Form results

[SlykFX]

what I want is when a user submits the form, the results are saved to a file called whatever there name is.

eg.
1. the form is completed by the user.
2. the PerlCGI script collects all the results
3. the results are saved to file "users_name.txt"

i know how to do all the form processing and stuff, but what i dont know is if it is possible to do this.

thx in advance for any help.

 

[diodotus]

If I understand what you're asking, yes it is possible -- and in fact easy. I haven't tried this script, so I may have made some boneheaded mistake with regards to syntax or whatnot, but this SHOULD work, as long as whichever user the program runs as has permission to modify the users_name.txt file.

#!/usr/bin/perl
use CGI qwstandard);
$userinput = param("userinput&quot ;
$filelocation = "/var/

http://www/cgi-bin/users_name.txt"

;
open (NAMEFILE, ">>$filelocation&quot ;
print NAMEFILE "$userinput\n" ;
close (NAMEFILE) ;
print "Content-type: text/html\nPragma: no-cache\n\n" ;
print <<END_HTML ;
<HTML>
<HEAD>
<TITLE>RESULTS</TITLE></HEAD>
<H1>Results</H1>
<br>
Wonderful! Thanks for your input, $userinput.
END_HTML
print &quot;</HTML>&quot; ;
-- Scott David Gray
reply-to: sgray@sudval.org

http://www.unseelie.org

 

[SlykFX]

maybe i didnt follow it correctly or something

to me i couldnt see where that script would do the filenameing

when user &quot;bob&quot; submits the form
the results are saved to &quot;bob.txt&quot;
when user &quot;billbobaggins&quot; submits
the results go to &quot;billbobaggins.txt&quot;
etc.

--

would this be done as
create a new file for the user called &quot;whatever.txt&quot;
input the results
then rename the file to whatever the users name is?

that method would work wouldnt it?
if so, whats the file rename command to do that? I can't be bothered to have a sig!

 

[diodotus]

Oh, NOW I get what you want! Sorry!

Of course, it will be VERY important to stupidity-check the user input, to be certain that a nefarious mean-spirited user doesn't try to create files (or overwrite system files!) outside of the directory. Here's a quick scrawl:

Try something like:

#!/usr/bin/perl
use CGI qwstandard);
$userinput = param(&quot;userinput&quot ;
if ($userinput =~ /\./) {
$userinput = &quot;error&quot; ;
}
$filelocation = &quot;/var/

http://www/cgi-bin/userfiles/&quot;

;
$thisfile = &quot;$filelocation$userinput.txt&quot; ;
open (NAMEFILE, &quot;>>$thisfile&quot ;
print NAMEFILE &quot;$userinput\n&quot; ;
close (NAMEFILE) ;
print &quot;Content-type: text/html\nPragma: no-cache\n\n&quot; ;
print <<END_HTML ;
<HTML>
<HEAD>
<TITLE>RESULTS</TITLE></HEAD>
<H1>Results</H1>
<br>
Wonderful! Thanks for your input, $userinput.
END_HTML
print &quot;</HTML>&quot; ;
-- Scott David Gray
reply-to: sgray@sudval.org

http://www.unseelie.org

 

[SlykFX]

nah that doesnt seem to want to work for me. i keep getting an insecure dependancy error I can't be bothered to have a sig!

 

[diodotus]

As I wrote in my last message: &quot;Of course, it will be very important to stupidity-check the user input, to be certain that a nefarious mean-spirited user doesn't try to create files (or overwrite system files!) outside of the directory.&quot; PERL fortunately caught this security problem.

For more information about PERL's taint checking, see

http://www.esec.com.au/sep/content/eps_support/demo/perlcgi/taint.html

If you really really want to force the program to run (NOT suggested unless you really know what you're doing -- this is an insecure program), try the -U flag in the first line that calls perl (that is, begin the program with &quot;#!/usr/bin/perl -U&quot. Please use this with caution; I wrote this script only to show one possible approach to the problem -- not as a plug-and-play solution.

This version is just a hair different than the last one I sent you -- I saw at least one more obvious security hole that I left in. It is very easy for security holes to appear in any program that creates or modifies a file depending on a user's unput. Don't even think about using this script on a Windoze server, or allowing the script to be run as an account with write permissions on files or directories that you care about -- that would just be begging for hackers.

#!/usr/bin/perl
use CGI qwstandard);
$userinput = param(&quot;userinput&quot ;
if (($userinput =~ /\./) || ($userinput =~ /\//)) {
$userinput = &quot;error&quot; ;
}
$filelocation = &quot;/var/

http://www/cgi-bin/userfiles/&quot;

;
$thisfile = &quot;$filelocation$userinput.txt&quot; ;
open (NAMEFILE, &quot;>>$thisfile&quot ;
print NAMEFILE &quot;$userinput\n&quot; ;
close (NAMEFILE) ;
print &quot;Content-type: text/html\nPragma: no-cache\n\n&quot; ;
print <<END_HTML ;
<HTML>
<HEAD>
<TITLE>RESULTS</TITLE></HEAD>
<H1>Results</H1>
<br>
Wonderful! Thanks for your input.
</HTML>
END_HTML
-- Scott David Gray
reply-to: sgray@sudval.org

http://www.unseelie.org

 

[SlykFX]

well it is only gonna be used by me and a mate for a project that we are doing at college

so as long as the outcome does what i need it to do, it'll be fine

plus ive put in code to check if the file exists, if so then a digit 1 gets appended to the filename, if that exists then a 2, etc.

--

out of interest would it be easier to create it into a preset file, then just rename the file to whatever.

eg.
the results get saved to results.txt
the results.txt is then renamed to name.txt

and what is the code to rename a file?

sorry if this is a dumb question, but I didnt know anything about perlCGI until about a month ago when I started this project

thx for your help I can't be bothered to have a sig!

 

[diodotus]

No, It's easier to create the file with the name you want. Otherwise, you're just adding steps, and possibly having two users accessing the program at the same time interfering with one another.

As far as code to rename the file, there are a couple options:
1: Load the original file, write it to the new file, and then &quot;unlink&quot; the old file.
or
2: A &quot;system&quot; call to the &quot;mv&quot; command.
-- Scott David Gray
reply-to: sgray@sudval.org

http://www.unseelie.org

 

[SlykFX]

k thank you I can't be bothered to have a sig!