Not to rain on your parade, but...
Here's the section from my httpd.conf file dealing with the CGI tree:
ScriptAlias /cgi "/dropbox/cgi"
<Directory "/dropbox/cgi">
Options +ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AddHandler cgi-script .pl .php
</Directory>
And the bizarre thing is that I use other Perl scripts to update data files during the website use, and they all do exactly what I want them to do.
Anton...
| [reply]
[d/l] |
Well, then I'll assume apache/perl/cgi works. Are you sure the file paths are correct? The code to make them looks slightly convoluted to me. Are you also sure you want to lowercase the whole file path? Make sure you check the result of open(), like open my $fh,"<",$whatever or die $!
Also, you're missing a blank line at the end of the headers.
Also also, this code will allow anyone to download any file off the server that the webserver has access to.
update: and please use strict, it can catch typos that will take you (or us!) quite some time to find.
update 2: its "content-disposition: attachment; filename=whatever" note the semi-colon and the lack of quotes.
| [reply]
[d/l]
[select] |
Well, I've corrected the script per your very kind suggestions (and I thank you for it), and it now is as follows:
#!/www/perl/bin/perl.exe
#
# filednload.pl
#
# File Download Utility
#
use CGI;
use strict "vars";
my $cgiobject = new CGI;
my $filename = $cgiobject->param('filename');
my $dnloaddir = $cgiobject->param('filedir');
my $movecode = $cgiobject->param('movecode');
my $usrcod = $cgiobject->param('usrcod');
my $passwd = $cgiobject->param('passwd');
my $userselect = $cgiobject->param('userselect');
my $filekey = $cgiobject->param('filekey');
my $server=$ENV{'SERVER_NAME'};
my $browser=$ENV{'HTTP_USER_AGENT'};
my $fileroot=$ENV{'DOCUMENT_ROOT'};
my $program = "DBXDND";
my $origpath = $fileroot . "/" . $movecode . "/" . $filename;
my $flsiz = -s $origpath;
print "Content-Type: application/octet-stream\n";
print "Content-Disposition: attachment; filename=$origpath\n";
print "Content-Length: $flsiz\n";
open (DLFILE,"<$origpath") or die("cannot open file ");
binmode DLFILE;
binmode STDOUT;
my $buffer = '';
while(read(DLFILE,$buffer,1024)) { print $buffer; }
close DLFILE;
my $fileout=$fileroot . "/Temp/" . $usrcod . ".txt";
open (USER,">$fileout");
print USER "USRCOD=" . $usrcod . "\n";
print USER "PASSWD=" . $passwd . "\n";
print USER "BROWSER=" . $browser . "\n";
print USER "PROGRAM=" . $program . "\n";
print USER "FILENAME=" . $filename . "\n";
print USER "SERVER=" . $server . "\n";
print USER "DNLDDIR=" . $dnloaddir . "\n";
print USER "DNLDFILE=" . $filename . "\n";
print USER "DNLDPATH=" . $origpath . "\n";
print USER "MOVECODE=" . $movecode . "\n";
print USER "USERSELECT=". $userselect . "\n";
print USER "FILEKEY=". $filekey . "\n";
close USER;
print $cgiobject->redirect("http://" . $server . "/cgi/cgi.exe?usrcod=
+" . $usrcod);
I've also noted the following in the Apache error log:
malformed header from script. Bad header=PK\x03\x04: filednload.pl, referer: http://dropbox.fotokem.com/test.html
Now the REALLY weird thing is that "PK\x03\x04" are the first characters (the header) of a .zip file.
Am I beginning to lose my marbles, or should I just go home and have a quiet night with a bottle of J.D.????
Anton...
| [reply]
[d/l] |