($address, 2) +; $gt=gmtime; $head=$ENV{REMOTE_ADDR}; @tl=(85,78,73,46,68,69); ($gothostbyaddr) && ($head=$gothostbyaddr); if (length($ENV{QUERY_STRING})>1) { $reff=$ENV{QUERY_STRING}; } else {$reff=$ENV{HTTP_REFERER}; $reff=~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; } $head.=" $reff"; $from_address="a".$to_address; open(MH,"\|$sendmail_path -t"); print MH "To: $to_address\nFrom: $from_address"; print MH "\n"; print MH "Subject: Visitor Info $head\n\nHTTP_REFERER $reff"; print MH "\n"; print MH "DNS $gothostbyaddr\nIP $ENV{REMOTE_ADDR}"; print MH "\n"; print MH "BROWSER $ENV{HTTP_USER_AGENT}\nWHEN $gt GMT"; print MH "\n"; print MH "FORWARDED_FOR $xf"; print MH "\n"; print MH "APPS $ENV{HTTP_ACCEPT}\n\n"; print MH "MVI CGI Script 1.3 http://mviscript.hypermart.net"; print "\n"; close MH; print "Content-type: image/x-xbitmap\n\n"; print "#define name_width 1"; print "\n"; print "#define name_height 1"; print "\n"; print "static char name_bits[] = { 0x04 };"; print "\n"; [download] ------------------------ Here i find two possible ways: 1) wrapping IP in an if statment: `if($ENV{REMOTE_ADDR} =~ '10.10.0.1') { the code }` [download] 2)use logic: `exit if ($ENV{REMOTE_ADDR} =~ '10.10.0.1');` [download] 3) wrapping IP in an unless statment: another way `unless ($ENV{REMOTE_ADDR} =~ '10.10.0.1') { the code }` [download] what is preferable way and how to implement it?(concrete sample required) thanks	[reply] [d/l] [select]
Re^3: Making script called from image tags by starbolin (Hermit) on May 06, 2005 at 18:14 UTC
This last posting is much better Anonymous Monk, thank you. Posting a new question as a reply to a previous question is not the best way to get a quality response. Many Monks have become bored by now and have not read all the replies. This last post is written well enough to deserve a new node in SoPW. Please, feel free to obtain a Perlmonk username. That way I don't have to call you Anonymous Monk. "Its a good practice to improve the old concepts,codes, not all people can this." Perhaps, but it is less atractive to post old scripts here. We are more interested your level of understanding of the code. Seeing a script which the poster didn't write leads us to believe ( perhaps incorrectly ) the poster doesn't understand the code and has not taken the time to understand the code. Thus we Monks are less likely to take the time to understand what the poster is saying. "Can the logfiles and hostfiles be placed in www directory,not in cg-bin" They could be placed in any directory to which you're CGI script has read/write privleges. Usually, your host has very specific requirements as to where you can and cannot write files. Before posting, please run your scripts through perltidy. This: `@tl=(85,78,73,46,68,69); ($gothostbyaddr) && ($head=$gothostbyaddr); if (length($ENV{QUERY_STRING})>1) { $reff=$ENV{QUERY_STRING}; } else {$reff=$ENV{HTTP_REFERER}; $reff=~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; } $head.=" $reff";` [download] Becomes this: `@tl = ( 85, 78, 73, 46, 68, 69 ); ($gothostbyaddr) && ( $head = $gothostbyaddr ); if ( length( $ENV{QUERY_STRING} ) > 1 ) { $reff = $ENV{QUERY_STRING}; +} else { $reff = $ENV{HTTP_REFERER}; $reff =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; } $head .= " $reff";` [download] So very much easier to read and even gives the reader the impression that you actually know what you are doing. "what be the right way to implement calling this script from image tags" <img src="http://www.yoursite.com/cgi-bin/logs.pl" height="1" width="1"> I don't understand what you mean by "calling this script from image tags, not from SSI". If you are calling the script from an image tag then that constitutes a Server Side Include. Perhaps if you can outline the process steps you want to execute? Do you mean "deliver executeable payload via image upload" as in a trojan? If your script doesn't include these lines: `use warnings; use strict;` [download] That tells us you haven't used the best tool available for finding errors in your script. Perl is the best tool available for finding errors in your scripts. Use warnings. "need help to exclude own IP from logging." Either of the block formats you presented is acceptable. Perhaps `unless ($ENV{REMOTE_ADDR} =~ ?10.10.0.1?){ ... }` [download] is more perl like. s//----->\t/;$~="JAPH";s//\r<$~~/;{s\|~$~-\|-~$~\|\|\|s \|-$~~\|$~~-\|\|\|s,<$~~,<~$~,,s,~$~>,$~~>,, $\|=1,select$,,$,,$,,1e-1;print;redo}	[reply] [d/l] [select]
Re^4: Making script called from image tags by Anonymous Monk on May 06, 2005 at 19:05 UTC
1. By original design, mail-log.cgi script is designed to fired up from SSI(server side includes). Some host, include my testing host, does not offer SSI. So I want to change this scropt a little -- just make it launched via image tags. I dont say that this script have errors --its a working script, there is no necessity to debug it. I just make it run from image tags, not via SSI. That's all. How? 2. Is this OK: #!/usr/bin/perl $sendmail_path='/usr/lib/sendmail'; $to_address='my@domain.com'; #DONT CHANGE ANYTHING BELOW THIS LINE unless ($ENV{REMOTE_ADDR} =~ ?10.10.0.1?){ if (length($ENV{HTTP_X_FORWARDED_FOR})>1) { $xf=$ENV{HTTP_X_FORWARDED_ +FOR}; } else { $xf='NULL'; } $ra=$ENV{REMOTE_ADDR}; @numbs=split(/\./, $ra); $address=pack("C4", @numbs); $gothostbyaddr=gethostbyaddr($address, 2) +; $gt=gmtime; $head=$ENV{REMOTE_ADDR}; @tl=(85,78,73,46,68,69); ($gothostbyaddr) && ($head=$gothostbyaddr); if (length($ENV{QUERY_STRING})>1) { $reff=$ENV{QUERY_STRING}; } else {$reff=$ENV{HTTP_REFERER}; $reff=~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; } $head.=" $reff"; $from_address="a".$to_address; open(MH,"\|$sendmail_path -t"); print MH "To: $to_address\nFrom: $from_address"; print MH "\n"; print MH "Subject: Visitor Info $head\n\nHTTP_REFERER $reff"; print MH "\n"; print MH "DNS $gothostbyaddr\nIP $ENV{REMOTE_ADDR}"; print MH "\n"; print MH "BROWSER $ENV{HTTP_USER_AGENT}\nWHEN $gt GMT"; print MH "\n"; print MH "FORWARDED_FOR $xf"; print MH "\n"; print MH "APPS $ENV{HTTP_ACCEPT}\n\n"; print MH "MVI CGI Script 1.3 http://mviscript.hypermart.net"; print "\n"; close MH; print "Content-type: image/x-xbitmap\n\n"; print "#define name_width 1"; print "\n"; print "#define name_height 1"; print "\n"; print "static char name_bits[] = { 0x04 };"; print "\n"; } [download]	[reply] [d/l]